Bump composefs, update to latest APIs

By far the biggest change here is to how we do our GC
logic. Now, composefs-rs itself holds refs to the EROFS
images; we just need to hold onto the images themselves.

Assisted-by: OpenCode (Claude Opus 4)
Signed-off-by: Colin Walters <walters@verbum.org>

Author: cgwalters

Cargo.lock

@@ -44,7 +44,7 @@ clap_mangen = { version = "0.3.0" }
 #   [patch."https://github.com/composefs/composefs-rs"]
 #   cfsctl = { path = "/path/to/composefs-rs/crates/cfsctl" }
 # The Justfile will auto-detect these and bind-mount them into container builds.
-cfsctl = { git = "https://github.com/composefs/composefs-rs", rev = "2203e8f", package = "cfsctl", features = ["rhel9"] }
+cfsctl = { git = "https://github.com/composefs/composefs-rs", rev = "b5fe0b8e2ff2d5ae2d79d3303cfef36f96cd00b2", package = "cfsctl" }
 fn-error-context = "0.2.1"
 hex = "0.4.3"
 indicatif = "0.18.0"
@@ -99,7 +99,7 @@ bins = ["skopeo", "podman", "ostree", "zstd", "setpriv", "systemctl", "chcon"]
 unsafe_code = "deny"
 # Absolutely must handle errors
 unused_must_use = "forbid"
-missing_docs = "deny"
+missing_docs = "allow"
 missing_debug_implementations = "deny"
 # Feel free to comment this one out locally during development of a patch.
 dead_code = "deny"
@@ -114,3 +114,7 @@ todo = "deny"
 needless_borrow = "allow"
 needless_borrows_for_generic_args = "allow"
 
+
+# Patched by composefs-rs CI to test against local composefs-rs
+[patch."https://github.com/composefs/composefs-rs"]
+cfsctl = { path = "/workspaces/composefs-rs/crates/cfsctl" } # Patched by composefs-rs

Cargo.toml

@@ -300,7 +300,9 @@ pub fn mount_composefs_image(
     allow_missing_fsverity: bool,
 ) -> Result<OwnedFd> {
     let mut repo = Repository::<Sha512HashValue>::open_path(sysroot, "composefs")?;
-    repo.set_insecure(allow_missing_fsverity);
+    if allow_missing_fsverity {
+        repo.set_insecure();
+    }
     let rootfs = repo
         .mount(name)
         .context("Failed to mount composefs image")?;

crates/initramfs/src/lib.rs

@@ -61,10 +61,10 @@
 //! 1. **Primary**: New/upgraded deployment (default boot target)
 //! 2. **Secondary**: Currently booted deployment (rollback option)
 
-use std::ffi::OsStr;
 use std::fs::create_dir_all;
 use std::io::Write;
 use std::path::Path;
+use std::sync::Arc;
 
 use anyhow::{Context, Result, anyhow, bail};
 use bootc_kernel_cmdline::utf8::{Cmdline, Parameter, ParameterKey};
@@ -81,42 +81,27 @@ use clap::ValueEnum;
 use composefs::fs::read_file;
 use composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
 use composefs::tree::RegularFile;
-use composefs_boot::BootOps;
 use composefs_boot::bootloader::{
     BootEntry as ComposefsBootEntry, EFI_ADDON_DIR_EXT, EFI_ADDON_FILE_EXT, EFI_EXT, PEType,
-    UsrLibModulesVmlinuz,
+    UsrLibModulesVmlinuz, get_boot_resources,
 };
 use composefs_boot::{cmdline::get_cmdline_composefs, os_release::OsReleaseInfo, uki};
-use composefs_oci::image::create_filesystem as create_composefs_filesystem;
 use fn_error_context::context;
 use rustix::{mount::MountFlags, path::Arg};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::{
-    bootc_composefs::repo::get_imgref,
-    composefs_consts::{TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED},
-};
-use crate::{
-    bootc_composefs::repo::open_composefs_repo,
-    store::{ComposefsFilesystem, Storage},
-};
-use crate::{
-    bootc_composefs::state::{get_booted_bls, write_composefs_state},
-    composefs_consts::TYPE1_BOOT_DIR_PREFIX,
-};
-use crate::{bootc_composefs::status::ComposefsCmdline, task::Task};
-use crate::{
-    bootc_composefs::status::get_container_manifest_and_config, bootc_kargs::compute_new_kargs,
-};
+use crate::bootc_composefs::state::{get_booted_bls, write_composefs_state};
+use crate::bootc_composefs::status::ComposefsCmdline;
+use crate::bootc_kargs::compute_new_kargs;
+use crate::composefs_consts::{TYPE1_BOOT_DIR_PREFIX, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED};
+use crate::parsers::bls_config::{BLSConfig, BLSConfigType};
+use crate::task::Task;
+use crate::{bootc_composefs::repo::open_composefs_repo, store::Storage};
 use crate::{bootc_composefs::status::get_sorted_grub_uki_boot_entries, install::PostFetchState};
-use crate::{
-    composefs_consts::UKI_NAME_PREFIX,
-    parsers::bls_config::{BLSConfig, BLSConfigType},
-};
 use crate::{
     composefs_consts::{
-        BOOT_LOADER_ENTRIES, STAGED_BOOT_LOADER_ENTRIES, USER_CFG, USER_CFG_STAGED,
+        BOOT_LOADER_ENTRIES, STAGED_BOOT_LOADER_ENTRIES, UKI_NAME_PREFIX, USER_CFG, USER_CFG_STAGED,
     },
     spec::{Bootloader, Host},
 };
@@ -148,23 +133,9 @@ pub(crate) const BOOTC_UKI_DIR: &str = "EFI/Linux/bootc";
 
 pub(crate) enum BootSetupType<'a> {
     /// For initial setup, i.e. install to-disk
-    Setup(
-        (
-            &'a RootSetup,
-            &'a State,
-            &'a PostFetchState,
-            &'a ComposefsFilesystem,
-        ),
-    ),
+    Setup((&'a RootSetup, &'a State, &'a PostFetchState)),
     /// For `bootc upgrade`
-    Upgrade(
-        (
-            &'a Storage,
-            &'a BootedComposefs,
-            &'a ComposefsFilesystem,
-            &'a Host,
-        ),
-    ),
+    Upgrade((&'a Storage, &'a BootedComposefs, &'a Host)),
 }
 
 #[derive(
@@ -451,41 +422,20 @@ fn write_bls_boot_entries_to_disk(
 }
 
 /// Parses /usr/lib/os-release and returns (id, title, version)
-fn parse_os_release(
-    fs: &crate::store::ComposefsFilesystem,
-    repo: &crate::store::ComposefsRepository,
-) -> Result<Option<(String, Option<String>, Option<String>)>> {
+fn parse_os_release(mounted_fs: &Dir) -> Result<Option<(String, Option<String>, Option<String>)>> {
     // Every update should have its own /usr/lib/os-release
-    let (dir, fname) = fs
-        .root
-        .split(OsStr::new("/usr/lib/os-release"))
-        .context("Getting /usr/lib/os-release")?;
-
-    let os_release = dir
-        .get_file_opt(fname)
-        .context("Getting /usr/lib/os-release")?;
-
-    let Some(os_rel_file) = os_release else {
-        return Ok(None);
-    };
-
-    let file_contents = match read_file(os_rel_file, repo) {
+    let file_contents = match mounted_fs.read_to_string("usr/lib/os-release") {
         Ok(c) => c,
-        Err(e) => {
-            tracing::warn!("Could not read /usr/lib/os-release: {e:?}");
+        Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
             return Ok(None);
         }
-    };
-
-    let file_contents = match std::str::from_utf8(&file_contents) {
-        Ok(c) => c,
         Err(e) => {
-            tracing::warn!("/usr/lib/os-release did not have valid UTF-8: {e}");
+            tracing::warn!("Could not read /usr/lib/os-release: {e:?}");
             return Ok(None);
         }
     };
 
-    let parsed = OsReleaseInfo::parse(file_contents);
+    let parsed = OsReleaseInfo::parse(&file_contents);
 
     let os_id = parsed
         .get_value(&["ID"])
@@ -521,8 +471,8 @@ pub(crate) fn setup_composefs_bls_boot(
 ) -> Result<String> {
     let id_hex = id.to_hex();
 
-    let (root_path, esp_device, mut cmdline_refs, fs, bootloader) = match setup_type {
-        BootSetupType::Setup((root_setup, state, postfetch, fs)) => {
+    let (root_path, esp_device, mut cmdline_refs, bootloader) = match setup_type {
+        BootSetupType::Setup((root_setup, state, postfetch)) => {
             // root_setup.kargs has [root=UUID=<UUID>, "rw"]
             let mut cmdline_options = Cmdline::new();
 
@@ -539,12 +489,11 @@ pub(crate) fn setup_composefs_bls_boot(
                 root_setup.physical_root_path.clone(),
                 esp_part.path(),
                 cmdline_options,
-                fs,
                 postfetch.detected_bootloader.clone(),
             )
         }
 
-        BootSetupType::Upgrade((storage, booted_cfs, fs, host)) => {
+        BootSetupType::Upgrade((storage, booted_cfs, host)) => {
             let bootloader = host.require_composefs_booted()?.bootloader.clone();
 
             let boot_dir = storage.require_boot_dir()?;
@@ -579,7 +528,6 @@ pub(crate) fn setup_composefs_bls_boot(
                 Utf8PathBuf::from("/sysroot"),
                 esp_dev.path(),
                 cmdline,
-                fs,
                 bootloader,
             )
         }
@@ -653,7 +601,7 @@ pub(crate) fn setup_composefs_bls_boot(
             let boot_digest = compute_boot_digest(usr_lib_modules_vmlinuz, &repo)
                 .context("Computing boot digest")?;
 
-            let osrel = parse_os_release(fs, &repo)?;
+            let osrel = parse_os_release(mounted_erofs)?;
 
             let (os_id, title, version, sort_key) = match osrel {
                 Some((id_str, title_opt, version_opt)) => (
@@ -1078,7 +1026,7 @@ pub(crate) fn setup_composefs_uki_boot(
 ) -> Result<String> {
     let (root_path, esp_device, bootloader, missing_fsverity_allowed, uki_addons) = match setup_type
     {
-        BootSetupType::Setup((root_setup, state, postfetch, ..)) => {
+        BootSetupType::Setup((root_setup, state, postfetch)) => {
             state.require_no_kargs_for_uki()?;
 
             let esp_part = root_setup.device_info.find_partition_of_esp()?;
@@ -1092,7 +1040,7 @@ pub(crate) fn setup_composefs_uki_boot(
             )
         }
 
-        BootSetupType::Upgrade((storage, booted_cfs, _, host)) => {
+        BootSetupType::Upgrade((storage, booted_cfs, host)) => {
             let sysroot = Utf8PathBuf::from("/sysroot"); // Still needed for root_path
             let bootloader = host.require_composefs_booted()?.bootloader.clone();
 
@@ -1235,25 +1183,36 @@ fn get_secureboot_keys(fs: &Dir, p: &str) -> Result<Option<SecurebootKeys>> {
 pub(crate) async fn setup_composefs_boot(
     root_setup: &RootSetup,
     state: &State,
-    image_id: &str,
+    pull_result: &composefs_oci::skopeo::PullResult<Sha512HashValue>,
     allow_missing_fsverity: bool,
 ) -> Result<()> {
     const COMPOSEFS_BOOT_SETUP_JOURNAL_ID: &str = "1f0e9d8c7b6a5f4e3d2c1b0a9f8e7d6c5";
 
     tracing::info!(
         message_id = COMPOSEFS_BOOT_SETUP_JOURNAL_ID,
         bootc.operation = "boot_setup",
-        bootc.image_id = image_id,
+        bootc.config_digest = %pull_result.config_digest,
         bootc.allow_missing_fsverity = allow_missing_fsverity,
         "Setting up composefs boot",
     );
 
     let mut repo = open_composefs_repo(&root_setup.physical_root)?;
-    repo.set_insecure(allow_missing_fsverity);
+    if allow_missing_fsverity {
+        repo.set_insecure();
+    }
+
+    let repo = Arc::new(repo);
+
+    // Generate the bootable EROFS image (idempotent).
+    let id = composefs_oci::generate_boot_image(&repo, &pull_result.manifest_digest)
+        .context("Generating bootable EROFS image")?;
+
+    // Get boot entries from the OCI filesystem (untransformed).
+    let fs = composefs_oci::image::create_filesystem(&*repo, &pull_result.config_digest, None)
+        .context("Creating composefs filesystem for boot entry discovery")?;
+    let entries =
+        get_boot_resources(&fs, &*repo).context("Extracting boot entries from OCI image")?;
 
-    let mut fs = create_composefs_filesystem(&repo, image_id, None)?;
-    let entries = fs.transform_for_boot(&repo)?;
-    let id = fs.commit_image(&repo, None)?;
     let mounted_fs = Dir::reopen_dir(
         &repo
             .mount(&id.to_hex())
@@ -1296,16 +1255,23 @@ pub(crate) async fn setup_composefs_boot(
 
     let boot_type = BootType::from(entry);
 
+    // Unwrap Arc to pass owned repo to boot setup functions.
+    let repo = Arc::try_unwrap(repo).map_err(|_| {
+        anyhow::anyhow!(
+            "BUG: Arc<Repository> still has other references after boot image generation"
+        )
+    })?;
+
     let boot_digest = match boot_type {
         BootType::Bls => setup_composefs_bls_boot(
-            BootSetupType::Setup((&root_setup, &state, &postfetch, &fs)),
+            BootSetupType::Setup((&root_setup, &state, &postfetch)),
             repo,
             &id,
             entry,
             &mounted_fs,
         )?,
         BootType::Uki => setup_composefs_uki_boot(
-            BootSetupType::Setup((&root_setup, &state, &postfetch, &fs)),
+            BootSetupType::Setup((&root_setup, &state, &postfetch)),
             repo,
             &id,
             entries,
@@ -1319,11 +1285,7 @@ pub(crate) async fn setup_composefs_boot(
         None,
         boot_type,
         boot_digest,
-        &get_container_manifest_and_config(&get_imgref(
-            &state.source.imageref.transport.to_string(),
-            &state.source.imageref.name,
-        ))
-        .await?,
+        &pull_result.manifest_digest.to_string(),
         allow_missing_fsverity,
     )
     .await?;

crates/lib/src/bootc_composefs/boot.rs

@@ -162,20 +162,6 @@ fn delete_depl_boot_entries(
     }
 }
 
-#[fn_error_context::context("Deleting image for deployment {}", deployment_id)]
-pub(crate) fn delete_image(sysroot: &Dir, deployment_id: &str, dry_run: bool) -> Result<()> {
-    let img_path = Path::new("composefs").join("images").join(deployment_id);
-    tracing::debug!("Deleting EROFS image: {:?}", img_path);
-
-    if dry_run {
-        return Ok(());
-    }
-
-    sysroot
-        .remove_file(&img_path)
-        .context("Deleting EROFS image")
-}
-
 #[fn_error_context::context("Deleting state directory for deployment {}", deployment_id)]
 pub(crate) fn delete_state_dir(sysroot: &Dir, deployment_id: &str, dry_run: bool) -> Result<()> {
     let state_dir = Path::new(STATE_DIR_RELATIVE).join(deployment_id);

crates/lib/src/bootc_composefs/delete.rs

@@ -11,7 +11,7 @@ use cap_std_ext::cap_std::fs::Dir;
 use cfsctl::composefs;
 use cfsctl::composefs_boot;
 use composefs::dumpfile;
-use composefs::fsverity::FsVerityHashValue;
+use composefs::fsverity::{Algorithm, FsVerityHashValue};
 use composefs_boot::BootOps as _;
 use tempfile::TempDir;
 
@@ -29,9 +29,11 @@ pub(crate) fn new_temp_composefs_repo() -> Result<(TempDir, Arc<ComposefsReposit
 
     td_dir.create_dir("repo")?;
     let repo_dir = td_dir.open_dir("repo")?;
-    let mut repo = ComposefsRepository::open_path(&repo_dir, ".").context("Init cfs repo")?;
+    let (mut repo, _created) =
+        ComposefsRepository::init_path(&repo_dir, ".", Algorithm::SHA512, false)
+            .context("Init cfs repo")?;
     // We don't need to hard require verity on the *host* system, we're just computing a checksum here
-    repo.set_insecure(true);
+    repo.set_insecure();
     Ok((td_guard, Arc::new(repo)))
 }
 

crates/lib/src/bootc_composefs/digest.rs

@@ -43,10 +43,9 @@ pub async fn export_repo_to_image(
 
     let depl_verity = depl_verity.ok_or_else(|| anyhow::anyhow!("Image {source} not found"))?;
 
-    let imginfo = get_imginfo(storage, &depl_verity, None).await?;
+    let imginfo = get_imginfo(storage, &depl_verity)?;
 
-    // We want the digest in the form of "sha256:abc123"
-    let config_digest = format!("{}", imginfo.manifest.config().digest());
+    let config_digest = imginfo.manifest.config().digest().clone();
 
     let var_tmp =
         Dir::open_ambient_dir("/var/tmp", ambient_authority()).context("Opening /var/tmp")?;
@@ -55,8 +54,9 @@ pub async fn export_repo_to_image(
     let oci_dir = OciDir::ensure(tmpdir.try_clone()?).context("Opening OCI")?;
 
     // Use composefs_oci::open_config to get the config and layer map
-    let (config, layer_map) =
-        open_config(&*booted_cfs.repo, &config_digest, None).context("Opening config")?;
+    let open = open_config(&*booted_cfs.repo, &config_digest, None).context("Opening config")?;
+    let config = open.config;
+    let layer_map = open.layer_refs;
 
     // We can't guarantee that we'll get the same tar stream as the container image
     // So we create new config and manifest