Wrapping other CLI entrypoints
A simple way to describe the goal of rpm-ostree is to convert the default model for operating system updates to be “image based”.
However, many distributions such as Fedora (and derivatives) ship a variety of tools which need adaptation for this. In some cases, changing those upstream projects to be “ostree aware” makes sense, and is straightforward. In others, it is easier to wrap/reimplement the functionality of those tools.
rpm-ostree today contains code to wrap/reimplement the latter, which includes
rpm for example.
Enabling and disabling cliwrap on a client system
$ rpm-ostree deploy --ex-cliwrap=true
You may also want to follow this with an
rpm-ostree apply-live to apply the change live.
rpm-ostree deploy --ex-cliwrap=false
Enabling cliwrap at build time
This is just
cliwrap: true in the treefile.
Globally Skipping cliwrap via environment variable
To skip cliwrap set the
RPMOSTREE_CLIWRAP_SKIP enviroment variable with any value.
Currently, this is mostly oriented towards executing the real underlying
rpm binary, but may e.g. drop privileges for commands that may not be safe. For example:
[root@cosa-devsh ~]# rpm -e toolbox rpm-ostree: Note: This system is image (rpm-ostree) based. rpm-ostree: Dropping privileges as `rpm` was executed with not "known safe" arguments. rpm-ostree: You may invoke the real `rpm` binary in `/usr/libexec/rpm-ostree/wrapped/rpm`. rpm-ostree: Continuing execution in 5 seconds. error: can't create transaction lock on /usr/share/rpm/.rpm.lock (Read-only file system) [root@cosa-devsh ~]#
In the future, the
rpm-ostree cliwrap for
rpm may help translate some commands.
This one just prints a helpful redirection:
[root@cosa-devsh ~]# dracut This system is rpm-ostree based; initramfs handling is integrated with the underlying ostree transaction mechanism. Use `rpm-ostree initramfs` to control client-side initramfs generation.
Similar to dracut, prints a redirection:
[root@cosa-devsh ~]# grubby This system is rpm-ostree based; grubby is not used. Use `rpm-ostree kargs` instead.
The implementation of this is tracked in this Github issue.
But for example, typing
dnf update will be translated to
rpm-ostree update. Other commands such as
dnf install foo will print a helpful error like this:
[root@cosa-devsh ~]# dnf install foo Note: This system is image (rpm-ostree) based. Before installing packages to the host root filesystem, consider other options: - `toolbox`: For command-line development and debugging tools in a privileged container - `podman`: General purpose containers - `docker`: General purpose containers - `rpm-ostree install`: Install RPM packages layered on the host root filesystem. Consider these "operating system extensions". Add `--apply-live` to immediately start using the layered packages. error: not implemented