treefile: Add no-initramfs: knob

dustymabe · jlebon · dustymabe · commit 481fbb034292 · 2025-11-05T09:54:20.000-05:00
In the work to rebase FCOS/RHCOS to fedora-bootc/rhel-bootc, we want to run postprocess scripts for CoreOS specific changes to the rootfs, but we want changes made in those postprocess scripts to affect the initramfs generation too. The new experimental `no-initramfs` knob will allow us to disable the generation of the initramfs via dracut in the initial compose of the rootfs. Then we can run our postprocess scripts on the rootfs and later run dracut to generate the initramfs. This came from discussion in https://gitlab.com/fedora/bootc/base-images/-/merge_requests/315 where it was decided to not add a `--postprocess` argument to bootc-base-imagectl. Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
diff --git a/docs/treefile.md b/docs/treefile.md
@@ -561,6 +561,8 @@ version of `rpm-ostree`.
    - `var`: `/opt` and `/usr/local` are symlinks to subdirectories in `/var`
      and are purely machine-local state.
    - `root`: These are plain directories; only use this with composefs enabled!
+ * `no-initramfs`: boolean, optional: If `true` don't run dracut to generate an
+   initramfs. Defaults to `false`.
 
 ### Kickstarts
 
diff --git a/rpmostree-cxxrs.cxx b/rpmostree-cxxrs.cxx
@@ -1876,6 +1876,7 @@ struct Treefile final : public ::rust::Opaque
   bool may_require_local_assembly () const noexcept;
   bool has_any_packages () const noexcept;
   bool merge_treefile (::rust::Str treefile);
+  bool get_no_initramfs () const noexcept;
   ~Treefile () = delete;
 
 private:
@@ -2835,6 +2836,9 @@ extern "C"
   ::rust::repr::PtrLen
   rpmostreecxx$cxxbridge1$Treefile$merge_treefile (::rpmostreecxx::Treefile &self,
                                                    ::rust::Str treefile, bool *return$) noexcept;
+
+  bool
+  rpmostreecxx$cxxbridge1$Treefile$get_no_initramfs (::rpmostreecxx::Treefile const &self) noexcept;
   ::std::size_t rpmostreecxx$cxxbridge1$RepoPackage$operator$sizeof () noexcept;
   ::std::size_t rpmostreecxx$cxxbridge1$RepoPackage$operator$alignof () noexcept;
 
@@ -5625,6 +5629,12 @@ Treefile::merge_treefile (::rust::Str treefile)
   return ::std::move (return$.value);
 }
 
+bool
+Treefile::get_no_initramfs () const noexcept
+{
+  return rpmostreecxx$cxxbridge1$Treefile$get_no_initramfs (*this);
+}
+
 ::std::size_t
 RepoPackage::layout::size () noexcept
 {
diff --git a/rpmostree-cxxrs.h b/rpmostree-cxxrs.h
@@ -1653,6 +1653,7 @@ struct Treefile final : public ::rust::Opaque
   bool may_require_local_assembly () const noexcept;
   bool has_any_packages () const noexcept;
   bool merge_treefile (::rust::Str treefile);
+  bool get_no_initramfs () const noexcept;
   ~Treefile () = delete;
 
 private:
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
@@ -690,6 +690,7 @@ pub mod ffi {
         fn may_require_local_assembly(&self) -> bool;
         fn has_any_packages(&self) -> bool;
         fn merge_treefile(&mut self, treefile: &str) -> Result<bool>;
+        fn get_no_initramfs(&self) -> bool;
     }
 
     // treefile.rs (split out from above to make &self nice to use)
diff --git a/rust/src/treefile.rs b/rust/src/treefile.rs
@@ -482,7 +482,8 @@ fn treefile_merge(dest: &mut TreeComposeConfig, src: &mut TreeComposeConfig) {
         check_passwd,
         check_groups,
         postprocess_script,
-        rpmdb_normalize
+        rpmdb_normalize,
+        no_initramfs
     );
     merge_hashsets!(ignore_removed_groups, ignore_removed_users);
     merge_maps!(add_commit_metadata, variables, metadata, repovars);
@@ -1856,6 +1857,10 @@ impl Treefile {
         derived
     }
 
+    pub(crate) fn get_no_initramfs(&self) -> bool {
+        self.parsed.base.no_initramfs.unwrap_or_default()
+    }
+
     pub(crate) fn set_initramfs_regenerate(&mut self, enabled: bool, args: Vec<String>) {
         if !enabled {
             // implicitly leaves empty if already empty
@@ -2609,6 +2614,8 @@ pub(crate) struct BaseComposeConfigFields {
     #[serde(skip_serializing_if = "Option::is_none")]
     pub(crate) initramfs_args: Option<Vec<String>>,
     #[serde(skip_serializing_if = "Option::is_none")]
+    pub(crate) no_initramfs: Option<bool>,
+    #[serde(skip_serializing_if = "Option::is_none")]
     pub(crate) readonly_executables: Option<bool>,
 
     // Tree layout options
diff --git a/src/libpriv/rpmostree-kernel.cxx b/src/libpriv/rpmostree-kernel.cxx
@@ -398,10 +398,17 @@ rpmostree_finalize_kernel (int rootfs_dfd, const char *bootdir, const char *kver
     }
   else
     {
-      /* we're not replacing the initramfs; use built-in one */
-      if (!_rpmostree_util_update_checksum_from_file (boot_checksum, rootfs_dfd,
-                                                      initramfs_modules_path, cancellable, error))
+      /* We're not replacing the initramfs; use built-in one if it exists */
+      if (!glnx_fstatat_allow_noent (rootfs_dfd, initramfs_modules_path, NULL, AT_SYMLINK_NOFOLLOW,
+                                     error))
         return FALSE;
+      if (errno == 0)
+        {
+          /* It exists, update the checksum */
+          if (!_rpmostree_util_update_checksum_from_file (
+                  boot_checksum, rootfs_dfd, initramfs_modules_path, cancellable, error))
+            return FALSE;
+        }
     }
 
   const char *boot_checksum_str = g_checksum_get_string (boot_checksum);
diff --git a/src/libpriv/rpmostree-postprocess.cxx b/src/libpriv/rpmostree-postprocess.cxx
@@ -80,6 +80,48 @@ rename_if_exists (int src_dfd, const char *from, int dest_dfd, const char *to, G
   return TRUE;
 }
 
+static gboolean
+run_dracut (int rootfs_dfd, rpmostreecxx::Treefile &treefile, GLnxTmpfile *initramfs_tmpf,
+            const char *kver, GCancellable *cancellable, GError **error)
+{
+  /* Run dracut with our chosen arguments (commonly at least --no-hostonly) */
+  g_autoptr (GPtrArray) dracut_argv = g_ptr_array_new ();
+  rust::Vec<rust::String> initramfs_args = treefile.get_initramfs_args ();
+  if (!initramfs_args.empty ())
+    {
+      for (auto &arg : initramfs_args)
+        g_ptr_array_add (dracut_argv, (void *)arg.c_str ());
+    }
+  else
+    {
+      /* Default to this for treecomposes */
+      g_ptr_array_add (dracut_argv, (char *)"--no-hostonly");
+    }
+  g_ptr_array_add (dracut_argv, NULL);
+
+  /* We use a tmpdir under the target root since dracut currently tries to copy
+   * xattrs, including e.g. user.ostreemeta, which can't be copied to tmpfs.
+   */
+  {
+    g_auto (GLnxTmpDir) dracut_host_tmpd = {
+      0,
+    };
+    if (!glnx_mkdtempat (rootfs_dfd, "rpmostree-dracut.XXXXXX", 0700, &dracut_host_tmpd, error))
+      return FALSE;
+    if (!rpmostree_run_dracut (rootfs_dfd, (const char *const *)dracut_argv->pdata, kver, NULL,
+                               FALSE, &dracut_host_tmpd, initramfs_tmpf, cancellable, error))
+      return FALSE;
+    /* No reason to have the initramfs not be world-readable since
+     * it's server-side generated and shouldn't contain any secrets.
+     * https://github.com/coreos/coreos-assembler/pull/372#issuecomment-467620937
+     */
+    if (!glnx_fchmod (initramfs_tmpf->fd, 0644, error))
+      return FALSE;
+  }
+
+  return TRUE;
+}
+
 /* Handle the kernel/initramfs, which can be in at least 2 different places:
  *  - /boot (CentOS, Fedora treecompose before we suppressed kernel.spec's %posttrans)
  *  - /usr/lib/modules (Fedora treecompose without kernel.spec's %posttrans)
@@ -195,43 +237,14 @@ process_kernel_and_initramfs (int rootfs_dfd, rpmostreecxx::Treefile &treefile,
       (void)unlinkat (rootfs_dfd, "usr/etc/machine-id", 0);
     }
 
-  /* Run dracut with our chosen arguments (commonly at least --no-hostonly) */
-  g_autoptr (GPtrArray) dracut_argv = g_ptr_array_new ();
-  rust::Vec<rust::String> initramfs_args = treefile.get_initramfs_args ();
-  if (!initramfs_args.empty ())
-    {
-      for (auto &arg : initramfs_args)
-        g_ptr_array_add (dracut_argv, (void *)arg.c_str ());
-    }
-  else
-    {
-      /* Default to this for treecomposes */
-      g_ptr_array_add (dracut_argv, (char *)"--no-hostonly");
-    }
-  g_ptr_array_add (dracut_argv, NULL);
-
   g_auto (GLnxTmpfile) initramfs_tmpf = {
     0,
   };
-  /* We use a tmpdir under the target root since dracut currently tries to copy
-   * xattrs, including e.g. user.ostreemeta, which can't be copied to tmpfs.
-   */
-  {
-    g_auto (GLnxTmpDir) dracut_host_tmpd = {
-      0,
-    };
-    if (!glnx_mkdtempat (rootfs_dfd, "rpmostree-dracut.XXXXXX", 0700, &dracut_host_tmpd, error))
-      return FALSE;
-    if (!rpmostree_run_dracut (rootfs_dfd, (const char *const *)dracut_argv->pdata, kver, NULL,
-                               FALSE, &dracut_host_tmpd, &initramfs_tmpf, cancellable, error))
-      return FALSE;
-    /* No reason to have the initramfs not be world-readable since
-     * it's server-side generated and shouldn't contain any secrets.
-     * https://github.com/coreos/coreos-assembler/pull/372#issuecomment-467620937
-     */
-    if (!glnx_fchmod (initramfs_tmpf.fd, 0644, error))
-      return FALSE;
-  }
+  if (!treefile.get_no_initramfs ())
+    {
+      if (!run_dracut (rootfs_dfd, treefile, &initramfs_tmpf, kver, cancellable, error))
+        return FALSE;
+    }
 
   /* We always tell rpmostree_finalize_kernel() to skip /boot, since we'll do a
    * full hardlink pass if needed after that for the kernel + bootloader data.
diff --git a/tests/compose/test-no-initramfs.sh b/tests/compose/test-no-initramfs.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -xeuo pipefail
+
+dn=$(cd "$(dirname "$0")" && pwd)
+# shellcheck source=libcomposetest.sh
+. "${dn}/libcomposetest.sh"
+
+treefile_set "no-initramfs" 'True'
+runcompose
+echo "ok compose"
+
+commit=$(jq -r '.["ostree-commit"]' < compose.json)
+ostree --repo=${repo:?} ls -R ${commit} usr/lib/modules > ls.txt
+assert_not_file_has_content ls.txt '/usr/lib/modules/.*/initramfs.img$'
+echo "ok no initramfs"

Original file line number	Diff line number	Diff line change
`@@ -690,6 +690,7 @@ pub mod ffi {`
`690`	`690`	`fn may_require_local_assembly(&self) -> bool;`
`691`	`691`	`fn has_any_packages(&self) -> bool;`
`692`	`692`	`fn merge_treefile(&mut self, treefile: &str) -> Result<bool>;`
	`693`	`+ fn get_no_initramfs(&self) -> bool;`
`693`	`694`	`}`
`694`	`695`
`695`	`696`	`// treefile.rs (split out from above to make &self nice to use)`