Skip to content

Commit dd44531

Browse files
allisonkarlitskayaallisonkarlitskaya
committed
move state creation to prepare-boot
Signed-off-by: Allison Karlitskaya <[email protected]>
1 parent debe674 commit dd44531

File tree

6 files changed

+23
-27
lines changed

6 files changed

+23
-27
lines changed

examples/bls/build

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -51,11 +51,6 @@ podman build \
5151
BASE_ID="$(sed s/sha256:// tmp/base.iid)"
5252
${CFSCTL} oci pull containers-storage:${BASE_ID}
5353
BASE_IMAGE_FSVERITY="$(${CFSCTL} oci compute-id --bootable "${BASE_ID}")"
54-
55-
mkdir -p "tmp/sysroot/state/${BASE_IMAGE_FSVERITY}/etc/work"
56-
mkdir -p "tmp/sysroot/state/${BASE_IMAGE_FSVERITY}/etc/upper"
57-
mkdir -p "tmp/sysroot/state/${BASE_IMAGE_FSVERITY}/var"
58-
5954
${CFSCTL} oci prepare-boot "${BASE_ID}" --bootdir tmp/efi
6055

6156
OPTIONS="console=ttyS0,115200 composefs=${BASE_IMAGE_FSVERITY} rw"

examples/uki/build

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -58,11 +58,6 @@ FINAL_IMAGE_FSVERITY="$(${CFSCTL} oci compute-id --bootable "${FINAL_ID}")"
5858

5959
## IMPORTANT: the filesystems of the base and final images are identical
6060
test "${BASE_IMAGE_FSVERITY}" = "${FINAL_IMAGE_FSVERITY}"
61-
62-
mkdir -p "tmp/sysroot/state/${BASE_IMAGE_FSVERITY}/etc/work"
63-
mkdir -p "tmp/sysroot/state/${BASE_IMAGE_FSVERITY}/etc/upper"
64-
mkdir -p "tmp/sysroot/state/${BASE_IMAGE_FSVERITY}/var"
65-
6661
${CFSCTL} oci prepare-boot "${FINAL_ID}" --bootdir tmp/efi
6762

6863
../common/install-systemd-boot

examples/unified-secureboot/build

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,12 +48,6 @@ podman build \
4848

4949
IMAGE_ID="$(sed s/sha256:// tmp/iid)"
5050
${CFSCTL} oci pull containers-storage:"${IMAGE_ID}"
51-
IMAGE_FSVERITY="$(${CFSCTL} oci compute-id --bootable "${IMAGE_ID}")"
52-
53-
mkdir -p "tmp/sysroot/state/${IMAGE_FSVERITY}/etc/work"
54-
mkdir -p "tmp/sysroot/state/${IMAGE_FSVERITY}/etc/upper"
55-
mkdir -p "tmp/sysroot/state/${IMAGE_FSVERITY}/var"
56-
5751
${CFSCTL} oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi
5852

5953
# install a signed copy of systemd-boot

examples/unified/build

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,6 @@ podman build \
3030

3131
IMAGE_ID="$(sed s/sha256:// tmp/iid)"
3232
${CFSCTL} oci pull containers-storage:"${IMAGE_ID}"
33-
IMAGE_FSVERITY="$(${CFSCTL} oci compute-id --bootable "${IMAGE_ID}")"
34-
35-
mkdir -p "tmp/sysroot/state/${IMAGE_FSVERITY}/etc/work"
36-
mkdir -p "tmp/sysroot/state/${IMAGE_FSVERITY}/etc/upper"
37-
mkdir -p "tmp/sysroot/state/${IMAGE_FSVERITY}/var"
38-
3933
${CFSCTL} oci prepare-boot "${IMAGE_ID}" --bootdir tmp/efi
4034

4135
../common/install-systemd-boot

src/bin/cfsctl.rs

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,8 @@
1-
use std::{path::PathBuf, sync::Arc};
1+
use std::{
2+
fs::create_dir_all,
3+
path::{Path, PathBuf},
4+
sync::Arc,
5+
};
26

37
use anyhow::Result;
48
use clap::{Parser, Subcommand};
@@ -249,7 +253,19 @@ async fn main() -> Result<()> {
249253
ref bootdir,
250254
} => {
251255
let verity = verity_opt(config_verity)?;
252-
oci::prepare_boot(&repo, config_name, verity.as_ref(), bootdir)?;
256+
let id = oci::prepare_boot(&repo, config_name, verity.as_ref(), bootdir)?;
257+
258+
let state = args
259+
.repo
260+
.as_ref()
261+
.map(|p: &PathBuf| p.parent().unwrap())
262+
.unwrap_or(Path::new("/sysroot"))
263+
.join("state")
264+
.join(id.to_hex());
265+
266+
create_dir_all(state.join("var"))?;
267+
create_dir_all(state.join("etc/upper"))?;
268+
create_dir_all(state.join("etc/work"))?;
253269
}
254270
},
255271
Command::ComputeId {

src/oci/mod.rs

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -370,13 +370,13 @@ pub fn prepare_boot<ObjectID: FsVerityHashValue>(
370370
name: &str,
371371
verity: Option<&ObjectID>,
372372
output_dir: &Path,
373-
) -> Result<()> {
373+
) -> Result<ObjectID> {
374374
let (config, refs) = open_config(repo, name, verity)?;
375375

376376
/* TODO: check created image ID against composefs label on container, if set */
377377
/* TODO: check created image ID against composefs= .cmdline in UKI or loader entry */
378378
let mut fs = crate::oci::image::create_filesystem(repo, name, verity)?;
379-
fs.commit_image(repo, None)?;
379+
let id = fs.commit_image(repo, None)?;
380380

381381
/*
382382
let layer_digest = config
@@ -403,7 +403,9 @@ pub fn prepare_boot<ObjectID: FsVerityHashValue>(
403403
.root
404404
.get_directory("composefs-meta/boot".as_ref())?;
405405

406-
write_to_path(repo, boot, output_dir)
406+
write_to_path(repo, boot, output_dir)?;
407+
408+
Ok(id)
407409
}
408410

409411
#[cfg(test)]

0 commit comments

Comments
 (0)