Skip to content

Install UKI Addons globally #1780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Install UKI Addons globally #1780

wants to merge 3 commits into from
+70 −59

Conversation

@Johan-Liebert1
Copy link
Collaborator

@Johan-Liebert1 Johan-Liebert1 commented Nov 18, 2025

Until now we were scoping passed in UKI Addons to specific deployments,
but usecases like ignition, luks (for now at least), require the addons
to be applied to all deployments

Rename 'efi' key to 'uki' in BLSConfig

Key 'uki' is more appropriate for us as the PE Binary that the key
points to is a UKI

@bootc-bot bootc-bot bot requested a review from jmarrero November 18, 2025 11:11
gemini-code-assist[bot]
gemini-code-assist bot reviewed Nov 18, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces two main changes. First, it refactors the boot configuration logic by renaming efi and NonEFI components to uki and NonUKI respectively, which more accurately reflects that these are Unified Kernel Images. This change is applied consistently across several files, including configuration parsing, boot setup, and deletion logic. Second, it changes the installation of UKI addons to be global by default, installing them into a shared directory on the ESP rather than scoping them to a specific deployment.

My review focuses on the correctness and maintainability of these changes. The refactoring appears to be well-executed. However, I have identified a couple of potential issues with the new global addon functionality. One concern is that the logic for global addons might unintentionally alter the installation path for UKIs that are located in subdirectories. Another point is the lack of a deletion mechanism for these new globally installed addons, which could lead to orphaned files on the EFI System Partition. I've added specific comments with details on these points.

@cgwalters
Copy link
Collaborator

cgwalters commented Nov 18, 2025

usecases like ignition, luks (for now at least), require the addons
to be applied to all deployments

FTR we covered some of this in coreos/fedora-coreos-tracker#2060

It feels a bit weird to install global addons from a container image by default; at least not without making that opt-in somehow.

Since as discussed the Ignition platform ID UKI addon needs to live "out of band" of the container, how about just adding bootc install --global-uki-addon=/path/to/file? (it might also make sense to support fetching them as an OCI artifact or so too)

Or really I guess in the CoreOS case since it's always using osbuild which always uses install-to-filesystem it could be the build process there that drops in the UKI addon for the platform ID right?

Overall my inclination is to back out on the UKI addon support in bootc for now and just do external dropins per above until we're sure we need in-band addons.

@Johan-Liebert1
Copy link
Collaborator Author

Johan-Liebert1 commented Nov 19, 2025

It feels a bit weird to install global addons from a container image by default; at least not without making that opt-in somehow.

Installing addons is opt-in using the --uki-addon flag. Until now they were installed specific to a deployment, which is a niche use case as people would want to install most addons globally for all deployments. @travier and I had a discussion on whether most addons would be scoped and global. There are some use cases for scoped addons, example for testing something before applying it to all deployments.

The platform ID Ignition addon is a special case and would most probably be not in a container (even though it very well could be in a container).

@Johan-Liebert1 Johan-Liebert1 mentioned this pull request Nov 19, 2025
Open
@Johan-Liebert1
composefs/install: Install UKI Addons globally
d2c358e 
Until now we were scoping passed in UKI Addons to specific deployments,
but usecases like ignition, luks (for now at least), require the addons
to be applied to all deployments

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
@Johan-Liebert1
bls-config: Rename 'efi' key to 'uki'
2906324 
Key 'uki' is more appropriate for us as the PE Binary that the key
points to is a UKI

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
@Johan-Liebert1
composefs/uki: Install all UKIs in EFI/Linux/bootc
a7dc7ed 
We were making a distinction based on the bootloader and installing UKIs
in EFI/Linux for Grub and EFI/Linux/bootc for sd-boot. IMO it's better
if we use the same directory for both bootloaders

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmarrero jmarrero Awaiting requested review from jmarrero

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Johan-Liebert1 @cgwalters