We're working on having Anaconda indirectly run `bootc install to-filesystem` when `ostreecontainer` is in use. The current plan is to require `bootc` be present on the install ISO, which will happen automatically as part of https://src.fedoraproject.org/rpms/rpm-ostree/c/e31f656abc0d451f0ffdd2a3afd60944796c2246?branch=rawhide propagating.

Now...here's the thing, there's a grab bag of stuff we've accumulated in `bootc install` that assumes its source root == target root. For example:

• Detecting whether SELinux is enabled
• Kernel arguments

The core issue today is that there's some circular dependencies forced by ostree because `ostree container image deploy` is doing two things:

• Fetching the target container image
• Setting up a bootloader entry for it (including kernel arguments that are input to that)

We will need to more carefully split up "fetch" from "deploy". Also today, ostree does not directly offer an opinionated way to temporarily "mount" the merged root...we don't make a composefs for example until the deploy phase. But we can bypass that by invoking e.g. `ostree checkout --composefs` and mounting that say.

In general this is going to take some careful auditing of the code, but the good part is that if we do this right, we can just make "invoked from source container" as a special case of "fetch source rootfs".

—

Background:

1. anaconda and bootc

REF docs https://docs.fedoraproject.org/en-US/bootc/bare-metal/

1. Original suggestion:

• Build a base image with LBIs for testing use (could be anything)
• Hack on a patch to https://github.com/ostreedev/ostree-rs-ext/ that checks if the input container image has the `containers.bootc` label (see also https://github.com/ostreedev/ostree-rs-ext/pull/673 which extended our usage of that), and if present and /usr/bin/bootc is present, then we switch to doing `bootc install to-filesystem` instead.

It's actually quite possible here though that we need to make `bootc install to-filesystem` here actually not care that it's not being run in a container image, but it's just picking up ambient host tooling.

1. 1. Restate problem set A: PXE boot scenario

Stock ISO does not have customer container content; today the `ostreecontainer` verb is pointed at the generic filesystem (and block storage) that Anaconda created

1. 1. 1. Prerequisite to distinguish

Detect `containers.bootc` label in target image OR do this unconditionally and backtrack if we actually break something.

1. 1. 1. Prerequisite: https://github.com/containers/bootc/pull/860

Need to teach bootc to fetch LBIs.

1. 1. 1. Path A:

(Instruct customer to...)?

```
%pre
podman pull quay.io/example/someos:latest
%end
```

Then `ostree container image deploy` could redirect to `podman run <image> bootc install to-filesystem`.

1. 1. 1. Path B:

Require `bootc` be part of the ISO ([through rpm-ostree dependency](https://src.fedoraproject.org/rpms/rpm-ostree/c/e31f656abc0d451f0ffdd2a3afd60944796c2246?branch=rawhide)) (or worst case, `curl`/`rpm -Uvh` in `%pre`).

In this flow, we need to `bootc install to-filesystem` to have something like `--pull` which it doesn't do by default now.

1. 1. 1. 1. Problem: bootc install to-filesystem expects to be run from container

Unlike `ostree container image deploy`. Now we do have `--source-imageref` which I think turns off some of the container checks.

Solution: Change bootc to detect when it's not in a container and unconditionally pull the target image. We will need to document how authfiles work in this path etc.