Appendix A. Terminology and commands

OSTree

A tool used for managing Linux-based operating system versions. The OSTree tree view is similar to Git and is based on similar concepts.

rpm-ostree

A hybrid image or system package that hosts operating system updates.

Commit

A release or image version of the operating system. RHEL image builder generates an ostree commit for RHEL for Edge images. You can use these images to install or update RHEL on Edge servers.

Refs

Represents a branch in ostree. Refs always resolve to the latest commit. For example, rhel/8/x86_64/edge.

Revision (Rev)

SHA-256 for a specific commit.

Remote

The http or https endpoint that hosts the ostree content. This is analogous to the baseurl for a yum repository.

static-delta

Updates to ostree images are always delta updates. In case of RHEL for Edge images, the TCP overhead can be higher than expected due to the updates to number of files. To avoid TCP overhead, you can generate static-delta between specific commits, and send the update in a single connection. This optimization helps large deployments with constrained connectivity.

ostree pull

ostree pull-local --repo [path] src

ostree pull-local <path> <rev> --repo=<repo-path>

ostree pull <URL> <rev> --repo=<repo-path>

ostree summary

ostree summary -u --repo=<repo-path>

View refs

ostree refs --repo ~/Code/src/osbuild-iot/build/repo/ --list

View commits in repo

ostree log --repo=/home/gicmo/Code/src/osbuild-iot/build/repo/ <REV>

Inspect a commit

ostree show --repo build/repo <REV>

List remotes of a repo

ostree remote list --repo <repo-path>

Resolve a REV

ostree rev-parse --repo ~/Code/src/osbuild-iot/build/repo fedora/x86_64/osbuild-demo

ostree rev-parse --repo ~/Code/src/osbuild-iot/build/repo b3a008eceeddd0cfd

Create static-delta

ostree static-delta generate --repo=[path] --from=REV --to=REV

Sign an existing ostree commit with a GPG key

ostree gpg-sign --repo=<repo-path> --gpg-homedir <gpg_home> COMMIT KEY-ID…

rpm-ostree --repo=/home/gicmo/Code/src/osbuild-iot/build/repo/ db list <REV>

This command lists the packages existing in the <REV> commit into the repository.

rpm-ostree rollback

OSTree manages an ordered list of boot loader entries, called deployments. The entry at index 0 is the default boot loader entry. Each entry has a separate /etc directory, but all the entries share a single /var directory. You can use the boot loader to choose between entries by pressing Tab to interrupt startup. This rolls back to the previous state, that is, the default deployment changes places with the non-default one.

rpm-ostree status

This command gives information about the current deployment in use. Lists the names and refspecs of all possible deployments in order, such that the first deployment in the list is the default upon boot. The deployment marked with * is the current booted deployment, and marking with 'r' indicates the most recent upgrade.

rpm-ostree db list

Use this command to see which packages are within the commit or commits. You must specify at least one commit, but more than one or a range of commits also work.

rpm-ostree db diff

Use this command to show how the packages are different between the trees in two revs (revisions). If no revs are provided, the booted commit is compared to the pending commit. If only a single rev is provided, the booted commit is compared to that rev.

rpm-ostree upgrade

This command downloads the latest version of the current tree, and deploys it, setting up the current tree as the default for the next boot. This has no effect on your running filesystem tree. You must reboot for any changes to take effect.

FDO

FIDO Device Onboarding.

Device

Any hardware, device, or computer.

Owner

The final owner of the device - a company or an IT department.

Manufacturer

The device manufacturer.

Manufacturer server

Creates the device credentials for the device.

Manufacturer client

Informs the location of the manufacturing server.

Ownership Voucher (OV)

Record of ownership of an individual device.

Contains the following information:

* Owner (fdo-owner-onboarding-service)

* Rendezvous Server - FIDO server (fdo-rendezvous-server)

* Device (at least one combination) (fdo-manufacturing-service)

Device Credential (DC)

Key credential and rendezvous stored in the device at manufacture.

Keys

Keys to configure the manufacturing server

* key_path

* cert_path

* key_type

* mfg_string_type: device serial number

* allowed_key_storage_types: Filesystem and Trusted Platform Module (TPM) that protects the data used to authenticate the device you are using.

Rendezvous server

Link to a server used by the device and later on, used on the process to find out who is the owner of the device

UEFI

Unified Extensible Firmware Interface.

RHEL

Red Hat® Enterprise Linux® operating system

rpm-ostree

Background image-based upgrades.

Greenboot

Healthcheck framework for systemd on rpm-ostree.

Osbuild

Pipeline-based build system for operating system artifacts.

Container

A Linux® container is a set of 1 or more processes that are isolated from the rest of the system.

Coreos-installer

Assists installation of RHEL images, boots systems with UEFI.

FIDO FDO

Specification protocol to provision configuration and onboarding devices.