unified-storage: Wire composefs-first pull pipeline into ostree deploy path

Add an end-to-end unified storage path for the ostree backend on reflink
filesystems. When the composefs repo is present and unified storage has been
enabled (via `bootc image set-unified`), `pull_auto` now routes through
`pull_via_composefs_unified` which:

1. Pulls the image into bootc-owned containers-storage via `pull_composefs_unified`
   (zero-copy reflinks from the registry blobs).
2. Synthesizes an ostree commit from the composefs repo via
   `import_from_composefs_repo` + FICLONE, marking it
   META_COMPOSEFS_SYNTHESIZED so downstream code knows no per-layer blob refs
   exist.

Unified storage mode is tracked by a new flag file
`/sysroot/composefs/bootc.json` (BootcRepoMeta), written atomically on the
first successful set-unified call and read cheaply on every pull_auto to
decide which path to take.  This avoids the previous heuristic that checked
per-image presence in containers-storage and broke across `bootc switch` to a
new image reference.

The old ostree-native unified pull path (new_importer_with_config /
check_disk_space_unified / prepare_for_pull_unified / pull_unified) is
removed — it was dead code since the composefs pipeline was introduced.

`bootc image copy-to-storage` is fixed for synthesized commits: because the
synthesized ostree commit carries no per-layer blob refs,
`ostree_ext::container::store::export()` would error out with "Refspec not
found". `push_entrypoint` now detects META_COMPOSEFS_SYNTHESIZED on the
resolved commit, reads the manifest and config from the commit metadata, and
delegates to the composefs layer-streaming export path instead.

The composefs export helper (`export_repo_to_image`) is refactored: the
streaming core is extracted into `export_composefs_to_dest` so it can be
called from both the composefs-boot and ostree-boot code paths.

A new TMT plan (plan-44-readonly-unified) onboards a system to unified
storage and then runs the full readonly test suite against it.

Assisted-by: OpenCode (Claude Sonnet 4.6)
Signed-off-by: Colin Walters <walters@verbum.org>

Author: cgwalters

crates/lib/src/bootc_composefs/export.rs

@@ -7,44 +7,27 @@ use composefs_ctl::composefs;
 use composefs_ctl::composefs_oci;
 use composefs_oci::open_config;
 use ocidir::{OciDir, oci_spec::image::Platform};
+use ostree_ext::container::ImageReference;
 use ostree_ext::container::Transport;
 use ostree_ext::container::skopeo;
 use tar::EntryType;
 
 use crate::image::get_imgrefs_for_copy;
 use crate::{
-    bootc_composefs::status::{get_composefs_status, get_imginfo},
-    store::{BootedComposefs, Storage},
+    bootc_composefs::status::{ImgConfigManifest, get_composefs_status, get_imginfo},
+    store::{BootedComposefs, ComposefsRepository, Storage},
 };
 
-/// Exports a composefs repository to a container image in containers-storage:
-pub async fn export_repo_to_image(
-    storage: &Storage,
-    booted_cfs: &BootedComposefs,
-    source: Option<&str>,
-    target: Option<&str>,
+/// Streams a composefs OCI image out to a destination image reference.
+///
+/// Given a composefs repository handle and image metadata (manifest + config),
+/// reconstructs the container image by reading layer data from the composefs
+/// splitstreams and copies the assembled OCI image to `dest_imgref` via skopeo.
+pub(crate) async fn export_composefs_to_dest(
+    composefs_repo: &ComposefsRepository,
+    imginfo: &ImgConfigManifest,
+    dest_imgref: &ImageReference,
 ) -> Result<()> {
-    let host = get_composefs_status(storage, booted_cfs).await?;
-
-    let (source, dest_imgref) = get_imgrefs_for_copy(&host, source, target).await?;
-
-    let mut depl_verity = None;
-
-    for depl in host.list_deployments() {
-        let img = &depl.image.as_ref().unwrap().image;
-
-        // Not checking transport here as we'll be pulling from the repo anyway
-        // So, image name is all we need
-        if img.image == source.name {
-            depl_verity = Some(depl.require_composefs()?.verity.clone());
-            break;
-        }
-    }
-
-    let depl_verity = depl_verity.ok_or_else(|| anyhow::anyhow!("Image {source} not found"))?;
-
-    let imginfo = get_imginfo(storage, &depl_verity)?;
-
     let config_digest = imginfo.manifest.config().digest().clone();
 
     let var_tmp =
@@ -54,7 +37,7 @@ pub async fn export_repo_to_image(
     let oci_dir = OciDir::ensure(tmpdir.try_clone()?).context("Opening OCI")?;
 
     // Use composefs_oci::open_config to get the config and layer map
-    let open = open_config(&*booted_cfs.repo, &config_digest, None).context("Opening config")?;
+    let open = open_config(composefs_repo, &config_digest, None).context("Opening config")?;
     let config = open.config;
     let layer_map = open.layer_refs;
 
@@ -77,7 +60,7 @@ pub async fn export_repo_to_image(
             .get(old_diff_id.as_str())
             .ok_or_else(|| anyhow::anyhow!("Layer {old_diff_id} not found in config"))?;
 
-        let mut layer_stream = booted_cfs.repo.open_stream("", Some(layer_verity), None)?;
+        let mut layer_stream = composefs_repo.open_stream("", Some(layer_verity), None)?;
 
         let mut layer_writer = oci_dir.create_layer(None)?;
         layer_writer.follow_symlinks(false);
@@ -113,7 +96,7 @@ pub async fn export_repo_to_image(
             match layer_stream.read_exact(size as usize, ((size as usize) + 511) & !511)? {
                 SplitStreamData::External(obj_id) => match header.entry_type() {
                     EntryType::Regular | EntryType::Continuous => {
-                        let file = File::from(booted_cfs.repo.open_object(&obj_id)?);
+                        let file = File::from(composefs_repo.open_object(&obj_id)?);
 
                         layer_writer
                             .append(&header, file)
@@ -196,7 +179,7 @@ pub async fn export_repo_to_image(
 
     skopeo::copy(
         &tempoci,
-        &dest_imgref,
+        dest_imgref,
         None,
         Some((
             std::sync::Arc::new(tmpdir.try_clone()?.into()),
@@ -208,3 +191,37 @@ pub async fn export_repo_to_image(
 
     Ok(())
 }
+
+/// Exports a composefs repository to a container image in containers-storage:
+pub async fn export_repo_to_image(
+    storage: &Storage,
+    booted_cfs: &BootedComposefs,
+    source: Option<&str>,
+    target: Option<&str>,
+) -> Result<()> {
+    let host = get_composefs_status(storage, booted_cfs).await?;
+
+    let (source, dest_imgref) = get_imgrefs_for_copy(&host, source, target).await?;
+
+    let mut depl_verity = None;
+
+    for depl in host.list_deployments() {
+        let img = &depl.image.as_ref().unwrap().image;
+
+        // Not checking transport here as we'll be pulling from the repo anyway
+        // So, image name is all we need
+        if img.image == source.name {
+            depl_verity = Some(depl.require_composefs()?.verity.clone());
+            break;
+        }
+    }
+
+    let depl_verity = depl_verity.ok_or_else(|| anyhow::anyhow!("Image {source} not found"))?;
+
+    let imginfo = get_imginfo(storage, &depl_verity)?;
+
+    println!("Copying local image {source} to {dest_imgref} ...");
+    export_composefs_to_dest(&booted_cfs.repo, &imginfo, &dest_imgref).await?;
+    println!("Pushed: {dest_imgref}");
+    Ok(())
+}

crates/lib/src/image.rs

@@ -235,6 +235,52 @@ pub(crate) async fn push_entrypoint(
     let ostree = storage.get_ostree()?;
     let repo = &ostree.repo();
 
+    // Images pulled via the composefs-unified pipeline are stored in the composefs
+    // repository with a synthesized ostree commit that has no per-layer blob refs.
+    // Detect this case and fall through to the composefs export path which reads
+    // directly from the composefs splitstreams instead of ostree blob refs.
+    let ostree_ref = ostree_ext::container::store::ref_for_image(&source)?;
+    if let Some(rev) = repo.resolve_rev(&ostree_ref, true)? {
+        let (commit_obj, _) = repo.load_commit(rev.as_str())?;
+        let commit_meta =
+            ostree_ext::ostree::glib::VariantDict::new(Some(&commit_obj.child_value(0)));
+        let is_composefs_synthesized = commit_meta
+            .lookup::<bool>(ostree_ext::container::store::META_COMPOSEFS_SYNTHESIZED)?
+            .unwrap_or(false);
+
+        if is_composefs_synthesized {
+            // The manifest and config are embedded in the commit metadata.
+            let manifest_str = commit_meta
+                .lookup::<String>(ostree_ext::container::store::META_MANIFEST)?
+                .ok_or_else(|| anyhow::anyhow!("Composefs-synthesized commit missing manifest"))?;
+            let config_str = commit_meta
+                .lookup::<String>(ostree_ext::container::store::META_CONFIG)?
+                .ok_or_else(|| {
+                    anyhow::anyhow!("Composefs-synthesized commit missing image config")
+                })?;
+
+            let manifest: ostree_ext::oci_spec::image::ImageManifest =
+                serde_json::from_str(&manifest_str)
+                    .context("Deserializing manifest from commit metadata")?;
+            let config: ostree_ext::oci_spec::image::ImageConfiguration =
+                serde_json::from_str(&config_str)
+                    .context("Deserializing image config from commit metadata")?;
+
+            let imginfo = crate::bootc_composefs::status::ImgConfigManifest { config, manifest };
+            let composefs_repo = storage.get_ensure_composefs()?;
+
+            println!("Copying local image {source} to {target} ...");
+            crate::bootc_composefs::export::export_composefs_to_dest(
+                &composefs_repo,
+                &imginfo,
+                &target,
+            )
+            .await?;
+            println!("Pushed: {target}");
+            return Ok(());
+        }
+    }
+
     let mut opts = ostree_ext::container::store::ExportToOCIOpts::default();
     opts.progress_to_stdout = true;
     println!("Copying local image {source} to {target} ...");

crates/lib/src/lsm.rs

@@ -432,7 +432,10 @@ pub(crate) fn ensure_dir_labeled_recurse(
             let metadata = component.entry.metadata()?;
 
             // Check if this entry should be skipped
-            let devino = (metadata.dev() as libc::dev_t, metadata.ino() as libc::ino64_t);
+            let devino = (
+                metadata.dev() as libc::dev_t,
+                metadata.ino() as libc::ino64_t,
+            );
             if skip.contains(&devino) {
                 tracing::debug!("Skipping dev={} inode={}", devino.0, devino.1);
                 // For directories, Break skips traversal into the directory