composefs/update: Ensure idempotency on update

Handle the following cases we can encounter on `bootc udpate`

1. The verity is the same as that of the currently booted deployment
   - Nothing to do here in case of update as we're currently booted. But if we're switching
     then we update the target imageref in the .origin file for the deployment

2. The verity is the same as that of the staged deployment
   - Nothing to do, as we only get a "staged" deployment if we have
   /run/composefs/staged-deployment which is the last thing we create
   while upgrading

3. The verity is the same as that of the rollback deployment or any
   other deployment we have already deployed
   - Nothing to do since this is a rollback deployment which means
   this was unstaged at some point

4. The verity is not found
   - The update/switch might've been canceled before
   /run/composefs/staged-deployment was created, or at any other point
   in time, or it's a new one.

   Any which way, we can overwrite everything. In this case we remove
   all the staged bootloader entries, if any, and remove the entire
   state directory, as it would most probably be in an inconsistent
   state.

Signed-off-by: Pragyan Poudyal <[email protected]>

Author: Johan-Liebert1

crates/lib/src/bootc_composefs/state.rs

@@ -1,4 +1,7 @@
+use std::io::Write;
+use std::ops::Deref;
 use std::os::unix::fs::symlink;
+use std::path::Path;
 use std::{fs::create_dir_all, process::Command};
 
 use anyhow::{Context, Result};
@@ -8,7 +11,7 @@ use bootc_mount::tempmount::TempMount;
 use bootc_utils::CommandRunExt;
 use camino::Utf8PathBuf;
 use cap_std_ext::cap_std::ambient_authority;
-use cap_std_ext::cap_std::fs::Dir;
+use cap_std_ext::cap_std::fs::{Dir, Permissions, PermissionsExt};
 use cap_std_ext::dirext::CapStdExtDirExt;
 use composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
 use fn_error_context::context;
@@ -23,6 +26,7 @@ use crate::bootc_composefs::boot::BootType;
 use crate::bootc_composefs::repo::get_imgref;
 use crate::bootc_composefs::status::get_sorted_type1_boot_entries;
 use crate::parsers::bls_config::BLSConfigType;
+use crate::store::{BootedComposefs, Storage};
 use crate::{
     composefs_consts::{
         COMPOSEFS_CMDLINE, COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR,
@@ -104,6 +108,49 @@ pub(crate) fn copy_etc_to_state(
     cp_ret
 }
 
+/// Updates the currently booted image's target imgref
+pub(crate) fn update_target_imgref_in_origin(
+    storage: &Storage,
+    booted_cfs: &BootedComposefs,
+    imgref: &ImageReference,
+) -> Result<()> {
+    let path = Path::new(STATE_DIR_RELATIVE).join(booted_cfs.cmdline.digest.deref());
+
+    let state_dir = storage
+        .physical_root
+        .open_dir(path)
+        .context("Opening state dir")?;
+
+    let origin_filename = format!("{}.origin", booted_cfs.cmdline.digest.deref());
+
+    let origin_file = state_dir
+        .read_to_string(&origin_filename)
+        .context("Reading origin file")?;
+
+    let mut ini =
+        tini::Ini::from_string(&origin_file).context("Failed to parse file origin file as ini")?;
+
+    // Replace the origin
+    ini = ini.section("origin").item(
+        ORIGIN_CONTAINER,
+        format!("ostree-unverified-image:{imgref}"),
+    );
+
+    state_dir
+        .atomic_replace_with(origin_filename, move |f| -> std::io::Result<_> {
+            f.write_all(ini.to_string().as_bytes())?;
+            f.flush()?;
+
+            let perms = Permissions::from_mode(0o644);
+            f.get_mut().as_file_mut().set_permissions(perms)?;
+
+            Ok(())
+        })
+        .context("Writing to origin file")?;
+
+    Ok(())
+}
+
 /// Creates and populates /sysroot/state/deploy/image_id
 #[context("Writing composefs state")]
 pub(crate) fn write_composefs_state(