Tags: wycats/bootc
Tags
feat: vendor artifacts — source packages from vendor release feeds (#141 ) * docs: add RFC-0056 vendor artifacts Introduces the vendor artifacts design for sourcing packages directly from vendor release feeds (e.g., VS Code update API) instead of relying on potentially stale YUM repository metadata. Key design decisions: - Git tracks intent (what to follow), not resolved versions - Resolution is a build artifact produced in CI - Generic {param} template substitution for discovery URLs - response_map for vendor-agnostic field extraction - Builds consume resolved artifacts, never live vendor APIs * feat: add vendor artifacts manifest types and schema New manifest type for tracking vendor-sourced packages (e.g., VS Code) that are discovered from vendor release feeds rather than YUM repos. - VendorArtifactsManifest, VendorArtifact, VendorSource types in bkt-common - LayerGroup enum shared between external-repos and vendor-artifacts - response_map field for vendor-agnostic response field extraction - ResolvedVendorArtifact types for build-time resolution output - Schema registered and auto-generated - manifests/vendor-artifacts.json with VS Code stable entry - bkt/src/manifest/vendor_artifacts.rs re-exports from bkt-common * feat: add vendor artifact resolver and installer Two new bkt-build commands: - resolve-vendor-artifacts: queries vendor feed APIs, writes resolved manifest to .cache/bkt/vendor-artifacts.resolved.json - install-vendor-artifact: downloads resolved RPM, verifies SHA256, installs via rpm -i --nodb --noscripts --nodeps, keeps RPM at /rpms/ for DB finalization Generic template expansion with hard error on missing params. Field extraction driven by response_map from the manifest. Full vendor response logged to stderr for CI visibility. * feat: integrate vendor artifacts into Containerfile generator - Add vendor_artifacts field to ContainerfileGeneratorInput - Load manifests/vendor-artifacts.json in load_generator_input() - emit_vendor_artifact_stages(): parallel FROM base AS vendor-{name} stages that COPY resolved manifest and run bkt-build install - emit_vendor_artifact_copies(): COPY --from=vendor-{name} in final image - Extend emit_rpm_db_finalization() to register vendor artifact RPMs in the RPM database (rpm -q will work on the running system) - Regenerated Containerfile with vendor-code stage * fix: address review feedback and migrate VS Code Migrate VS Code from external-repos.json to vendor-artifacts.json: - Remove 'code' repo from external-repos.json (code-insiders stays in the YUM repo pipeline for now) - VS Code now sourced from vendor feed API, bypassing stale YUM metadata Fix build artifact leak in final image: - COPY --from=vendor-{name} /usr/ /usr/ instead of / / - Prevents /rpms/ and /tmp/ from shipping in the image Harden template expansion: - Error on unmatched '{' instead of silently passing through - Validate artifact names: only [A-Za-z0-9_-] allowed Reduce logging verbosity: - Log extracted fields (url, version, sha256) instead of full vendor response body to avoid leaking signed URLs Update RFC-0056: - Add response_map to manifest examples and source fields table - Fix resolver description to reference response_map - Remove metadata field from resolution artifact example * fix: use build/ instead of .cache/bkt/ for resolved artifacts The Docker build context doesn't include .cache/ (gitignored hidden directory). Move the resolved vendor artifacts file to build/ which is a visible, non-hidden directory that will be present in the Docker build context after the CI resolve step generates it. - build/ added to .gitignore (generated, not tracked) - Updated default path in bkt-build CLI - Updated Containerfile generator COPY path - Updated CI workflow resolve step output path
fix: add retry logic for vendor artifact downloads Large RPM downloads (e.g., VS Code at ~168MB) from vendor CDNs can fail with transient errors like 'Peer disconnected'. Add retry logic with 3 attempts and 5s backoff to handle flaky network conditions during Docker builds on CI runners.
docs: consolidate bkt try RFCs into RFC-0044 Merged RFC-0044 (bkt try), RFC-0034 (usroverlay), RFC-0035 (admin update), and RFC-0037 (bkt upgrade) into a single coherent document covering the complete Tier 1 preview and convergence lifecycle. Key additions from this session's grounded analysis: - Full apply-live vs usroverlay comparison (from rpm-ostree source) - Safety analysis for live package replacement - COPR as a dnf configuration concern, not architectural - Convergence path (bkt admin update, bkt upgrade) Withdrawn: RFC-0034, RFC-0035, RFC-0037 (absorbed)
feat: add bkt upgrade command with --preview Shows what's staged for next boot: image info, package diff, and notable package changes (VS Code, Edge, 1Password). bkt upgrade # preview staged changes (default) bkt upgrade --fetch # stage latest image from registry No root required for preview (rpm-ostree status/db diff are unprivileged). Only --fetch needs elevated privileges.
fix(wrap): use status() instead of exec() to prevent hanging exec() replaces the wrapper with systemd-run, which waits for all processes in the scope to exit. This causes code --install-extension and similar CLI operations to hang because VS Code forks children that keep the scope alive. Using status() (spawn + wait) lets the wrapper propagate the exit code without becoming the scope leader.
PreviousNext