.bootc.metadata

@@ -1,2 +0,0 @@
-9ca5bceee40bd840b691c0a8024b2b6a916c36e7 SOURCES/bootc-1.8.0-vendor.tar.zstd
-b97adc7d411b192030dddea89366e2d6ebc5c7c2 SOURCES/bootc-1.8.0.tar.zstd

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,2 +1,52 @@
-SOURCES/bootc-1.8.0-vendor.tar.zstd
-SOURCES/bootc-1.8.0.tar.zstd
+/bootc-0.1.4.tar.zstd
+/bootc-0.1.4-vendor.tar.zstd
+/bootc-0.1.5.tar.zstd
+/bootc-0.1.5-vendor.tar.zstd
+/bootc-0.1.6-vendor.tar.zstd
+/bootc-0.1.6.tar.zstd
+/bootc-0.1.7-vendor.tar.zstd
+/bootc-0.1.7.tar.zstd
+/bootc-0.1.8.tar.zstd
+/bootc-0.1.8-vendor.tar.zstd
+/bootc-0.1.9.tar.zstd
+/bootc-0.1.9-vendor.tar.zstd
+/bootc-0.1.10-vendor.tar.zstd
+/bootc-0.1.10.tar.zstd
+/bootc-0.1.11.tar.zstd
+/bootc-0.1.11-vendor.tar.zstd
+/bootc-0.1.12.tar.zstd
+/bootc-0.1.12-vendor.tar.zstd
+/bootc-0.1.13.tar.zstd
+/bootc-0.1.13-vendor.tar.zstd
+/bootc-0.1.14-vendor.tar.zstd
+/bootc-0.1.14.tar.zstd
+/bootc-0.1.15.tar.zstd
+/bootc-0.1.15-vendor.tar.zstd
+/bootc-0.1.16.tar.zstd
+/bootc-0.1.16-vendor.tar.zstd
+/bootc-1.1.0.tar.zstd
+/bootc-1.1.0-vendor.tar.zstd
+/bootc-1.1.2.tar.zstd
+/bootc-1.1.2-vendor.tar.zstd
+/bootc-1.1.4.tar.zstd
+/bootc-1.1.4-vendor.tar.zstd
+/bootc-1.1.5.tar.zstd
+/bootc-1.1.5-vendor.tar.zstd
+/bootc-1.1.6-vendor.tar.zstd
+/bootc-1.1.6.tar.zstd
+/bootc-1.1.7.tar.zstd
+/bootc-1.1.7-vendor.tar.zstd
+/bootc-1.3.0.tar.zstd
+/bootc-1.3.0-vendor.tar.zstd
+/bootc-1.4.0.tar.zstd
+/bootc-1.4.0-vendor.tar.zstd
+/bootc-1.5.1.tar.zstd
+/bootc-1.5.1-vendor.tar.zstd
+/bootc-1.7.0-vendor.tar.zstd
+/bootc-1.7.0.tar.zstd
+/bootc-1.7.1-vendor.tar.zstd
+/bootc-1.7.1.tar.zstd
+/bootc-1.8.0-vendor.tar.zstd
+/bootc-1.8.0.tar.zstd
+/bootc-1.10.0.tar.zstd
+/bootc-1.10.0-vendor.tar.zstd

Containerfile.packit

@@ -0,0 +1,55 @@
+# Build image for system-reinstall-bootc test
+
+# Use centos-bootc:stream10 as default
+FROM quay.io/centos-bootc/centos-bootc:stream10
+
+WORKDIR /bootc-test
+
+# Save testing farm run files
+COPY ARTIFACTS /var/ARTIFACTS
+# Copy bootc repo
+COPY test-artifacts /var/share/test-artifacts
+
+ARG GATING
+RUN <<EORUN
+set -xeuo pipefail
+. /usr/lib/os-release
+if [[ $ID == "rhel" ]]; then
+    cp rhel.repo /etc/yum.repos.d/
+fi
+# OSCI uses /var/lib/tmt/scripts to save tmt-* commands
+# Fedora CI and Packit use /usr/local/bin
+if [[ -d scripts ]]; then
+    mkdir -p /var/lib/tmt
+    cp -r scripts /var/lib/tmt/
+    ls -al /var/lib/tmt/scripts
+else
+    cp -r bin /usr/local
+    ls -al /usr/local/bin
+fi
+cp test-artifacts.repo /etc/yum.repos.d/
+dnf -y update bootc
+# Required by tmt avc checking after test
+dnf -y install audit
+./provision-derived.sh
+
+# For test-22-logically-bound-install
+cp -a lbi/usr/. /usr
+for x in curl.container curl-base.image podman.image; do
+    ln -s /usr/share/containers/systemd/$x /usr/lib/bootc/bound-images.d/$x
+done
+
+# Add some testing kargs into our dev builds
+install -D -t /usr/lib/bootc/kargs.d test-kargs/*
+# Also copy in some default install configs we use for testing
+install -D -t /usr/lib/bootc/install/ install-test-configs/*
+
+# Remove bootc repo, bootc updated already
+rm -rf /var/share/test-artifacts /etc/yum.repos.d/test-artifacts.repo
+# Clean up dnf
+dnf -y clean all
+rm -rf /var/cache /var/lib/dnf
+
+# Finally, test our own linting
+# bootc container lint --fatal-warnings
+EORUN

SOURCES/0000-bootc-inistall-provision.patch

@@ -1,65 +0,0 @@
-diff --git i/tmt/tests/bootc-install-provision.sh w/tmt/tests/bootc-install-provision.sh
-index c4c884b..29df30c 100755
---- i/tmt/tests/bootc-install-provision.sh
-+++ w/tmt/tests/bootc-install-provision.sh
-@@ -4,6 +4,8 @@ set -exuo pipefail
- BOOTC_TEMPDIR=$(mktemp -d)
- trap 'rm -rf -- "$BOOTC_TEMPDIR"' EXIT
- 
-+ARCH=$(uname -m)
-+
- # LBI only enabled for test-22-logically-bound-install
- LBI="${LBI:-disabled}"
- 
-@@ -16,6 +18,28 @@ case "$ID" in
-     "fedora")
-         TIER1_IMAGE_URL="${TIER1_IMAGE_URL:-quay.io/fedora/fedora-bootc:${VERSION_ID}}"
-         ;;
-+    "rhel")
-+        TIER1_IMAGE_URL="${TIER1_IMAGE_URL:-images.paas.redhat.com/bootc/rhel-bootc:latest-${VERSION_ID}}"
-+
-+        CURRENT_COMPOSE_ID=$(skopeo inspect --no-tags --retry-times=5 --tls-verify=false "docker://${TIER1_IMAGE_URL}" | jq -r '.Labels."redhat.compose-id"')
-+
-+        if [[ -n ${CURRENT_COMPOSE_ID} ]]; then
-+            if [[ ${CURRENT_COMPOSE_ID} == *-updates-* ]]; then
-+                BATCH_COMPOSE="updates/"
-+            else
-+                BATCH_COMPOSE=""
-+            fi
-+        else
-+            BATCH_COMPOSE="updates/"
-+            CURRENT_COMPOSE_ID=latest-RHEL-$VERSION_ID
-+        fi
-+
-+        # use latest compose if specific compose is not accessible
-+        RC=$(curl -skIw '%{http_code}' -o /dev/null "http://download.eng.bos.redhat.com/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/STATUS")
-+        if [[ $RC != "200" ]]; then
-+            CURRENT_COMPOSE_ID=latest-RHEL-${VERSION_ID%%}
-+        fi
-+        ;;
- esac
- 
- if [ "$TMT_REBOOT_COUNT" -eq 0 ]; then
-@@ -93,6 +117,22 @@ COMMONEOF
-         tee "$FEDORA_CI_CONTAINERFILE" > /dev/null << FEDORACIEOF
- FROM $TIER1_IMAGE_URL
- 
-+RUN <<REPORUN
-+tee "/etc/yum.repos.d/rhel.repo" >/dev/null <<RHELREPOEOF
-+[rhel-baseos]
-+name=baseos
-+baseurl=http://download.eng.bos.redhat.com/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/compose/BaseOS/${ARCH}/os/
-+enabled=1
-+gpgcheck=0
-+
-+[rhel-appstream]
-+name=appstream
-+baseurl=http://download.eng.bos.redhat.com/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/compose/AppStream/${ARCH}/os/
-+enabled=1
-+gpgcheck=0
-+RHELREPOEOF
-+REPORUN
-+
- RUN dnf -y upgrade /rpms/*.rpm
- FEDORACIEOF
-         cat >"$CONTAINERFILE" <<REALEOF

SOURCES/0001-bootc-inistall-provision.patch

@@ -1,14 +0,0 @@
-diff --git i/tmt/tests/bootc-install-provision.sh w/tmt/tests/bootc-install-provision.sh
-index 6c9968c..c617d5e 100755
---- i/tmt/tests/bootc-install-provision.sh
-+++ w/tmt/tests/bootc-install-provision.sh
-@@ -50,7 +50,8 @@ if [ "$TMT_REBOOT_COUNT" -eq 0 ]; then
-     fi
- 
-     # Some rhts-*, rstrnt-* and tmt-* commands are in /usr/local/bin
--    cp -r /usr/local/bin "$BOOTC_TEMPDIR"
-+    cp -r /var/lib/tmt/scripts "$BOOTC_TEMPDIR/bin"
-+    ls -al "$BOOTC_TEMPDIR/bin"
- 
-     # Check image building folder content
-     ls -al "$BOOTC_TEMPDIR"

bootc.spec

@@ -11,9 +11,18 @@
     %bcond_with rhsm
 %endif
 
+%global rust_minor %(rustc --version | cut -f2 -d" " | cut -f2 -d".")
+
+# https://github.com/bootc-dev/bootc/issues/1640
+%if 0%{?fedora} || 0%{?rhel} >= 10 || 0%{?rust_minor} >= 89
+    %global new_cargo_macros 1
+%else
+    %global new_cargo_macros 0
+%endif
+
 Name:           bootc
-Version:        1.8.0
-Release:        2%{?dist}
+Version:        1.10.0
+Release:        1%{?dist}
 Summary:        Bootable container system
 
 # Apache-2.0
@@ -25,14 +34,14 @@ Summary:        Bootable container system
 # MIT OR Apache-2.0
 # Unlicense OR MIT
 License:        Apache-2.0 AND BSD-3-Clause AND MIT AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND (Unlicense OR MIT)
-URL:            https://github.com/containers/bootc
+URL:            https://github.com/bootc-dev/bootc
 Source0:        %{url}/releases/download/v%{version}/bootc-%{version}.tar.zstd
 Source1:        %{url}/releases/download/v%{version}/bootc-%{version}-vendor.tar.zstd
 
 # Don't remove, downstream patch only
 # Patch for integration test RHEL 9.x and 10.x support
-Patch0: 0000-bootc-inistall-provision.patch
-Patch1: 0001-bootc-inistall-provision.patch
+#Patch0: 0000-bootc-inistall-provision.patch
+#Patch1: 0001-bootc-inistall-provision.patch
 
 # https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval
 ExcludeArch:    %{ix86}
@@ -41,6 +50,7 @@ BuildRequires: libzstd-devel
 BuildRequires: make
 BuildRequires: ostree-devel
 BuildRequires: openssl-devel
+BuildRequires: go-md2man
 %if 0%{?rhel}
 BuildRequires: rust-toolset
 %else
@@ -52,10 +62,13 @@ BuildRequires: skopeo ostree
 
 # Backing storage tooling https://github.com/containers/composefs/issues/125
 Requires: composefs
-# For OS updates
+# Keep this list in sync with workspace.metadata.binary-dependencies until we sync
+# it automatically
 Requires: ostree
 Requires: skopeo
 Requires: podman
+Requires: util-linux-core
+Requires: /usr/bin/chcon
 # For bootloader updates
 Recommends: bootupd
 
@@ -88,7 +101,7 @@ rm vendor-config.toml
 
 %build
 # Build the main bootc binary
-%if 0%{?fedora} || 0%{?rhel} >= 10
+%if %new_cargo_macros
     %cargo_build %{?with_rhsm:-f rhsm}
 %else
     %cargo_build %{?with_rhsm:--features rhsm}
@@ -97,7 +110,7 @@ rm vendor-config.toml
 # Build the system reinstallation CLI binary
 %global cargo_args -p system-reinstall-bootc
 export SYSTEM_REINSTALL_BOOTC_INSTALL_PODMAN_PATH=%{system_reinstall_bootc_install_podman_path}
-%if 0%{?fedora} || 0%{?rhel} >= 10
+%if %new_cargo_macros
     # In cargo-rpm-macros, the cargo_build macro does flag processing,
     # so we need to pass '--' to signify that cargo_args is not part
     # of the macro args
@@ -109,6 +122,8 @@ export SYSTEM_REINSTALL_BOOTC_INSTALL_PODMAN_PATH=%{system_reinstall_bootc_insta
     %cargo_build %cargo_args
 %endif
 
+make manpages
+
 %cargo_vendor_manifest
 # https://pagure.io/fedora-rust/rust-packaging/issue/33
 sed -i -e '/https:\/\//d' cargo-vendor.txt
@@ -126,13 +141,21 @@ cat >%{?buildroot}/%{system_reinstall_bootc_install_podman_path} <<EOF
 exec dnf -y install podman
 EOF
 chmod +x %{?buildroot}/%{system_reinstall_bootc_install_podman_path}
+# generate doc file list excluding directories; workaround for
+# https://github.com/coreos/rpm-ostree/issues/5420
+touch %{?buildroot}/%{_docdir}/bootc/baseimage/base/sysroot/.keepdir
+find %{?buildroot}/%{_docdir} ! -type d -printf '%{_docdir}/%%P\n' > bootcdoclist.txt
 
 %if %{with check}
 %check
-%cargo_test
+if grep -qEe 'Seccomp:.*0$' /proc/self/status; then
+    %cargo_test
+else
+    echo "skipping unit tests due to https://github.com/rpm-software-management/mock/pull/1613#issuecomment-3421908652"
+fi
 %endif
 
-%files
+%files -f bootcdoclist.txt
 %license LICENSE-MIT
 %license LICENSE-APACHE
 %license LICENSE.dependencies
@@ -145,14 +168,17 @@ chmod +x %{?buildroot}/%{system_reinstall_bootc_install_podman_path}
 %{_prefix}/libexec/libostree/ext/*
 %endif
 %{_unitdir}/*
-%{_docdir}/bootc/*
-%{_mandir}/man*/bootc*
+%{_mandir}/man*/*bootc*
 
 %files -n system-reinstall-bootc
 %{_bindir}/system-reinstall-bootc
 %{system_reinstall_bootc_install_podman_path}
 
 %changelog
+* Thu Oct 30 2025 Joseph Marrero <jmarrero@fedoraproject.org> - 1.10.0-1
+- Update to 1.10.0
+- Resolves: #RHEL-125340
+
 * Fri Sep 05 2025 Colin Walters <walters@verbum.org> - 1.8.0-2
 - Update to 1.8.0
 

gating.yaml

@@ -0,0 +1,17 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - rhel-9
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans/all.fmf

@@ -0,0 +1,89 @@
+discover:
+  how: fmf
+  dist-git-source: true
+  dist-git-install-builddeps: true
+execute:
+  how: tmt
+environment:
+    NIGHTLY_COMPOSE_SITE: download.eng.bos.redhat.com
+prepare:
+  # Install image mode system on package mode system
+  - how: install
+    order: 97
+    package:
+      - podman
+      - skopeo
+      - jq
+      - bootc
+      - system-reinstall-bootc
+      - expect
+      - ansible-core
+      - zstd
+  - how: shell
+    order: 98
+    script:
+      - pwd && ls -al && ls -al /var/share/test-artifacts && mkdir -p bootc && cp /var/share/test-artifacts/*.src.rpm bootc
+      - cd bootc && ls -al && rpm2cpio *.src.rpm | cpio -idmv && rm -f *-vendor.tar.zstd && zstd -d *.tar.zstd && tar -xvf *.tar -C . --strip-components=1 && ls -al
+      - cd bootc/hack && ./provision-packit.sh
+  # tmt-reboot and reboot do not work in this case
+  # reboot in ansible is the only way to reboot in tmt prepare
+  - how: ansible
+    order: 99
+    playbook:
+      - https://github.com/bootc-dev/bootc/raw/refs/heads/main/hack/packit-reboot.yml
+
+/readonly-tests:
+  summary: Execute booted readonly/nondestructive tests
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-01-readonly
+
+/test-20-local-upgrade:
+  summary: Execute local upgrade tests
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-20-local-upgrade
+
+/test-21-logically-bound-switch:
+  summary: Execute logically bound images tests for switching images
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-21-logically-bound-switch
+
+/test-22-logically-bound-install:
+  summary: Execute logically bound images tests for switching images
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-22-logically-bound-install
+
+/test-23-install-outside-container:
+  summary: Execute tests for installing outside of a container
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-23-install-outside-container
+
+/test-24-local-upgrade-reboot:
+  summary: Execute local upgrade tests with automated reboot
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-24-local-upgrade-reboot
+
+/test-25-soft-reboot:
+  summary: Soft reboot support
+  discover+:
+    how: fmf
+    test:
+        - /tmt/tests/test-25-soft-reboot
+
+/test-28-factory-reset:
+  summary: Factory reset
+  discover:
+    how: fmf
+    test:
+        - /tmt/tests/test-28-factory-reset

provision-packit.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+set -exuo pipefail
+
+# Check environment
+printenv
+
+# temp folder to save building files and folders
+BOOTC_TEMPDIR=$(mktemp -d)
+trap 'rm -rf -- "$BOOTC_TEMPDIR"' EXIT
+
+# Copy files and folders in hack to TEMPDIR
+cp -a . "$BOOTC_TEMPDIR"
+
+# Keep testing farm run folder
+cp -r /var/ARTIFACTS "$BOOTC_TEMPDIR"
+
+# Copy bootc repo
+cp -r /var/share/test-artifacts "$BOOTC_TEMPDIR"
+
+ARCH=$(uname -m)
+# Get OS info
+source /etc/os-release
+
+# Some rhts-*, rstrnt-* and tmt-* commands are in /usr/local/bin
+if [[ -d /var/lib/tmt/scripts ]]; then
+    cp -r /var/lib/tmt/scripts "$BOOTC_TEMPDIR"
+    ls -al "${BOOTC_TEMPDIR}/scripts"
+else
+    cp -r /usr/local/bin "$BOOTC_TEMPDIR"
+    ls -al "${BOOTC_TEMPDIR}/bin"
+fi
+
+# Get base image URL
+TEST_OS="${ID}-${VERSION_ID}"
+BASE=$(cat os-image-map.json | jq -r --arg v "$TEST_OS" '.[$v]')
+
+if [[ "$ID" == "rhel" ]]; then
+    # OSCI gating only
+    CURRENT_COMPOSE_ID=$(skopeo inspect --no-tags --retry-times=5 --tls-verify=false "docker://${BASE}" | jq -r '.Labels."redhat.compose-id"')
+
+    if [[ -n ${CURRENT_COMPOSE_ID} ]]; then
+        if [[ ${CURRENT_COMPOSE_ID} == *-updates-* ]]; then
+            BATCH_COMPOSE="updates/"
+        else
+            BATCH_COMPOSE=""
+        fi
+    else
+        BATCH_COMPOSE="updates/"
+        CURRENT_COMPOSE_ID=latest-RHEL-$VERSION_ID
+    fi
+
+    # use latest compose if specific compose is not accessible
+    RC=$(curl -skIw '%{http_code}' -o /dev/null "http://${NIGHTLY_COMPOSE_SITE}/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/STATUS")
+    if [[ $RC != "200" ]]; then
+        CURRENT_COMPOSE_ID=latest-RHEL-${VERSION_ID%%}
+    fi
+
+    # generate rhel repo
+    tee "${BOOTC_TEMPDIR}/rhel.repo" >/dev/null <<REPOEOF
+[rhel-baseos]
+name=baseos
+baseurl=http://${NIGHTLY_COMPOSE_SITE}/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/compose/BaseOS/${ARCH}/os/
+enabled=1
+gpgcheck=0
+
+[rhel-appstream]
+name=appstream
+baseurl=http://${NIGHTLY_COMPOSE_SITE}/rhel-${VERSION_ID%%.*}/nightly/${BATCH_COMPOSE}RHEL-${VERSION_ID%%.*}/${CURRENT_COMPOSE_ID}/compose/AppStream/${ARCH}/os/
+enabled=1
+gpgcheck=0
+REPOEOF
+    cp "${BOOTC_TEMPDIR}/rhel.repo" /etc/yum.repos.d
+fi
+
+ls -al /etc/yum.repos.d
+cat /etc/yum.repos.d/test-artifacts.repo
+ls -al /var/share/test-artifacts
+
+# copy bootc rpm repo into image building root
+cp /etc/yum.repos.d/test-artifacts.repo "$BOOTC_TEMPDIR"
+
+# Let's check things in hack folder
+ls -al "$BOOTC_TEMPDIR"
+
+# Do not use just because it's only available on Fedora, not on CS and RHEL
+podman build --jobs=4 --from "$BASE" -v "$BOOTC_TEMPDIR":/bootc-test:z -t localhost/bootc-integration -f "${BOOTC_TEMPDIR}/Containerfile.packit" "$BOOTC_TEMPDIR"
+
+# Keep these in sync with what's used in hack/lbi
+podman pull -q --retry 5 --retry-delay 5s quay.io/curl/curl:latest quay.io/curl/curl-base:latest registry.access.redhat.com/ubi9/podman:latest
+
+# Run system-reinstall-bootc
+# TODO make it more scriptable instead of expect + send
+./system-reinstall-bootc.exp

sources

@@ -0,0 +1,2 @@
+SHA512 (bootc-1.10.0.tar.zstd) = bf091786d6dd68ceb4741533a95261b3035c65d0d536d3fa5e6eee2b7ebda0b25efbf6aedf651b2cade8bdd93d39490bb2f3fab2f380a9422458e23e9b918051
+SHA512 (bootc-1.10.0-vendor.tar.zstd) = 7e291d34ef83b69d801828b99a9645d98f750c90c563774f601fd4bf84c9236e2f0964dfae2d4c46243f9b1d891d21cd8a8b5418e26a8282a1ca553bb5575aa3