composefs/state: Use atomic writes for origin and staged deployment files

Johan-Liebert1 · cgwalters · commit d3e8d36717da · 2025-08-12T12:08:29.000+02:00
Signed-off-by: Johan-Liebert1 &lt;pragyanpoudyal41999@gmail.com&gt;
diff --git a/crates/lib/src/install.rs b/crates/lib/src/install.rs
@@ -2063,7 +2063,8 @@ fn setup_composefs_boot(root_setup: &RootSetup, state: &State, image_id: &str) -
 }
 
 pub(crate) const COMPOSEFS_TRANSIENT_STATE_DIR: &str = "/run/composefs";
-pub(crate) const COMPOSEFS_STAGED_DEPLOYMENT_PATH: &str = "/run/composefs/staged-deployment";
+/// File created in /run/composefs to record a staged-deployment
+pub(crate) const COMPOSEFS_STAGED_DEPLOYMENT_FNAME: &str = "staged-deployment";
 /// Relative to /sysroot
 pub(crate) const STATE_DIR_RELATIVE: &str = "state/deploy";
 
@@ -2105,21 +2106,32 @@ pub(crate) fn write_composefs_state(
         .section(ORIGIN_KEY_BOOT)
         .item(ORIGIN_KEY_BOOT_TYPE, boot_type);
 
-    let mut origin_file =
-        std::fs::File::create(state_path.join(format!("{}.origin", deployment_id.to_hex())))
-            .context("Failed to open .origin file")?;
+    let state_dir = cap_std::fs::Dir::open_ambient_dir(&state_path, cap_std::ambient_authority())
+        .context("Opening state dir")?;
 
-    origin_file
-        .write(config.to_string().as_bytes())
+    state_dir
+        .atomic_write(
+            format!("{}.origin", deployment_id.to_hex()),
+            config.to_string().as_bytes(),
+        )
         .context("Falied to write to .origin file")?;
 
     if staged {
         std::fs::create_dir_all(COMPOSEFS_TRANSIENT_STATE_DIR)
             .with_context(|| format!("Creating {COMPOSEFS_TRANSIENT_STATE_DIR}"))?;
 
-        let buf = deployment_id.to_hex();
-        std::fs::write(COMPOSEFS_STAGED_DEPLOYMENT_PATH, buf)
-            .with_context(|| format!("Writing {COMPOSEFS_STAGED_DEPLOYMENT_PATH}"))?;
+        let staged_depl_dir = cap_std::fs::Dir::open_ambient_dir(
+            COMPOSEFS_TRANSIENT_STATE_DIR,
+            cap_std::ambient_authority(),
+        )
+        .with_context(|| format!("Opening {COMPOSEFS_TRANSIENT_STATE_DIR}"))?;
+
+        staged_depl_dir
+            .atomic_write(
+                COMPOSEFS_STAGED_DEPLOYMENT_FNAME,
+                deployment_id.to_hex().as_bytes(),
+            )
+            .with_context(|| format!("Writing to {COMPOSEFS_STAGED_DEPLOYMENT_FNAME}"))?;
     }
 
     Ok(())
diff --git a/crates/lib/src/status.rs b/crates/lib/src/status.rs
@@ -29,7 +29,9 @@ use crate::deploy::get_sorted_uki_boot_entries;
 use crate::install::BootType;
 use crate::install::ORIGIN_KEY_BOOT;
 use crate::install::ORIGIN_KEY_BOOT_TYPE;
-use crate::install::{COMPOSEFS_STAGED_DEPLOYMENT_PATH, STATE_DIR_RELATIVE};
+use crate::install::{
+    COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR, STATE_DIR_RELATIVE,
+};
 use crate::spec::ImageStatus;
 use crate::spec::{BootEntry, BootOrder, Host, HostSpec, HostStatus, HostType};
 use crate::spec::{ImageReference, ImageSignature};
@@ -428,7 +430,9 @@ pub(crate) async fn composefs_deployment_status() -> Result<Host> {
 
     let mut host = Host::new(host_spec);
 
-    let staged_deployment_id = match std::fs::File::open(COMPOSEFS_STAGED_DEPLOYMENT_PATH) {
+    let staged_deployment_id = match std::fs::File::open(format!(
+        "{COMPOSEFS_TRANSIENT_STATE_DIR}/{COMPOSEFS_STAGED_DEPLOYMENT_FNAME}"
+    )) {
         Ok(mut f) => {
             let mut s = String::new();
             f.read_to_string(&mut s)?;
