Cargo.toml: switch to a workspace

Split into a few separate crates:
  - libraries:
    - composefs
    - composefs-oci
    - composefs-boot
  - binaries:
    - cfsctl
    - composefs-setup-root
    - erofs-debug

Move our lint config (which only forbids missing debug impls) to the
workspace level and have all crates inherit from that.

Add a new workflow for testing that we can `cargo package` everything.
We need a nightly cargo in order to do this with workspaces containing
inter-dependent crates: rust-lang/cargo#13947

Make 'oci' an optional feature of cfsctl, but enable it by default.
Adjust our rawhide bls example (which included --no-default-features) to
*not* disable that.

This is not a huge improvement in terms of compile speed, and it has
some drawbacks (like 'cargo run' no longer defaulting to cfsctl) but it
seems like the right step at this point.  I want to start to add some
more experimental code without making it part of the main crate.

Signed-off-by: Allison Karlitskaya <[email protected]>

Author: allisonkarlitskaya

.github/workflows/publish.yml

@@ -16,4 +16,8 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Publish crate
-        run: cargo publish
+        run: cargo publish -p composefs
+        run: cargo publish -p composefs-oci
+        run: cargo publish -p composefs-boot
+        run: cargo publish -p cfsctl
+        run: cargo publish -p composefs-setup-root

.github/workflows/rust.yml

@@ -10,6 +10,16 @@ env:
   CARGO_TERM_COLOR: always
 
 jobs:
+  nightly:
+    runs-on: ubuntu-24.04
+    timeout-minutes: 15
+    steps:
+    - uses: actions-rs/toolchain@v1
+      with:
+        toolchain: nightly
+    - uses: actions/checkout@v4
+    - run: cargo +nightly -Z package-workspace package
+
   fedora:
     runs-on: ubuntu-24.04
     timeout-minutes: 5
@@ -26,4 +36,3 @@ jobs:
     - run: cargo fmt --check
     - run: cargo clippy -- -Dwarnings
     - run: env CFS_TEST_TMPDIR=/run/host/var/tmp cargo test --verbose
-    - run: cargo publish --dry-run

Cargo.toml

@@ -1,55 +1,23 @@
-[package]
-name = "composefs"
-version = "0.2.0"
+[workspace]
+members = ["crates/*"]
+resolver = "2"
+
+[workspace.package]
 edition = "2021"
-rust-version = "1.82.0"
-description = "Rust library for the composefs filesystem"
-keywords = ["composefs"]
 license = "MIT OR Apache-2.0"
-repository = "https://github.com/containers/composefs-rs"
 readme = "README.md"
-default-run = "cfsctl"
-exclude = ["/.git*", "/examples/"]
-
-[features]
-default = ['pre-6.15']
-rhel9 = ['pre-6.15']
-'pre-6.15' = []
+repository = "https://github.com/containers/composefs-rs"
+rust-version = "1.82.0"
+version = "0.2.0"
 
-[dependencies]
-anyhow = { version = "1.0.87", default-features = false }
-async-compression = { version = "0.4.0", default-features = false, features = ["tokio", "zstd", "gzip"] }
-clap = { version = "4.0.1", default-features = false, features = ["std", "help", "usage", "derive"] }
-containers-image-proxy = "0.7.1"
-env_logger = "0.11.0"
-hex = "0.4.0"
-indicatif = { version = "0.17.0", features = ["tokio"] }
-log = "0.4.8"
-oci-spec = "0.7.0"
-once_cell = { version = "1.21.3", default-features = false }
-regex-automata = { version = "0.4.4", default-features = false }
-rustix = { version = "1.0.0", features = ["fs", "mount", "process"] }
-serde = "1.0.145"
-sha2 = "0.10.1"
-tar = { version = "0.4.38", default-features = false }
-tempfile = "3.8.0"
-thiserror = "2.0.0"
-tokio = { version = "1.24.2", features = ["rt-multi-thread"] }
-toml = "0.8.0"
-xxhash-rust = { version = "0.8.2", features = ["xxh32"] }
-zerocopy = { version = "0.8.0", features = ["derive", "std"] }
-zstd = "0.13.0"
+[workspace.lints.rust]
+missing_debug_implementations = "deny"
 
-[dev-dependencies]
-insta = "1.42.2"
-similar-asserts = "1.7.0"
-test-with = { version = "0.14", default-features = false, features = ["executable", "runtime"] }
-tokio-test = "0.4.4"
+[workspace.dependencies]
+composefs = { version = "0.2.0", path = "crates/composefs", default-features = false }
+composefs-oci = { version = "0.2.0", path = "crates/composefs-oci", default-features = false }
+composefs-boot = { version = "0.2.0", path = "crates/composefs-boot", default-features = false }
 
 [profile.dev.package.sha2]
 # this is *really* slow otherwise
 opt-level = 3
-
-[lib]
-name = "composefs"
-path = "src/lib.rs"

crates/cfsctl/Cargo.toml

@@ -0,0 +1,31 @@
+[package]
+name = "cfsctl"
+description = "Command-line utility for composefs"
+default-run = "cfsctl"
+
+edition.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[features]
+default = ['pre-6.15', 'oci']
+oci = ['composefs-oci']
+rhel9 = ['composefs/rhel9']
+'pre-6.15' = ['composefs/pre-6.15']
+
+[dependencies]
+anyhow = { version = "1.0.87", default-features = false }
+clap = { version = "4.0.1", default-features = false, features = ["std", "help", "usage", "derive"] }
+composefs = { workspace = true }
+composefs-boot = { workspace = true }
+composefs-oci = { workspace = true, optional = true }
+env_logger = { version = "0.11.0", default-features = false }
+hex = { version = "0.4.0", default-features = false }
+rustix = { version = "1.0.0", default-features = false, features = ["fs", "process"] }
+tokio = { version = "1.24.2", default-features = false }
+
+[lints]
+workspace = true

src/bin/cfsctl.rs renamed to crates/cfsctl/src/main.rs

@@ -4,16 +4,16 @@ use std::{
     sync::Arc,
 };
 
-use anyhow::{bail, Result};
+use anyhow::Result;
 use clap::{Parser, Subcommand};
 
 use rustix::fs::CWD;
 
+use composefs_boot::{write_boot, BootOps};
+
 use composefs::{
     fsverity::{FsVerityHashValue, Sha256HashValue},
-    oci,
     repository::Repository,
-    util::parse_sha256,
 };
 
 /// cfsctl
@@ -31,6 +31,7 @@ pub struct App {
     cmd: Command,
 }
 
+#[cfg(feature = "oci")]
 #[derive(Debug, Subcommand)]
 enum OciCommand {
     /// Stores a tar file as a splitstream in the repository.
@@ -102,6 +103,7 @@ enum Command {
         reference: String,
     },
     /// Commands for dealing with OCI layers
+    #[cfg(feature = "oci")]
     Oci {
         #[clap(subcommand)]
         cmd: OciCommand,
@@ -179,25 +181,27 @@ async fn main() -> Result<()> {
             let image_id = repo.import_image(&reference, &mut std::io::stdin())?;
             println!("{}", image_id.to_id());
         }
+        #[cfg(feature = "oci")]
         Command::Oci { cmd: oci_cmd } => match oci_cmd {
             OciCommand::ImportLayer { name, sha256 } => {
-                let object_id = oci::import_layer(
+                let object_id = composefs_oci::import_layer(
                     &Arc::new(repo),
-                    &parse_sha256(sha256)?,
+                    &composefs::util::parse_sha256(sha256)?,
                     name.as_deref(),
                     &mut std::io::stdin(),
                 )?;
                 println!("{}", object_id.to_id());
             }
             OciCommand::LsLayer { name } => {
-                oci::ls_layer(&repo, &name)?;
+                composefs_oci::ls_layer(&repo, &name)?;
             }
             OciCommand::Dump {
                 ref config_name,
                 ref config_verity,
             } => {
                 let verity = verity_opt(config_verity)?;
-                let mut fs = oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
+                let mut fs =
+                    composefs_oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
                 fs.print_dumpfile()?;
             }
             OciCommand::ComputeId {
@@ -206,7 +210,8 @@ async fn main() -> Result<()> {
                 bootable,
             } => {
                 let verity = verity_opt(config_verity)?;
-                let mut fs = oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
+                let mut fs =
+                    composefs_oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
                 if bootable {
                     fs.transform_for_boot(&repo)?;
                 }
@@ -220,15 +225,17 @@ async fn main() -> Result<()> {
                 ref image_name,
             } => {
                 let verity = verity_opt(config_verity)?;
-                let mut fs = oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
+                let mut fs =
+                    composefs_oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
                 if bootable {
                     fs.transform_for_boot(&repo)?;
                 }
                 let image_id = fs.commit_image(&repo, image_name.as_deref())?;
                 println!("{}", image_id.to_id());
             }
             OciCommand::Pull { ref image, name } => {
-                let (sha256, verity) = oci::pull(&Arc::new(repo), image, name.as_deref()).await?;
+                let (sha256, verity) =
+                    composefs_oci::pull(&Arc::new(repo), image, name.as_deref()).await?;
 
                 println!("sha256 {}", hex::encode(sha256));
                 println!("verity {}", verity.to_hex());
@@ -238,15 +245,16 @@ async fn main() -> Result<()> {
                 ref config_verity,
             } => {
                 let verity = verity_opt(config_verity)?;
-                let (sha256, verity) = oci::seal(&Arc::new(repo), config_name, verity.as_ref())?;
+                let (sha256, verity) =
+                    composefs_oci::seal(&Arc::new(repo), config_name, verity.as_ref())?;
                 println!("sha256 {}", hex::encode(sha256));
                 println!("verity {}", verity.to_id());
             }
             OciCommand::Mount {
                 ref name,
                 ref mountpoint,
             } => {
-                oci::mount(&repo, name, mountpoint, None)?;
+                composefs_oci::mount(&repo, name, mountpoint, None)?;
             }
             OciCommand::PrepareBoot {
                 ref config_name,
@@ -256,16 +264,17 @@ async fn main() -> Result<()> {
                 ref cmdline,
             } => {
                 let verity = verity_opt(config_verity)?;
-                let mut fs = oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
+                let mut fs =
+                    composefs_oci::image::create_filesystem(&repo, config_name, verity.as_ref())?;
                 let entries = fs.transform_for_boot(&repo)?;
                 let id = fs.commit_image(&repo, None)?;
 
                 let Some(entry) = entries.into_iter().next() else {
-                    bail!("No boot entries!");
+                    anyhow::bail!("No boot entries!");
                 };
 
                 let cmdline_refs: Vec<&str> = cmdline.iter().map(String::as_str).collect();
-                composefs::write_boot::write_boot_simple(
+                write_boot::write_boot_simple(
                     &repo,
                     entry,
                     &id,

crates/composefs-boot/Cargo.toml

@@ -0,0 +1,24 @@
+[package]
+name = "composefs-boot"
+description = "Helpers for bootable composefs systems"
+keywords = ["composefs", "boot"]
+
+edition.workspace = true
+license.workspace = true
+readme.workspace = true
+repository.workspace = true
+rust-version.workspace = true
+version.workspace = true
+
+[dependencies]
+anyhow = { version = "1.0.87", default-features = false }
+composefs = { workspace = true }
+regex-automata = { version = "0.4.4", default-features = false, features=["hybrid", "std", "syntax"] }
+thiserror = { version = "2.0.0", default-features = false }
+zerocopy = { version = "0.8.0", default-features = false, features = ["derive"] }
+
+[dev-dependencies]
+similar-asserts = "1.7.0"
+
+[lints]
+workspace = true

src/bootloader.rs renamed to crates/composefs-boot/src/bootloader.rs

@@ -5,13 +5,14 @@ use std::{
 
 use anyhow::{bail, ensure, Result};
 
-use crate::{
-    cmdline::split_cmdline,
+use composefs::{
     fsverity::FsVerityHashValue,
     repository::Repository,
     tree::{Directory, FileSystem, ImageError, Inode, LeafContent, RegularFile},
 };
 
+use crate::cmdline::split_cmdline;
+
 /// Strips the key (if it matches) plus the following whitespace from a single line in a "Type #1
 /// Boot Loader Specification Entry" file.
 ///

src/cmdline.rs renamed to crates/composefs-boot/src/cmdline.rs

@@ -0,0 +1,37 @@
+#![deny(missing_debug_implementations)]
+
+pub mod bootloader;
+pub mod cmdline;
+pub mod os_release;
+pub mod selabel;
+pub mod uki;
+pub mod write_boot;
+
+use anyhow::Result;
+
+use composefs::{fsverity::FsVerityHashValue, repository::Repository, tree::FileSystem};
+
+use crate::bootloader::{get_boot_resources, BootEntry};
+
+pub trait BootOps<ObjectID: FsVerityHashValue> {
+    fn transform_for_boot(
+        &mut self,
+        repo: &Repository<ObjectID>,
+    ) -> Result<Vec<BootEntry<ObjectID>>>;
+}
+
+impl<ObjectID: FsVerityHashValue> BootOps<ObjectID> for FileSystem<ObjectID> {
+    fn transform_for_boot(
+        &mut self,
+        repo: &Repository<ObjectID>,
+    ) -> Result<Vec<BootEntry<ObjectID>>> {
+        let boot_entries = get_boot_resources(self, repo)?;
+        let boot = self.root.get_directory_mut("boot".as_ref())?;
+        boot.stat.st_mtim_sec = 0;
+        boot.clear();
+
+        selabel::selabel(self, repo)?;
+
+        Ok(boot_entries)
+    }
+}