composefs-backend/boot: Handle staged systemd-boot deployments

Add logic for upgrading/switching to a deployment with systemd-boot as
the bootloader. Also update finalize-staged service to handle
systemd-boot bootloader entries for UKIs

Signed-off-by: Pragyan Poudyal <[email protected]>

Author: Johan-Liebert1

crates/lib/src/bootc_composefs/boot.rs

@@ -503,7 +503,9 @@ pub(crate) fn setup_composefs_bls_boot(
     let loader_path = entry_paths.config_path.join("loader");
 
     let (config_path, booted_bls) = if is_upgrade {
-        let mut booted_bls = get_booted_bls()?;
+        let boot_dir = Dir::open_ambient_dir(&entry_paths.config_path, ambient_authority())?;
+
+        let mut booted_bls = get_booted_bls(&boot_dir)?;
         booted_bls.sort_key = Some("0".into()); // entries are sorted by their filename in reverse order
 
         // This will be atomically renamed to 'loader/entries' on shutdown/reboot
@@ -751,23 +753,27 @@ fn write_systemd_uki_config(
             efi: format!("/{SYSTEMD_UKI_DIR}/{}{}", id.to_hex(), EFI_EXT),
         })
         .with_sort_key(default_sort_key.into())
+        // TODO (Johan-Liebert1): Get version from UKI like we get boot label
         .with_version(default_sort_key.into());
 
-    let entries_dir = match setup_type {
+    let (entries_dir, booted_bls) = match setup_type {
         BootSetupType::Setup(..) => {
             esp_dir
                 .create_dir_all(TYPE1_ENT_PATH)
                 .with_context(|| format!("Creating {TYPE1_ENT_PATH}"))?;
 
-            esp_dir.open_dir(TYPE1_ENT_PATH)?
+            (esp_dir.open_dir(TYPE1_ENT_PATH)?, None)
         }
 
         BootSetupType::Upgrade(_) => {
             esp_dir
                 .create_dir_all(TYPE1_ENT_PATH_STAGED)
                 .with_context(|| format!("Creating {TYPE1_ENT_PATH_STAGED}"))?;
 
-            esp_dir.open_dir(TYPE1_ENT_PATH_STAGED)?
+            let mut booted_bls = get_booted_bls(&esp_dir)?;
+            booted_bls.sort_key = Some("1".into());
+
+            (esp_dir.open_dir(TYPE1_ENT_PATH_STAGED)?, Some(booted_bls))
         }
     };
 
@@ -778,6 +784,14 @@ fn write_systemd_uki_config(
         )
         .context("Writing conf file")?;
 
+    if let Some(booted_bls) = booted_bls {
+        entries_dir.atomic_write(
+            // SAFETY: We set sort_key above
+            type1_entry_conf_file_name(booted_bls.sort_key.as_ref().unwrap()),
+            booted_bls.to_string().as_bytes(),
+        )?;
+    }
+
     // Write the timeout for bootloader menu if not exists
     if !esp_dir.exists(SYSTEMD_LOADER_CONF_PATH) {
         esp_dir

crates/lib/src/bootc_composefs/finalize.rs

@@ -80,7 +80,12 @@ pub(crate) async fn composefs_native_finalize() -> Result<()> {
                 let entries_dir = esp_mount.fd.open_dir("loader")?;
                 rename_exchange_bls_entries(&entries_dir)?;
             }
-            BootType::Uki => rename_staged_uki_entries(&esp_mount.fd)?,
+            BootType::Uki => {
+                rename_staged_uki_entries(&esp_mount.fd)?;
+
+                let entries_dir = esp_mount.fd.open_dir("loader")?;
+                rename_exchange_bls_entries(&entries_dir)?;
+            }
         },
     };
 

crates/lib/src/bootc_composefs/rollback.rs

@@ -53,8 +53,9 @@ pub(crate) fn rename_exchange_bls_entries(entries_dir: &Dir) -> Result<()> {
     .context("renameat")?;
 
     tracing::debug!("Removing {STAGED_BOOT_LOADER_ENTRIES}");
-    rustix::fs::unlinkat(&entries_dir, STAGED_BOOT_LOADER_ENTRIES, AtFlags::REMOVEDIR)
-        .context("unlinkat")?;
+    entries_dir
+        .remove_dir_all(STAGED_BOOT_LOADER_ENTRIES)
+        .context("Removing staged dir")?;
 
     tracing::debug!("Syncing to disk");
     let entries_dir = entries_dir

crates/lib/src/bootc_composefs/state.rs

@@ -6,7 +6,8 @@ use bootc_kernel_cmdline::utf8::Cmdline;
 use bootc_mount::tempmount::TempMount;
 use bootc_utils::CommandRunExt;
 use camino::Utf8PathBuf;
-use cap_std_ext::{cap_std, dirext::CapStdExtDirExt};
+use cap_std_ext::cap_std::ambient_authority;
+use cap_std_ext::{cap_std::fs::Dir, dirext::CapStdExtDirExt};
 use composefs::fsverity::{FsVerityHashValue, Sha256HashValue};
 use fn_error_context::context;
 
@@ -17,41 +18,36 @@ use rustix::{
 };
 
 use crate::bootc_composefs::boot::BootType;
+use crate::bootc_composefs::status::get_sorted_type1_boot_entries;
 use crate::parsers::bls_config::BLSConfigType;
 use crate::{
     composefs_consts::{
         COMPOSEFS_CMDLINE, COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR,
         ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_BOOT_TYPE, SHARED_VAR_PATH,
         STATE_DIR_RELATIVE,
     },
-    parsers::bls_config::{parse_bls_config, BLSConfig},
+    parsers::bls_config::BLSConfig,
     spec::ImageReference,
     utils::path_relative_to,
 };
 
-pub(crate) fn get_booted_bls() -> Result<BLSConfig> {
+pub(crate) fn get_booted_bls(boot_dir: &Dir) -> Result<BLSConfig> {
     let cmdline = Cmdline::from_proc()?;
     let booted = cmdline
         .find(COMPOSEFS_CMDLINE)
         .ok_or_else(|| anyhow::anyhow!("Failed to find composefs parameter in kernel cmdline"))?;
 
-    for entry in std::fs::read_dir("/sysroot/boot/loader/entries")? {
-        let entry = entry?;
+    let sorted_entries = get_sorted_type1_boot_entries(boot_dir, true)?;
 
-        if !entry.file_name().as_str()?.ends_with(".conf") {
-            continue;
-        }
-
-        let bls = parse_bls_config(&std::fs::read_to_string(&entry.path())?)?;
-
-        match &bls.cfg_type {
+    for entry in sorted_entries {
+        match &entry.cfg_type {
             BLSConfigType::EFI { efi } => {
                 let composfs_param_value = booted.value().ok_or(anyhow::anyhow!(
                     "Failed to get composefs kernel cmdline value"
                 ))?;
 
                 if efi.contains(composfs_param_value) {
-                    return Ok(bls);
+                    return Ok(entry);
                 }
             }
 
@@ -63,7 +59,7 @@ pub(crate) fn get_booted_bls() -> Result<BLSConfig> {
                 let opts = Cmdline::from(opts);
 
                 if opts.iter().any(|v| v == booted) {
-                    return Ok(bls);
+                    return Ok(entry);
                 }
             }
 
@@ -151,8 +147,8 @@ pub(crate) fn write_composefs_state(
             .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
     }
 
-    let state_dir = cap_std::fs::Dir::open_ambient_dir(&state_path, cap_std::ambient_authority())
-        .context("Opening state dir")?;
+    let state_dir =
+        Dir::open_ambient_dir(&state_path, ambient_authority()).context("Opening state dir")?;
 
     state_dir
         .atomic_write(
@@ -165,11 +161,9 @@ pub(crate) fn write_composefs_state(
         std::fs::create_dir_all(COMPOSEFS_TRANSIENT_STATE_DIR)
             .with_context(|| format!("Creating {COMPOSEFS_TRANSIENT_STATE_DIR}"))?;
 
-        let staged_depl_dir = cap_std::fs::Dir::open_ambient_dir(
-            COMPOSEFS_TRANSIENT_STATE_DIR,
-            cap_std::ambient_authority(),
-        )
-        .with_context(|| format!("Opening {COMPOSEFS_TRANSIENT_STATE_DIR}"))?;
+        let staged_depl_dir =
+            Dir::open_ambient_dir(COMPOSEFS_TRANSIENT_STATE_DIR, ambient_authority())
+                .with_context(|| format!("Opening {COMPOSEFS_TRANSIENT_STATE_DIR}"))?;
 
         staged_depl_dir
             .atomic_write(