Roadmap to Fedora Bootable Containers

Important initial notes

• This is a proposed roadmap that is subject to change and refinement
• While not complete nor matching the current Fedora bootable container images, you can already use the Fedora Atomic Desktops using container images, with caveats. See: https://gitlab.com/fedora/ostree/ci-test#experimental-ostree-native-container-images-for-rpm-ostree-based-fedora-desktop-variants

With that out of the way, let's look at the work ahead.

Roadmap - To Do

Rebasing on Fedora Bootc manifests / container images

Tracked in #88

• Needs better support for container builds in the Fedora Infrastructure
  • Forgejo with runners?
  • Konflux?
• Building with Konflux discussed in #91
• Use a single repo and set of manifests for legacy rpm-ostree manifest builds and the new bootc base image container based image builds like Fedora CoreOS does
• Might mean using a Git submodule or merging all manifests into a single repo
• Investigate if rebasing to a container based workflow for those image would bring benefits
• Investigate the new Experimental Base Images Builder:
  • fedora/bootc/base-images-experimental!18 (closed)
• Related to: #4 (closed), #21 (closed), #22 (closed)

bootc integration in graphical system updaters

• Support updating systems via bootc using GNOME Software & Plasma Discover
  • GNOME Software: TBD
  • Support in Plasma Discover: Partial, some bugs remain
• rpm-ostree likely to stay in the image for a while until this is resolved
• Bootc is currently root only: no unprivileged interface, no DBus interface
• Related discussions:
  • #7 (closed)
  • https://github.com/containers/bootc/pull/472
  • https://github.com/containers/bootc/issues/474

Local package layering

• Figure out a solution for users that have locally layered packages
• Similar to what's needed for Fedora CoreOS
• Tracked in fedora/bootc/tracker#4
• Related to #45 (closed)

Building Installer or LiveISO & disk images

Tracked in #32

• Build Installer or LiveISO images and pre-installed disk images (where it makes sense) to let users directly install using Bootable Containers.
• Needs support for pre-installing Flatpaks
• Related to https://fedoraproject.org/wiki/Changes/BuildAtomicDesktopsWithImageBuilder

Switching to Bootable Container images by default

Tracked in #2

• Needs work and testing to migrate existing users to the new format
• Needs work on the installer part:
  • Initial work for the lorax one: https://github.com/ublue-os/isogenerator
• Needs history for container images:
  • Tracked in https://pagure.io/cloud-image-uploader/issue/37
• Needs signed container images (with cosign or equivalent)
  • https://github.com/fedora-infra/siguldry/issues/49
• Support for zstd:chunked images to reduce the size of updates:
  • https://github.com/ostreedev/ostree-rs-ext/issues/608
  • fedora/bootc/tracker#9
• Reduce the update cadence to reduce the impact of updates:
  • #69

Documentation updates

• We will likely have to update the documentation to link to the Fedora Bootable Containers docs.

Roadmap - Done

✅ Building and publishing Bootable Container images

Tracked in #48 (closed)

• Container images built on Fedora's infra using support in Pungi:
  • Rawhide & branched: https://pagure.io/pungi-fedora/blob/main/f/fedora.conf#_730
  • Stable: https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2#_214
• Manifests are in https://pagure.io/workstation-ostree-config, shared with the classic ostree ones
• Work in progress to publish those images in the official Fedora registry:
  • https://pagure.io/releng/issue/10399
  • https://pagure.io/releng/issue/12081
  • https://discussion.fedoraproject.org/t/we-need-to-come-up-with-a-consistent-approach-for-generating-and-publishing-containers-both-traditional-and-atomic-desktop-containers-both-stable-and-unstable-releases/109213

Note that https://gitlab.com/fedora/ostree/ci-test is synced from the same repo but the images are not built on Fedora's infra. Those images are the ones used by https://universal-blue.org/ and derivatives (Bluefin, Bazzite, etc.) right now

✅ DNF5 integration

• Add dnf5 to the images:
  • fedora/bootc/tracker#12 (closed)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2293627
  • https://fedoraproject.org/wiki/Changes/DNFAndBootcInImageModeFedora
• Better error handling / messages in dnf (on running systems) would make this less confusing to our users
• A lot of testing needed, especially regarding alternative kernels, custom kernel modules, /var and /opt handling, etc.

✅ bootupd integration

Tracked in: #1 (closed)

✅ Moving existing systems to static GRUB config:

Tracked as part of the composefs issue: #35 (closed)

• https://github.com/fedora-silverblue/issue-tracker/issues/530
• https://github.com/fedora-silverblue/issue-tracker/issues/120

✅ Switching to composefs

Tracked in #35 (closed)

• Use composefs by default and update all current systems to it
• Will not use signatures at the beginning
• See: fedora/bootc/tracker#11 (comment 1929159362)
• See: https://github.com/coreos/fedora-coreos-tracker/issues/1718

✅ Anaconda

We are already using Anaconda

✅ Documentation updates

• Unify the docs for Atomic Desktops: #10

References

See:

• https://fedoramagazine.org/get-involved-with-fedora-bootable-containers/
• https://fedoraproject.org/wiki/Initiatives/Fedora_bootc

For Fedora CoreOS, see: https://github.com/coreos/fedora-coreos-tracker/issues/1726