Use composefs by default for Bootable Containers

Composefs is the next step toward better integrity guarantees on Atomic Desktops.

We want to enable it for Fedora Atomic Desktops Bootable Container images only (not for classic ostree systems).

It is also already enabled by default on Fedora Bootable Containers.

Change page: https://fedoraproject.org/wiki/Changes/ComposefsAtomicDesktops

This work is part of the roadmap to Fedora Bootable Containers:

#26
fedora/bootc/tracker#11 (closed)
Fedora CoreOS tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1718

Current limits:

Issues with ostree-grub:
- https://github.com/containers/composefs/issues/280
- https://github.com/ostreedev/ostree/issues/3198
- https://github.com/coreos/rpm-ostree/issues/4664
- We should consider removing ostree-grub in ostree-containers: https://github.com/fedora-silverblue/issue-tracker/issues/120
- This means moving to static GRUB configs: https://github.com/fedora-silverblue/issue-tracker/issues/530
- This means that we need to complete the bootupd support: #1
- And complete the dual boot story: https://github.com/fedora-silverblue/issue-tracker/issues/530
No longer possible to create root level direcotries (chattr -i workaround):
- Requires derivation, thus the container flow
- https://github.com/coreos/rpm-ostree/issues/337
- Alternative: https://github.com/ostreedev/ostree/pull/3114
Issues with kdump:
- https://bugzilla.redhat.com/show_bug.cgi?id=2284097
- fedora/bootc/tracker#19 (closed)

Edited Oct 15, 2024 by Timothée Ravier

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information