table of contents
OSTREE(1) | ostree | OSTREE(1) |
NAME¶
ostree - Manage multiple bootable versioned filesystem trees
SYNOPSIS¶
ostree {COMMAND} [OPTIONS...]
DESCRIPTION¶
OSTree is a tool for managing multiple bootable versioned filesystem trees, or just "tree" for short. In the OSTree model, operating systems no longer live in the physical "/" root directory. Instead, they parallel install to the new toplevel /ostree directory. Each installed system gets its own /ostree/deploy/stateroot directory. (stateroot is the newer term for osname).
Unlike rpm or dpkg, OSTree is only aware of complete filesystem trees. It has no built-in knowledge of what components went into creating the filesystem tree.
It is possible to use OSTree in several modes; the most basic form is to replicate pre-built trees from a build server. Usually, these pre-built trees are derived from packages. You might also be using OSTree underneath a higher level tool which computes filesystem trees locally.
It must be emphasized that OSTree only supports read-only trees. To change to a different tree (upgrade, downgrade, install software), a new tree is checked out, and a 3-way merge of configuration is performed. The currently running tree is not ever modified; the new tree will become active on a system reboot.
To see the man page for a command run man ostree COMMAND or man ostree-admin COMMAND
OPTIONS¶
The following options are understood:
--repo
-v, --verbose
--version
COMMANDS¶
System administrators will primarily interact with OSTree via the subcommand ostree admin.
Both administrators and operating system builders may interact with OSTree via the regular filesystem manipulation commands.
EXAMPLES¶
For specific examples, please see the man page regarding the specific ostree command. For example:
man ostree init or man ostree-admin status
GPG VERIFICATION¶
OSTree supports signing commits with GPG. Operations on the system repository by default use keyring files in /usr/share/ostree/trusted.gpg.d. Any public key in a keyring file in that directory will be trusted by the client. No private keys should be present in this directory.
In addition to the system repository, OSTree supports two other paths. First, there is a gpgkeypath option for remotes, which must point to the filename of an ASCII-armored GPG key, or a directory containing ASCII-armored GPG keys to import. Multiple file and directory paths to import from can be specified, as a comma-separated list of paths. This option may be specified by using --set in ostree remote add.
Second, there is support for a per-remote remotename.trustedkeys.gpg file stored in the toplevel of the repository (alongside objects/ and such). This is particularly useful when downloading content that may not be fully trusted (e.g. you want to inspect it but not deploy it as an OS), or use it for containers. This file is written via ostree remote add --gpg-import.
TERMINOLOGY¶
The following terms are commonly used throughout the man pages. Terms in upper case letters are literals used in command line arguments.
BRANCH
CHECKSUM
COMMIT
REF
REV, REFSPEC
SHA256
SEE ALSO¶
OSTree |