composefs/install: Copy /etc contents to state

For bind mounting /etc we copy the contents of the EROFS' /etc to the
deployment's state directory

Mounting the EORFS requires help from the initramfs crate, so we also
turn it into a library crate.

Signed-off-by: Johan-Liebert1 <[email protected]>

Author: Johan-Liebert1

Cargo.lock

@@ -102,8 +102,8 @@ pub struct Args {
     pub target: Option<PathBuf>,
 }
 
-// Helpers
-fn mount_at_wrapper(
+/// Wrapper around [`composefs::mount::mount_at`]
+pub fn mount_at_wrapper(
     fs_fd: impl AsFd,
     dirfd: impl AsFd,
     path: impl path::Arg + Debug + Clone,
@@ -242,7 +242,8 @@ fn mount_subdir(
 }
 
 #[context("GPT workaround")]
-pub(crate) fn gpt_workaround() -> Result<()> {
+/// Workaround for /dev/gpt-auto-root
+pub fn gpt_workaround() -> Result<()> {
     // https://github.com/systemd/systemd/issues/35017
     let rootdev = stat("/dev/gpt-auto-root");
 

crates/initramfs/src/mount.rs renamed to crates/initramfs/src/lib.rs

@@ -1,12 +1,10 @@
 //! Code for bootc that goes into the initramfs.
 // SPDX-License-Identifier: Apache-2.0 OR MIT
 
-mod mount;
-
 use anyhow::Result;
 
 use clap::Parser;
-use mount::{gpt_workaround, setup_root, Args};
+use bootc_initramfs_setup::{gpt_workaround, setup_root, Args};
 
 fn main() -> Result<()> {
     let args = Args::parse();

crates/initramfs/src/main.rs

@@ -22,6 +22,7 @@ bootc-sysusers = { path = "../sysusers" }
 bootc-tmpfiles = { path = "../tmpfiles" }
 bootc-utils = { package = "bootc-internal-utils", path = "../utils", version = "0.0.0" }
 ostree-ext = { path = "../ostree-ext", features = ["bootc"] }
+bootc-initramfs-setup = { path = "../initramfs" }
 
 # Workspace dependencies
 anstream = { workspace = true }

crates/lib/Cargo.toml

@@ -0,0 +1 @@
+pub(crate) mod state;

crates/lib/src/bootc_composefs/mod.rs

@@ -0,0 +1,60 @@
+use std::{
+    fs::{create_dir_all, remove_dir_all},
+    process::Command,
+};
+
+use anyhow::{Context, Result};
+use camino::Utf8PathBuf;
+use fn_error_context::context;
+
+use rustix::{
+    fs::{open, Mode, OFlags, CWD},
+    mount::{unmount, UnmountFlags},
+};
+
+/// Mounts an EROFS image and copies the pristine /etc to the deployment's /etc
+#[context("Copying etc")]
+pub(crate) fn copy_etc_to_state(
+    sysroot_path: &Utf8PathBuf,
+    erofs_id: &String,
+    state_path: &Utf8PathBuf,
+) -> Result<()> {
+    let sysroot_fd = open(
+        sysroot_path.as_std_path(),
+        OFlags::PATH | OFlags::DIRECTORY | OFlags::CLOEXEC,
+        Mode::empty(),
+    )
+    .context("Opening sysroot")?;
+
+    let composefs_fd = bootc_initramfs_setup::mount_composefs_image(&sysroot_fd, &erofs_id, false)?;
+
+    let uuid = uuid::Uuid::new_v4();
+    let dir = format!("/var/tmp/{uuid}");
+
+    create_dir_all(&dir).context("Creating temp directory")?;
+
+    bootc_initramfs_setup::mount_at_wrapper(composefs_fd, CWD, &dir)?;
+
+    let output = Command::new("cp")
+        .args([
+            "-a",
+            &format!("{dir}/etc/."),
+            &format!("{state_path}/etc/."),
+        ])
+        .output()?;
+
+    // Unmount regardless of copy succeeding
+    unmount(&dir, UnmountFlags::DETACH).context("Unmounting composefs")?;
+
+    remove_dir_all(dir).context("Removing temp directory")?;
+
+    if !output.status.success() {
+        anyhow::bail!(
+            "Copying /etc failed with status {}: {}",
+            output.status,
+            String::from_utf8_lossy(&output.stderr)
+        );
+    }
+
+    Ok(())
+}

crates/lib/src/bootc_composefs/state.rs

@@ -74,6 +74,7 @@ use serde::{Deserialize, Serialize};
 
 #[cfg(feature = "install-to-disk")]
 use self::baseline::InstallBlockDeviceOpts;
+use crate::bootc_composefs::state::copy_etc_to_state;
 use crate::boundimage::{BoundImage, ResolvedBoundImage};
 use crate::composefs_consts::{
     BOOT_LOADER_ENTRIES, COMPOSEFS_CMDLINE, COMPOSEFS_STAGED_DEPLOYMENT_FNAME,
@@ -2208,8 +2209,9 @@ pub(crate) fn write_composefs_state(
 ) -> Result<()> {
     let state_path = root_path.join(format!("{STATE_DIR_RELATIVE}/{}", deployment_id.to_hex()));
 
-    create_dir_all(state_path.join("etc/upper"))?;
-    create_dir_all(state_path.join("etc/work"))?;
+    create_dir_all(state_path.join("etc"))?;
+
+    copy_etc_to_state(&root_path, &deployment_id.to_hex(), &state_path)?;
 
     let actual_var_path = root_path.join(SHARED_VAR_PATH);
     create_dir_all(&actual_var_path)?;

crates/lib/src/install.rs

@@ -9,6 +9,7 @@ mod bootloader;
 mod boundimage;
 mod cfsctl;
 pub mod cli;
+mod bootc_composefs;
 mod composefs_consts;
 mod containerenv;
 pub(crate) mod deploy;