libostree/deploy: enable composefs by default

The composefs libostree integration has been supported for a while now and is actively in use in various ostree/bootc-based systems. Let's turn it on by default. This has no effect if composefs support is not compiled in. This patch does two things: 1. It changes the default value for the `composefs.enabled` tristate to `true`. 2. It changes the deploy API to also create composefs images if the tristate is `maybe`. The reason for doing the latter is so that systems upgrading from old libostree versions (which may either not have composefs support or may have composefs-related bugs) will still be able to upgrade and not trip `ostree-prepare-root` in the new deployment (which allows missing composefs images for `maybe`). While we're here, fix the deploy logic to hard error out if composefs is requested but not compiled in, matching `ostree-prepare-root`. See also: #2867
ostreedev · Dec 13, 2024 · 0643544 · 0643544
1 parent ab8a7f7
commit 0643544
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 10 deletions.
diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c
@@ -640,9 +640,6 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
   if (!glnx_opendirat (osdeploy_dfd, checkout_target_name, TRUE, &ret_deployment_dfd, error))
     return FALSE;
 
-  guint64 composefs_start_time = 0;
-  guint64 composefs_end_time = 0;
-#ifdef HAVE_COMPOSEFS
   /* TODO: Consider changing things in the future to parse the deployment config from memory, and
    * if composefs is enabled, then we can check out in "user mode" (i.e. only have suid binaries
    * enabled in composefs, etc.)
@@ -667,7 +664,11 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
   g_debug ("composefs enabled by config: %d repo: %d", composefs_enabled, repo->composefs_wanted);
   if (repo->composefs_wanted == OT_TRISTATE_YES)
     composefs_enabled = repo->composefs_wanted;
-  if (composefs_enabled == OT_TRISTATE_YES)
+
+  guint64 composefs_start_time = 0;
+  guint64 composefs_end_time = 0;
+#ifdef HAVE_COMPOSEFS
+  if (composefs_enabled != OT_TRISTATE_NO)
     {
       composefs_start_time = g_get_monotonic_time ();
       // TODO: Clean up our mess around composefs/fsverity...we have duplication
@@ -694,6 +695,9 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
     }
   else
     g_debug ("not using composefs");
+#else
+  if (composefs_enabled == OT_TRISTATE_YES)
+    return glnx_throw (error, "composefs: enabled at runtime, but support is not compiled in");
 #endif
 
   *checkout_elapsed = (checkout_end_time - checkout_start_time);

diff --git a/src/libotcore/otcore-prepare-root.c b/src/libotcore/otcore-prepare-root.c
@@ -27,6 +27,12 @@
 // The kernel argument to configure composefs
 #define CMDLINE_KEY_COMPOSEFS "ostree.prepare-root.composefs"
 
+#ifdef HAVE_COMPOSEFS
+#define COMPOSEFS_TRISTATE_DEFAULT_VALUE OT_TRISTATE_YES
+#else
+#define COMPOSEFS_TRISTATE_DEFAULT_VALUE OT_TRISTATE_NO
+#endif
+
 static bool
 proc_cmdline_has_key_starting_with (const char *cmdline, const char *key)
 {
@@ -182,7 +188,7 @@ otcore_load_composefs_config (const char *cmdline, GKeyFile *config, gboolean lo
     }
   else if (!ot_keyfile_get_tristate_with_default (config, OTCORE_PREPARE_ROOT_COMPOSEFS_KEY,
                                                   OTCORE_PREPARE_ROOT_ENABLED_KEY,
-                                                  OT_TRISTATE_MAYBE, &ret->enabled, error))
+                                                  COMPOSEFS_TRISTATE_DEFAULT_VALUE, &ret->enabled, error))
     return NULL;
 
   // Look for a key - we default to the initramfs binding path.

diff --git a/tests/admin-test.sh b/tests/admin-test.sh
@@ -71,9 +71,10 @@ assert_not_file_has_content status.txt "pending"
 assert_not_file_has_content status.txt "rollback"
 validate_bootloader
 
-# Someday probably soon we'll turn this on by default, but for now
-if test -f sysroot/ostree/deploy/testos/deploy/*.0/.ostree.cfs; then
-    fatal "found composefs unexpectedly"
+if has_ostree_feature composefs; then
+    if ! test -f sysroot/ostree/deploy/testos/deploy/*.0/.ostree.cfs; then
+        fatal "missing composefs"
+    fi
 fi
 
 # Test the bootable and linux keys

diff --git a/tests/test-admin-deploy-composefs.sh b/tests/test-admin-deploy-composefs.sh
@@ -26,14 +26,32 @@ skip_without_ostree_feature composefs
 # Exports OSTREE_SYSROOT so --sysroot not needed.
 setup_os_repository "archive" "syslinux"
 
+# check disablement
 cd osdata
 mkdir -p usr/lib/ostree
 cat > usr/lib/ostree/prepare-root.conf << 'EOF'
 [composefs]
-enabled=true
+enabled=false
 EOF
-${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.composefs -b testos/buildmain/x86_64-runtime
 cd -
+
+${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.composefs -b testos/buildmain/x86_64-runtime osdata
+${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime
+
+${CMD_PREFIX} ostree admin deploy --os=testos --karg=root=LABEL=foo --karg=testkarg=1 testos:testos/buildmain/x86_64-runtime
+if test -f sysroot/ostree/deploy/testos/deploy/*.0/.ostree.cfs; then
+    fatal "found composefs unexpectedly"
+fi
+
+# check maybe enablement
+cd osdata
+cat > usr/lib/ostree/prepare-root.conf << 'EOF'
+[composefs]
+enabled=maybe
+EOF
+cd -
+
+${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.composefs -b testos/buildmain/x86_64-runtime osdata
 ${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime
 
 ${CMD_PREFIX} ostree admin deploy --os=testos --karg=root=LABEL=foo --karg=testkarg=1 testos:testos/buildmain/x86_64-runtime