|
| 1 | +# NAME |
| 2 | + |
| 3 | +bootc-install-to-existing-root - Perform an installation to the host |
| 4 | +root filesystem |
| 5 | + |
| 6 | +# SYNOPSIS |
| 7 | + |
| 8 | +**bootc-install-to-existing-root** \[**\--replace**\] |
| 9 | +\[**\--source-imgref**\] \[**\--target-transport**\] |
| 10 | +\[**\--target-imgref**\] \[**\--enforce-container-sigpolicy**\] |
| 11 | +\[**\--target-ostree-remote**\] \[**\--skip-fetch-check**\] |
| 12 | +\[**\--disable-selinux**\] \[**\--karg**\] |
| 13 | +\[**\--root-ssh-authorized-keys**\] \[**\--generic-image**\] |
| 14 | +\[**-h**\|**\--help**\] \[**-V**\|**\--version**\] \[*ROOT_PATH*\] |
| 15 | + |
| 16 | +# DESCRIPTION |
| 17 | + |
| 18 | +Perform an installation to the host root filesystem |
| 19 | + |
| 20 | +# OPTIONS |
| 21 | + |
| 22 | +**\--replace**=*REPLACE* \[default: alongside\] |
| 23 | + |
| 24 | +: Configure how existing data is treated\ |
| 25 | + |
| 26 | +\ |
| 27 | +*Possible values:* |
| 28 | + |
| 29 | +> - wipe: Completely wipe the contents of the target filesystem. This |
| 30 | +> cannot be done if the target filesystem is the one the system is |
| 31 | +> booted from |
| 32 | +> |
| 33 | +> - alongside: This is a destructive operation in the sense that the |
| 34 | +> bootloader state will have its contents wiped and replaced. |
| 35 | +> However, the running system (and all files) will remain in place |
| 36 | +> until reboot |
| 37 | +
|
| 38 | +**\--source-imgref**=*SOURCE_IMGREF* |
| 39 | + |
| 40 | +: Install the system from an explicitly given source. |
| 41 | + |
| 42 | +By default, bootc install and install-to-filesystem assumes that it runs |
| 43 | +in a podman container, and it takes the container image to install from |
| 44 | +the podmans container registry. If \--source-imgref is given, bootc uses |
| 45 | +it as the installation source, instead of the behaviour explained in the |
| 46 | +previous paragraph. See skopeo(1) for accepted formats. |
| 47 | + |
| 48 | +**\--target-transport**=*TARGET_TRANSPORT* \[default: registry\] |
| 49 | + |
| 50 | +: The transport; e.g. oci, oci-archive. Defaults to \`registry\` |
| 51 | + |
| 52 | +**\--target-imgref**=*TARGET_IMGREF* |
| 53 | + |
| 54 | +: Specify the image to fetch for subsequent updates |
| 55 | + |
| 56 | +**\--enforce-container-sigpolicy** |
| 57 | + |
| 58 | +: This is the inverse of the previous |
| 59 | + \`\--target-no-signature-verification\` (which is now a no-op). |
| 60 | + Enabling this option enforces that \`/etc/containers/policy.json\` |
| 61 | + includes a default policy which requires signatures |
| 62 | + |
| 63 | +**\--target-ostree-remote**=*TARGET_OSTREE_REMOTE* |
| 64 | + |
| 65 | +: Enable verification via an ostree remote |
| 66 | + |
| 67 | +**\--skip-fetch-check** |
| 68 | + |
| 69 | +: By default, the accessiblity of the target image will be verified |
| 70 | + (just the manifest will be fetched). Specifying this option |
| 71 | + suppresses the check; use this when you know the issues it might |
| 72 | + find are addressed. |
| 73 | + |
| 74 | +A common reason this may fail is when one is using an image which |
| 75 | +requires registry authentication, but not embedding the pull secret in |
| 76 | +the image so that updates can be fetched by the installed OS \"day 2\". |
| 77 | + |
| 78 | +**\--disable-selinux** |
| 79 | + |
| 80 | +: Disable SELinux in the target (installed) system. |
| 81 | + |
| 82 | +This is currently necessary to install \*from\* a system with SELinux |
| 83 | +disabled but where the target does have SELinux enabled. |
| 84 | + |
| 85 | +**\--karg**=*KARG* |
| 86 | + |
| 87 | +: Add a kernel argument |
| 88 | + |
| 89 | +**\--root-ssh-authorized-keys**=*ROOT_SSH_AUTHORIZED_KEYS* |
| 90 | + |
| 91 | +: The path to an \`authorized_keys\` that will be injected into the |
| 92 | + \`root\` account. |
| 93 | + |
| 94 | +The implementation of this uses systemd \`tmpfiles.d\`, writing to a |
| 95 | +file named \`/etc/tmpfiles.d/bootc-root-ssh.conf\`. This will have the |
| 96 | +effect that by default, the SSH credentials will be set if not present. |
| 97 | +The intention behind this is to allow mounting the whole \`/root\` home |
| 98 | +directory as a \`tmpfs\`, while still getting the SSH key replaced on |
| 99 | +boot. |
| 100 | + |
| 101 | +**\--generic-image** |
| 102 | + |
| 103 | +: Perform configuration changes suitable for a \"generic\" disk image. |
| 104 | + At the moment: |
| 105 | + |
| 106 | +\- All bootloader types will be installed - Changes to the system |
| 107 | +firmware will be skipped |
| 108 | + |
| 109 | +**-h**, **\--help** |
| 110 | + |
| 111 | +: Print help (see a summary with -h) |
| 112 | + |
| 113 | +**-V**, **\--version** |
| 114 | + |
| 115 | +: Print version |
| 116 | + |
| 117 | +\[*ROOT_PATH*\] \[default: /target\] |
| 118 | + |
| 119 | +: Path to the mounted root; its expected to invoke podman with \`-v |
| 120 | + /:/target\`, then supplying this argument is unnecessary |
| 121 | + |
| 122 | +# VERSION |
| 123 | + |
| 124 | +v0.1.0 |
0 commit comments