composefs/status: Check if deployment is soft rebootable

Signed-off-by: Pragyan Poudyal <[email protected]>

Author: Johan-Liebert1

crates/lib/src/bootc_composefs/status.rs

@@ -7,7 +7,9 @@ use serde::{Deserialize, Serialize};
 
 use crate::{
     bootc_composefs::{boot::BootType, repo::get_imgref},
-    composefs_consts::{COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, TYPE1_ENT_PATH, USER_CFG},
+    composefs_consts::{
+        COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG,
+    },
     install::EFI_LOADER_INFO,
     parsers::{
         bls_config::{parse_bls_config, BLSConfig, BLSConfigType},
@@ -100,14 +102,43 @@ pub(crate) fn get_sorted_grub_uki_boot_entries<'a>(
     parse_grub_menuentry_file(str)
 }
 
-#[context("Getting sorted Type1 boot entries")]
 pub(crate) fn get_sorted_type1_boot_entries(
     boot_dir: &Dir,
     ascending: bool,
+) -> Result<Vec<BLSConfig>> {
+    get_sorted_type1_boot_entries_helper(boot_dir, ascending, false)
+}
+
+pub(crate) fn get_sorted_staged_type1_boot_entries(
+    boot_dir: &Dir,
+    ascending: bool,
+) -> Result<Vec<BLSConfig>> {
+    get_sorted_type1_boot_entries_helper(boot_dir, ascending, true)
+}
+
+#[context("Getting sorted Type1 boot entries")]
+fn get_sorted_type1_boot_entries_helper(
+    boot_dir: &Dir,
+    ascending: bool,
+    get_staged_entries: bool,
 ) -> Result<Vec<BLSConfig>> {
     let mut all_configs = vec![];
 
-    for entry in boot_dir.read_dir(TYPE1_ENT_PATH)? {
+    let dir = match get_staged_entries {
+        true => {
+            let dir = boot_dir.open_dir_optional(TYPE1_ENT_PATH_STAGED)?;
+
+            let Some(dir) = dir else {
+                return Ok(all_configs);
+            };
+
+            dir.read_dir(".")?
+        }
+
+        false => boot_dir.read_dir(TYPE1_ENT_PATH)?,
+    };
+
+    for entry in dir {
         let entry = entry?;
 
         let file_name = entry.file_name();
@@ -302,12 +333,140 @@ pub(crate) async fn get_composefs_status(
     composefs_deployment_status_from(&storage, booted_cfs.cmdline).await
 }
 
+fn set_soft_reboot_capable_bls(
+    storage: &Storage,
+    host: &mut Host,
+    bls_entries: &Vec<BLSConfig>,
+    cmdline: &ComposefsCmdline,
+) -> Result<()> {
+    let booted = host.require_composefs_booted()?;
+
+    match booted.boot_type {
+        BootType::Bls => {
+            set_reboot_capable_type1_deployments(storage, cmdline, host, bls_entries)?;
+        }
+
+        BootType::Uki => match booted.bootloader {
+            Bootloader::Grub => todo!(),
+            Bootloader::Systemd => todo!(),
+        },
+    };
+
+    Ok(())
+}
+
+fn find_bls_entry<'a>(
+    verity: &str,
+    bls_entries: &'a Vec<BLSConfig>,
+) -> Result<Option<&'a BLSConfig>> {
+    for ent in bls_entries {
+        if ent.get_verity()? == *verity {
+            return Ok(Some(ent));
+        }
+    }
+
+    Ok(None)
+}
+
+/// Compares cmdline `first` and `second` skipping `composefs=`
+fn compare_cmdline_skip_cfs(first: &Cmdline<'_>, second: &Cmdline<'_>) -> bool {
+    for param in first {
+        if param.key() == COMPOSEFS_CMDLINE.into() {
+            continue;
+        }
+
+        let second_param = second.iter().find(|b| *b == param);
+
+        let Some(found_param) = second_param else {
+            return false;
+        };
+
+        if found_param.value() != param.value() {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+fn set_soft_reboot_capable_type1(
+    deployment: &mut BootEntry,
+    bls_entries: &Vec<BLSConfig>,
+    booted_bls_entry: &BLSConfig,
+    booted_boot_digest: &String,
+) -> Result<()> {
+    let deployment_cfs = deployment.require_composefs()?;
+
+    // TODO: Unwrap
+    if deployment_cfs.boot_digest.as_ref().unwrap() != booted_boot_digest {
+        deployment.soft_reboot_capable = false;
+        return Ok(());
+    }
+
+    let entry = find_bls_entry(&deployment_cfs.verity, bls_entries)?
+        .ok_or_else(|| anyhow::anyhow!("Entry not found"))?;
+
+    let opts = entry.get_cmdline()?;
+    let booted_cmdline_opts = booted_bls_entry.get_cmdline()?;
+
+    if opts.len() != booted_cmdline_opts.len() {
+        tracing::debug!("Soft reboot not allowed due to differing cmdline");
+        deployment.soft_reboot_capable = false;
+        return Ok(());
+    }
+
+    deployment.soft_reboot_capable = compare_cmdline_skip_cfs(opts, booted_cmdline_opts)
+        && compare_cmdline_skip_cfs(booted_cmdline_opts, opts);
+
+    return Ok(());
+}
+
+fn set_reboot_capable_type1_deployments(
+    storage: &Storage,
+    cmdline: &ComposefsCmdline,
+    host: &mut Host,
+    bls_entries: &Vec<BLSConfig>,
+) -> Result<()> {
+    let booted = host
+        .status
+        .booted
+        .as_ref()
+        .ok_or_else(|| anyhow::anyhow!("Failed to find booted entry"))?;
+
+    let booted_boot_digest = booted.composefs_boot_digest()?;
+
+    let booted_bls_entry = find_bls_entry(&*cmdline.digest, bls_entries)?
+        .ok_or_else(|| anyhow::anyhow!("Booted bls entry not found"))?;
+
+    if let Some(staged) = host.status.staged.as_mut() {
+        let staged_entries =
+            get_sorted_staged_type1_boot_entries(storage.require_boot_dir()?, true)?;
+
+        set_soft_reboot_capable_type1(
+            staged,
+            &staged_entries,
+            booted_bls_entry,
+            booted_boot_digest,
+        )?;
+    }
+
+    if let Some(rollback) = &mut host.status.rollback {
+        set_soft_reboot_capable_type1(rollback, bls_entries, booted_bls_entry, booted_boot_digest)?;
+    }
+
+    for depl in &mut host.status.other_deployments {
+        set_soft_reboot_capable_type1(depl, bls_entries, booted_bls_entry, booted_boot_digest)?;
+    }
+
+    Ok(())
+}
+
 #[context("Getting composefs deployment status")]
 pub(crate) async fn composefs_deployment_status_from(
     storage: &Storage,
     cmdline: &ComposefsCmdline,
 ) -> Result<Host> {
-    let composefs_digest = &cmdline.digest;
+    let booted_composefs_digest = &cmdline.digest;
 
     let boot_dir = storage.require_boot_dir()?;
 
@@ -373,7 +532,7 @@ pub(crate) async fn composefs_deployment_status_from(
             }
         };
 
-        if depl.file_name() == composefs_digest.as_ref() {
+        if depl.file_name() == booted_composefs_digest.as_ref() {
             host.spec.image = boot_entry.image.as_ref().map(|x| x.image.clone());
             host.status.booted = Some(boot_entry);
             continue;
@@ -394,60 +553,72 @@ pub(crate) async fn composefs_deployment_status_from(
         anyhow::bail!("Could not determine boot type");
     };
 
-    let booted = host.require_composefs_booted()?;
+    let booted_cfs = host.require_composefs_booted()?;
 
-    let is_rollback_queued = match booted.bootloader {
+    let (is_rollback_queued, sorted_bls_config) = match booted_cfs.bootloader {
         Bootloader::Grub => match boot_type {
             BootType::Bls => {
-                let bls_config = get_sorted_type1_boot_entries(boot_dir, false)?;
-                let bls_config = bls_config
+                let bls_configs = get_sorted_type1_boot_entries(boot_dir, false)?;
+                let bls_config = bls_configs
                     .first()
-                    .ok_or(anyhow::anyhow!("First boot entry not found"))?;
+                    .ok_or_else(|| anyhow::anyhow!("First boot entry not found"))?;
 
                 match &bls_config.cfg_type {
-                    BLSConfigType::NonEFI { options, .. } => !options
-                        .as_ref()
-                        .ok_or(anyhow::anyhow!("options key not found in bls config"))?
-                        .contains(composefs_digest.as_ref()),
+                    BLSConfigType::NonEFI { options, .. } => {
+                        let is_rollback_queued = !options
+                            .as_ref()
+                            .ok_or_else(|| anyhow::anyhow!("options key not found in bls config"))?
+                            .contains(booted_composefs_digest.as_ref());
+
+                        (is_rollback_queued, Some(bls_configs))
+                    }
 
                     BLSConfigType::EFI { .. } => {
                         anyhow::bail!("Found 'efi' field in Type1 boot entry")
                     }
+
                     BLSConfigType::Unknown => anyhow::bail!("Unknown BLS Config Type"),
                 }
             }
 
             BootType::Uki => {
                 let mut s = String::new();
+                let menuentries = get_sorted_grub_uki_boot_entries(boot_dir, &mut s)?;
 
-                !get_sorted_grub_uki_boot_entries(boot_dir, &mut s)?
+                let is_rollback_queued = !menuentries
                     .first()
                     .ok_or(anyhow::anyhow!("First boot entry not found"))?
                     .body
                     .chainloader
-                    .contains(composefs_digest.as_ref())
+                    .contains(booted_composefs_digest.as_ref());
+
+                (is_rollback_queued, None)
             }
         },
 
         // We will have BLS stuff and the UKI stuff in the same DIR
         Bootloader::Systemd => {
-            let bls_config = get_sorted_type1_boot_entries(boot_dir, false)?;
-            let bls_config = bls_config
+            let bls_configs = get_sorted_type1_boot_entries(boot_dir, true)?;
+            let bls_config = bls_configs
                 .first()
                 .ok_or(anyhow::anyhow!("First boot entry not found"))?;
 
-            match &bls_config.cfg_type {
+            let is_rollback_queued = match &bls_config.cfg_type {
                 // For UKI boot
-                BLSConfigType::EFI { efi } => efi.as_str().contains(composefs_digest.as_ref()),
+                BLSConfigType::EFI { efi } => {
+                    efi.as_str().contains(booted_composefs_digest.as_ref())
+                }
 
                 // For boot entry Type1
                 BLSConfigType::NonEFI { options, .. } => !options
                     .as_ref()
                     .ok_or(anyhow::anyhow!("options key not found in bls config"))?
-                    .contains(composefs_digest.as_ref()),
+                    .contains(booted_composefs_digest.as_ref()),
 
                 BLSConfigType::Unknown => anyhow::bail!("Unknown BLS Config Type"),
-            }
+            };
+
+            (is_rollback_queued, Some(bls_configs))
         }
     };
 
@@ -457,6 +628,10 @@ pub(crate) async fn composefs_deployment_status_from(
         host.spec.boot_order = BootOrder::Rollback
     };
 
+    if let Some(bls_configs) = sorted_bls_config {
+        set_soft_reboot_capable_bls(storage, &mut host, &bls_configs, cmdline)?;
+    }
+
     Ok(host)
 }
 

crates/lib/src/cli.rs

@@ -10,8 +10,8 @@ use std::process::Command;
 
 use anyhow::{anyhow, ensure, Context, Result};
 use camino::{Utf8Path, Utf8PathBuf};
-use cap_std_ext::cap_std;
 use cap_std_ext::cap_std::fs::Dir;
+use cap_std_ext::cap_std;
 use clap::Parser;
 use clap::ValueEnum;
 use composefs::dumpfile;

crates/lib/src/parsers/bls_config.rs

@@ -203,6 +203,23 @@ impl BLSConfig {
             BLSConfigType::Unknown => anyhow::bail!("Unknown config type"),
         }
     }
+
+    /// Gets the `options` field from the config
+    /// Returns an error if the field doesn't exist
+    /// or if the config is of type `EFI`
+    pub(crate) fn get_cmdline(&self) -> Result<&Cmdline<'_>> {
+        match &self.cfg_type {
+            BLSConfigType::NonEFI { options, .. } => {
+                let options = options
+                    .as_ref()
+                    .ok_or_else(|| anyhow::anyhow!("No cmdline found for config"))?;
+
+                Ok(options)
+            }
+
+            _ => anyhow::bail!("No cmdline found for config"),
+        }
+    }
 }
 
 pub(crate) fn parse_bls_config(input: &str) -> Result<BLSConfig> {

crates/lib/src/status.rs

@@ -309,6 +309,13 @@ impl BootEntry {
             "BootEntry is not a composefs native boot entry"
         ))
     }
+
+    pub(crate) fn composefs_boot_digest(&self) -> Result<&String> {
+        self.require_composefs()?
+            .boot_digest
+            .as_ref()
+            .ok_or_else(|| anyhow::anyhow!("Could not find boot digest for deployment"))
+    }
 }
 
 /// A variant of [`get_status`] that requires a booted deployment.