composefs: Read manifest+config from composefs repo

The latest composefs-rs stores manifest and config objects and
the manifest becomes a GC root, so we can use that instead of `.imginfo`
sidecar files.

The flow now is:
 bootloader entry -> deployment -> origin file
   -> manifest digest -> manifest -> [config | objects]

For backward compatibility, fall back to the legacy .imginfo
file if the .origin does not contain a manifest_digest key.

Drop the really old hacky fallback that did network fetches.

Note the manifest becomes part of the GC root.

Assisted-by: OpenCode (Claude claude-opus-4-6)
Signed-off-by: Colin Walters <walters@verbum.org>

Author: cgwalters

crates/lib/src/bootc_composefs/boot.rs

@@ -93,31 +93,20 @@ use rustix::{mount::MountFlags, path::Arg};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
+use crate::bootc_composefs::state::{get_booted_bls, write_composefs_state};
+use crate::bootc_kargs::compute_new_kargs;
+use crate::composefs_consts::{TYPE1_BOOT_DIR_PREFIX, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED};
+use crate::parsers::bls_config::{BLSConfig, BLSConfigType};
 use crate::task::Task;
-use crate::{
-    bootc_composefs::repo::get_imgref,
-    composefs_consts::{TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED},
-};
 use crate::{
     bootc_composefs::repo::open_composefs_repo,
     store::{ComposefsFilesystem, Storage},
 };
-use crate::{
-    bootc_composefs::state::{get_booted_bls, write_composefs_state},
-    composefs_consts::TYPE1_BOOT_DIR_PREFIX,
-};
-use crate::{
-    bootc_composefs::status::get_container_manifest_and_config, bootc_kargs::compute_new_kargs,
-};
 use crate::{bootc_composefs::status::get_sorted_grub_uki_boot_entries, install::PostFetchState};
-use crate::{
-    composefs_consts::UKI_NAME_PREFIX,
-    parsers::bls_config::{BLSConfig, BLSConfigType},
-};
 use crate::{
     composefs_consts::{
         BOOT_LOADER_ENTRIES, COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST,
-        STAGED_BOOT_LOADER_ENTRIES, STATE_DIR_ABS, USER_CFG, USER_CFG_STAGED,
+        STAGED_BOOT_LOADER_ENTRIES, STATE_DIR_ABS, UKI_NAME_PREFIX, USER_CFG, USER_CFG_STAGED,
     },
     spec::{Bootloader, Host},
 };
@@ -1259,23 +1248,23 @@ fn get_secureboot_keys(fs: &Dir, p: &str) -> Result<Option<SecurebootKeys>> {
 pub(crate) async fn setup_composefs_boot(
     root_setup: &RootSetup,
     state: &State,
-    image_id: &str,
+    pull_result: &composefs_oci::skopeo::PullResult<Sha512HashValue>,
     allow_missing_fsverity: bool,
 ) -> Result<()> {
     const COMPOSEFS_BOOT_SETUP_JOURNAL_ID: &str = "1f0e9d8c7b6a5f4e3d2c1b0a9f8e7d6c5";
 
     tracing::info!(
         message_id = COMPOSEFS_BOOT_SETUP_JOURNAL_ID,
         bootc.operation = "boot_setup",
-        bootc.image_id = image_id,
+        bootc.config_digest = pull_result.config_digest,
         bootc.allow_missing_fsverity = allow_missing_fsverity,
         "Setting up composefs boot",
     );
 
     let mut repo = open_composefs_repo(&root_setup.physical_root)?;
     repo.set_insecure(allow_missing_fsverity);
 
-    let mut fs = create_composefs_filesystem(&repo, image_id, None)?;
+    let mut fs = create_composefs_filesystem(&repo, &pull_result.config_digest, None)?;
     let entries = fs.transform_for_boot(&repo)?;
     let id = fs.commit_image(&repo, None)?;
     let mounted_fs = Dir::reopen_dir(
@@ -1343,11 +1332,7 @@ pub(crate) async fn setup_composefs_boot(
         None,
         boot_type,
         boot_digest,
-        &get_container_manifest_and_config(&get_imgref(
-            &state.source.imageref.transport.to_string(),
-            &state.source.imageref.name,
-        ))
-        .await?,
+        &pull_result.manifest_digest,
         allow_missing_fsverity,
     )
     .await?;

crates/lib/src/bootc_composefs/export.rs

@@ -43,7 +43,7 @@ pub async fn export_repo_to_image(
 
     let depl_verity = depl_verity.ok_or_else(|| anyhow::anyhow!("Image {source} not found"))?;
 
-    let imginfo = get_imginfo(storage, &depl_verity, None).await?;
+    let imginfo = get_imginfo(storage, &depl_verity)?;
 
     // We want the digest in the form of "sha256:abc123"
     let config_digest = format!("{}", imginfo.manifest.config().digest());

crates/lib/src/bootc_composefs/gc.rs

@@ -15,9 +15,13 @@ use crate::{
     bootc_composefs::{
         boot::{BOOTC_UKI_DIR, BootType, get_type1_dir_name, get_uki_addon_dir_name, get_uki_name},
         delete::{delete_image, delete_staged, delete_state_dir},
+        state::read_origin,
         status::{get_composefs_status, get_imginfo, list_bootloader_entries},
     },
-    composefs_consts::{STATE_DIR_RELATIVE, TYPE1_BOOT_DIR_PREFIX, UKI_NAME_PREFIX},
+    composefs_consts::{
+        ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST, STATE_DIR_RELATIVE, TYPE1_BOOT_DIR_PREFIX,
+        UKI_NAME_PREFIX,
+    },
     store::{BootedComposefs, Storage},
 };
 
@@ -313,11 +317,22 @@ pub(crate) async fn composefs_gc(
             continue;
         }
 
-        let image = get_imginfo(storage, verity, None).await?;
-        let stream = format!("oci-config-{}", image.manifest.config().digest());
+        let image = get_imginfo(storage, verity)?;
+        let config_stream = format!("oci-config-{}", image.manifest.config().digest());
 
         additional_roots.push(verity.clone());
-        additional_roots.push(stream);
+        additional_roots.push(config_stream);
+
+        // Also protect the manifest stream so that `bootc status` can
+        // read the manifest+config via OciImage::open() after GC.
+        if let Some(ini) = read_origin(sysroot, verity)? {
+            if let Some(manifest_digest) =
+                ini.get::<String>(ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST)
+            {
+                let manifest_stream = format!("oci-manifest-{manifest_digest}");
+                additional_roots.push(manifest_stream);
+            }
+        }
     }
 
     let additional_roots = additional_roots

crates/lib/src/bootc_composefs/repo.rs

@@ -100,7 +100,6 @@ pub(crate) fn get_imgref(transport: &str, image: &str) -> String {
 
 /// Result of pulling a composefs repository, including the OCI manifest digest
 /// needed to reconstruct image metadata from the local composefs repo.
-#[allow(dead_code)]
 pub(crate) struct PullRepoResult {
     pub(crate) repo: crate::store::ComposefsRepository,
     pub(crate) entries: Vec<ComposefsBootEntry<Sha512HashValue>>,

crates/lib/src/bootc_composefs/state.rs

@@ -27,16 +27,14 @@ use rustix::{
 
 use crate::bootc_composefs::boot::BootType;
 use crate::bootc_composefs::repo::get_imgref;
-use crate::bootc_composefs::status::{
-    ImgConfigManifest, StagedDeployment, get_sorted_type1_boot_entries,
-};
+use crate::bootc_composefs::status::{StagedDeployment, get_sorted_type1_boot_entries};
 use crate::parsers::bls_config::BLSConfigType;
 use crate::store::{BootedComposefs, Storage};
 use crate::{
     composefs_consts::{
         COMPOSEFS_CMDLINE, COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR,
-        ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_BOOT_TYPE, SHARED_VAR_PATH,
-        STATE_DIR_RELATIVE,
+        ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_BOOT_TYPE, ORIGIN_KEY_IMAGE,
+        ORIGIN_KEY_MANIFEST_DIGEST, SHARED_VAR_PATH, STATE_DIR_RELATIVE,
     },
     parsers::bls_config::BLSConfig,
     spec::ImageReference,
@@ -244,15 +242,15 @@ pub(crate) fn update_boot_digest_in_origin(
 /// * `staged`            - Whether this is a staged deployment (writes to transient state dir)
 /// * `boot_type`         - Boot loader type (`Bls` or `Uki`)
 /// * `boot_digest`       - Optional boot digest for verification
-/// * `container_details` - Container manifest and config used to create this deployment
+/// * `manifest_digest`   - OCI manifest content digest, stored in the origin file so the
+///                         manifest+config can be retrieved from the composefs repo later
 ///
 /// # State Directory Structure
 ///
 /// Creates the following structure under `/sysroot/state/deploy/{deployment_id}/`:
 /// * `etc/`                    - Copy of system configuration files
 /// * `var`                     - Symlink to shared `/var` directory
-/// * `{deployment_id}.origin`  - OSTree-style origin configuration
-/// * `{deployment_id}.imginfo` - Container image manifest and config as JSON
+/// * `{deployment_id}.origin`  - Origin configuration with image ref, boot, and image metadata
 ///
 /// For staged deployments, also writes to `/run/composefs/staged-deployment`.
 #[context("Writing composefs state")]
@@ -263,7 +261,7 @@ pub(crate) async fn write_composefs_state(
     staged: Option<StagedDeployment>,
     boot_type: BootType,
     boot_digest: String,
-    container_details: &ImgConfigManifest,
+    manifest_digest: &str,
     allow_missing_fsverity: bool,
 ) -> Result<()> {
     let state_path = root_path
@@ -312,18 +310,15 @@ pub(crate) async fn write_composefs_state(
         .section(ORIGIN_KEY_BOOT)
         .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
 
+    // Store the OCI manifest digest so we can retrieve the manifest+config
+    // from the composefs repository later (composefs-rs stores them as splitstreams).
+    config = config
+        .section(ORIGIN_KEY_IMAGE)
+        .item(ORIGIN_KEY_MANIFEST_DIGEST, manifest_digest);
+
     let state_dir =
         Dir::open_ambient_dir(&state_path, ambient_authority()).context("Opening state dir")?;
 
-    // NOTE: This is only supposed to be temporary until we decide on where to store
-    // the container manifest/config
-    state_dir
-        .atomic_write(
-            format!("{}.imginfo", deployment_id.to_hex()),
-            serde_json::to_vec(&container_details)?,
-        )
-        .context("Failed to write to .imginfo file")?;
-
     state_dir
         .atomic_write(
             format!("{}.origin", deployment_id.to_hex()),

crates/lib/src/bootc_composefs/status.rs

@@ -3,20 +3,21 @@ use std::{collections::HashSet, io::Read, sync::OnceLock};
 use anyhow::{Context, Result};
 use bootc_kernel_cmdline::utf8::Cmdline;
 use bootc_mount::inspect_filesystem;
+use cfsctl::composefs::fsverity::Sha512HashValue;
+use cfsctl::composefs_oci::OciImage;
 use fn_error_context::context;
 use serde::{Deserialize, Serialize};
 
 use crate::{
     bootc_composefs::{
         boot::BootType,
-        repo::get_imgref,
         selinux::are_selinux_policies_compatible,
         state::{get_composefs_usr_overlay_status, read_origin},
         utils::{compute_store_boot_digest_for_uki, get_uki_cmdline},
     },
     composefs_consts::{
-        COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG,
-        USER_CFG_STAGED,
+        COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST,
+        TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG, USER_CFG_STAGED,
     },
     install::EFI_LOADER_INFO,
     parsers::{
@@ -358,57 +359,63 @@ pub(crate) fn get_bootloader() -> Result<Bootloader> {
     }
 }
 
-/// Reads the .imginfo file for the provided deployment
-#[context("Reading imginfo")]
-pub(crate) async fn get_imginfo(
-    storage: &Storage,
-    deployment_id: &str,
-    imgref: Option<&ImageReference>,
-) -> Result<ImgConfigManifest> {
-    let imginfo_fname = format!("{deployment_id}.imginfo");
+/// Retrieves the OCI manifest and config for a deployment from the composefs repository.
+///
+/// The manifest digest is read from the deployment's `.origin` file,
+/// then `OciImage::open()` retrieves manifest+config from the composefs repo
+/// where composefs-rs stores them as splitstreams during pull.
+///
+/// Falls back to reading legacy `.imginfo` files for backwards compatibility
+/// with deployments created before the manifest digest was stored in `.origin`.
+#[context("Reading image info for deployment {deployment_id}")]
+pub(crate) fn get_imginfo(storage: &Storage, deployment_id: &str) -> Result<ImgConfigManifest> {
+    let ini = read_origin(&storage.physical_root, deployment_id)?
+        .ok_or_else(|| anyhow::anyhow!("No origin file for deployment {deployment_id}"))?;
+
+    // Try to read the manifest digest from the origin file (new path)
+    if let Some(manifest_digest) = ini.get::<String>(ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST) {
+        let repo = storage.get_ensure_composefs()?;
+        let oci_image = OciImage::<Sha512HashValue>::open(&repo, &manifest_digest, None)
+            .with_context(|| format!("Opening OCI image for manifest {manifest_digest}"))?;
+
+        let manifest = oci_image.manifest().clone();
+        let config = oci_image
+            .config()
+            .cloned()
+            .ok_or_else(|| anyhow::anyhow!("OCI image has no config (artifact?)"))?;
+
+        return Ok(ImgConfigManifest { config, manifest });
+    }
 
+    // Fallback: read legacy .imginfo file for deployments created before
+    // the manifest digest was stored in .origin
     let depl_state_path = std::path::PathBuf::from(STATE_DIR_RELATIVE).join(deployment_id);
-    let path = depl_state_path.join(imginfo_fname);
+    let imginfo_fname = format!("{deployment_id}.imginfo");
+    let path = depl_state_path.join(&imginfo_fname);
 
     let mut img_conf = storage
         .physical_root
         .open_optional(&path)
-        .context("Failed to open file")?;
+        .with_context(|| format!("Opening legacy {imginfo_fname}"))?;
 
     let Some(img_conf) = &mut img_conf else {
-        let imgref = imgref.ok_or_else(|| anyhow::anyhow!("No imgref or imginfo file found"))?;
-
-        let container_details =
-            get_container_manifest_and_config(&get_imgref(&imgref.transport, &imgref.image))
-                .await?;
-
-        let state_dir = storage.physical_root.open_dir(depl_state_path)?;
-
-        state_dir
-            .atomic_write(
-                format!("{}.imginfo", deployment_id),
-                serde_json::to_vec(&container_details)?,
-            )
-            .context("Failed to write to .imginfo file")?;
-
-        let state_dir = state_dir.reopen_as_ownedfd()?;
-
-        rustix::fs::fsync(state_dir).context("fsync")?;
-
-        return Ok(container_details);
+        anyhow::bail!(
+            "No manifest_digest in origin and no legacy .imginfo file \
+             for deployment {deployment_id}"
+        );
     };
 
     let mut buffer = String::new();
     img_conf.read_to_string(&mut buffer)?;
 
     let img_conf = serde_json::from_str::<ImgConfigManifest>(&buffer)
-        .context("Failed to parse file as JSON")?;
+        .context("Failed to parse .imginfo file as JSON")?;
 
     Ok(img_conf)
 }
 
 #[context("Getting composefs deployment metadata")]
-async fn boot_entry_from_composefs_deployment(
+fn boot_entry_from_composefs_deployment(
     storage: &Storage,
     origin: tini::Ini,
     verity: &str,
@@ -418,7 +425,7 @@ async fn boot_entry_from_composefs_deployment(
             let ostree_img_ref = OstreeImageReference::from_str(&img_name_from_config)?;
             let img_ref = ImageReference::from(ostree_img_ref);
 
-            let img_conf = get_imginfo(storage, &verity, Some(&img_ref)).await?;
+            let img_conf = get_imginfo(storage, &verity)?;
 
             let image_digest = img_conf.manifest.config().digest().to_string();
             let architecture = img_conf.config.architecture().to_string();
@@ -699,6 +706,11 @@ async fn composefs_deployment_status_from(
     // This is our source of truth
     let bootloader_entry_verity = list_bootloader_entries(storage)?;
 
+    let state_dir = storage
+        .physical_root
+        .open_dir(STATE_DIR_RELATIVE)
+        .with_context(|| format!("Opening {STATE_DIR_RELATIVE}"))?;
+
     let host_spec = HostSpec {
         image: None,
         boot_order: BootOrder::Default,
@@ -727,11 +739,17 @@ async fn composefs_deployment_status_from(
     let mut extra_deployment_boot_entries: Vec<BootEntry> = Vec::new();
 
     for verity_digest in bootloader_entry_verity {
-        let ini = read_origin(&storage.physical_root, &verity_digest)?
-            .ok_or_else(|| anyhow::anyhow!("No origin file for deployment {verity_digest}"))?;
+        // read the origin file
+        let config = state_dir
+            .open_dir(&verity_digest)
+            .with_context(|| format!("Failed to open {verity_digest}"))?
+            .read_to_string(format!("{verity_digest}.origin"))
+            .with_context(|| format!("Reading file {verity_digest}.origin"))?;
+
+        let ini = tini::Ini::from_string(&config)
+            .with_context(|| format!("Failed to parse file {verity_digest}.origin as ini"))?;
 
-        let mut boot_entry =
-            boot_entry_from_composefs_deployment(storage, ini, &verity_digest).await?;
+        let mut boot_entry = boot_entry_from_composefs_deployment(storage, ini, &verity_digest)?;
 
         // SAFETY: boot_entry.composefs will always be present
         let boot_type_from_origin = boot_entry.composefs.as_ref().unwrap().boot_type;