cli: Change insecure param to allow_missing_fsverity

`allow_missing_fsverity` conveys the intent in a much better way than
just `insecure`

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>

Author: Johan-Liebert1

crates/initramfs/src/lib.rs

@@ -262,9 +262,13 @@ fn open_root_fs(path: &Path) -> Result<OwnedFd> {
 /// * name     - Name of the EROFS image to be mounted
 /// * insecure - Whether fsverity is optional or not
 #[context("Mounting composefs image")]
-pub fn mount_composefs_image(sysroot: &OwnedFd, name: &str, insecure: bool) -> Result<OwnedFd> {
+pub fn mount_composefs_image(
+    sysroot: &OwnedFd,
+    name: &str,
+    allow_missing_fsverity: bool,
+) -> Result<OwnedFd> {
     let mut repo = Repository::<Sha512HashValue>::open_path(sysroot, "composefs")?;
-    repo.set_insecure(insecure);
+    repo.set_insecure(allow_missing_fsverity);
     let rootfs = repo
         .mount(name)
         .context("Failed to mount composefs image")?;

crates/lib/src/bootc_composefs/boot.rs

@@ -519,7 +519,7 @@ pub(crate) fn setup_composefs_bls_boot(
 
             cmdline_options.extend(&root_setup.kargs);
 
-            let composefs_cmdline = if state.composefs_options.insecure {
+            let composefs_cmdline = if state.composefs_options.allow_missing_verity {
                 format!("{COMPOSEFS_CMDLINE}=?{id_hex}")
             } else {
                 format!("{COMPOSEFS_CMDLINE}={id_hex}")
@@ -558,7 +558,7 @@ pub(crate) fn setup_composefs_bls_boot(
             };
 
             // Copy all cmdline args, replacing only `composefs=`
-            let param = if booted_cfs.cmdline.insecure {
+            let param = if booted_cfs.cmdline.allow_missing_fsverity {
                 format!("{COMPOSEFS_CMDLINE}=?{id_hex}")
             } else {
                 format!("{COMPOSEFS_CMDLINE}={id_hex}")
@@ -809,7 +809,7 @@ fn write_pe_to_esp(
     file_path: &Utf8Path,
     pe_type: PEType,
     uki_id: &Sha512HashValue,
-    is_insecure_from_opts: bool,
+    missing_fsverity_allowed: bool,
     mounted_efi: impl AsRef<Path>,
     bootloader: &Bootloader,
 ) -> Result<Option<UKIInfo>> {
@@ -822,17 +822,19 @@ fn write_pe_to_esp(
     if matches!(pe_type, PEType::Uki) {
         let cmdline = uki::get_cmdline(&efi_bin).context("Getting UKI cmdline")?;
 
-        let (composefs_cmdline, insecure) =
+        let (composefs_cmdline, missing_verity_allowed_cmdline) =
             get_cmdline_composefs::<Sha512HashValue>(cmdline).context("Parsing composefs=")?;
 
         // If the UKI cmdline does not match what the user has passed as cmdline option
         // NOTE: This will only be checked for new installs and now upgrades/switches
-        match is_insecure_from_opts {
-            true if !insecure => {
-                tracing::warn!("--insecure passed as option but UKI cmdline does not support it");
+        match missing_fsverity_allowed {
+            true if !missing_verity_allowed_cmdline => {
+                tracing::warn!(
+                    "--allow-missing-fsverity passed as option but UKI cmdline does not support it"
+                );
             }
 
-            false if insecure => {
+            false if missing_verity_allowed_cmdline => {
                 tracing::warn!("UKI cmdline has composefs set as insecure");
             }
 
@@ -1077,7 +1079,8 @@ pub(crate) fn setup_composefs_uki_boot(
     id: &Sha512HashValue,
     entries: Vec<ComposefsBootEntry<Sha512HashValue>>,
 ) -> Result<String> {
-    let (root_path, esp_device, bootloader, is_insecure_from_opts, uki_addons) = match setup_type {
+    let (root_path, esp_device, bootloader, missing_fsverity_allowed, uki_addons) = match setup_type
+    {
         BootSetupType::Setup((root_setup, state, postfetch, ..)) => {
             state.require_no_kargs_for_uki()?;
 
@@ -1087,7 +1090,7 @@ pub(crate) fn setup_composefs_uki_boot(
                 root_setup.physical_root_path.clone(),
                 esp_part.node.clone(),
                 postfetch.detected_bootloader.clone(),
-                state.composefs_options.insecure,
+                state.composefs_options.allow_missing_verity,
                 state.composefs_options.uki_addon.as_ref(),
             )
         }
@@ -1101,7 +1104,7 @@ pub(crate) fn setup_composefs_uki_boot(
                 sysroot,
                 get_esp_partition(&sysroot_parent)?.0,
                 bootloader,
-                booted_cfs.cmdline.insecure,
+                booted_cfs.cmdline.allow_missing_fsverity,
                 None,
             )
         }
@@ -1152,7 +1155,7 @@ pub(crate) fn setup_composefs_uki_boot(
                     utf8_file_path,
                     entry.pe_type,
                     &id,
-                    is_insecure_from_opts,
+                    missing_fsverity_allowed,
                     esp_mount.dir.path(),
                     &bootloader,
                 )?;
@@ -1231,10 +1234,10 @@ pub(crate) async fn setup_composefs_boot(
     root_setup: &RootSetup,
     state: &State,
     image_id: &str,
-    insecure: bool,
+    allow_missing_fsverity: bool,
 ) -> Result<()> {
     let mut repo = open_composefs_repo(&root_setup.physical_root)?;
-    repo.set_insecure(insecure);
+    repo.set_insecure(allow_missing_fsverity);
 
     let mut fs = create_composefs_filesystem(&repo, image_id, None)?;
     let entries = fs.transform_for_boot(&repo)?;
@@ -1306,7 +1309,7 @@ pub(crate) async fn setup_composefs_boot(
             &state.source.imageref.name,
         ))
         .await?,
-        insecure,
+        allow_missing_fsverity,
     )
     .await?;
 

crates/lib/src/bootc_composefs/finalize.rs

@@ -27,7 +27,7 @@ pub(crate) async fn get_etc_diff(storage: &Storage, booted_cfs: &BootedComposefs
     let composefs_fd = mount_composefs_image(
         &sysroot_fd,
         &booted_composefs.verity,
-        booted_cfs.cmdline.insecure,
+        booted_cfs.cmdline.allow_missing_fsverity,
     )?;
 
     let erofs_tmp_mnt = TempMount::mount_fd(&composefs_fd)?;
@@ -75,7 +75,7 @@ pub(crate) async fn composefs_backend_finalize(
     let composefs_fd = mount_composefs_image(
         &sysroot_fd,
         &booted_composefs.verity,
-        booted_cfs.cmdline.insecure,
+        booted_cfs.cmdline.allow_missing_fsverity,
     )?;
 
     let erofs_tmp_mnt = TempMount::mount_fd(&composefs_fd)?;

crates/lib/src/bootc_composefs/repo.rs

@@ -23,7 +23,7 @@ pub(crate) fn open_composefs_repo(rootfs_dir: &Dir) -> Result<crate::store::Comp
 pub(crate) async fn initialize_composefs_repository(
     state: &State,
     root_setup: &RootSetup,
-    insecure: bool,
+    allow_missing_fsverity: bool,
 ) -> Result<(String, impl FsVerityHashValue)> {
     let rootfs_dir = &root_setup.physical_root;
 
@@ -32,7 +32,7 @@ pub(crate) async fn initialize_composefs_repository(
         .context("Creating dir composefs")?;
 
     let mut repo = open_composefs_repo(rootfs_dir)?;
-    repo.set_insecure(insecure);
+    repo.set_insecure(allow_missing_fsverity);
 
     let OstreeExtImgRef {
         name: image_name,
@@ -75,7 +75,7 @@ pub(crate) fn get_imgref(transport: &str, image: &str) -> String {
 pub(crate) async fn pull_composefs_repo(
     transport: &String,
     image: &String,
-    insecure: bool,
+    allow_missing_fsverity: bool,
 ) -> Result<(
     crate::store::ComposefsRepository,
     Vec<ComposefsBootEntry<Sha512HashValue>>,
@@ -85,7 +85,7 @@ pub(crate) async fn pull_composefs_repo(
     let rootfs_dir = Dir::open_ambient_dir("/sysroot", ambient_authority())?;
 
     let mut repo = open_composefs_repo(&rootfs_dir).context("Opening composefs repo")?;
-    repo.set_insecure(insecure);
+    repo.set_insecure(allow_missing_fsverity);
 
     let final_imgref = get_imgref(transport, image);
 
@@ -98,7 +98,7 @@ pub(crate) async fn pull_composefs_repo(
     tracing::info!("ID: {id}, Verity: {}", verity.to_hex());
 
     let mut repo = open_composefs_repo(&rootfs_dir)?;
-    repo.set_insecure(insecure);
+    repo.set_insecure(allow_missing_fsverity);
 
     let mut fs: crate::store::ComposefsFilesystem =
         create_composefs_filesystem(&repo, &id, None)

crates/lib/src/bootc_composefs/selinux.rs

@@ -76,7 +76,8 @@ fn get_selinux_policy_for_deployment(
     let (deployment_root, _mount_guard) = if *booted_cmdline.digest == *depl_id {
         (Dir::open_ambient_dir("/", ambient_authority())?, None)
     } else {
-        let composefs_fd = mount_composefs_image(&sysroot_fd, depl_id, booted_cmdline.insecure)?;
+        let composefs_fd =
+            mount_composefs_image(&sysroot_fd, depl_id, booted_cmdline.allow_missing_fsverity)?;
         let erofs_tmp_mnt = TempMount::mount_fd(&composefs_fd)?;
 
         (erofs_tmp_mnt.fd.try_clone()?, Some(erofs_tmp_mnt))

crates/lib/src/bootc_composefs/soft_reboot.rs

@@ -108,7 +108,7 @@ pub(crate) async fn prepare_soft_reboot_composefs(
 
     create_dir_all(NEXTROOT).context("Creating nextroot")?;
 
-    let cmdline = if booted_cfs.cmdline.insecure {
+    let cmdline = if booted_cfs.cmdline.allow_missing_fsverity {
         Cmdline::from(format!("{COMPOSEFS_CMDLINE}=?{deployment_id}"))
     } else {
         Cmdline::from(format!("{COMPOSEFS_CMDLINE}={deployment_id}"))

crates/lib/src/bootc_composefs/state.rs

@@ -87,7 +87,7 @@ pub(crate) fn initialize_state(
     erofs_id: &String,
     state_path: &Utf8PathBuf,
     initialize_var: bool,
-    insecure: bool,
+    allow_missing_fsverity: bool,
 ) -> Result<()> {
     let sysroot_fd = open(
         sysroot_path.as_std_path(),
@@ -96,8 +96,11 @@ pub(crate) fn initialize_state(
     )
     .context("Opening sysroot")?;
 
-    let composefs_fd =
-        bootc_initramfs_setup::mount_composefs_image(&sysroot_fd, &erofs_id, insecure)?;
+    let composefs_fd = bootc_initramfs_setup::mount_composefs_image(
+        &sysroot_fd,
+        &erofs_id,
+        allow_missing_fsverity,
+    )?;
 
     let tempdir = TempMount::mount_fd(composefs_fd)?;
 
@@ -236,7 +239,7 @@ pub(crate) async fn write_composefs_state(
     boot_type: BootType,
     boot_digest: String,
     container_details: &ImgConfigManifest,
-    insecure: bool,
+    allow_missing_fsverity: bool,
 ) -> Result<()> {
     let state_path = root_path
         .join(STATE_DIR_RELATIVE)
@@ -259,7 +262,7 @@ pub(crate) async fn write_composefs_state(
         &deployment_id.to_hex(),
         &state_path,
         staged.is_none(),
-        insecure,
+        allow_missing_fsverity,
     )?;
 
     let ImageReference {

crates/lib/src/bootc_composefs/status.rs

@@ -55,7 +55,7 @@ pub(crate) struct ImgConfigManifest {
 /// A parsed composefs command line
 #[derive(Clone)]
 pub(crate) struct ComposefsCmdline {
-    pub insecure: bool,
+    pub allow_missing_fsverity: bool,
     pub digest: Box<str>,
 }
 
@@ -68,21 +68,25 @@ struct DeploymentBootInfo<'a> {
 
 impl ComposefsCmdline {
     pub(crate) fn new(s: &str) -> Self {
-        let (insecure, digest_str) = s
+        let (allow_missing_fsverity, digest_str) = s
             .strip_prefix('?')
             .map(|v| (true, v))
             .unwrap_or_else(|| (false, s));
         ComposefsCmdline {
-            insecure,
+            allow_missing_fsverity,
             digest: digest_str.into(),
         }
     }
 }
 
 impl std::fmt::Display for ComposefsCmdline {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let insecure = if self.insecure { "?" } else { "" };
-        write!(f, "{}={}{}", COMPOSEFS_CMDLINE, insecure, self.digest)
+        let allow_missing_fsverity = if self.allow_missing_fsverity { "?" } else { "" };
+        write!(
+            f,
+            "{}={}{}",
+            COMPOSEFS_CMDLINE, allow_missing_fsverity, self.digest
+        )
     }
 }
 
@@ -806,10 +810,10 @@ mod tests {
     fn test_composefs_parsing() {
         const DIGEST: &str = "8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52";
         let v = ComposefsCmdline::new(DIGEST);
-        assert!(!v.insecure);
+        assert!(!v.allow_missing_fsverity);
         assert_eq!(v.digest.as_ref(), DIGEST);
         let v = ComposefsCmdline::new(&format!("?{}", DIGEST));
-        assert!(v.insecure);
+        assert!(v.allow_missing_fsverity);
         assert_eq!(v.digest.as_ref(), DIGEST);
     }
 

crates/lib/src/bootc_composefs/update.rs

@@ -252,7 +252,7 @@ pub(crate) async fn do_upgrade(
     let (repo, entries, id, fs) = pull_composefs_repo(
         &imgref.transport,
         &imgref.image,
-        booted_cfs.cmdline.insecure,
+        booted_cfs.cmdline.allow_missing_fsverity,
     )
     .await?;
 
@@ -296,7 +296,7 @@ pub(crate) async fn do_upgrade(
         boot_type,
         boot_digest,
         img_manifest_config,
-        booted_cfs.cmdline.insecure,
+        booted_cfs.cmdline.allow_missing_fsverity,
     )
     .await?;
 

crates/lib/src/install.rs

@@ -385,7 +385,7 @@ pub(crate) struct InstallComposefsOpts {
     /// Make fs-verity validation optional in case the filesystem doesn't support it
     #[clap(long, default_value_t, requires = "composefs_backend")]
     #[serde(default)]
-    pub(crate) insecure: bool,
+    pub(crate) allow_missing_verity: bool,
 
     /// The bootloader to use.
     #[clap(long, requires = "composefs_backend")]
@@ -1887,12 +1887,21 @@ async fn install_to_filesystem_impl(
     if state.composefs_options.composefs_backend {
         // Load a fd for the mounted target physical root
 
-        let (id, verity) =
-            initialize_composefs_repository(state, rootfs, state.composefs_options.insecure)
-                .await?;
+        let (id, verity) = initialize_composefs_repository(
+            state,
+            rootfs,
+            state.composefs_options.allow_missing_verity,
+        )
+        .await?;
         tracing::info!("id: {id}, verity: {}", verity.to_hex());
 
-        setup_composefs_boot(rootfs, state, &id, state.composefs_options.insecure).await?;
+        setup_composefs_boot(
+            rootfs,
+            state,
+            &id,
+            state.composefs_options.allow_missing_verity,
+        )
+        .await?;
     } else {
         ostree_install(state, rootfs, cleanup).await?;
     }