cfs: Hard error on external kargs with UKIs

I thought about this with the cloud-init disablement for now
with bcvk. It already works to just not enable `cloud-init.target`
which we were already doing.

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

crates/lib/src/bootc_composefs/boot.rs

@@ -856,11 +856,7 @@ pub(crate) fn setup_composefs_uki_boot(
 ) -> Result<()> {
     let (root_path, esp_device, bootloader, is_insecure_from_opts, uki_addons) = match setup_type {
         BootSetupType::Setup((root_setup, state, ..)) => {
-            if let Some(v) = &state.config_opts.karg {
-                if v.len() > 0 {
-                    tracing::warn!("kargs passed for UKI will be ignored");
-                }
-            }
+            state.require_no_kargs_for_uki()?;
 
             let esp_part = esp_in(&root_setup.device_info)?;
 

crates/lib/src/install.rs

@@ -523,6 +523,20 @@ impl State {
         Ok(())
     }
 
+    /// Return an error if kernel arguments are provided, intended to be used for UKI paths
+    pub(crate) fn require_no_kargs_for_uki(&self) -> Result<()> {
+        if self
+            .config_opts
+            .karg
+            .as_ref()
+            .map(|v| !v.is_empty())
+            .unwrap_or_default()
+        {
+            anyhow::bail!("Cannot use externally specified kernel arguments with UKI");
+        }
+        Ok(())
+    }
+
     fn stateroot(&self) -> &str {
         self.config_opts
             .stateroot

crates/xtask/src/xtask.rs

@@ -531,9 +531,6 @@ fn check_dependencies(sh: &Shell) -> Result<()> {
 }
 
 const COMMON_INST_ARGS: &[&str] = &[
-    // We don't use cloud-init with bcvk right now, but it needs to be there for
-    // testing-farm+tmt
-    "--karg=ds=iid-datasource-none",
     // TODO: Pass down the Secure Boot keys for tests if present
     "--firmware=uefi-insecure",
     "--label=bootc.test=1",