Hi @ricardosalveti. Thanks for your PR.

I'm waiting for a ostreedev member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

@ericcurtin at https://github.com/ostreedev/ostree/blob/main/src/libostree/ostree-sysroot-deploy.c#L1201 we are checking for availability of aboot.img and aboot.cfg under /usr/lib/modules/$kver, but when creating the boot entry it sets to the correct path once found and to /usr/lib/ostree-boot/aboot.img / cfg when not found, causing it to be added for all ostree users.

Since I don't have the aboot logic background, should it really be pointing to /usr/lib/ostree-boot even when not available?

Noticed this when booting ostree with systemd-boot, as it complained about the 'aboot' and 'abootcfg' entries:

root@jetson-agx-xavier-devkit:/boot# bootctl
systemd-boot not installed in ESP.
/boot/loader/entries/ostree-2.conf:8: Unknown line 'abootcfg', ignoring.
/boot/loader/entries/ostree-2.conf:9: Unknown line 'aboot', ignoring.
/boot/loader/entries/ostree-1+3.conf:8: Unknown line 'abootcfg', ignoring.
/boot/loader/entries/ostree-1+3.conf:9: Unknown line 'aboot', ignoring.

/ok-to-test

cc @ericcurtin who added aboot

This would require a test to be sure... There's some not obvious paths in this code as at osbuild-time OSTree when built for aboot behaves a little differently to say when actually booted...

It's a pity we don't have Packit integrated with OSTree, would be neat to grab an rpm built from this PR and run a quick test.

@ricardosalveti mind if we take a little while to test this change?

Might even be worth adding CI for this platform now. There's more variety of ARM runners in GitHub now than there was when this code was added.

@ricardosalveti mind if we take a little while to test this change?

not at all, I guess one thing to confirm is if /usr/lib/ostree-boot/ was indeed being used in the aboot scenario.

I tested this change on a Qualcomm RideSX4 (sa8775p) with AutoSD 9, and everything looks good to me. @cgwalters @ericcurtin : I am fine with merging this.

Tested-by: Brian Masney bmasney@redhat.com

I tested this change on a Qualcomm RideSX4 (sa8775p) with AutoSD 9, and everything looks good to me. @cgwalters @ericcurtin : I am fine with merging this.

Thanks for testing this, tested-by tag added and commit updated.

@masneyb curious what tested means here? Build an image with modified ostree rpm using osbuild? AutoSD booted with modified rpm? AutoSD and OSTree upgraded and booted into the new image version successfully with modified rpm?

Just want to be sure, so if this comes back to bite us we know what was tested :)

Thanks for helping out.

I would not block on this, but if we break, we have to push a new OSTree rpm to CentOS Stream, not fun.

Happy to merge... I'm wary of these changes because some of these code paths behave differently at osbuild-time, first-boot time and upgrade time...

I guess continuous-integration/jenkins/pr-merge is a flake maybe?

@ericcurtin : I tested this with the following procedure:

• I checked out this branch and built new ostree RPMs from dist-git with a newer release number.
• I built a new image using a-i-b minimal image mode, and I pointed it to the local directory where I built these RPMs. I checked the build output (and eventually the system image) to be sure that my new RPM version was installed as expected.
• I boot tested this on the RideSX4 board.

So I guess the only scenario that I didn't test was the upgrade functionality. Suggestions welcome here for how I can test that.

Is there anything else that I should have tested? Tomorrow I also want to test this on a Renesas board that we have.

Regarding the CI failure:

[2025-04-23T22:03:56.434Z] Apr 23 22:03:55 qemu0 kola-runext-itest-bare-root.sh[2227]: Unexpected nonzero exit status 1 while running: ostree checkout -H ${host_refspec} co
[2025-04-23T22:03:56.434Z] Apr 23 22:03:55 qemu0 systemd[1]: kola-runext.service: Main process exited, code=exited, status=1/FAILURE
[2025-04-23T22:03:56.434Z] Apr 23 22:03:55 qemu0 systemd[1]: kola-runext.service: Failed with result 'exit-code'.
[2025-04-23T22:03:59.683Z] --- FAIL: ext.ostree.destructive.itest-bare-root.sh (27.07s)
[2025-04-23T22:03:59.683Z]         cluster.go:151: Error: Unit kola-runext.service exited with code 1
[2025-04-23T22:03:59.683Z]         cluster.go:151: 2025-04-23T22:03:56Z cli: Unit kola-runext.service exited with code 1
[2025-04-23T22:03:59.683Z]         harness.go:1260: kolet failed: : kolet run-test-unit failed: Process exited with status 1

and

[2025-04-23T22:08:48.610Z] --- FAIL: ext.ostree.destructive.itest-label-selinux.sh (36.99s)
[2025-04-23T22:08:48.610Z]         cluster.go:151: Error: Unit kola-runext.service exited with code 1
[2025-04-23T22:08:48.610Z]         cluster.go:151: 2025-04-23T22:08:44Z cli: Unit kola-runext.service exited with code 1
[2025-04-23T22:08:48.610Z]         harness.go:1260: kolet failed: : kolet run-test-unit failed: Process exited with status 1

Along with various other errors related to kola-runext.service .

Maybe @jlebon knows how to kick off the tests again?

@ericcurtin : I tested this with the following procedure:

• I checked out this branch and built new ostree RPMs from dist-git with a newer release number.
• I built a new image using a-i-b minimal image mode, and I pointed it to the local directory where I built these RPMs. I checked the build output (and eventually the system image) to be sure that my new RPM version was installed as expected.
• I boot tested this on the RideSX4 board.

So I guess the only scenario that I didn't test was the upgrade functionality. Suggestions welcome here for how I can test that.

Is there anything else that I should have tested? Tomorrow I also want to test this on a Renesas board that we have.

It's documented here:

https://sigs.centos.org/automotive/building/unattended_updates/

It's possible to kinda do a fake upgrade, if all the various composefs/fsverity verifications are turned off and we do a "rpm-ostree install some rpm". An rpm-ostree install is kinda like an atomic upgrade.

We have done the two most important tests though maybe it's enough, thanks for writing that down.

Will be neat to see this on the Renasas board, we are missing the userspace AB switching tool for the RideSX4 board. We would fake the AB switching sometimes to test this on RideSX4 or do AA switching (all on the same slot 😅)

@ericcurtin : I was able to test rpm-ostree upgrade functionality on the Qualcomm board with this change. It requires aboot-deploy 0.7 to work. This change looks good to me and is safe to merge.

Almost all the CI failures here are not related to the PR, they're fallout from Fedora CoreOS 42 switching to a container image for transport by default.

One of the failures is related to the bin/sbin merge.

I will look at fixing the tests.

@ricardosalveti you can rebase on top of @cgwalters fixes

@ricardosalveti you can rebase on top of @cgwalters fixes

done, thanks!

Fingers crossed auto-merge works

This change seems to have broken automotive updates for me. We used to look for aboot.cfg in /usr/lib/ostree-boot, but then change makes it look in bootcsumdir (i.e. /boot/ostree/$osname-$csum), where the file isn't.

This means that the BLS file will point to the wrong location for the aboot.cfg file and we never actually update the aboot partition during an A/B switch in the deploy.

@alexlarsson : Can you elaborate specifically what's broken with automotive updates? I outlined what all I tested above in two different comments. This includes the rpm-ostree upgrade functionality. I'm mostly curious what I missed, and don't want to miss that again in the future.

I also listed aboot-deploy 0.7 to work as a requirement.

@masneyb Hmm, actually I'm not sure if you would have noticed it in your test.

Here is what happens when I use ukiboot:

1. rpm-ostree upgrade seems to work and it stages the update
2. However, during reboot when the finalize-staged part runs it calls out to aboot-deploy with the incorrect path to the aboot.cfg file
3. aboot-deploy fails, because it needs the BOOT_TYPE=ukiboot in the config file to find the right partitions, thus we never swap partitions, and aboot-deploy fails.
4. On next boot, we're still in slot a, and the logs say:
   ostree[583]: error: ostree-finalize-staged.service failed on previous boot: Final bootloader swap: Child process exited with code 5

However, looking at aboot-deploy it seems like for aboot, maybe things will work "correctly" (falling back to a single slot boot) with a non-existing config file. However, if any other options from the config file was necessary it would still fail.

When I tested this in automotive back in Spring, we didn't have a utility bundled by default to do the slot switching, so this was a single slot deployment. I ensured that when I did the upgrade that the new package versions appeared on reboot. I did not go through the system log messages to look for error messages.

@masneyb I think I only got the error message because i needed the aboot.cfg file to tell it to look for ukiboot_a partition names instead of the default aboot_a name. So, it failed to find the partition for me, but not for you.