composefs: Build composefs cmdline

Johan-Liebert1 · cgwalters · commit 42e2db31ce18 · 2026-03-23T12:29:03.000+01:00
Instead of writing format strings to create a composefs= parameter in
the cmdline, add a build method to ComposefsCmdline to build a cmdline
from options

Signed-off-by: Pragyan Poudyal &lt;pragyanpoudyal41999@gmail.com&gt;
diff --git a/crates/lib/src/bootc_composefs/boot.rs b/crates/lib/src/bootc_composefs/boot.rs
@@ -93,7 +93,6 @@ use rustix::{mount::MountFlags, path::Arg};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::task::Task;
 use crate::{
     bootc_composefs::repo::get_imgref,
     composefs_consts::{TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED},
@@ -106,6 +105,7 @@ use crate::{
     bootc_composefs::state::{get_booted_bls, write_composefs_state},
     composefs_consts::TYPE1_BOOT_DIR_PREFIX,
 };
+use crate::{bootc_composefs::status::ComposefsCmdline, task::Task};
 use crate::{
     bootc_composefs::status::get_container_manifest_and_config, bootc_kargs::compute_new_kargs,
 };
@@ -116,8 +116,8 @@ use crate::{
 };
 use crate::{
     composefs_consts::{
-        BOOT_LOADER_ENTRIES, COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST,
-        STAGED_BOOT_LOADER_ENTRIES, STATE_DIR_ABS, USER_CFG, USER_CFG_STAGED,
+        BOOT_LOADER_ENTRIES, ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, STAGED_BOOT_LOADER_ENTRIES,
+        STATE_DIR_ABS, USER_CFG, USER_CFG_STAGED,
     },
     spec::{Bootloader, Host},
 };
@@ -525,14 +525,9 @@ pub(crate) fn setup_composefs_bls_boot(
 
             cmdline_options.extend(&root_setup.kargs);
 
-            // TODO(Johan-Liebert1): Use ComposefsCmdline
-            let composefs_cmdline = if state.composefs_options.allow_missing_verity {
-                format!("{COMPOSEFS_CMDLINE}=?{id_hex}")
-            } else {
-                format!("{COMPOSEFS_CMDLINE}={id_hex}")
-            };
-
-            cmdline_options.extend(&Cmdline::from(&composefs_cmdline));
+            let composefs_cmdline =
+                ComposefsCmdline::build(&id_hex, state.composefs_options.allow_missing_verity);
+            cmdline_options.extend(&Cmdline::from(&composefs_cmdline.to_string()));
 
             // Locate ESP partition device
             let esp_part = root_setup.device_info.find_partition_of_esp()?;
@@ -564,14 +559,12 @@ pub(crate) fn setup_composefs_bls_boot(
             };
 
             // Copy all cmdline args, replacing only `composefs=`
-            let param = if booted_cfs.cmdline.allow_missing_fsverity {
-                format!("{COMPOSEFS_CMDLINE}=?{id_hex}")
-            } else {
-                format!("{COMPOSEFS_CMDLINE}={id_hex}")
-            };
+            let cfs_cmdline =
+                ComposefsCmdline::build(&id_hex, booted_cfs.cmdline.allow_missing_fsverity)
+                    .to_string();
 
-            let param =
-                Parameter::parse(&param).context("Failed to create 'composefs=' parameter")?;
+            let param = Parameter::parse(&cfs_cmdline)
+                .context("Failed to create 'composefs=' parameter")?;
             cmdline.add_or_modify(&param);
 
             // Locate ESP partition device
diff --git a/crates/lib/src/bootc_composefs/soft_reboot.rs b/crates/lib/src/bootc_composefs/soft_reboot.rs
@@ -1,7 +1,9 @@
 use crate::{
-    bootc_composefs::{service::start_finalize_stated_svc, status::get_composefs_status},
+    bootc_composefs::{
+        service::start_finalize_stated_svc,
+        status::{ComposefsCmdline, get_composefs_status},
+    },
     cli::SoftRebootMode,
-    composefs_consts::COMPOSEFS_CMDLINE,
     store::{BootedComposefs, Storage},
 };
 use anyhow::{Context, Result};
@@ -106,18 +108,14 @@ pub(crate) async fn prepare_soft_reboot_composefs(
 
     create_dir_all(NEXTROOT).context("Creating nextroot")?;
 
-    let cmdline = if booted_cfs.cmdline.allow_missing_fsverity {
-        Cmdline::from(format!("{COMPOSEFS_CMDLINE}=?{deployment_id}"))
-    } else {
-        Cmdline::from(format!("{COMPOSEFS_CMDLINE}={deployment_id}"))
-    };
+    let cmdline = ComposefsCmdline::build(deployment_id, booted_cfs.cmdline.allow_missing_fsverity);
 
     let args = bootc_initramfs_setup::Args {
         cmd: vec![],
         sysroot: PathBuf::from("/sysroot"),
         config: Default::default(),
         root_fs: None,
-        cmdline: Some(cmdline),
+        cmdline: Some(Cmdline::from(cmdline.to_string())),
         target: Some(NEXTROOT.into()),
     };
 
diff --git a/crates/lib/src/bootc_composefs/status.rs b/crates/lib/src/bootc_composefs/status.rs
@@ -80,6 +80,13 @@ impl ComposefsCmdline {
         }
     }
 
+    pub(crate) fn build(digest: &str, allow_missing_fsverity: bool) -> Self {
+        ComposefsCmdline {
+            allow_missing_fsverity,
+            digest: digest.into(),
+        }
+    }
+
     /// Search for the `composefs=` parameter in the passed in kernel command line
     pub(crate) fn find_in_cmdline(cmdline: &Cmdline) -> Option<Self> {
         match cmdline.find(COMPOSEFS_CMDLINE) {
diff --git a/crates/lib/src/parsers/bls_config.rs b/crates/lib/src/parsers/bls_config.rs
@@ -15,7 +15,7 @@ use std::fmt::Display;
 use uapi_version::Version;
 
 use crate::bootc_composefs::status::ComposefsCmdline;
-use crate::composefs_consts::{COMPOSEFS_CMDLINE, UKI_NAME_PREFIX};
+use crate::composefs_consts::UKI_NAME_PREFIX;
 
 #[derive(Debug, PartialEq, Eq, Default)]
 pub enum BLSConfigType {
@@ -191,13 +191,14 @@ impl BLSConfig {
             }
 
             BLSConfigType::NonEFI { options, .. } => {
-                let options = options.as_ref().ok_or_else(|| anyhow::anyhow!("No options"))?;
+                let options = options
+                    .as_ref()
+                    .ok_or_else(|| anyhow::anyhow!("No options"))?;
 
                 let cfs_cmdline = ComposefsCmdline::find_in_cmdline(&Cmdline::from(&options))
                     .ok_or_else(|| anyhow::anyhow!("No composefs= param"))?;
 
-                // TODO(Johan-Liebert1): We lose the info here that this is insecure
-                Ok(cfs_cmdline.digest.to_string().clone())
+                Ok(cfs_cmdline.digest.to_string())
             }
 
             BLSConfigType::Unknown => anyhow::bail!("Unknown config type"),
diff --git a/crates/lib/src/ukify.rs b/crates/lib/src/ukify.rs
@@ -14,7 +14,7 @@ use cap_std_ext::cap_std::fs::Dir;
 use fn_error_context::context;
 
 use crate::bootc_composefs::digest::compute_composefs_digest;
-use crate::composefs_consts::COMPOSEFS_CMDLINE;
+use crate::bootc_composefs::status::ComposefsCmdline;
 
 /// Build a UKI from the given rootfs.
 ///
@@ -84,12 +84,9 @@ pub(crate) fn build_ukify(
     let mut cmdline = crate::bootc_kargs::get_kargs_in_root(&root, std::env::consts::ARCH)?;
 
     // Add the composefs digest
-    let composefs_param = if allow_missing_fsverity {
-        format!("{COMPOSEFS_CMDLINE}=?{composefs_digest}")
-    } else {
-        format!("{COMPOSEFS_CMDLINE}={composefs_digest}")
-    };
-    cmdline.extend(&Cmdline::from(composefs_param));
+    cmdline.extend(&Cmdline::from(
+        ComposefsCmdline::build(&composefs_digest, allow_missing_fsverity).to_string(),
+    ));
 
     // Add any extra kargs provided via --karg
     for karg in extra_kargs {

Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,13 @@ impl ComposefsCmdline {`
`80`	`80`	`}`
`81`	`81`	`}`
`82`	`82`
	`83`	`+ pub(crate) fn build(digest: &str, allow_missing_fsverity: bool) -> Self {`
	`84`	`+ ComposefsCmdline {`
	`85`	`+ allow_missing_fsverity,`
	`86`	`+ digest: digest.into(),`
	`87`	`+ }`
	`88`	`+ }`
	`89`	`+`
`83`	`90`	/// Search for the `composefs=` parameter in the passed in kernel command line
`84`	`91`	`pub(crate) fn find_in_cmdline(cmdline: &Cmdline) -> Option<Self> {`
`85`	`92`	`match cmdline.find(COMPOSEFS_CMDLINE) {`