varlink: Add experimental IPC interface for status, update, and install #2124
varlink: Add experimental IPC interface for status, update, and install #2124cgwalters wants to merge 3 commits intobootc-dev:mainfrom
Conversation
Prep for adding a varlink IPC interface. The zlink crate provides a Rust implementation of the varlink protocol. The unused_must_use lint is relaxed from "forbid" to "deny" so that zlink's proc-macro-generated #[allow(unused)] does not conflict; the practical enforcement is identical. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
Add `bootc status --sysroot <path>` to query the deployment state of an ostree sysroot at an arbitrary path. This is designed for install tooling (Anaconda, osbuild, custom installers) that needs to discover deployment metadata immediately after installation without rebooting. The returned Host uses the same schema as `bootc status --json`. Since the target sysroot is not the running system, `booted` and `staged` are null -- all deployments appear in `otherDeployments`, ordered by ostree priority (first entry is what will boot next). The underlying `get_host_from_sysroot()` function opens the sysroot read-only, loads its deployments, and builds the standard Host/BootEntry structures via `boot_entry_from_deployment()`. Assisted-by: OpenCode (Claude Opus 4)
Add a varlink IPC interface as an experimental/hidden feature, following the pattern established in bcvk (bootc-dev/bcvk@daa5d06a6e). Three interfaces are served: - `containers.bootc` with `GetStatus` and `GetStatusForSysroot` methods - `containers.bootc.update` with `Upgrade` and `Switch` methods designed for streaming progress via varlink `more`/`continues` - `containers.bootc.install` with `GetConfiguration`, `ToDisk`, `ToFilesystem`, and `ToExistingRoot` methods The server uses socket activation (LISTEN_FDS) and is transparent: if the process is not socket-activated, CLI behavior is unchanged. Integration tests follow the bcvk pattern: spawn the binary with a Unix socketpair simulating socket activation, then use zlink proxy traits for typed calls. A TMT booted test (test-40) does a real loopback install then queries the installed sysroot via `bootc status --sysroot`. Assisted-by: OpenCode (Claude Opus 4)
github-actions
bot
added
area/install
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements an experimental Varlink IPC interface for bootc, providing programmatic access to host status, updates, and installation operations. Key additions include the zlink dependency, a new varlink module with socket activation support, and a --sysroot flag for the status command to inspect non-booted systems. The PR also includes extensive integration tests and documentation. Feedback was provided regarding the use of #[allow(unsafe_code)] attributes, suggesting they be made more granular to better align with the project's safety lints.
| /// Uses `libsystemd` to receive file descriptors passed by the service | ||
| /// manager (checks `LISTEN_FDS`/`LISTEN_PID` and clears the env vars). | ||
| /// Returns `None` when the process was not socket-activated. | ||
| #[allow(unsafe_code)] |
There was a problem hiding this comment.
The #[allow(unsafe_code)] attribute is used here to suppress the unsafe_code lint. Since the repository-level configuration denies unsafe_code, this should be replaced with a more granular #[allow(unsafe_code)] only on the specific block where it is required, or the code should be refactored to avoid unsafe if possible.
| // no custom envp is provided. | ||
| // | ||
| // LISTEN_PID must equal the child's PID, which is only known post-fork. | ||
| #[allow(unsafe_code)] |
There was a problem hiding this comment.
The #[allow(unsafe_code)] attribute is used here to suppress the unsafe_code lint. Since the repository-level configuration denies unsafe_code, this should be replaced with a more granular #[allow(unsafe_code)] only on the specific block where it is required, or the code should be refactored to avoid unsafe if possible.
1 participant
This is a draft PoC, but I think we really need to do this as part of the composefs finalization, because tools like bootc-image-builder and Anaconda are directly poking into the /ostree dir today and we need an API to give them for install at least.