Add composefs-ostree and some basic CLI tools

Based on ideas from #141

This is an initial version of ostree support. This allows pulling from
local and remote ostree repos, which will create a set of regular file
content objects, as well as a commit splitstream containing all the
remaining ostree objects and file data. From the splitstream we can
create an image.

When pulling a commit, a base commit (i.e. "the previous version" can be
specified. Any objects in that base commit will not be downloaded. If a
name is given for the pulled commit, then pre-existing blobs with the
same name will automatically be used as a base commit.

This is an initial version and there are several things missing:
 * Pull operations are completely serial
 * There is no support for ostree summary files
 * There is no support for ostree delta files
 * There is no caching of local file availability (other than base commit)
 * Local ostree repos only support archive mode
 * There is no GPG validation on ostree pull

Signed-off-by: Alexander Larsson <alexl@redhat.com>

Author: alexlarsson

Cargo.toml

@@ -38,6 +38,7 @@ composefs-ioctls = { version = "0.4.0", path = "crates/composefs-ioctls", defaul
 composefs-oci = { version = "0.4.0", path = "crates/composefs-oci", default-features = false }
 composefs-boot = { version = "0.4.0", path = "crates/composefs-boot", default-features = false }
 composefs-http = { version = "0.4.0", path = "crates/composefs-http", default-features = false }
+composefs-ostree = { version = "0.4.0", path = "crates/composefs-ostree", default-features = false }
 cap-std-ext = "5.1.2"
 ocidir = "0.7.2"
 

crates/composefs-ctl/Cargo.toml

@@ -17,10 +17,11 @@ name = "cfsctl"
 path = "src/main.rs"
 
 [features]
-default = ['pre-6.15', 'oci', 'containers-storage']
+default = ['pre-6.15', 'oci', 'containers-storage', 'ostree']
 http = ['composefs-http']
 oci = ['composefs-oci', 'composefs-oci/varlink']
 containers-storage = ['composefs-oci/containers-storage', 'cstorage']
+ostree = ['composefs-ostree']
 rhel9 = ['composefs/rhel9']
 'pre-6.15' = ['composefs/pre-6.15']
 
@@ -34,6 +35,7 @@ composefs-boot = { workspace = true }
 composefs-oci = { workspace = true, optional = true, features = ["boot"] }
 composefs-http = { workspace = true, optional = true }
 cstorage = { package = "composefs-storage", path = "../composefs-storage", version = "0.4.0", features = ["userns-helper"], optional = true }
+composefs-ostree = { workspace = true, optional = true }
 env_logger = { version = "0.11.0", default-features = false }
 hex = { version = "0.4.0", default-features = false }
 indicatif = { version = "0.17.0", default-features = false }

crates/composefs-ctl/src/lib.rs

@@ -501,6 +501,31 @@ enum OciCommand {
     },
 }
 
+#[cfg(feature = "ostree")]
+#[derive(Debug, Subcommand)]
+enum OstreeCommand {
+    PullLocal {
+        ostree_repo_path: PathBuf,
+        ostree_ref: String,
+        #[clap(long)]
+        base_name: Option<String>,
+    },
+    Pull {
+        ostree_repo_url: String,
+        ostree_ref: String,
+        #[clap(long)]
+        base_name: Option<String>,
+    },
+    CreateImage {
+        commit_name: String,
+        #[clap(long)]
+        image_name: Option<String>,
+    },
+    Inspect {
+        commit_name: String,
+    },
+}
+
 /// Common options for reading a filesystem from a path
 #[derive(Debug, Parser)]
 struct FsReadOptions {
@@ -570,6 +595,11 @@ enum Command {
         #[clap(subcommand)]
         cmd: OciCommand,
     },
+    #[cfg(feature = "ostree")]
+    Ostree {
+        #[clap(subcommand)]
+        cmd: OstreeCommand,
+    },
     /// Mounts a composefs image, possibly enforcing fsverity of the image
     Mount {
         /// the name of the image to mount, either an fs-verity hash or prefixed with 'ref/'
@@ -1566,6 +1596,50 @@ where
                 unreachable!("oci varlink is handled before opening a repository");
             }
         },
+        #[cfg(feature = "ostree")]
+        Command::Ostree { cmd: ostree_cmd } => match ostree_cmd {
+            OstreeCommand::PullLocal {
+                ref ostree_repo_path,
+                ref ostree_ref,
+                base_name,
+            } => {
+                let verity = composefs_ostree::pull_local(
+                    &repo,
+                    ostree_repo_path,
+                    ostree_ref,
+                    base_name.as_deref(),
+                )
+                .await?;
+
+                println!("verity {}", verity.to_hex());
+            }
+            OstreeCommand::Pull {
+                ref ostree_repo_url,
+                ref ostree_ref,
+                base_name,
+            } => {
+                let verity = composefs_ostree::pull(
+                    &repo,
+                    ostree_repo_url,
+                    ostree_ref,
+                    base_name.as_deref(),
+                )
+                .await?;
+
+                println!("verity {}", verity.to_hex());
+            }
+            OstreeCommand::CreateImage {
+                ref commit_name,
+                ref image_name,
+            } => {
+                let fs = composefs_ostree::create_filesystem(&repo, commit_name)?;
+                let image_id = fs.commit_image(&repo, image_name.as_deref())?;
+                println!("{}", image_id.to_id());
+            }
+            OstreeCommand::Inspect { ref commit_name } => {
+                composefs_ostree::inspect(&repo, commit_name)?;
+            }
+        },
         Command::CreateImage {
             fs_opts,
             ref image_name,

crates/composefs-ostree/Cargo.toml

@@ -0,0 +1,34 @@
+[package]
+name = "composefs-ostree"
+description = "ostree support for composefs"
+keywords = ["composefs", "ostree"]
+
+publish = false
+edition.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[dependencies]
+anyhow = { version = "1.0.87", default-features = false }
+composefs = { workspace = true }
+configparser = { version = "3.1.0", features = [] }
+flate2 = { version = "1.1.2", default-features = true }
+gvariant = { version = "0.5.1", default-features = true}
+hex = { version = "0.4.0", default-features = false, features = ["std"] }
+indicatif = { version = "0.17.0", default-features = false }
+rustix = { version = "1.0.0", default-features = false, features = ["fs", "mount", "process", "std"] }
+sha2 = { version = "0.11.0", default-features = false }
+zerocopy = { version = "0.8.0", default-features = false, features = ["derive", "std"] }
+reqwest = { version = "0.12.15", features = ["stream", "zstd"] }
+tokio = { version = "1.24.2", default-features = false, features = ["rt"] }
+tokio-stream = "0.1.18"
+tokio-util = { version = "0.7", default-features = false, features = ["io", "io-util"] }
+
+[dev-dependencies]
+similar-asserts = "1.7.0"
+
+[lints]
+workspace = true