Add composefs-ostree and some basic CLI tools

Based on ideas from #141

This is an initial version of ostree support. This allows pulling
from local and remote ostree repos, which will create a set of
regular file content objects, as well as a blob containing all the
remaining ostree objects. From the blob we can create an image.

When pulling a commit, a base blob (i.e. "the previous version" can be
specified. Any objects in that base blob will not be downloaded. If a
name is given for the pulled commit, then pre-existing blobs with the
same name will automatically be used as a base blob.

This is an initial version and there are several things missing:
 * Pull operations are completely serial
 * There is no support for ostree summary files
 * There is no support for ostree delta files
 * There is no caching of local file availability (other than base blob)
 * Local ostree repos only support archive mode
 * There is no GPG validation on ostree pull

Signed-off-by: Alexander Larsson <[email protected]>

Author: alexlarsson

Cargo.toml

@@ -19,6 +19,7 @@ composefs = { version = "0.3.0", path = "crates/composefs", default-features = f
 composefs-oci = { version = "0.3.0", path = "crates/composefs-oci", default-features = false }
 composefs-boot = { version = "0.3.0", path = "crates/composefs-boot", default-features = false }
 composefs-http = { version = "0.3.0", path = "crates/composefs-http", default-features = false }
+composefs-ostree = { version = "0.3.0", path = "crates/composefs-ostree", default-features = false }
 
 [profile.dev.package.sha2]
 # this is *really* slow otherwise

crates/cfsctl/Cargo.toml

@@ -11,9 +11,10 @@ rust-version.workspace = true
 version.workspace = true
 
 [features]
-default = ['pre-6.15', 'oci']
+default = ['pre-6.15', 'oci','ostree']
 http = ['composefs-http']
 oci = ['composefs-oci']
+ostree = ['composefs-ostree']
 rhel9 = ['composefs/rhel9']
 'pre-6.15' = ['composefs/pre-6.15']
 
@@ -24,6 +25,7 @@ composefs = { workspace = true }
 composefs-boot = { workspace = true }
 composefs-oci = { workspace = true, optional = true }
 composefs-http = { workspace = true, optional = true }
+composefs-ostree = { workspace = true, optional = true }
 env_logger = { version = "0.11.0", default-features = false }
 hex = { version = "0.4.0", default-features = false }
 rustix = { version = "1.0.0", default-features = false, features = ["fs", "process"] }

crates/cfsctl/src/main.rs

@@ -92,6 +92,33 @@ enum OciCommand {
     },
 }
 
+#[cfg(feature = "ostree")]
+#[derive(Debug, Subcommand)]
+enum OstreeCommand {
+    PullLocal {
+        repo_path: PathBuf,
+        ostree_ref: String,
+        name: Option<String>,
+        #[clap(long)]
+        base_name: Option<String>,
+    },
+    Pull {
+        repo_url: String,
+        ostree_ref: String,
+        name: Option<String>,
+        #[clap(long)]
+        base_name: Option<String>,
+    },
+    CreateImage {
+        commit_name: String,
+        #[clap(long)]
+        image_name: Option<String>,
+    },
+    Inspect {
+        commit_name: String,
+    },
+}
+
 #[derive(Debug, Subcommand)]
 enum Command {
     /// Take a transaction lock on the repository.
@@ -114,6 +141,12 @@ enum Command {
         #[clap(subcommand)]
         cmd: OciCommand,
     },
+    /// Commands for dealing with OSTree commits
+    #[cfg(feature = "ostree")]
+    Ostree {
+        #[clap(subcommand)]
+        cmd: OstreeCommand,
+    },
     /// Mounts a composefs, possibly enforcing fsverity of the image
     Mount {
         /// the name of the image to mount, either a sha256 digest or prefixed with 'ref/'
@@ -311,6 +344,54 @@ async fn main() -> Result<()> {
                 create_dir_all(state.join("etc/work"))?;
             }
         },
+        #[cfg(feature = "ostree")]
+        Command::Ostree { cmd: ostree_cmd } => match ostree_cmd {
+            OstreeCommand::PullLocal {
+                ref repo_path,
+                ref ostree_ref,
+                name,
+                base_name,
+            } => {
+                let verity = composefs_ostree::pull_local(
+                    &Arc::new(repo),
+                    repo_path,
+                    ostree_ref,
+                    name.as_deref(),
+                    base_name.as_deref(),
+                )
+                .await?;
+
+                println!("verity {}", verity.to_hex());
+            }
+            OstreeCommand::Pull {
+                ref repo_url,
+                ref ostree_ref,
+                name,
+                base_name,
+            } => {
+                let verity = composefs_ostree::pull(
+                    &Arc::new(repo),
+                    repo_url,
+                    ostree_ref,
+                    name.as_deref(),
+                    base_name.as_deref(),
+                )
+                .await?;
+
+                println!("verity {}", verity.to_hex());
+            }
+            OstreeCommand::CreateImage {
+                ref commit_name,
+                ref image_name,
+            } => {
+                let mut fs = composefs_ostree::create_filesystem(&repo, commit_name)?;
+                let image_id = fs.commit_image(&repo, image_name.as_deref())?;
+                println!("{}", image_id.to_id());
+            }
+            OstreeCommand::Inspect { ref commit_name } => {
+                composefs_ostree::inspect(&repo, commit_name)?;
+            }
+        },
         Command::ComputeId {
             ref path,
             bootable,

crates/composefs-ostree/Cargo.toml

@@ -0,0 +1,29 @@
+[package]
+name = "composefs-ostree"
+description = "ostree support for composefs"
+keywords = ["composefs", "ostree"]
+
+edition.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[dependencies]
+anyhow = { version = "1.0.87", default-features = false }
+composefs = { workspace = true }
+configparser = { version = "3.1.0", features = [] }
+flate2 = { version = "1.1.2", default-features = true }
+gvariant = { version = "0.5.0", default-features = true}
+hex = { version = "0.4.0", default-features = false, features = ["std"] }
+rustix = { version = "1.0.0", default-features = false, features = ["fs", "mount", "process", "std"] }
+sha2 = { version = "0.10.1", default-features = false }
+zerocopy = { version = "0.8.0", default-features = false, features = ["derive", "std"] }
+reqwest = { version = "0.12.15", features = ["zstd"] }
+
+[dev-dependencies]
+similar-asserts = "1.7.0"
+
+[lints]
+workspace = true