ci-test/bootupd.yaml

# KEEP THIS IN SYNC WITH https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/bootupd.yaml
# Integration with https://github.com/coreos/bootupd
# xref https://github.com/coreos/fedora-coreos-tracker/issues/510
packages:
  - bootupd

postprocess:
  - |
    #!/bin/bash
    set -xeuo pipefail

    # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload
    /usr/bin/bootupctl backend generate-update-metadata

    # Trigger a bootloader update on boot
    cat > /usr/lib/systemd/system/bootloader-update.service << 'EOF'
    [Unit]
    Description=Update bootloader on boot
    Documentation=https://github.com/coreos/bootupd
    ConditionFirmware=uefi

    [Service]
    Type=oneshot
    ExecStart=/usr/bin/bootupctl update
    RemainAfterExit=yes
    MountFlags=slave

    [Install]
    WantedBy=multi-user.target
    EOF
    chmod 644 /usr/lib/systemd/system/bootloader-update.service
    echo "enable bootloader-update.service" > /usr/lib/systemd/system-preset/81-atomic-desktop.preset

    # Turn permissive mode on for bootupd until all SELinux issues are fixed
    semanage permissive --noreload --add bootupd_t
Add bootupd integration This does what we should have done originally, and copies the bootupd bits directly from https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/bootupd.yaml And uses them via includes. 2022-10-14 17:45:40 +00:00			`# KEEP THIS IN SYNC WITH https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/bootupd.yaml`
			`# Integration with https://github.com/coreos/bootupd`
			`# xref https://github.com/coreos/fedora-coreos-tracker/issues/510`
			`packages:`
			`- bootupd`

			`postprocess:`
			`- \|`
			`#!/bin/bash`
			`set -xeuo pipefail`
bootupd: Trigger a bootloader update on boot See: https://gitlab.com/fedora/ostree/sig/-/issues/1 See: https://github.com/coreos/bootupd/pull/716 2024-09-04 13:54:06 +00:00
Add bootupd integration This does what we should have done originally, and copies the bootupd bits directly from https://github.com/coreos/fedora-coreos-config/blob/testing-devel/manifests/bootupd.yaml And uses them via includes. 2022-10-14 17:45:40 +00:00			`# Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload`
bootupd: Drop unnecessary `/` It's not supported to pass anything other than `/` now, and the argument has been optional for some time. See: https://github.com/coreos/fedora-coreos-config/commit/09750a1f7af893e1f7665db9f814929fc6352e1d 2024-02-08 10:27:47 +00:00			`/usr/bin/bootupctl backend generate-update-metadata`
bootupd: Trigger a bootloader update on boot See: https://gitlab.com/fedora/ostree/sig/-/issues/1 See: https://github.com/coreos/bootupd/pull/716 2024-09-04 13:54:06 +00:00
			`# Trigger a bootloader update on boot`
			`cat > /usr/lib/systemd/system/bootloader-update.service << 'EOF'`
			`[Unit]`
			`Description=Update bootloader on boot`
			`Documentation=https://github.com/coreos/bootupd`
			`ConditionFirmware=uefi`

			`[Service]`
			`Type=oneshot`
			`ExecStart=/usr/bin/bootupctl update`
			`RemainAfterExit=yes`
			`MountFlags=slave`

			`[Install]`
			`WantedBy=multi-user.target`
			`EOF`
			`chmod 644 /usr/lib/systemd/system/bootloader-update.service`
			`echo "enable bootloader-update.service" > /usr/lib/systemd/system-preset/81-atomic-desktop.preset`
bootupd: Put in permissive until SELinux issues are fixed See: https://github.com/coreos/bootupd/issues/694 See: https://github.com/fedora-selinux/selinux-policy/issues/2334 See: https://github.com/fedora-selinux/selinux-policy/issues/2341 See: https://github.com/fedora-selinux/selinux-policy/issues/2362 2024-09-04 13:57:16 +00:00
			`# Turn permissive mode on for bootupd until all SELinux issues are fixed`
			`semanage permissive --noreload --add bootupd_t`