install: Split internal main phase into two

cgwalters · cgwalters · commit 53550fc741cf · 2024-07-17T21:02:25.000-04:00
Split up:

- Initialize empty sysroot
- Install container to sysroot

This makes it easier to do more things that still
reference the sysroot.

(The git diff for this change is...really nice IMO,
 very straightforward)

Signed-off-by: Colin Walters &lt;walters@verbum.org&gt;
diff --git a/lib/src/install.rs b/lib/src/install.rs
@@ -542,15 +542,9 @@ pub(crate) fn print_configuration() -> Result<()> {
 }
 
 #[context("Creating ostree deployment")]
-async fn initialize_ostree_root_from_self(
-    state: &State,
-    root_setup: &RootSetup,
-) -> Result<InstallAleph> {
+async fn initialize_ostree_root(state: &State, root_setup: &RootSetup) -> Result<ostree::Sysroot> {
     let sepolicy = state.load_policy()?;
     let sepolicy = sepolicy.as_ref();
-
-    let container_rootfs = &Dir::open_ambient_dir("/", cap_std::ambient_authority())?;
-
     // Load a fd for the mounted target physical root
     let rootfs_dir = &root_setup.rootfs_fd;
     let rootfs = root_setup.rootfs.as_path();
@@ -607,6 +601,20 @@ async fn initialize_ostree_root_from_self(
 
     let sysroot = ostree::Sysroot::new(Some(&gio::File::for_path(rootfs)));
     sysroot.load(cancellable)?;
+    Ok(sysroot)
+}
+
+#[context("Creating ostree deployment")]
+async fn install_container(
+    state: &State,
+    root_setup: &RootSetup,
+    sysroot: &ostree::Sysroot,
+) -> Result<InstallAleph> {
+    let sepolicy = state.load_policy()?;
+    let sepolicy = sepolicy.as_ref();
+    let stateroot = STATEROOT_DEFAULT;
+
+    let container_rootfs = &Dir::open_ambient_dir("/", cap_std::ambient_authority())?;
 
     let (src_imageref, proxy_cfg) = if !state.source.in_host_mountns {
         (state.source.imageref.clone(), None)
@@ -692,15 +700,15 @@ async fn initialize_ostree_root_from_self(
     )
     .await?;
 
-    sysroot.load(cancellable)?;
     let deployment = sysroot
         .deployments()
         .into_iter()
         .next()
         .ok_or_else(|| anyhow::anyhow!("Failed to find deployment"))?;
     // SAFETY: There must be a path
     let path = sysroot.deployment_dirpath(&deployment);
-    let root = rootfs_dir
+    let root = root_setup
+        .rootfs_fd
         .open_dir(path.as_str())
         .context("Opening deployment dir")?;
 
@@ -713,7 +721,7 @@ async fn initialize_ostree_root_from_self(
         for d in ["ostree", "boot"] {
             let mut pathbuf = Utf8PathBuf::from(d);
             crate::lsm::ensure_dir_labeled_recurse(
-                rootfs_dir,
+                &root_setup.rootfs_fd,
                 &mut pathbuf,
                 policy,
                 Some(deployment_root_devino),
@@ -1228,8 +1236,9 @@ async fn install_to_filesystem_impl(state: &State, rootfs: &mut RootSetup) -> Re
     tracing::debug!("boot uuid={boot_uuid}");
 
     // Write the aleph data that captures the system state at the time of provisioning for aid in future debugging.
+    let sysroot = initialize_ostree_root(state, rootfs).await?;
     {
-        let aleph = initialize_ostree_root_from_self(state, rootfs).await?;
+        let aleph = install_container(state, rootfs, &sysroot).await?;
         rootfs
             .rootfs_fd
             .atomic_replace_with(BOOTC_ALEPH_PATH, |f| {
