composefs: Store image manifest and config

Until now, when doing a `bootc status` for a compoesfs booted system, we
were reaching out a container registry to fetch image manifest and
config, which is pretty suboptimal as the command took upwards of 1.5s
to execute, sometimes.

Instead, now we store the manifest + config as a JSON structure inside
an `.imginfo` file alongside the `.origin` file

Signed-off-by: Pragyan Poudyal <[email protected]>

Author: Johan-Liebert1

crates/lib/src/bootc_composefs/boot.rs

@@ -1142,7 +1142,7 @@ pub(crate) fn setup_composefs_uki_boot(
 }
 
 #[context("Setting up composefs boot")]
-pub(crate) fn setup_composefs_boot(
+pub(crate) async fn setup_composefs_boot(
     root_setup: &RootSetup,
     state: &State,
     image_id: &str,
@@ -1217,7 +1217,9 @@ pub(crate) fn setup_composefs_boot(
         false,
         boot_type,
         boot_digest,
-    )?;
+        None,
+    )
+    .await?;
 
     Ok(())
 }

crates/lib/src/bootc_composefs/state.rs

@@ -24,7 +24,9 @@ use rustix::{
 
 use crate::bootc_composefs::boot::BootType;
 use crate::bootc_composefs::repo::get_imgref;
-use crate::bootc_composefs::status::get_sorted_type1_boot_entries;
+use crate::bootc_composefs::status::{
+    get_container_manifest_and_config, get_sorted_type1_boot_entries, ImgConfigManifest,
+};
 use crate::parsers::bls_config::BLSConfigType;
 use crate::store::{BootedComposefs, Storage};
 use crate::{
@@ -151,15 +153,41 @@ pub(crate) fn update_target_imgref_in_origin(
     Ok(())
 }
 
-/// Creates and populates /sysroot/state/deploy/image_id
+/// Creates and populates the composefs state directory for a deployment.
+///
+/// This function sets up the state directory structure and configuration files
+/// needed for a composefs deployment. It creates the deployment state directory,
+/// copies configuration, sets up the shared `/var` directory, and writes metadata
+/// files including the origin configuration and image information.
+///
+/// # Arguments
+///
+/// * `root_path`         - The root filesystem path (typically `/sysroot`)
+/// * `deployment_id`     - Unique SHA512 hash identifier for this deployment
+/// * `imgref`            - Container image reference for the deployment
+/// * `staged`            - Whether this is a staged deployment (writes to transient state dir)
+/// * `boot_type`         - Boot loader type (`Bls` or `Uki`)
+/// * `boot_digest`       - Optional boot digest for verification
+/// * `container_details` - Optional container manifest and config. Fetched if not provided
+///
+/// # State Directory Structure
+///
+/// Creates the following structure under `/sysroot/state/deploy/{deployment_id}/`:
+/// * `etc/`                    - Copy of system configuration files
+/// * `var`                     - Symlink to shared `/var` directory
+/// * `{deployment_id}.origin`  - OSTree-style origin configuration
+/// * `{deployment_id}.imginfo` - Container image manifest and config as JSON
+///
+/// For staged deployments, also writes to `/run/composefs/staged-deployment`.
 #[context("Writing composefs state")]
-pub(crate) fn write_composefs_state(
+pub(crate) async fn write_composefs_state(
     root_path: &Utf8PathBuf,
     deployment_id: Sha512HashValue,
     imgref: &ImageReference,
     staged: bool,
     boot_type: BootType,
     boot_digest: Option<String>,
+    container_details: Option<&ImgConfigManifest>,
 ) -> Result<()> {
     let state_path = root_path
         .join(STATE_DIR_RELATIVE)
@@ -187,6 +215,11 @@ pub(crate) fn write_composefs_state(
 
     let imgref = get_imgref(&transport, &image_name);
 
+    let img_config = match container_details {
+        Some(val) => val,
+        None => &get_container_manifest_and_config(&imgref).await?,
+    };
+
     let mut config = tini::Ini::new().section("origin").item(
         ORIGIN_CONTAINER,
         // TODO (Johan-Liebert1): The image won't always be unverified
@@ -206,6 +239,15 @@ pub(crate) fn write_composefs_state(
     let state_dir =
         Dir::open_ambient_dir(&state_path, ambient_authority()).context("Opening state dir")?;
 
+    // NOTE: This is only supposed to be temporary until we decide on where to store
+    // the container manifest/config
+    state_dir
+        .atomic_write(
+            format!("{}.imginfo", deployment_id.to_hex()),
+            serde_json::to_vec(&img_config)?,
+        )
+        .context("Failed to write to .imginfo file")?;
+
     state_dir
         .atomic_write(
             format!("{}.origin", deployment_id.to_hex()),

crates/lib/src/bootc_composefs/status.rs

@@ -3,6 +3,7 @@ use std::{io::Read, sync::OnceLock};
 use anyhow::{Context, Result};
 use bootc_kernel_cmdline::utf8::Cmdline;
 use fn_error_context::context;
+use serde::{Deserialize, Serialize};
 
 use crate::{
     bootc_composefs::boot::BootType,
@@ -22,10 +23,10 @@ use std::str::FromStr;
 use bootc_utils::try_deserialize_timestamp;
 use cap_std_ext::cap_std::fs::Dir;
 use ostree_container::OstreeImageReference;
-use ostree_ext::container::deploy::ORIGIN_CONTAINER;
 use ostree_ext::container::{self as ostree_container};
 use ostree_ext::containers_image_proxy;
 use ostree_ext::oci_spec;
+use ostree_ext::{container::deploy::ORIGIN_CONTAINER, oci_spec::image::ImageConfiguration};
 
 use ostree_ext::oci_spec::image::ImageManifest;
 use tokio::io::AsyncReadExt;
@@ -36,6 +37,13 @@ use crate::composefs_consts::{
 };
 use crate::spec::Bootloader;
 
+/// Used for storing the container image info alongside of .origin file
+#[derive(Debug, Serialize, Deserialize)]
+pub(crate) struct ImgConfigManifest {
+    pub(crate) config: ImageConfiguration,
+    pub(crate) manifest: ImageManifest,
+}
+
 /// A parsed composefs command line
 #[derive(Clone)]
 pub(crate) struct ComposefsCmdline {
@@ -134,7 +142,7 @@ pub(crate) fn get_sorted_type1_boot_entries(
 #[context("Getting container info")]
 pub(crate) async fn get_container_manifest_and_config(
     imgref: &String,
-) -> Result<(ImageManifest, oci_spec::image::ImageConfiguration)> {
+) -> Result<ImgConfigManifest> {
     let config = containers_image_proxy::ImageProxyConfig::default();
     let proxy = containers_image_proxy::ImageProxy::new_with_config(config).await?;
 
@@ -150,7 +158,7 @@ pub(crate) async fn get_container_manifest_and_config(
 
     let config: oci_spec::image::ImageConfiguration = serde_json::from_slice(&buf)?;
 
-    Ok((manifest, config))
+    Ok(ImgConfigManifest { manifest, config })
 }
 
 #[context("Getting bootloader")]
@@ -175,47 +183,45 @@ pub(crate) fn get_bootloader() -> Result<Bootloader> {
 
 #[context("Getting composefs deployment metadata")]
 async fn boot_entry_from_composefs_deployment(
+    storage: &Storage,
     origin: tini::Ini,
     verity: String,
 ) -> Result<BootEntry> {
     let image = match origin.get::<String>("origin", ORIGIN_CONTAINER) {
         Some(img_name_from_config) => {
             let ostree_img_ref = OstreeImageReference::from_str(&img_name_from_config)?;
-            let imgref = ostree_img_ref.imgref.to_string();
             let img_ref = ImageReference::from(ostree_img_ref);
 
-            // The image might've been removed, so don't error if we can't get the image manifest
-            let (image_digest, version, architecture, created_at) =
-                match get_container_manifest_and_config(&imgref).await {
-                    Ok((manifest, config)) => {
-                        let digest = manifest.config().digest().to_string();
-                        let arch = config.architecture().to_string();
-                        let created = config.created().clone();
-                        let version = manifest
-                            .annotations()
-                            .as_ref()
-                            .and_then(|a| a.get(oci_spec::image::ANNOTATION_VERSION).cloned());
-
-                        (digest, version, arch, created)
-                    }
+            let path = std::path::PathBuf::from(STATE_DIR_RELATIVE)
+                .join(&verity)
+                .join(format!("{verity}.imginfo"));
 
-                    Err(e) => {
-                        tracing::debug!("Failed to open image {img_ref}, because {e:?}");
-                        ("".into(), None, "".into(), None)
-                    }
-                };
+            let img_conf = storage
+                .physical_root
+                .read_to_string(&path)
+                .context("Failed to open imginfo file")?;
+
+            let img_conf: ImgConfigManifest =
+                serde_json::from_str(&img_conf).context("Failed to parse imginfo file as JSON")?;
 
+            let image_digest = img_conf.manifest.config().digest().to_string();
+            let architecture = img_conf.config.architecture().to_string();
+            let version = img_conf
+                .manifest
+                .annotations()
+                .as_ref()
+                .and_then(|a| a.get(oci_spec::image::ANNOTATION_VERSION).cloned());
+
+            let created_at = img_conf.config.created().clone();
             let timestamp = created_at.and_then(|x| try_deserialize_timestamp(&x));
 
-            let image_status = ImageStatus {
+            Some(ImageStatus {
                 image: img_ref,
                 version,
                 timestamp,
                 image_digest,
                 architecture,
-            };
-
-            Some(image_status)
+            })
         }
 
         // Wasn't booted using a container image. Do nothing
@@ -312,7 +318,7 @@ pub(crate) async fn composefs_deployment_status_from(
             .with_context(|| format!("Failed to parse file {depl_file_name}.origin as ini"))?;
 
         let boot_entry =
-            boot_entry_from_composefs_deployment(ini, depl_file_name.to_string()).await?;
+            boot_entry_from_composefs_deployment(storage, ini, depl_file_name.to_string()).await?;
 
         // SAFETY: boot_entry.composefs will always be present
         let boot_type_from_origin = boot_entry.composefs.as_ref().unwrap().boot_type;

crates/lib/src/bootc_composefs/switch.rs

@@ -40,14 +40,14 @@ pub(crate) async fn switch_composefs(
     };
 
     let repo = &*booted_cfs.repo;
-    let (image, manifest, _) = is_image_pulled(repo, &target_imgref).await?;
+    let (image, img_config) = is_image_pulled(repo, &target_imgref).await?;
 
     if let Some(cfg_verity) = image {
         let action = validate_update(
             storage,
             booted_cfs,
             &host,
-            manifest.config().digest().digest(),
+            img_config.manifest.config().digest().digest(),
             &cfg_verity,
             true,
         )?;
@@ -59,7 +59,7 @@ pub(crate) async fn switch_composefs(
             }
 
             UpdateAction::Proceed => {
-                return do_upgrade(storage, &host, &target_imgref).await;
+                return do_upgrade(storage, &host, &target_imgref, &img_config).await;
             }
 
             UpdateAction::UpdateOrigin => {
@@ -71,7 +71,7 @@ pub(crate) async fn switch_composefs(
         }
     }
 
-    do_upgrade(storage, &host, &target_imgref).await?;
+    do_upgrade(storage, &host, &target_imgref, &img_config).await?;
 
     Ok(())
 }