Container image content in /opt does not survive deployment

[jlebon]

Filing this here but this is probably something going on in ostree-ext.

I'm trying to build a container with /opt content. Using Puppet as an example:

$ cat Containerfile
FROM quay.io/centos-bootc/centos-bootc:stream9
# Replace symlink by directory
RUN rm /opt && mkdir /opt && \
    dnf install -y https://yum.puppetlabs.com/puppet/fedora/36/x86_64/puppet-agent-7.27.0-1.fc36.x86_64.rpm && \
    ostree container commit
$ podman build -t localhost/puppet .
$ podman run -ti --rm localhost/puppet ls -ld /opt
drwxr-xr-x. 1 root root 20 Mar  1 04:10 /opt

So /opt is a directory in the image.

Deploying:

[root@cosa-devsh ~]# bootc switch --transport oci-archive /mnt/workdir/tmp/puppet.ociarchive
[root@cosa-devsh ~]# ls -ld /ostree/deploy/scos/deploy/b122a9691575b1d8925c92008868025fd549673193a2b34598d970b332a4545f.0/opt
lrwxrwxrwx. 3 root root 7 Feb 20 23:25 /ostree/deploy/scos/deploy/b122a9691575b1d8925c92008868025fd549673193a2b34598d970b332a4545f.0/opt -> var/opt

It's back to a symlink to var/opt.

[root@cosa-devsh ~]# ostree ls ostree/container/image/oci-archive_3A__2F_mnt/workdir/tmp/puppet_2E_ociarchive /opt
l00777 0 0      0 /opt -> var/opt

Seems like the transformation happens at image import time.

I'm probably missing something obvious here. But perusing the codebases it's not clear yet where this happens/under what conditions.

[cgwalters]

The ostree-ext logic checks for composefs being enabled, it doesn't special case /opt.

So we need to land that change.

[cgwalters]

Er sorry, ugh so coreos/rpm-ostree@0751f34 special case transient, not composefs...

So bigger picture we kind of created a head on collision here because the opt-usrlocal-overlays combines two distinct behaviors:

• Adjusting the default symlinks (wanted for composefs)
• Enabling the systemd units (not wanted)

[cgwalters]

We'll track this related to ostreedev/ostree-rs-ext#607