composefs-backend/boot: Allow passing UKI addons as cli options

Johan-Liebert1 · Johan-Liebert1 · commit 4c4bcfb2654b · 2025-09-22T14:21:08.000+05:30
Allows installing only some or all of the addons depending upon the list
of addons passed in as cli options.

Signed-off-by: Pragyan Poudyal &lt;pragyanpoudyal41999@gmail.com&gt;
diff --git a/crates/lib/src/bootc_composefs/boot.rs b/crates/lib/src/bootc_composefs/boot.rs
@@ -15,7 +15,7 @@ use cap_std_ext::{
 use clap::ValueEnum;
 use composefs::fs::read_file;
 use composefs::tree::{FileSystem, RegularFile};
-use composefs_boot::bootloader::{PEType, EFI_ADDON_DIR_EXT, EFI_EXT};
+use composefs_boot::bootloader::{PEType, EFI_ADDON_DIR_EXT, EFI_ADDON_FILE_EXT, EFI_EXT};
 use composefs_boot::BootOps;
 use fn_error_context::context;
 use ostree_ext::composefs::{
@@ -815,38 +815,31 @@ pub(crate) fn setup_composefs_uki_boot(
     id: &Sha256HashValue,
     entries: Vec<ComposefsBootEntry<Sha256HashValue>>,
 ) -> Result<()> {
-    let (root_path, esp_device, bootloader, is_insecure_from_opts) = match setup_type {
+    let (root_path, esp_device, bootloader, is_insecure_from_opts, uki_addons) = match setup_type {
         BootSetupType::Setup((root_setup, state, ..)) => {
             if let Some(v) = &state.config_opts.karg {
                 if v.len() > 0 {
                     tracing::warn!("kargs passed for UKI will be ignored");
                 }
             }
 
+            let Some(cfs_opts) = &state.composefs_options else {
+                anyhow::bail!("ComposeFS options not found");
+            };
+
             let esp_part = root_setup
                 .device_info
                 .partitions
                 .iter()
                 .find(|p| p.parttype.as_str() == ESP_GUID)
                 .ok_or_else(|| anyhow!("ESP partition not found"))?;
 
-            let bootloader = state
-                .composefs_options
-                .as_ref()
-                .map(|opts| opts.bootloader.clone())
-                .unwrap_or(Bootloader::default());
-
-            let is_insecure = state
-                .composefs_options
-                .as_ref()
-                .map(|x| x.insecure)
-                .unwrap_or(false);
-
             (
                 root_setup.physical_root_path.clone(),
                 esp_part.node.clone(),
-                bootloader,
-                is_insecure,
+                cfs_opts.bootloader.clone(),
+                cfs_opts.insecure,
+                cfs_opts.uki_addon.as_ref(),
             )
         }
 
@@ -860,6 +853,7 @@ pub(crate) fn setup_composefs_uki_boot(
                 get_esp_partition(&sysroot_parent)?.0,
                 bootloader,
                 false,
+                None,
             )
         }
     };
@@ -876,6 +870,31 @@ pub(crate) fn setup_composefs_uki_boot(
             }
 
             ComposefsBootEntry::Type2(entry) => {
+                // If --uki-addon is not passed, we include all addons found
+                if let Some(addons) = uki_addons {
+                    match entry.pe_type {
+                        PEType::Uki => { /* no-op */ }
+
+                        PEType::UkiAddon => {
+                            let addon_name = entry
+                                .file_path
+                                .components()
+                                .last()
+                                .ok_or(anyhow::anyhow!("Could not get UKI addon name"))?;
+
+                            let addon_name = addon_name.as_str()?;
+
+                            let addon_name = addon_name.strip_suffix(EFI_ADDON_FILE_EXT).ok_or(
+                                anyhow::anyhow!("UKI addon doesn't end with {EFI_ADDON_DIR_EXT}"),
+                            )?;
+
+                            if !addons.iter().any(|passed_addon| passed_addon == addon_name) {
+                                continue;
+                            }
+                        }
+                    }
+                }
+
                 let ret = write_pe_to_esp(
                     &repo,
                     &entry.file,
diff --git a/crates/lib/src/install.rs b/crates/lib/src/install.rs
@@ -238,6 +238,13 @@ pub(crate) struct InstallComposefsOpts {
     #[clap(long, default_value_t)]
     #[serde(default)]
     pub(crate) bootloader: Bootloader,
+
+    /// Name of the UKI addons to install without the ".efi.addon" suffix.
+    /// This option can be provided multiple times if multiple addons are to be installed.
+    /// If not passed, all addons are installed
+    #[clap(long)]
+    #[serde(default)]
+    pub(crate) uki_addon: Option<Vec<String>>,
 }
 
 #[cfg(feature = "install-to-disk")]
