Commit Graph

106 Commits

Author SHA1 Message Date
Eric Curtin
bc5c0717fc docs/atomic-rollbacks: Add a section on rollbacks
Describing how different types of rollbacks work.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-13 17:07:17 +00:00
Colin Walters
6df18abee7 docs/var: Update for latest
This reorients things here around the latest `VOLUME /var` approach.
2024-02-12 13:12:09 -05:00
Colin Walters
f81b9fa166 sysroot: Rework /var handling to act like Docker VOLUME /var
We've long struggled with semantics for `/var`.  Our stance of
"/var should start out empty and be managed by the OS" is a strict
one, that pushes things closer to the original systemd upstream
ideal of the "OS state is in /usr".

However...well, a few things.  First, we had some legacy bits
here which were always populating the deployment `/var`.  I don't
think we need that if systemd is in use, so detect if the tree
has `usr/lib/tmpfiles.d`, and don't create that stuff at
`ostree admin stateroot-init` time if so.

Building on that then, we have the stateroot `var` starting out
actually empty.

When we do a deployment, if the stateroot `var` is empty,
make a copy (reflink if possible of course) of the commit's `/var`
into it.

This matches the semantics that Docker created with volumes,
and this is sufficiently simple and easy to explain that I think
it's closer to the right thing to do.

Crucially...it's just really handy to have some pre-existing
directories in `/var` in container images, because Docker (and podman/kube/etc)
don't run systemd and hence don't run `tmpfiles.d` on startup.

I really hit on the fact that we need `/var/tmp` in our container
images by default for example.

So there's still some overlap here with e.g. `/usr/lib/tmpfiles.d/var.conf`
as shipped by systemd, but that's fine - they don't actually conflict
per se.
2024-02-09 17:46:12 -05:00
Eric Curtin
cd308d5751 doc: Add section about ostree and aboot
Android Bootloader is a standard of how Android devices should implement
their bootloaders, we also use it in CentOS Automotive Stream
Distribution for some ARM boards. Here is some documentation on how
ostree works with this.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-01-05 17:34:09 +00:00
Colin Walters
712eecad4f docs/composefs: Add note about toplevel dirs
Just thinking about trying to land this, I think some people
may hit this one.
2024-01-02 15:18:37 -05:00
Eric Curtin
5c7f42b8d2
Merge pull request #3116 from jmarrero/bootloader-doc
doc: Add section about ostree and bootloaders
2023-12-14 22:05:10 +00:00
Joseph Marrero
5466e98cd2 doc: Add section about ostree and bootloaders 2023-12-14 07:34:41 -05:00
Colin Walters
8f4beb4a7f docs: Add var.md
This one overlaps a bit with some other sections...the docs
need a bigger rework, but this is better than we had before.
2023-12-08 14:01:13 -05:00
Leonardo Held
3ff00e43f5
Update Torizon information
TorizonCore became Torizon OS and Torizon OTA is now Torizon Cloud.

Signed-off-by: Leonardo Held <leonardo.held@toradex.com>
2023-12-07 10:08:16 -03:00
Colin Walters
d4adb79539 docs: Add authenticated-repos.md
Document options for accessing repositories that require authentication.
2023-09-27 14:02:55 -04:00
Colin Walters
94cb37cb30 prepare-root: Minor clarifications
No functional changes.
2023-08-16 16:56:12 -04:00
Alexander Larsson
81fa214155 Read composefs configuration from initrd instead of commandline
This drops the `ot-composefs` kernel commandline in favour
of a `[composefs]` section in the `prepare-rootfs.conf` file.

You can set `composefs.enabled` to `signed`, `yes`, `no` or `maybe`,
with `maybe` being the default.

You can also set `composefs.keypath` (or rely on the default
`/etc/ostree/initramfs-root-binding.key`) to point to ed25519 public
keys, one of which which the commit must be signed with, or boot
fails.

The ostree dracut module adds `/etc/ostree/initramfs-root-binding.key`
to the initrd if it exists.

NOTE: This drop the option to define a digest in the commandline.
However, that was currently unused
(i.e. ComposefsConfig.expected_digest was never read).

Additionally it very hard to actually store the composefs digest in
the initrd, as the initrd is typically part of the commit and thus the
composefs. It may be possible to handle this, but lets add it back
when we know exactly how that will work.
2023-08-14 12:27:47 +02:00
samcday
b5397887e3
docs: update boot loader spec link 2023-07-25 21:42:41 +02:00
Alexander Larsson
c29f4193cd ostree-prepare-root: Validate ed25519 signatures when requested
If requested, by specifying ot-composefs=signed=/path/to/pub.key then
the commit object is validated against the specified ed25519 public
key, and if valid, the composefs digest from the commit object is used
to ensure we boot the right digest.
2023-07-11 14:08:33 -04:00
Colin Walters
786e64ced7 docs: Update user and group section
- mention `DynamicUser=yes`
- mention the recent systemd JSON bits
- mention sysusers.doc

And briefly talk about the tradeoffs in these.
2023-06-29 11:05:31 -04:00
Colin Walters
b56da3409d docs/composefs: Updates
- fix URL
- Document requirements
- Document kernel argument
- Adjust for recent changes
2023-06-19 17:29:31 -04:00
Colin Walters
91c6b1a6d2 composefs: Add some basic docs
Let's describe the state of things at a high level, independent
of the tracking issue which has a lot more detail (and hence noise).

This document keeps things at a high level and describes how to
enable things today.
2023-06-14 16:41:48 -04:00
Timothée Ravier
375bef3a4d docs: Use upstream theme & update to 0.4.1
Use a fixed tag for the theme so that we can directly pull it from
upstream and skip vendoring the theme in the coreos org.
2023-03-10 12:17:16 +01:00
Tareque Md Hanif
ef1277023c docs: Fix link to ostree-rs 2023-02-05 11:49:41 +06:00
Jonathan Lebon
e075c51057 docs: Add section about staged deployments
I was explaining staged deployments to someone today and was looking for
a doc but we didn't have any. Fix that.
2022-08-23 10:59:40 -04:00
Huijing Hei
7db2fe8cba Update doc about adding new function to libostree 2022-07-14 16:05:53 +08:00
Colin Walters
ffb3b2bc7a docs/ima: Also link the SUSE docs
They have a lot of stuff there.
2022-05-06 14:43:58 -04:00
Colin Walters
b070e0f54a Update docs/ima.md
Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
2022-04-21 16:24:57 -04:00
Colin Walters
614d30acf3 docs: Add new IMA document
Now that the fixed code for `ima-sign` landed in
https://github.com/ostreedev/ostree-rs-ext/pull/283
2022-04-21 12:04:33 -04:00
Dan Nicholson
9b6a8171c5 docs: Publish man pages
Make a copy of `man/html` to `docs/man` and then configure Jekyll to
include it verbatim like the API docs. A link is added to the main index
and the necessary commands are added to the github docs workflow.
2022-04-08 19:25:32 -06:00
Joe Talbott
faa8ed547b Add Fedora Kinoite link to index.md also. 2022-03-09 08:58:12 -05:00
Luca BRUNO
08e98e9042
lib/core: introduce 'bare-split-xattrs' mode 2022-03-02 16:45:00 +00:00
Timothée Ravier
5af2a529be docs: Do not convert -- & --- to en/em-dash
'--' is frequently used for command line options and was thus
incorrectly rendered as a special en-dash symbol.
2021-10-11 12:29:32 +02:00
Dan Nicholson
e19840a252 docs: Copy in API docs and add link
Make a copy of `apidoc/html` to `docs/reference` and then tell Jekyll to
include it verbatim. This will include the gtk-doc API docs on the
static site. A link is added to the main index.

A script is added to do the copy (a symlink won't do) and is setup to
run before Jekyll in the GitHub workflow. Ideally this would be a local
Jekyll plugin to make the process automatic, but the github-pages gem
doesn't allow that.
2021-05-21 10:46:49 -06:00
Dan Nicholson
3c7449397a docs: Provide bundler setup for building site locally
This mimics the GitHub Pages environment so that you can build and serve
the site locally for testing. It's will also be required later for using
Jekyll Actions[1] instead of the automated GitHub Pages flow.

1. https://github.com/marketplace/actions/jekyll-actions
2021-05-21 10:13:15 -06:00
Dan Nicholson
e4105a0366 docs: Fix CONTRIBUTING link
This returns a 404 since the site is already generated from the docs
directory. Furthermore, the `CONTRIBUTING.md` markdown file isn't in the
generated site, just the HTML.

Instead, use jekyll's `link` tag to create the link. Unfortunately,
before jekyll 4.0 (github-pages uses 3.9), you have to prepend the base
URL.
2021-05-20 16:45:12 -06:00
Timothée Ravier
02527f115e *: rename master to main in tests & examples 2021-05-07 16:55:03 +02:00
Timothée Ravier
b8cca6cef1 *: rename master branch to main 2021-05-07 16:55:03 +02:00
Micah Abbott
7893e1907b docs: typo fix for /usr/etc 2021-05-03 10:34:01 -04:00
Jonathan Lebon
788e171b7c docs: Add more details about 3-way merge
This came up a few times so let's go into more details in the docs.
2021-04-30 10:50:15 -04:00
Colin Walters
6a72674ec6 Release 2021.2 2021-04-15 13:02:48 -04:00
Benjamin Gilbert
388764f1ed docs: fix "Edit this page on GitHub" links 2021-04-09 23:00:33 -04:00
Leonardo Graboski Veiga
3b935f0d22 docs: Add Torizon to related projects and OS
The Torizon platform, includin the TorizonCore OS, the TorizonCore
Builder Tool and the Torizon OTA, use OSTree as a base for update the
host OS, while the user focus on application development using Docker.

Add TorizonCore to the list of Operating systems and distributions using
OSTree.

Add Torizon and its components to the list of related projects.
2021-03-04 17:04:38 -03:00
Colin Walters
2195a6099b docs: Describe using scratch/empty deltas for initial fetches
Came up with a user hitting ratelimiting from S3.
2021-02-11 21:19:59 +00:00
Luca BRUNO
8ece70b207
templates: add release-checklist
This collects all release steps in a release-checklist template.
2020-11-18 13:05:07 +00:00
Kelvin Fan
a89d011c0b docs: Fix various typos 2020-10-19 10:55:49 -04:00
Timothée Ravier
0bbd89e326
docs: Fix URL in Jekyll _config.yml 2020-10-05 21:10:31 +02:00
Timothée Ravier
13844c6b3e
docs: Move historical README to the docs 2020-10-02 14:38:28 +02:00
Timothée Ravier
68ac9e9c50
docs: Move and update pages from the manual 2020-10-02 14:34:48 +02:00
Timothée Ravier
6ca312a923
docs: Update Contributing and tutorial pages 2020-10-02 14:34:48 +02:00
Timothée Ravier
90b1644f1e
docs: Update Index page 2020-10-01 19:32:12 +02:00
Timothée Ravier
015d44d58d
docs: Add Jekyll and theme config 2020-10-01 19:32:12 +02:00
AJ Jordan
0487b498ad
Fix typo 2020-05-21 23:22:44 -07:00
Stefan Agner
ce5dfadbd7 docs: extend repository types
Clarify where metadata are stored exactly in the `bare-user` case.
Make the first sentence of `bare-user` and `bare-user-only` paragraph
symetric to make it easier to jump to the right paragraph for readers
in a hury. Stree out that `bare-user-only` may loose metadata.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
2020-04-24 13:12:47 +02:00
Stefan Agner
b43c0be347 docs: extend object type documentation
Extend the object type documentation with file endings used for the
individual type. Also clarify in which situation content type objects
are used and why they do not match the SHA256 hash today.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
2020-04-24 13:05:15 +02:00