Skip to content

feat(native-to-disk): direct block-device installer via privileged podman (no QEMU)#1

Open
corning-croak-cable wants to merge 2 commits into
mainfrom
feature/native-to-disk
Open

feat(native-to-disk): direct block-device installer via privileged podman (no QEMU)#1
corning-croak-cable wants to merge 2 commits into
mainfrom
feature/native-to-disk

Conversation

@corning-croak-cable

@corning-croak-cable corning-croak-cable commented May 9, 2026

Copy link
Copy Markdown
Collaborator

Summary

Adds bcvk native-to-disk <image> <device> — a no-VM installation path that writes a bootc OCI image directly to a physical block device by running bootc install to-disk inside a privileged podman container.

Before: bcvk to-disk always boots an ephemeral QEMU VM, waits for SSH, then runs bootc install to-disk against a /dev/disk/by-id/virtio-output passthrough. Requires QEMU, virtiofsd, KVM.

After: bcvk native-to-disk skips the VM entirely:

bcvk native-to-disk ghcr.io/corning-croak-cable/yubios:latest /dev/sdb

This runs:

podman run --rm --privileged --pid=host --net=none   -v /sys:/sys:ro -v /dev:/dev   -v <storage>:<storage>:ro   --security-opt label=type:unconfined_t   containers-storage:ghcr.io/corning-croak-cable/yubios:latest   bootc install to-disk --generic-image --skip-fetch-check /dev/sdb

New file: crates/kit/src/native_to_disk.rs

Safety checks (before any destructive I/O)

Check How
Target is a block device fstatS_IFBLK
Nothing on the device is mounted Parses /proc/mounts (exact match + prefix)
Explicit confirmation Prints device model + size, requires typing "yes" unless --yes

CLI flags

Flag Purpose
--yes Skip interactive confirmation (CI / scripts)
--rootful Prepend sudo (for environments where rootless podman can't access block devices)
--install-log Set RUST_LOG for bootc install inside the container
--filesystem, --root-size, --karg Forwarded straight to bootc install to-disk via InstallOptions

Unit tests (table-driven per REVIEW.md)

  • test_check_not_mounted_parse — 4 cases (exact match, prefix match, absent)
  • test_device_info_human_size — 3 cases
  • test_build_podman_cmd_contains_device — verifies --privileged, to-disk, source image, device as last arg

When to use which command

Use case Command
Flash to USB stick / NVMe (bare metal) bcvk native-to-disk
Build a disk image file for cloud/VM bcvk to-disk
Test in ephemeral QEMU VM bcvk ephemeral run

Attribution

Assisted-by: Sauna (claude-sonnet-4-6)

@corning-croak-cable
feat(native-to-disk): add native block-device installer
b304621 
Adds `crates/kit/src/native_to_disk.rs` — a no-VM path for installing
bootc images directly to physical block devices via a privileged
podman container (no QEMU, no virtiofsd, no SSH).

Assisted-by: Sauna (claude-sonnet-4-6)
@corning-croak-cable
feat(native-to-disk): wire native-to-disk subcommand into CLI
61152e6 
Adds:
  - `mod native_to_disk` to Linux module list
  - `Commands::NativeToDisk` variant
  - match arm routing to `native_to_disk::run`

Assisted-by: Sauna (claude-sonnet-4-6)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@corning-croak-cable