Auto-Updates and Manual Rollbacks

bootc

Fedora/CentOS bootc provides atomic updates and rollbacks via bootc deployments for the host system.

By default, the OS performs continual auto-updates via a stock copy of the upstream bootc-fetch-apply-updates.timer and corresponding bootc-fetch-apply-updates.service.

For more, see https://containers.github.io/bootc/man-md/bootc-fetch-apply-updates.service.html

podman

Additionally for referenced application containers, the podman-auto-update.timer unit can be enabled to automatically upgrade workload container images that are explicitly configured to opt-in to automatic updates. The containers can also be rolled back when properly configured. Please refer to the following article for details.

Manual Rollbacks

When an update is complete, the previous OS deployment remains on disk. If an update causes issues, you can use it as a fallback. By default, this is a manual operation, but you can automate it.

Temporary rollback (interactive)

To temporarily boot the previous OS deployment, hold down Shift during the OS boot process. When the bootloader menu appears, select the relevant OS entry in the menu.

Reverting via CLI/script

To cause the previous OS deployment to be the next boot:

# Mark the previous OS deployment as the default, and immediately reboots into it
bootc rollback

Please note that the default bootc-fetch-apply-updates.timer will keep looking for updates and upgrade to any new available OS deployment, other than the one you just reverted.

If you prefer, you can temporarily turn off auto-updates. Later on, you can re-enable them in order to let the machine catch up with the usual flow of updates:

systemctl disable --now bootc-fetch-apply-updates.timer

[...]

# At a later point, re-enable it to track updates to your container image.
systemctl enable --now bootc-fetch-apply-updates.timer

Note on Rollbacks and the /etc Directory

When you perform a rollback (e.g., with bootc rollback), any changes made to files in the /etc directory won’t carry over to the rolled-back deployment. The /etc files will revert to their state from that previous deployment instead.

This is because bootc rollback just reorders the existing deployments. It doesn’t create new deployments. The /etc merges happen when new deployments are created.

If you want to save a modified /etc file for use after the rollback: You can copy it to a directory under /var, like /var/home/User (for a specific user) or /var/root/ (for the root user). These directories aren’t affected by the rollback as it is user content.

Going back to the original state from either through a temporary rollback or another bootc rollback, the /etc directory will restore to its state from that original deployment.

Another option if one is sure the situation you are rolling back for is not the config files i.e content in /etc/ and you want to go to an older deployment you can bootc switch to that older image, this will perform the /etc merge and deploy the previous version of the software.

Want to help? Learn how to contribute to Fedora Docs ›