composefs-splitfdstream: new crate

Add a client library for communicating with the containers-storage
splitfdstream server.  This enables importing OCI container layers
via UNIX socket with file descriptor passing.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Author: giuseppe

Cargo.toml

@@ -20,6 +20,7 @@ composefs = { version = "0.3.0", path = "crates/composefs", default-features = f
 composefs-oci = { version = "0.3.0", path = "crates/composefs-oci", default-features = false }
 composefs-boot = { version = "0.3.0", path = "crates/composefs-boot", default-features = false }
 composefs-http = { version = "0.3.0", path = "crates/composefs-http", default-features = false }
+composefs-splitfdstream = { version = "0.3.0", path = "crates/composefs-splitfdstream", default-features = false }
 
 [profile.dev.package.sha2]
 # this is *really* slow otherwise

crates/cfsctl/Cargo.toml

@@ -24,6 +24,7 @@ composefs = { workspace = true }
 composefs-boot = { workspace = true }
 composefs-oci = { workspace = true, optional = true }
 composefs-http = { workspace = true, optional = true }
+composefs-splitfdstream = { workspace = true }
 env_logger = { version = "0.11.0", default-features = false }
 hex = { version = "0.4.0", default-features = false }
 rustix = { version = "1.0.0", default-features = false, features = ["fs", "process"] }

crates/cfsctl/src/main.rs

@@ -59,8 +59,19 @@ enum HashType {
 enum OciCommand {
     /// Stores a tar file as a splitstream in the repository.
     ImportLayer {
+        /// The layer digest (e.g., sha256:abc123...)
         digest: String,
+        /// Optional reference name for the layer
         name: Option<String>,
+        /// Import from splitfdstream server socket instead of stdin
+        #[clap(long)]
+        socket: Option<PathBuf>,
+        /// Layer ID to request from splitfdstream server (defaults to digest)
+        #[clap(long)]
+        layer_id: Option<String>,
+        /// Parent layer ID for delta computation
+        #[clap(long)]
+        parent_id: Option<String>,
     },
     /// Lists the contents of a tar stream
     LsLayer {
@@ -243,7 +254,30 @@ where
         }
         #[cfg(feature = "oci")]
         Command::Oci { cmd: oci_cmd } => match oci_cmd {
-            OciCommand::ImportLayer { name, digest } => {
+            OciCommand::ImportLayer {
+                name,
+                digest,
+                socket,
+                layer_id,
+                parent_id,
+            } => {
+                if let Some(socket_path) = socket {
+                    // Import from splitfdstream server
+                    let effective_layer_id = layer_id.as_deref().unwrap_or(&digest);
+                    let content_identifier = composefs_oci::layer_identifier(&digest);
+                    let object_id = composefs_oci::import_from_splitfdstream(
+                        &Arc::new(repo),
+                        &socket_path,
+                        effective_layer_id,
+                        parent_id.as_deref(),
+                        &content_identifier,
+                        name.as_deref(),
+                    )?;
+                    println!("{}", object_id.to_id());
+                    return Ok(());
+                }
+
+                // Import from stdin (default)
                 let object_id = composefs_oci::import_layer(
                     &Arc::new(repo),
                     &digest,

crates/composefs-oci/Cargo.toml

@@ -15,6 +15,7 @@ anyhow = { version = "1.0.87", default-features = false }
 async-compression = { version = "0.4.0", default-features = false, features = ["tokio", "zstd", "gzip"] }
 bytes = { version = "1", default-features = false }
 composefs = { workspace = true }
+composefs-splitfdstream = { workspace = true }
 containers-image-proxy = { version = "0.9.2", default-features = false }
 hex = { version = "0.4.0", default-features = false }
 indicatif = { version = "0.17.0", default-features = false, features = ["tokio"] }

crates/composefs-oci/src/lib.rs

@@ -12,8 +12,11 @@
 
 pub mod image;
 pub mod skopeo;
+pub mod splitfdstream;
 pub mod tar;
 
+pub use splitfdstream::import_from_splitfdstream;
+
 use std::{collections::HashMap, io::Read, sync::Arc};
 
 use anyhow::{bail, ensure, Context, Result};
@@ -28,7 +31,8 @@ use crate::tar::get_entry;
 
 type ContentAndVerity<ObjectID> = (String, ObjectID);
 
-fn layer_identifier(diff_id: &str) -> String {
+/// Generate the content identifier for a layer based on its diff_id.
+pub fn layer_identifier(diff_id: &str) -> String {
     format!("oci-layer-{diff_id}")
 }
 

crates/composefs-oci/src/splitfdstream.rs

@@ -0,0 +1,211 @@
+//! Import OCI layers from containers-storage via splitfdstream.
+//!
+//! This module provides functionality to import container layers directly from
+//! containers-storage using the splitfdstream protocol. This enables efficient
+//! layer transfer with file descriptor passing for external content objects.
+//!
+//! The splitfdstream format uses:
+//! - Inline data for tar headers and small files
+//! - File descriptor references for large files (passed via SCM_RIGHTS)
+//!
+//! Files are processed sequentially: tar header (inline) followed by content
+//! (external FD). Reflink is attempted first for efficient copying.
+
+use std::path::Path;
+use std::sync::Arc;
+
+use anyhow::{Context, Result};
+use rustix::fs::{copy_file_range, fstat, ftruncate};
+use rustix::io::pread;
+
+use composefs::fsverity::FsVerityHashValue;
+use composefs::repository::Repository;
+
+use composefs_splitfdstream::{OwnedFd, SplitFDStreamChunk, SplitFDStreamClient, SplitFDStreamReader};
+
+use crate::skopeo::TAR_LAYER_CONTENT_TYPE;
+
+/// Result of storing an FD's contents - the object ID and size.
+struct StoredObject<ObjectID> {
+    object_id: ObjectID,
+    size: u64,
+}
+
+/// Import a layer from a splitfdstream server into the repository.
+///
+/// This function connects to a containers-storage splitfdstream server,
+/// retrieves the layer data and file descriptors, then converts the
+/// splitfdstream format to the composefs splitstream format.
+///
+/// FDs are processed immediately as each batch is received, keeping max ~200
+/// FDs open at a time to avoid exhausting file descriptor limits.
+pub fn import_from_splitfdstream<ObjectID: FsVerityHashValue>(
+    repo: &Arc<Repository<ObjectID>>,
+    socket_path: impl AsRef<Path>,
+    layer_id: &str,
+    parent_id: Option<&str>,
+    content_identifier: &str,
+    reference: Option<&str>,
+) -> Result<ObjectID> {
+    // Connect to the splitfdstream server
+    let mut client = SplitFDStreamClient::connect(socket_path.as_ref())
+        .with_context(|| format!("Connecting to splitfdstream socket {:?}", socket_path.as_ref()))?;
+
+    // Get batch processor
+    let mut batch_proc = client
+        .get_splitfdstream(layer_id, parent_id)
+        .with_context(|| format!("Getting splitfdstream for layer {}", layer_id))?;
+
+    // Track if reflink works (detected on first FD)
+    let mut reflink_works: Option<bool> = None;
+
+    // Map of FD index -> stored object (object_id, size)
+    let mut stored_objects: Vec<StoredObject<ObjectID>> = Vec::new();
+
+    // Receive all batches, process FDs immediately
+    while let Some((fds, _stream_data)) = batch_proc.next_batch()? {
+        // Process each FD immediately: copy to repo, then close
+        for fd in fds {
+            let stat = fstat(&fd).context("Getting file size from FD")?;
+            let size = stat.st_size as u64;
+
+            let object_id = store_fd_to_repo(repo, &fd, size, &mut reflink_works)?;
+            stored_objects.push(StoredObject { object_id, size });
+            // fd is dropped here, closing the file descriptor
+        }
+    }
+
+    // Get complete stream data
+    let stream_data = batch_proc.stream_data()?;
+
+    // Create a splitstream writer
+    let mut writer = repo.create_stream(TAR_LAYER_CONTENT_TYPE);
+
+    // Parse stream and build splitstream
+    let mut reader = SplitFDStreamReader::new(stream_data.to_vec());
+
+    while let Some(chunk) = reader.next_chunk()? {
+        match chunk {
+            SplitFDStreamChunk::Inline(data) => {
+                writer.write_inline(&data);
+            }
+            SplitFDStreamChunk::External(fd_idx) => {
+                let stored = stored_objects.get(fd_idx).ok_or_else(|| {
+                    anyhow::anyhow!(
+                        "FD index {} out of range (have {} objects)",
+                        fd_idx,
+                        stored_objects.len()
+                    )
+                })?;
+
+                writer.add_external_size(stored.size);
+                writer.write_reference(stored.object_id.clone())?;
+            }
+        }
+    }
+
+    let object_id = repo.write_stream(writer, content_identifier, reference)?;
+
+    Ok(object_id)
+}
+
+/// Store FD contents to repository, trying reflink first.
+fn store_fd_to_repo<ObjectID: FsVerityHashValue>(
+    repo: &Arc<Repository<ObjectID>>,
+    fd: &OwnedFd,
+    size: u64,
+    reflink_works: &mut Option<bool>,
+) -> Result<ObjectID> {
+    if reflink_works.is_none() {
+        match try_reflink_to_repo(repo, fd, size) {
+            Ok(id) => {
+                *reflink_works = Some(true);
+                return Ok(id);
+            }
+            Err(_) => {
+                *reflink_works = Some(false);
+            }
+        }
+    } else if *reflink_works == Some(true) {
+        if let Ok(id) = try_reflink_to_repo(repo, fd, size) {
+            return Ok(id);
+        }
+    }
+
+    let data = read_fd_contents(fd, size)?;
+    repo.ensure_object(&data).context("Storing object")
+}
+
+/// Try to reflink the file descriptor contents to the repository.
+fn try_reflink_to_repo<ObjectID: FsVerityHashValue>(
+    repo: &Arc<Repository<ObjectID>>,
+    src_fd: &OwnedFd,
+    size: u64,
+) -> Result<ObjectID> {
+    let tmpfile = repo
+        .create_object_tmpfile()
+        .context("Creating object tmpfile")?;
+
+    try_copy_file_range(src_fd, &tmpfile, size)?;
+
+    repo.finalize_object_tmpfile(tmpfile.into(), size)
+        .context("Finalizing reflinked object")
+}
+
+/// Try to copy file contents using copy_file_range (which may use reflink).
+fn try_copy_file_range(src_fd: &OwnedFd, dst_fd: &OwnedFd, size: u64) -> Result<()> {
+    if size == 0 {
+        return Ok(());
+    }
+
+    ftruncate(dst_fd, size).context("Truncating destination file")?;
+
+    let mut src_offset = 0u64;
+    let mut dst_offset = 0u64;
+    let mut remaining = size;
+
+    while remaining > 0 {
+        let copied = copy_file_range(
+            src_fd,
+            Some(&mut src_offset),
+            dst_fd,
+            Some(&mut dst_offset),
+            remaining as usize,
+        )
+        .context("copy_file_range failed")?;
+
+        if copied == 0 {
+            anyhow::bail!("copy_file_range returned 0 before completing");
+        }
+
+        remaining -= copied as u64;
+    }
+
+    Ok(())
+}
+
+/// Read the entire contents of a file descriptor using pread.
+fn read_fd_contents(fd: &OwnedFd, expected_size: u64) -> Result<Vec<u8>> {
+    let size = expected_size as usize;
+    let mut data = vec![0u8; size];
+    let mut offset = 0u64;
+    let mut total_read = 0usize;
+
+    while total_read < size {
+        let n = pread(fd, &mut data[total_read..], offset)
+            .with_context(|| format!("Reading from fd at offset {}", offset))?;
+        if n == 0 {
+            data.truncate(total_read);
+            break;
+        }
+        total_read += n;
+        offset += n as u64;
+    }
+
+    Ok(data)
+}
+
+#[cfg(test)]
+mod tests {
+    // Integration tests would require a running splitfdstream server
+}

crates/composefs-splitfdstream/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "composefs-splitfdstream"
+description = "Splitfdstream client for composefs"
+keywords = ["composefs", "oci", "splitstream"]
+
+edition.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[dependencies]
+anyhow = { version = "1.0", default-features = false }
+rustix = { version = "1.0", default-features = false, features = ["net", "fs"] }
+serde = { version = "1.0", default-features = false, features = ["derive"] }
+serde_json = { version = "1.0", default-features = false, features = ["std"] }
+thiserror = { version = "1.0", default-features = false }
+
+[lints]
+workspace = true