[arianvanp]

Are we really bringing OCI to freaking OS builds? Nothing about OCI is pleasant. A list of Tarballs is the most backwards boot format I can think of. Terrible for reproducibility. Terrible for security.

Boot images should be Dm-verity protected EROFS images. We should not be building new things on OCI. It's really mind-blowing to me that this is a new direction people who are supposed to be top of class OS builders are moving to as a direction.

They took the CoreOS dream and threw everything in the trash

[looperhacks]

How is OCI terrible for reproducibility and security? They are certainly more reproducible than what we had before. I haven't heard "Works on my machine for a long time". If you're talking about reproducible builds, there aren't any hard issues either that are directly caused by OCI images - except setting the clock correctly.

> Boot images should be Dm-verity protected EROFS images

Maybe I'm misunderstanding you - I gather that you think the boot images are distributed as OCI images? That's not the case, bootc is more about building the image, updating it and the overall structure. Booting an image built with bootc does not involve any container infrastructure (unless you start services that depend on containers, I guess - but that's deep in userspace). There's technically nothing preventing this from using verified read-only images.

[arianvanp]

> I gather that you think the boot images are distributed as OCI image

Yes? That's literally the sales pitch on the website. Am I missing something?

Quote from https://bootc-dev.github.io/ tells me that bootc is using OCI as a delivery format for bootable images.

Transactional, in-place operating system updates using OCI/Docker container images.

Motivation The original Docker container model of using "layers" to model applications has been extremely successful. This project aims to apply the same technique for bootable host systems - using standard OCI/Docker containers as a transport and delivery format for base operating system updates

[saltamimi]

For the record, bootc supports and has workflows for verity images.

[exceptione]

  > Dm-verity protected EROFS images

First time I hear about it. Playing the devils advocate: how does it improve over checksums + tarballs?

[curt15]

checksums + tarballs don't help with runtime integrity verification. You'll need additional technologies for that like dm-verity or fs-verity; see composefs.