install: bind mount boot /target/boot to /target/sysroot/boot

if detecting a separate boot partition on ostree

When running `bootc install to-existing-root` on an ostree
environment with a separate `/boot` partition, the physical root
is detected as `/target/sysroot`, ostree tries to write bootloader
entries to the wrong location `/target/sysroot/boot`.

With this fix, detect when we're installing alongside existing
ostree, if there's a separate boot partition, bind mount the actual
boot partition from `/target/boot` to `/target/sysroot/boot`. This
ensures that when ostree writes bootloader entries to
`/target/sysroot/boot`, they actually end up on the separate
`/boot` partition where they belong.

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: Huijing Hei <[email protected]>

Author: HuijingHei

crates/lib/src/install.rs

@@ -758,6 +758,22 @@ async fn initialize_ostree_root(state: &State, root_setup: &RootSetup) -> Result
     // Another implementation: https://github.com/coreos/coreos-assembler/blob/3cd3307904593b3a131b81567b13a4d0b6fe7c90/src/create_disk.sh#L295
     crate::lsm::ensure_dir_labeled(rootfs_dir, "", Some("/".into()), 0o755.into(), sepolicy)?;
 
+    // If we're installing alongside existing ostree and there's a separate boot partition,
+    // we need to bind mount it to the sysroot's /boot so ostree can write bootloader entries there
+    if has_ostree {
+        if let Some(target_root) = root_setup.target_root_path.as_ref() {
+            if root_setup.boot.is_some() {
+                let source_boot = target_root.join(BOOT);
+                let target_boot = root_setup.physical_root_path.join(BOOT);
+                tracing::debug!("Bind mounting {source_boot} to {target_boot}");
+                Command::new("mount")
+                    .args(["--bind", source_boot.as_str(), target_boot.as_str()])
+                    .run_capture_stderr()
+                    .with_context(|| format!("Bind mounting {source_boot} to {target_boot}"))?;
+            }
+        }
+    }
+
     // And also label /boot AKA xbootldr, if it exists
     if rootfs_dir.try_exists("boot")? {
         crate::lsm::ensure_dir_labeled(rootfs_dir, "boot", None, 0o755.into(), sepolicy)?;
@@ -970,6 +986,22 @@ async fn install_container(
         }
     }
 
+    // For seperate /boot filesystem, the better workaround is
+    // to inject kernel arguments during installation.
+    if let Some(boot) = root_setup.boot.as_ref() {
+        if !boot.source.is_empty() {
+            let mount_extra = format!(
+                "systemd.mount-extra={}:{}:{}:{}",
+                boot.source,
+                boot.target,
+                boot.fstype,
+                boot.options.as_deref().unwrap_or("defaults")
+            );
+            kargs.extend(&Cmdline::from(mount_extra.as_str()));
+            tracing::debug!("Add {mount_extra} to kargs");
+        }
+    }
+
     // Finally map into &[&str] for ostree_container
     let kargs_strs: Vec<&str> = kargs.iter_str().collect();