update

Containerfile

@@ -1,4 +1,5 @@
-ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-41}"
+ARG TEST_IMAGE="${TEST_IMAGE:-ghcr.io/ublue-os/base-main:40}"
+ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
 
 FROM registry.fedoraproject.org/fedora:${FEDORA_MAJOR_VERSION} AS builder
 
@@ -20,7 +21,7 @@ RUN dnf install \
     mkdir -p "$UBLUE_ROOT" && \
     rpkg spec --outdir  "$UBLUE_ROOT" && \
     dnf builddep -y output/ublue-update.spec && \
-    make build-rpm
+    just build-rpm
 
 # Dump a file list for each RPM for easier consumption
 RUN \
@@ -32,13 +33,55 @@ RUN \
         cp "${RPM}" "${UBLUE_ROOT}/ublue-os/rpms/$(rpm -q "${RPM}" --queryformat='%{NAME}.%{ARCH}.rpm')"; \
     done
 
-FROM scratch
+FROM ${TEST_IMAGE}
 
 ENV UBLUE_ROOT=/app/output
 
-# Copy RPMs
-COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /rpms
-# Copy dumped contents
-COPY --from=builder ${UBLUE_ROOT}/ublue-os/files /files
 
+COPY --from=builder ${UBLUE_ROOT}/ublue-os/rpms /tmp/rpms
+RUN rpm-ostree install python3-pip
+RUN pip3 install --prefix /usr topgrade && rpm-ostree install /tmp/rpms/ublue-update.noarch.rpm
 
+# FROM: https://github.com/containers/image_build/blob/main/podman/Containerfile, sets up podman to work in the container
+RUN useradd -G wheel podman && \
+    echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid && \
+    echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid && \
+    echo "podman:" | chpasswd
+
+ADD ./containers.conf /etc/containers/containers.conf
+ADD ./podman-containers.conf /home/podman/.config/containers/containers.conf
+
+RUN mkdir -p /home/podman/.local/share/containers && \
+    chown podman:podman -R /home/podman && \
+    chmod 644 /etc/containers/containers.conf
+
+# Copy & modify the defaults to provide reference if runtime changes needed.
+# Changes here are required for running with fuse-overlay storage inside container.
+RUN sed -e 's|^#mount_program|mount_program|g' \
+           -e '/additionalimage.*/a "/var/lib/shared",' \
+           -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
+           /usr/share/containers/storage.conf \
+           > /etc/containers/storage.conf
+
+# Setup internal Podman to pass subscriptions down from host to internal container
+RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
+
+# Note VOLUME options must always happen after the chown call above
+# RUN commands can not modify existing volumes
+VOLUME /var/lib/containers
+VOLUME /home/podman/.local/share/containers
+
+RUN mkdir -p /var/lib/shared/overlay-images \
+             /var/lib/shared/overlay-layers \
+             /var/lib/shared/vfs-images \
+             /var/lib/shared/vfs-layers && \
+    touch /var/lib/shared/overlay-images/images.lock && \
+    touch /var/lib/shared/overlay-layers/layers.lock && \
+    touch /var/lib/shared/vfs-images/images.lock && \
+    touch /var/lib/shared/vfs-layers/layers.lock
+
+ENV _CONTAINERS_USERNS_CONFIGURED="" \
+    BUILDAH_ISOLATION=chroot
+# RUN useradd -m -G wheel user && echo "user:" | chpasswd
+
+CMD [ "/sbin/init" ]

justfile

@@ -1,4 +1,4 @@
-set shell := ["bash", "-c"]
+set shell := ["bash", "-uc"]
 export UBLUE_ROOT := env_var_or_default("UBLUE_ROOT", "/app/output")
 export TARGET := "ublue-update"
 export SOURCE_DIR := UBLUE_ROOT + "/" + TARGET
@@ -39,27 +39,15 @@ dnf-install:
 	dnf install -y "output/noarch/*.rpm"
 
 build-test:
-	podman build . -t testing -f Containerfile.test
-	podman run -it --security-opt label=disable --device /dev/fuse:rw --privileged testing
-#
-#builder-image:
-#	podman build -t "$TARGET:builder" -f Containerfile.builder .
-#
-#builder-exec:
-#	podman run --rm -it \
-#		-v "$PWD:$PWD" \
-#		-w "$PWD" \
-#		-e DISPLAY \
-#		-e DBUS_SESSION_BUS_ADDRESS \
-#		-e XDG_RUNTIME_DIR \
-#		--ipc host \
-#		-v "/tmp/.X11-unix:/tmp/.X11-unix" \
-#		-v /var/run/dbus:/var/run/dbus \
-#		-v /run/user/1000/bus:/run/user/1000/bus \
-#		-v /run/dbus:/run/dbus \
-#		-v "${XDG_RUNTIME_DIR}:${XDG_RUNTIME_DIR}" \
-#		--security-opt label=disable \
-#		$TARGET:builder
+	#!/usr/bin/env bash
 
+	podman build . -t testing -f Containerfile
+	podman run -d --name ublue_update_test --security-opt label=disable --device /dev/fuse:rw --privileged testing
+	while [[ "$(podman exec ublue_update_test systemctl is-system-running)" != "running" && "$(podman exec ublue_update_test systemctl is-system-running)" != "degraded" ]]; do
+		echo "Waiting for systemd to finish booting..."
+		sleep 1
+	done
+
+	podman exec -it ublue_update_test systemd-run --user --machine podman@ --pipe --quiet sudo /usr/bin/ublue-update --dry-run
 clean:
 	rm -rf "$UBLUE_ROOT"

src/ublue_update/cli.py

@@ -103,6 +103,8 @@ def run_updates(system, system_update_available, dry_run):
 
     if dry_run:
         topgrade_args.append("--dry-run")
+        # disable toolbox during dry run because it doesn't want to run in the container: github.com/containers/toolbox/issues/989
+        topgrade_args.extend(["--disable", "toolbx"])
     else:
         transaction_wait()