lib/composefs: Centralize constants

Centralize all constants in a separate file

Signed-off-by: Johan-Liebert1 <[email protected]>

Author: Johan-Liebert1

crates/lib/src/cli.rs

@@ -20,7 +20,7 @@ use ostree_container::store::PrepareResult;
 use ostree_ext::composefs::fsverity;
 use ostree_ext::composefs::fsverity::FsVerityHashValue;
 use ostree_ext::container as ostree_container;
-use ostree_ext::container_utils::{composefs_booted, ostree_booted};
+use ostree_ext::container_utils::ostree_booted;
 use ostree_ext::keyfileext::KeyFileExt;
 use ostree_ext::ostree;
 use schemars::schema_for;
@@ -36,7 +36,7 @@ use crate::progress_jsonl::{ProgressWriter, RawProgressFd};
 use crate::spec::Host;
 use crate::spec::ImageReference;
 use crate::status::composefs_deployment_status;
-use crate::utils::sigpolicy_from_opt;
+use crate::utils::{composefs_booted, sigpolicy_from_opt};
 
 /// Shared progress options
 #[derive(Debug, Parser, PartialEq, Eq)]

crates/lib/src/composefs_consts.rs

@@ -0,0 +1,36 @@
+/// composefs= paramter in kernel cmdline
+pub const COMPOSEFS_CMDLINE: &str = "composefs=";
+/// composefs=? paramter in kernel cmdline. The `?` signifies that the fs-verity validation is
+/// optional in case the filesystem doesn't support it.
+pub const COMPOSEFS_INSECURE_CMDLINE: &str = "composefs=?";
+
+/// Directory to store transient state, such as staged deployemnts etc
+pub(crate) const COMPOSEFS_TRANSIENT_STATE_DIR: &str = "/run/composefs";
+/// File created in /run/composefs to record a staged-deployment
+pub(crate) const COMPOSEFS_STAGED_DEPLOYMENT_FNAME: &str = "staged-deployment";
+
+/// Absolute path to composefs-native state directory
+pub(crate) const STATE_DIR_ABS: &str = "/sysroot/state/deploy";
+/// Relative path to composefs-native state directory. Relative to /sysroot
+pub(crate) const STATE_DIR_RELATIVE: &str = "state/deploy";
+
+/// Section in .origin file to store boot related metadata
+pub(crate) const ORIGIN_KEY_BOOT: &str = "boot";
+/// Whether the deployment was booted with BLS or UKI
+pub(crate) const ORIGIN_KEY_BOOT_TYPE: &str = "boot_type";
+/// Key to store the SHA256 sum of vmlinuz + initrd for a deployment
+pub(crate) const ORIGIN_KEY_BOOT_DIGEST: &str = "digest";
+
+/// Filename for `loader/entries`
+pub(crate) const BOOT_LOADER_ENTRIES: &str = "entries";
+/// Filename for staged boot loader entries
+pub(crate) const STAGED_BOOT_LOADER_ENTRIES: &str = "entries.staged";
+/// Filename for rollback boot loader entries
+pub(crate) const ROLLBACK_BOOT_LOADER_ENTRIES: &str = STAGED_BOOT_LOADER_ENTRIES;
+
+/// Filename for grub user config
+pub(crate) const USER_CFG: &str = "user.cfg";
+/// Filename for staged grub user config
+pub(crate) const USER_CFG_STAGED: &str = "user.cfg.staged";
+/// Filename for rollback grub user config
+pub(crate) const USER_CFG_ROLLBACK: &str = USER_CFG_STAGED;

crates/lib/src/deploy.rs

@@ -26,6 +26,9 @@ use ostree_ext::tokio_util::spawn_blocking_cancellable_flatten;
 use rustix::fs::{fsync, renameat_with, AtFlags, RenameFlags};
 
 use crate::bls_config::{parse_bls_config, BLSConfig};
+use crate::composefs_consts::{
+    BOOT_LOADER_ENTRIES, ROLLBACK_BOOT_LOADER_ENTRIES, USER_CFG, USER_CFG_ROLLBACK,
+};
 use crate::install::{get_efi_uuid_source, BootType};
 use crate::parsers::grub_menuconfig::{parse_grub_menuentry_file, MenuEntry};
 use crate::progress_jsonl::{Event, ProgressWriter, SubTaskBytes, SubTaskStep};
@@ -744,11 +747,6 @@ pub(crate) async fn stage(
     Ok(())
 }
 
-/// Filename for `loader/entries`
-pub(crate) const USER_CFG: &str = "user.cfg";
-pub(crate) const USER_CFG_STAGED: &str = "user.cfg.staged";
-pub(crate) const USER_CFG_ROLLBACK: &str = USER_CFG_STAGED;
-
 #[context("Rolling back UKI")]
 pub(crate) fn rollback_composefs_uki() -> Result<()> {
     let user_cfg_path = PathBuf::from("/sysroot/boot/grub2");
@@ -801,14 +799,9 @@ pub(crate) fn rollback_composefs_uki() -> Result<()> {
     Ok(())
 }
 
-/// Filename for `loader/entries`
-const CURRENT_ENTRIES: &str = "entries";
-const STAGED_ENTRIES: &str = "entries.staged";
-const ROLLBACK_ENTRIES: &str = STAGED_ENTRIES;
-
 // Need str to store lifetime
 pub(crate) fn get_sorted_uki_boot_entries<'a>(str: &'a mut String) -> Result<Vec<MenuEntry<'a>>> {
-    let mut file = std::fs::File::open("/sysroot/boot/grub2/user.cfg")?;
+    let mut file = std::fs::File::open(format!("/sysroot/boot/grub2/{USER_CFG}"))?;
     file.read_to_string(str)?;
     parse_grub_menuentry_file(str)
 }
@@ -817,7 +810,7 @@ pub(crate) fn get_sorted_uki_boot_entries<'a>(str: &'a mut String) -> Result<Vec
 pub(crate) fn get_sorted_bls_boot_entries(ascending: bool) -> Result<Vec<BLSConfig>> {
     let mut all_configs = vec![];
 
-    for entry in std::fs::read_dir(format!("/sysroot/boot/loader/{CURRENT_ENTRIES}"))? {
+    for entry in std::fs::read_dir(format!("/sysroot/boot/loader/{BOOT_LOADER_ENTRIES}"))? {
         let entry = entry?;
 
         let file_name = entry.file_name();
@@ -860,7 +853,9 @@ pub(crate) fn rollback_composefs_bls() -> Result<()> {
     assert!(all_configs.len() == 2);
 
     // Write these
-    let dir_path = PathBuf::from(format!("/sysroot/boot/loader/{ROLLBACK_ENTRIES}"));
+    let dir_path = PathBuf::from(format!(
+        "/sysroot/boot/loader/{ROLLBACK_BOOT_LOADER_ENTRIES}"
+    ));
     create_dir_all(&dir_path).with_context(|| format!("Failed to create dir: {dir_path:?}"))?;
 
     let rollback_entries_dir =
@@ -888,18 +883,21 @@ pub(crate) fn rollback_composefs_bls() -> Result<()> {
     let dir = Dir::open_ambient_dir("/sysroot/boot/loader", cap_std::ambient_authority())
         .context("Opening loader dir")?;
 
-    tracing::debug!("Atomically exchanging for {ROLLBACK_ENTRIES} and {CURRENT_ENTRIES}");
+    tracing::debug!(
+        "Atomically exchanging for {ROLLBACK_BOOT_LOADER_ENTRIES} and {BOOT_LOADER_ENTRIES}"
+    );
     renameat_with(
         &dir,
-        ROLLBACK_ENTRIES,
+        ROLLBACK_BOOT_LOADER_ENTRIES,
         &dir,
-        CURRENT_ENTRIES,
+        BOOT_LOADER_ENTRIES,
         RenameFlags::EXCHANGE,
     )
     .context("renameat")?;
 
-    tracing::debug!("Removing {ROLLBACK_ENTRIES}");
-    rustix::fs::unlinkat(&dir, ROLLBACK_ENTRIES, AtFlags::empty()).context("unlinkat")?;
+    tracing::debug!("Removing {ROLLBACK_BOOT_LOADER_ENTRIES}");
+    rustix::fs::unlinkat(&dir, ROLLBACK_BOOT_LOADER_ENTRIES, AtFlags::empty())
+        .context("unlinkat")?;
 
     tracing::debug!("Syncing to disk");
     fsync(

crates/lib/src/install.rs

@@ -76,10 +76,16 @@ use serde::{Deserialize, Serialize};
 use self::baseline::InstallBlockDeviceOpts;
 use crate::bls_config::{parse_bls_config, BLSConfig};
 use crate::boundimage::{BoundImage, ResolvedBoundImage};
+use crate::composefs_consts::{
+    BOOT_LOADER_ENTRIES, COMPOSEFS_CMDLINE, COMPOSEFS_INSECURE_CMDLINE,
+    COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR, ORIGIN_KEY_BOOT,
+    ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_BOOT_TYPE, STAGED_BOOT_LOADER_ENTRIES, STATE_DIR_ABS,
+    STATE_DIR_RELATIVE, USER_CFG, USER_CFG_STAGED,
+};
 use crate::containerenv::ContainerExecutionInfo;
 use crate::deploy::{
     get_sorted_uki_boot_entries, prepare_for_pull, pull_from_prepared, PreparedImportMeta,
-    PreparedPullResult, USER_CFG, USER_CFG_STAGED,
+    PreparedPullResult,
 };
 use crate::lsm;
 use crate::parsers::grub_menuconfig::MenuEntry;
@@ -1537,7 +1543,7 @@ async fn initialize_composefs_repository(
 
     rootfs_dir
         .create_dir_all("composefs")
-        .context("Creating dir 'composefs'")?;
+        .context("Creating dir composefs")?;
 
     let repo = open_composefs_repo(rootfs_dir)?;
 
@@ -1552,7 +1558,10 @@ async fn initialize_composefs_repository(
 
 fn get_booted_bls() -> Result<BLSConfig> {
     let cmdline = crate::kernel::parse_cmdline()?;
-    let booted = cmdline.iter().find_map(|x| x.strip_prefix("composefs="));
+    let booted = cmdline.iter().find_map(|x| {
+        x.strip_prefix(COMPOSEFS_INSECURE_CMDLINE)
+            .or_else(|| x.strip_prefix(COMPOSEFS_CMDLINE))
+    });
 
     let Some(booted) = booted else {
         anyhow::bail!("Failed to find composefs parameter in kernel cmdline");
@@ -1744,10 +1753,10 @@ pub(crate) fn setup_composefs_bls_boot(
 
             match &state.composefs_options {
                 Some(opt) if opt.insecure => {
-                    cmdline_options.push_str(&format!(" composefs=?{id_hex}"));
+                    cmdline_options.push_str(&format!(" {COMPOSEFS_INSECURE_CMDLINE}{id_hex}"));
                 }
                 None | Some(..) => {
-                    cmdline_options.push_str(&format!(" composefs={id_hex}"));
+                    cmdline_options.push_str(&format!(" {COMPOSEFS_CMDLINE}{id_hex}"));
                 }
             };
 
@@ -1759,7 +1768,7 @@ pub(crate) fn setup_composefs_bls_boot(
             vec![
                 format!("root=UUID={DPS_UUID}"),
                 RW_KARG.to_string(),
-                format!("composefs={id_hex}"),
+                format!("{COMPOSEFS_CMDLINE}{id_hex}"),
             ]
             .join(" "),
         ),
@@ -1803,9 +1812,12 @@ pub(crate) fn setup_composefs_bls_boot(
         booted_bls.version = 0; // entries are sorted by their filename in reverse order
 
         // This will be atomically renamed to 'loader/entries' on shutdown/reboot
-        (boot_dir.join("loader/entries.staged"), Some(booted_bls))
+        (
+            boot_dir.join(format!("loader/{STAGED_BOOT_LOADER_ENTRIES}")),
+            Some(booted_bls),
+        )
     } else {
-        (boot_dir.join("loader/entries"), None)
+        (boot_dir.join(format!("loader/{BOOT_LOADER_ENTRIES}")), None)
     };
 
     create_dir_all(&entries_path).with_context(|| format!("Creating {:?}", entries_path))?;
@@ -2165,20 +2177,6 @@ fn setup_composefs_boot(root_setup: &RootSetup, state: &State, image_id: &str) -
     Ok(())
 }
 
-pub(crate) const COMPOSEFS_TRANSIENT_STATE_DIR: &str = "/run/composefs";
-/// File created in /run/composefs to record a staged-deployment
-pub(crate) const COMPOSEFS_STAGED_DEPLOYMENT_FNAME: &str = "staged-deployment";
-
-/// Absolute path to composefs-native state directory
-pub(crate) const STATE_DIR_ABS: &str = "/sysroot/state/deploy";
-/// Relative path to composefs-native state directory. Relative to /sysroot
-pub(crate) const STATE_DIR_RELATIVE: &str = "state/deploy";
-
-pub(crate) const ORIGIN_KEY_BOOT: &str = "boot";
-pub(crate) const ORIGIN_KEY_BOOT_TYPE: &str = "boot_type";
-/// Key to store the SHA256 sum of vmlinuz + initrd for a deployment
-pub(crate) const ORIGIN_KEY_BOOT_DIGEST: &str = "digest";
-
 /// Creates and populates /sysroot/state/deploy/image_id
 #[context("Writing composefs state")]
 pub(crate) fn write_composefs_state(

crates/lib/src/lib.rs

@@ -7,6 +7,7 @@
 mod bls_config;
 mod boundimage;
 pub mod cli;
+mod composefs_consts;
 pub(crate) mod deploy;
 pub(crate) mod fsck;
 pub(crate) mod generator;

crates/lib/src/status.rs

@@ -14,7 +14,6 @@ use ostree::glib;
 use ostree_container::OstreeImageReference;
 use ostree_ext::container as ostree_container;
 use ostree_ext::container::deploy::ORIGIN_CONTAINER;
-use ostree_ext::container_utils::composefs_booted;
 use ostree_ext::container_utils::ostree_booted;
 use ostree_ext::containers_image_proxy;
 use ostree_ext::keyfileext::KeyFileExt;
@@ -24,18 +23,18 @@ use ostree_ext::ostree;
 use tokio::io::AsyncReadExt;
 
 use crate::cli::OutputFormat;
+use crate::composefs_consts::{
+    COMPOSEFS_CMDLINE, COMPOSEFS_INSECURE_CMDLINE, COMPOSEFS_STAGED_DEPLOYMENT_FNAME,
+    COMPOSEFS_TRANSIENT_STATE_DIR, ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_TYPE, STATE_DIR_RELATIVE,
+};
 use crate::deploy::get_sorted_bls_boot_entries;
 use crate::deploy::get_sorted_uki_boot_entries;
 use crate::install::BootType;
-use crate::install::ORIGIN_KEY_BOOT;
-use crate::install::ORIGIN_KEY_BOOT_TYPE;
-use crate::install::{
-    COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR, STATE_DIR_RELATIVE,
-};
 use crate::spec::ImageStatus;
 use crate::spec::{BootEntry, BootOrder, Host, HostSpec, HostStatus, HostType};
 use crate::spec::{ImageReference, ImageSignature};
 use crate::store::{CachedImageStatus, ContainerImageStore, Storage};
+use crate::utils::composefs_booted;
 
 impl From<ostree_container::SignatureSource> for ImageSignature {
     fn from(sig: ostree_container::SignatureSource) -> Self {
@@ -395,7 +394,11 @@ async fn boot_entry_from_composefs_deployment(
 #[context("Getting composefs deployment status")]
 pub(crate) async fn composefs_deployment_status() -> Result<Host> {
     let cmdline = crate::kernel::parse_cmdline()?;
-    let booted_image_verity = cmdline.iter().find_map(|x| x.strip_prefix("composefs="));
+
+    let booted_image_verity = cmdline.iter().find_map(|x| {
+        x.strip_prefix(COMPOSEFS_INSECURE_CMDLINE)
+            .or_else(|| x.strip_prefix(COMPOSEFS_CMDLINE))
+    });
 
     let Some(booted_image_verity) = booted_image_verity else {
         anyhow::bail!("Failed to find composefs parameter in kernel cmdline");

crates/lib/src/utils.rs

@@ -17,6 +17,14 @@ use ostree::glib;
 use ostree_ext::container::SignatureSource;
 use ostree_ext::ostree;
 
+use crate::composefs_consts::{COMPOSEFS_CMDLINE, COMPOSEFS_INSECURE_CMDLINE};
+
+/// Returns true if the system appears to have been booted with composefs without ostree.
+pub fn composefs_booted() -> std::io::Result<bool> {
+    let cmdline = std::fs::read_to_string("/proc/cmdline")?;
+    Ok(cmdline.contains(COMPOSEFS_CMDLINE) || cmdline.contains(COMPOSEFS_INSECURE_CMDLINE))
+}
+
 /// Try to look for keys injected by e.g. rpm-ostree requesting machine-local
 /// changes; if any are present, return `true`.
 pub(crate) fn origin_has_rpmostree_stuff(kf: &glib::KeyFile) -> bool {

crates/ostree-ext/src/container_utils.rs

@@ -77,12 +77,6 @@ pub fn ostree_booted() -> io::Result<bool> {
     Path::new(&format!("/{OSTREE_BOOTED}")).try_exists()
 }
 
-/// Returns true if the system appears to have been booted with composefs without ostree.
-pub fn composefs_booted() -> io::Result<bool> {
-    let cmdline = std::fs::read_to_string("/proc/cmdline")?;
-    Ok(cmdline.contains("composefs="))
-}
-
 /// Returns true if the target root appears to have been booted via ostree.
 pub fn is_ostree_booted_in(rootfs: &Dir) -> io::Result<bool> {
     rootfs.try_exists(OSTREE_BOOTED)