Use ostree-ext from bootc

[cgwalters]

Depends: #5226

The idea is ostree-ext is deprecated in favor of bootc; however
we still directly use it here, and fixing that is going to take
a while longer than I thought.

Switch to pulling a pinned version from bootc's git, so
at least we don't need to maintain a formal crate for it
and think about API stability.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[jlebon]

Hmm, does dependabot support bumping these SHAs? I guess we can bump ad-hoc too as needed until we drop the dep.

[cgwalters]

Hmm, does dependabot support bumping these SHAs? I guess we can bump ad-hoc too as needed until we drop the dep.

Not sure yet, but I think it will be low traffic enough that ad-hoc bumping will be fine until we can drop the dep.

[jlebon]

Restarted CI on this. Things should be fixed now.

[jlebon]

I think we can move this out of draft, right?

[cgwalters]

I think we can move this out of draft, right?

Yep done

[cgwalters]

[2025-01-16T21:17:44.588Z] Invalid version: '0.0.0 (https://github.com/containers/bootc?rev=dc7d4cf320ec6d8b2470d1d5f76da66ec60b6810#dc7d4cf3)'
[2025-01-16T21:17:44.588Z] error: Dependency tokens must begin with alpha-numeric, '_' or '/': *** FATAL ERROR ***

Okay so the rpm automatic Provides: bundled() generator barfs on git dependencies. Of course 😢

The real fix is to not try to serialize crate metadata into the RPM, but just put our serialized Rust metadata into the binary or so...there's some tooling for this. Or there's also SBOMs which try to cover this.

Okay I am digging into how the provides generator works now...

[cgwalters]

Filed https://pagure.io/fedora-rust/rust-packaging/issue/33 and pushed a workaround here.

[cgwalters]

Fallout in #5251