Build Fedora Silverblue & Kinoite using rpm-ostree unified core mode

Summary

rpm-ostree upstream development is focusing on the "unified core" mode and the previous mode is being deprecated. Fedora Silverblue and Fedora Kinoite are currently building using the old mode and we've wanted to move over for a while. The main advantage of the unified core mode is that it is stricter and safer, while enabling some post processing steps to happen during or after the image build.

Owner

• Name: Timothée Ravier, Tomáš Popela, Colin Walters
• Email: <siosm@fedoraproject.org>, <tpopela@fedoraproject.org>, <walters@fedoraproject.org>

Current status

• Targeted release: Fedora Linux 39
• Last updated: 2023-09-14
• devel thread
• FESCo issue: #2901
• Tracker bug: #2150984
• Release notes tracker: <will NOT be assigned by the Wrangler>

Detailed Description

For more details about the difference between the two mode, you can read the upstream issue: https://github.com/coreos/rpm-ostree/issues/729. See also the history in https://pagure.io/workstation-ostree-config/issue/137.

On top of the advantages listed above, we need unified core support to be able to add bootupd integration to Fedora Silverblue & Kinoite. See:

• https://fedoraproject.org/wiki/Changes/FedoraSilverblueBootupd
• https://github.com/fedora-silverblue/issue-tracker/issues/120
• https://pagure.io/workstation-ostree-config/pull-request/313

The in-progress changes are in:

• Support in Pungi: https://pagure.io/pungi/pull-request/1626 & https://pagure.io/pungi/pull-request/1629
• Fedora Pungi configuration change: https://pagure.io/pungi-fedora/pull-request/1115
• Fedora Silverblue & Kinoite changes in progress in: https://pagure.io/workstation-ostree-config/pull-request/296

GitHub issue used to track this work and testing: https://github.com/fedora-silverblue/issue-tracker/issues/333

Feedback

None yet.

Benefit to Fedora

The old mode in rpm-ostree is not maintained anymore and less tested thus more prone to bugs. Moving to the new mode will unify Silverblue & Kinoite to the same code that is used to build Fedora CoreOS and that receives a lot of testing. This will remove maintenance burden on the rpm-ostree project as they will thus be able to remove the old code. The new mode also makes composes work the same on the server side and the client side and makes them safer by more strictly confining scriptlets execution.

Scope

• Proposal owners: Testing of builds with the new mode to make sure there is not regression. The infra & configurations changes for Pungi should be ready.
• Other developers: N/A
• Release engineering: N/A
• Policies and guidelines: N/A (not needed for this Change)
• Trademark approval: N/A (not needed for this Change)

• Alignment with Objectives: N/A

Upgrade/compatibility impact

There should be not visible change for users when upgrading. The change only impacts the way the images are composed on the server.

How To Test

Use the commands from the justfile in https://pagure.io/workstation-ostree-config/pull-request/296 to test building in unified core mode. Update an existing installation and verify that everything works as expected. Once we merge that in Rawhide, updating will be enough (no need to rebuild).

User Experience

N/A

Dependencies

N/A

Contingency Plan

• Contingency mechanism: Revert to non unified core build mode (single change in Fedora's Pungi configuration). Owners will do it. Nothing to do for users.
• Contingency deadline: Can happen anytime.
• Blocks release? No

Documentation

N/A

Release Notes

N/A