Update to latest composefs-rs

Cargo.toml

@@ -40,19 +40,11 @@ cfg-if = "1.0"
 chrono = { version = "0.4.38", default-features = false }
 clap = "4.5.4"
 clap_mangen = { version = "0.2.20" }
-# Reviewers (including AI tools): The composefs-rs git revision is duplicated for each crate.
-# If adding/removing crates here, also update docs/Dockerfile.mdbook and docs/src/internals.md.
-#
 # To develop against a local composefs-rs checkout, add a [patch] section at the end of this file:
-#   [patch."https://github.com/containers/composefs-rs"]
-#   composefs = { path = "/home/user/src/composefs-rs/crates/composefs" }
-#   composefs-boot = { path = "/home/user/src/composefs-rs/crates/composefs-boot" }
-#   composefs-oci = { path = "/home/user/src/composefs-rs/crates/composefs-oci" }
+#   [patch."https://github.com/composefs/composefs-rs"]
+#   cfsctl = { path = "/path/to/composefs-rs/crates/cfsctl" }
 # The Justfile will auto-detect these and bind-mount them into container builds.
-composefs = { git = "https://github.com/composefs/composefs-rs", rev = "b928c6bd6c051e111d3efc3d25cdaf9159182ed0", package = "composefs", features = ["rhel9"] }
-cfsctl = { git = "https://github.com/composefs/composefs-rs", rev = "b928c6bd6c051e111d3efc3d25cdaf9159182ed0", package = "cfsctl", features = ["rhel9"] }
-composefs-boot = { git = "https://github.com/composefs/composefs-rs", rev = "b928c6bd6c051e111d3efc3d25cdaf9159182ed0", package = "composefs-boot" }
-composefs-oci = { git = "https://github.com/composefs/composefs-rs", rev = "b928c6bd6c051e111d3efc3d25cdaf9159182ed0", package = "composefs-oci" }
+cfsctl = { git = "https://github.com/composefs/composefs-rs", rev = "2203e8f", package = "cfsctl", features = ["rhel9"] }
 fn-error-context = "0.2.1"
 hex = "0.4.3"
 indicatif = "0.18.0"

crates/etc-merge/Cargo.toml

@@ -12,7 +12,7 @@ rustix = { workspace = true }
 openssl = { workspace = true }
 hex = { workspace = true }
 tracing = { workspace = true }
-composefs = { workspace = true }
+cfsctl = { workspace = true }
 fn-error-context = { workspace = true }
 owo-colors = { workspace = true }
 anstream = { workspace = true }

crates/etc-merge/src/lib.rs

@@ -17,6 +17,7 @@ use anyhow::Context;
 use cap_std_ext::cap_std;
 use cap_std_ext::cap_std::fs::{Dir as CapStdDir, MetadataExt, Permissions, PermissionsExt};
 use cap_std_ext::dirext::CapStdExtDirExt;
+use cfsctl::composefs;
 use composefs::fsverity::{FsVerityHashValue, Sha256HashValue, Sha512HashValue};
 use composefs::generic_tree::{Directory, Inode, Leaf, LeafContent, Stat};
 use composefs::tree::ImageError;

crates/initramfs/Cargo.toml

@@ -11,8 +11,7 @@ clap = { workspace = true, features = ["std", "help", "usage", "derive"] }
 libc.workspace = true
 rustix.workspace = true
 serde = { workspace = true, features = ["derive"] }
-composefs.workspace = true
-composefs-boot.workspace = true
+cfsctl.workspace = true
 toml.workspace = true
 fn-error-context.workspace = true
 bootc-kernel-cmdline =  { path = "../kernel_cmdline", version = "0.0.0" }
@@ -22,5 +21,5 @@ workspace = true
 
 [features]
 default = ['pre-6.15']
-rhel9 = ['composefs/rhel9']
-'pre-6.15' = ['composefs/pre-6.15']
+rhel9 = ['cfsctl/rhel9']
+'pre-6.15' = ['cfsctl/pre-6.15']

crates/initramfs/src/lib.rs

@@ -21,6 +21,8 @@ use rustix::{
 };
 use serde::Deserialize;
 
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
 use composefs::{
     fsverity::{FsVerityHashValue, Sha512HashValue},
     mount::FsHandle,

crates/lib/Cargo.toml

@@ -35,10 +35,7 @@ chrono = { workspace = true, features = ["serde"] }
 clap = { workspace = true, features = ["derive","cargo"] }
 clap_complete = "4"
 clap_mangen = { workspace = true, optional = true }
-composefs = { workspace = true }
 cfsctl = { workspace = true }
-composefs-boot = { workspace = true }
-composefs-oci = { workspace = true }
 fn-error-context = { workspace = true }
 hex = { workspace = true }
 indicatif = { workspace = true }

crates/lib/src/bootc_composefs/boot.rs

@@ -74,19 +74,21 @@ use cap_std_ext::{
     cap_std::{ambient_authority, fs::Dir},
     dirext::CapStdExtDirExt,
 };
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
+use cfsctl::composefs_oci;
 use clap::ValueEnum;
 use composefs::fs::read_file;
+use composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
 use composefs::tree::RegularFile;
 use composefs_boot::BootOps;
-use composefs_boot::bootloader::{EFI_ADDON_DIR_EXT, EFI_ADDON_FILE_EXT, EFI_EXT, PEType};
-use fn_error_context::context;
-use ostree_ext::composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
-use ostree_ext::composefs_boot::bootloader::UsrLibModulesVmlinuz;
-use ostree_ext::composefs_boot::{
-    bootloader::BootEntry as ComposefsBootEntry, cmdline::get_cmdline_composefs,
-    os_release::OsReleaseInfo, uki,
+use composefs_boot::bootloader::{
+    BootEntry as ComposefsBootEntry, EFI_ADDON_DIR_EXT, EFI_ADDON_FILE_EXT, EFI_EXT, PEType,
+    UsrLibModulesVmlinuz,
 };
-use ostree_ext::composefs_oci::image::create_filesystem as create_composefs_filesystem;
+use composefs_boot::{cmdline::get_cmdline_composefs, os_release::OsReleaseInfo, uki};
+use composefs_oci::image::create_filesystem as create_composefs_filesystem;
+use fn_error_context::context;
 use rustix::{mount::MountFlags, path::Arg};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -333,10 +335,10 @@ fn compute_boot_digest(
 /// * repo - The composefs repository
 #[context("Computing boot digest")]
 pub(crate) fn compute_boot_digest_uki(uki: &[u8]) -> Result<String> {
-    let vmlinuz = composefs_boot::uki::get_section(uki, ".linux")
-        .ok_or_else(|| anyhow::anyhow!(".linux not present"))??;
+    let vmlinuz =
+        uki::get_section(uki, ".linux").ok_or_else(|| anyhow::anyhow!(".linux not present"))??;
 
-    let initramfs = composefs_boot::uki::get_section(uki, ".initrd")
+    let initramfs = uki::get_section(uki, ".initrd")
         .ok_or_else(|| anyhow::anyhow!(".initrd not present"))??;
 
     let mut hasher = openssl::hash::Hasher::new(openssl::hash::MessageDigest::sha256())

crates/lib/src/bootc_composefs/digest.rs

@@ -8,6 +8,8 @@ use anyhow::{Context, Result};
 use camino::Utf8Path;
 use cap_std_ext::cap_std;
 use cap_std_ext::cap_std::fs::Dir;
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
 use composefs::dumpfile;
 use composefs::fsverity::FsVerityHashValue;
 use composefs_boot::BootOps as _;

crates/lib/src/bootc_composefs/export.rs

@@ -2,6 +2,8 @@ use std::{fs::File, os::fd::AsRawFd};
 
 use anyhow::{Context, Result};
 use cap_std_ext::cap_std::{ambient_authority, fs::Dir};
+use cfsctl::composefs;
+use cfsctl::composefs_oci;
 use composefs::splitstream::SplitStreamData;
 use composefs_oci::open_config;
 use ocidir::{OciDir, oci_spec::image::Platform};

crates/lib/src/bootc_composefs/finalize.rs

@@ -11,6 +11,7 @@ use bootc_initramfs_setup::mount_composefs_image;
 use bootc_mount::tempmount::TempMount;
 use cap_std_ext::cap_std::{ambient_authority, fs::Dir};
 use cap_std_ext::dirext::CapStdExtDirExt;
+use cfsctl::composefs;
 use composefs::generic_tree::{Directory, Stat};
 use etc_merge::{compute_diff, merge, print_diff, traverse_etc};
 use rustix::fs::{fsync, renameat};

crates/lib/src/bootc_composefs/gc.rs

@@ -6,6 +6,8 @@
 
 use anyhow::{Context, Result};
 use cap_std_ext::{cap_std::fs::Dir, dirext::CapStdExtDirExt};
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
 use composefs::repository::GcResult;
 use composefs_boot::bootloader::EFI_EXT;
 

crates/lib/src/bootc_composefs/repo.rs

@@ -3,10 +3,13 @@ use std::sync::Arc;
 
 use anyhow::{Context, Result};
 
-use ostree_ext::composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
-use ostree_ext::composefs_boot::{BootOps, bootloader::BootEntry as ComposefsBootEntry};
-use ostree_ext::composefs_oci::{
-    image::create_filesystem as create_composefs_filesystem, pull as composefs_oci_pull,
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
+use cfsctl::composefs_oci;
+use composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
+use composefs_boot::{BootOps, bootloader::BootEntry as ComposefsBootEntry};
+use composefs_oci::{
+    PullResult, image::create_filesystem as create_composefs_filesystem, pull as composefs_oci_pull,
 };
 
 use ostree_ext::container::ImageReference as OstreeExtImgRef;
@@ -24,7 +27,7 @@ pub(crate) async fn initialize_composefs_repository(
     state: &State,
     root_setup: &RootSetup,
     allow_missing_fsverity: bool,
-) -> Result<(String, impl FsVerityHashValue)> {
+) -> Result<PullResult<Sha512HashValue>> {
     const COMPOSEFS_REPO_INIT_JOURNAL_ID: &str = "5d4c3b2a1f0e9d8c7b6a5f4e3d2c1b0a9";
 
     let rootfs_dir = &root_setup.physical_root;
@@ -117,22 +120,22 @@ pub(crate) async fn pull_composefs_repo(
 
     tracing::debug!("Image to pull {final_imgref}");
 
-    let (id, verity) = composefs_oci_pull(&Arc::new(repo), &final_imgref, None, None)
+    let pull_result = composefs_oci_pull(&Arc::new(repo), &final_imgref, None, None)
         .await
         .context("Pulling composefs repo")?;
 
     tracing::info!(
         message_id = COMPOSEFS_PULL_JOURNAL_ID,
-        id = id,
-        verity = verity.to_hex(),
+        id = pull_result.config_digest,
+        verity = pull_result.config_verity.to_hex(),
         "Pulled image into repository"
     );
 
     let mut repo = open_composefs_repo(&rootfs_dir)?;
     repo.set_insecure(allow_missing_fsverity);
 
     let mut fs: crate::store::ComposefsFilesystem =
-        create_composefs_filesystem(&repo, &id, None)
+        create_composefs_filesystem(&repo, &pull_result.config_digest, None)
             .context("Failed to create composefs filesystem")?;
 
     let entries = fs.transform_for_boot(&repo)?;

crates/lib/src/bootc_composefs/state.rs

@@ -13,6 +13,7 @@ use canon_json::CanonJsonSerialize;
 use cap_std_ext::cap_std::ambient_authority;
 use cap_std_ext::cap_std::fs::{Dir, Permissions, PermissionsExt};
 use cap_std_ext::dirext::CapStdExtDirExt;
+use cfsctl::composefs;
 use composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
 use fn_error_context::context;
 

crates/lib/src/bootc_composefs/update.rs

@@ -1,6 +1,9 @@
 use anyhow::{Context, Result};
 use camino::Utf8PathBuf;
 use cap_std_ext::{cap_std::fs::Dir, dirext::CapStdExtDirExt};
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
+use cfsctl::composefs_oci;
 use composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
 use composefs_boot::BootOps;
 use composefs_oci::image::create_filesystem;

crates/lib/src/bootc_composefs/utils.rs

@@ -7,6 +7,7 @@ use crate::{
 };
 use anyhow::Result;
 use bootc_kernel_cmdline::utf8::Cmdline;
+use cfsctl::composefs_boot;
 use fn_error_context::context;
 
 fn get_uki(storage: &Storage, deployment_verity: &str) -> Result<Vec<u8>> {

crates/lib/src/cli.rs

@@ -12,19 +12,22 @@ use anyhow::{Context, Result, anyhow, ensure};
 use camino::{Utf8Path, Utf8PathBuf};
 use cap_std_ext::cap_std;
 use cap_std_ext::cap_std::fs::Dir;
+use cfsctl::composefs;
+use cfsctl::composefs_boot;
+use cfsctl::composefs_oci;
 use clap::CommandFactory;
 use clap::Parser;
 use clap::ValueEnum;
 use composefs::dumpfile;
+use composefs::fsverity;
+use composefs::fsverity::FsVerityHashValue;
+use composefs::splitstream::SplitStreamWriter;
 use composefs_boot::BootOps as _;
 use etc_merge::{compute_diff, print_diff};
 use fn_error_context::context;
 use indoc::indoc;
 use ostree::gio;
 use ostree_container::store::PrepareResult;
-use ostree_ext::composefs::fsverity;
-use ostree_ext::composefs::fsverity::FsVerityHashValue;
-use ostree_ext::composefs::splitstream::SplitStreamWriter;
 use ostree_ext::container as ostree_container;
 
 use ostree_ext::keyfileext::KeyFileExt;
@@ -1611,12 +1614,15 @@ async fn run_from_opt(opt: Opt) -> Result<()> {
                 };
 
                 let imgref = format!("containers-storage:{image}");
-                let (imgid, verity) = composefs_oci::pull(&repo, &imgref, None, Some(proxycfg))
+                let pull_result = composefs_oci::pull(&repo, &imgref, None, Some(proxycfg))
                     .await
                     .context("Pulling image")?;
-                let imgid = hex::encode(imgid);
-                let mut fs = composefs_oci::image::create_filesystem(&repo, &imgid, Some(&verity))
-                    .context("Populating fs")?;
+                let mut fs = composefs_oci::image::create_filesystem(
+                    &repo,
+                    &pull_result.config_digest,
+                    Some(&pull_result.config_verity),
+                )
+                .context("Populating fs")?;
                 fs.transform_for_boot(&repo).context("Preparing for boot")?;
                 let id = fs.compute_image_id();
                 println!("{}", id.to_hex());

crates/lib/src/fsck.rs

@@ -16,10 +16,11 @@ use camino::Utf8PathBuf;
 use cap_std::fs::{Dir, MetadataExt as _};
 use cap_std_ext::cap_std;
 use cap_std_ext::dirext::CapStdExtDirExt;
+use cfsctl::composefs;
 use fn_error_context::context;
 use linkme::distributed_slice;
+use ostree_ext::ostree;
 use ostree_ext::ostree_prepareroot::Tristate;
-use ostree_ext::{composefs, ostree};
 
 use crate::store::Storage;