mirror of
https://github.com/ostreedev/ostree.git
synced 2025-03-11 20:58:45 +03:00
81fa214155
This drops the `ot-composefs` kernel commandline in favour of a `[composefs]` section in the `prepare-rootfs.conf` file. You can set `composefs.enabled` to `signed`, `yes`, `no` or `maybe`, with `maybe` being the default. You can also set `composefs.keypath` (or rely on the default `/etc/ostree/initramfs-root-binding.key`) to point to ed25519 public keys, one of which which the commit must be signed with, or boot fails. The ostree dracut module adds `/etc/ostree/initramfs-root-binding.key` to the initrd if it exists. NOTE: This drop the option to define a digest in the commandline. However, that was currently unused (i.e. ComposefsConfig.expected_digest was never read). Additionally it very hard to actually store the composefs digest in the initrd, as the initrd is typically part of the commit and thus the composefs. It may be possible to handle this, but lets add it back when we know exactly how that will work.