From 0643544c68a4d909ae9c7ab5e109cadda6adc027 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 11 Dec 2024 16:46:25 -0500 Subject: [PATCH] libostree/deploy: enable composefs by default The composefs libostree integration has been supported for a while now and is actively in use in various ostree/bootc-based systems. Let's turn it on by default. This has no effect if composefs support is not compiled in. This patch does two things: 1. It changes the default value for the `composefs.enabled` tristate to `true`. 2. It changes the deploy API to also create composefs images if the tristate is `maybe`. The reason for doing the latter is so that systems upgrading from old libostree versions (which may either not have composefs support or may have composefs-related bugs) will still be able to upgrade and not trip `ostree-prepare-root` in the new deployment (which allows missing composefs images for `maybe`). While we're here, fix the deploy logic to hard error out if composefs is requested but not compiled in, matching `ostree-prepare-root`. See also: https://github.com/ostreedev/ostree/issues/2867 --- src/libostree/ostree-sysroot-deploy.c | 12 ++++++++---- src/libotcore/otcore-prepare-root.c | 8 +++++++- tests/admin-test.sh | 7 ++++--- tests/test-admin-deploy-composefs.sh | 22 ++++++++++++++++++++-- 4 files changed, 39 insertions(+), 10 deletions(-) diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c index 43f380f68c..5c52e64bdb 100644 --- a/src/libostree/ostree-sysroot-deploy.c +++ b/src/libostree/ostree-sysroot-deploy.c @@ -640,9 +640,6 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy if (!glnx_opendirat (osdeploy_dfd, checkout_target_name, TRUE, &ret_deployment_dfd, error)) return FALSE; - guint64 composefs_start_time = 0; - guint64 composefs_end_time = 0; -#ifdef HAVE_COMPOSEFS /* TODO: Consider changing things in the future to parse the deployment config from memory, and * if composefs is enabled, then we can check out in "user mode" (i.e. only have suid binaries * enabled in composefs, etc.) @@ -667,7 +664,11 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy g_debug ("composefs enabled by config: %d repo: %d", composefs_enabled, repo->composefs_wanted); if (repo->composefs_wanted == OT_TRISTATE_YES) composefs_enabled = repo->composefs_wanted; - if (composefs_enabled == OT_TRISTATE_YES) + + guint64 composefs_start_time = 0; + guint64 composefs_end_time = 0; +#ifdef HAVE_COMPOSEFS + if (composefs_enabled != OT_TRISTATE_NO) { composefs_start_time = g_get_monotonic_time (); // TODO: Clean up our mess around composefs/fsverity...we have duplication @@ -694,6 +695,9 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy } else g_debug ("not using composefs"); +#else + if (composefs_enabled == OT_TRISTATE_YES) + return glnx_throw (error, "composefs: enabled at runtime, but support is not compiled in"); #endif *checkout_elapsed = (checkout_end_time - checkout_start_time); diff --git a/src/libotcore/otcore-prepare-root.c b/src/libotcore/otcore-prepare-root.c index e0a1641a8f..b71be62c88 100644 --- a/src/libotcore/otcore-prepare-root.c +++ b/src/libotcore/otcore-prepare-root.c @@ -27,6 +27,12 @@ // The kernel argument to configure composefs #define CMDLINE_KEY_COMPOSEFS "ostree.prepare-root.composefs" +#ifdef HAVE_COMPOSEFS +#define COMPOSEFS_TRISTATE_DEFAULT_VALUE OT_TRISTATE_YES +#else +#define COMPOSEFS_TRISTATE_DEFAULT_VALUE OT_TRISTATE_NO +#endif + static bool proc_cmdline_has_key_starting_with (const char *cmdline, const char *key) { @@ -182,7 +188,7 @@ otcore_load_composefs_config (const char *cmdline, GKeyFile *config, gboolean lo } else if (!ot_keyfile_get_tristate_with_default (config, OTCORE_PREPARE_ROOT_COMPOSEFS_KEY, OTCORE_PREPARE_ROOT_ENABLED_KEY, - OT_TRISTATE_MAYBE, &ret->enabled, error)) + COMPOSEFS_TRISTATE_DEFAULT_VALUE, &ret->enabled, error)) return NULL; // Look for a key - we default to the initramfs binding path. diff --git a/tests/admin-test.sh b/tests/admin-test.sh index 2adae9df5c..0c442cfd8b 100644 --- a/tests/admin-test.sh +++ b/tests/admin-test.sh @@ -71,9 +71,10 @@ assert_not_file_has_content status.txt "pending" assert_not_file_has_content status.txt "rollback" validate_bootloader -# Someday probably soon we'll turn this on by default, but for now -if test -f sysroot/ostree/deploy/testos/deploy/*.0/.ostree.cfs; then - fatal "found composefs unexpectedly" +if has_ostree_feature composefs; then + if ! test -f sysroot/ostree/deploy/testos/deploy/*.0/.ostree.cfs; then + fatal "missing composefs" + fi fi # Test the bootable and linux keys diff --git a/tests/test-admin-deploy-composefs.sh b/tests/test-admin-deploy-composefs.sh index fd39dc8d5d..4df2093c1f 100755 --- a/tests/test-admin-deploy-composefs.sh +++ b/tests/test-admin-deploy-composefs.sh @@ -26,14 +26,32 @@ skip_without_ostree_feature composefs # Exports OSTREE_SYSROOT so --sysroot not needed. setup_os_repository "archive" "syslinux" +# check disablement cd osdata mkdir -p usr/lib/ostree cat > usr/lib/ostree/prepare-root.conf << 'EOF' [composefs] -enabled=true +enabled=false EOF -${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.composefs -b testos/buildmain/x86_64-runtime cd - + +${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.composefs -b testos/buildmain/x86_64-runtime osdata +${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime + +${CMD_PREFIX} ostree admin deploy --os=testos --karg=root=LABEL=foo --karg=testkarg=1 testos:testos/buildmain/x86_64-runtime +if test -f sysroot/ostree/deploy/testos/deploy/*.0/.ostree.cfs; then + fatal "found composefs unexpectedly" +fi + +# check maybe enablement +cd osdata +cat > usr/lib/ostree/prepare-root.conf << 'EOF' +[composefs] +enabled=maybe +EOF +cd - + +${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit --add-metadata-string version=1.composefs -b testos/buildmain/x86_64-runtime osdata ${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime ${CMD_PREFIX} ostree admin deploy --os=testos --karg=root=LABEL=foo --karg=testkarg=1 testos:testos/buildmain/x86_64-runtime