Composefs gc

Justfile

@@ -117,7 +117,7 @@ test-container: build build-units
     podman run --rm --env=BOOTC_variant={{variant}} --env=BOOTC_base={{base}} --env=BOOTC_boot_type={{boot_type}} {{base_img}} bootc-integration-tests container
 
 [group('core')]
-test-composefs bootloader filesystem boot_type seal_state:
+test-composefs bootloader filesystem boot_type seal_state *ARGS:
     @if [ "{{seal_state}}" = "sealed" ] && [ "{{filesystem}}" = "xfs" ]; then \
         echo "Invalid combination: sealed requires filesystem that supports fs-verity (ext4, btrfs)"; \
         exit 1; \
@@ -138,6 +138,7 @@ test-composefs bootloader filesystem boot_type seal_state:
                 --filesystem={{filesystem}} \
                 --seal-state={{seal_state}} \
                 --boot-type={{boot_type}} \
+                {{ARGS}} \
                 $(if [ "{{boot_type}}" = "uki" ]; then echo "readonly"; else echo "integration"; fi)
 
 # Run cargo fmt and clippy checks in container

crates/lib/src/bootc_composefs/boot.rs

@@ -91,7 +91,6 @@ use rustix::{mount::MountFlags, path::Arg};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
-use crate::bootc_composefs::state::{get_booted_bls, write_composefs_state};
 use crate::parsers::bls_config::{BLSConfig, BLSConfigType};
 use crate::task::Task;
 use crate::{
@@ -102,6 +101,10 @@ use crate::{
     bootc_composefs::repo::open_composefs_repo,
     store::{ComposefsFilesystem, Storage},
 };
+use crate::{
+    bootc_composefs::state::{get_booted_bls, write_composefs_state},
+    composefs_consts::TYPE1_BOOT_DIR_PREFIX,
+};
 use crate::{
     bootc_composefs::status::get_container_manifest_and_config, bootc_kargs::compute_new_kargs,
 };
@@ -126,8 +129,8 @@ pub(crate) const EFI_LINUX: &str = "EFI/Linux";
 const SYSTEMD_TIMEOUT: &str = "timeout 5";
 const SYSTEMD_LOADER_CONF_PATH: &str = "loader/loader.conf";
 
-const INITRD: &str = "initrd";
-const VMLINUZ: &str = "vmlinuz";
+pub(crate) const INITRD: &str = "initrd";
+pub(crate) const VMLINUZ: &str = "vmlinuz";
 
 const BOOTC_AUTOENROLL_PATH: &str = "usr/lib/bootc/install/secureboot-keys";
 
@@ -137,7 +140,7 @@ const AUTH_EXT: &str = "auth";
 /// directory specified by the BLS spec. We do this because we want systemd-boot to only look at
 /// our config files and not show the actual UKIs in the bootloader menu
 /// This is relative to the ESP
-pub(crate) const SYSTEMD_UKI_DIR: &str = "EFI/Linux/bootc";
+pub(crate) const BOOTC_UKI_DIR: &str = "EFI/Linux/bootc";
 
 pub(crate) enum BootSetupType<'a> {
     /// For initial setup, i.e. install to-disk
@@ -270,6 +273,11 @@ pub(crate) fn secondary_sort_key(os_id: &str) -> String {
     format!("bootc-{os_id}-{SORTKEY_PRIORITY_SECONDARY}")
 }
 
+/// Returns the name of the directory where we store Type1 boot entries
+pub(crate) fn get_type1_dir_name(depl_verity: &String) -> String {
+    format!("{TYPE1_BOOT_DIR_PREFIX}{depl_verity}")
+}
+
 /// Compute SHA256Sum of VMlinuz + Initrd
 ///
 /// # Arguments
@@ -381,10 +389,10 @@ fn write_bls_boot_entries_to_disk(
     entry: &UsrLibModulesVmlinuz<Sha512HashValue>,
     repo: &crate::store::ComposefsRepository,
 ) -> Result<()> {
-    let id_hex = deployment_id.to_hex();
+    let dir_name = get_type1_dir_name(&deployment_id.to_hex());
 
-    // Write the initrd and vmlinuz at /boot/<id>/
-    let path = boot_dir.join(&id_hex);
+    // Write the initrd and vmlinuz at /boot/composefs-<id>/
+    let path = boot_dir.join(&dir_name);
     create_dir_all(&path)?;
 
     let entries_dir = Dir::open_ambient_dir(&path, ambient_authority())
@@ -496,6 +504,7 @@ pub(crate) fn setup_composefs_bls_boot(
 
             cmdline_options.extend(&root_setup.kargs);
 
+            // TODO(Johan-Liebert1): Use ComposefsCmdline
             let composefs_cmdline = if state.composefs_options.allow_missing_verity {
                 format!("{COMPOSEFS_CMDLINE}=?{id_hex}")
             } else {
@@ -648,13 +657,18 @@ pub(crate) fn setup_composefs_bls_boot(
 
             let mut bls_config = BLSConfig::default();
 
+            let entries_dir = get_type1_dir_name(&id_hex);
+
             bls_config
                 .with_title(title)
                 .with_version(version)
                 .with_sort_key(sort_key)
                 .with_cfg(BLSConfigType::NonEFI {
-                    linux: entry_paths.abs_entries_path.join(&id_hex).join(VMLINUZ),
-                    initrd: vec![entry_paths.abs_entries_path.join(&id_hex).join(INITRD)],
+                    linux: entry_paths
+                        .abs_entries_path
+                        .join(&entries_dir)
+                        .join(VMLINUZ),
+                    initrd: vec![entry_paths.abs_entries_path.join(&entries_dir).join(INITRD)],
                     options: Some(cmdline_refs),
                 });
 
@@ -679,7 +693,16 @@ pub(crate) fn setup_composefs_bls_boot(
                         // We shouldn't error here as all our file names are UTF-8 compatible
                         let ent_name = ent.file_name()?;
 
-                        if shared_entries.contains(&ent_name) {
+                        let Some(entry_verity_part) = ent_name.strip_prefix(TYPE1_BOOT_DIR_PREFIX)
+                        else {
+                            // Not our directory
+                            continue;
+                        };
+
+                        if shared_entries
+                            .iter()
+                            .any(|shared_ent| shared_ent == entry_verity_part)
+                        {
                             shared_entry = Some(ent_name);
                             break;
                         }
@@ -793,7 +816,6 @@ fn write_pe_to_esp(
     uki_id: &Sha512HashValue,
     missing_fsverity_allowed: bool,
     mounted_efi: impl AsRef<Path>,
-    bootloader: &Bootloader,
 ) -> Result<Option<UKIInfo>> {
     let efi_bin = read_file(file, &repo).context("Reading .efi binary")?;
 
@@ -843,14 +865,8 @@ fn write_pe_to_esp(
         });
     }
 
-    // Write the UKI to ESP
-    let efi_linux_path = mounted_efi.as_ref().join(match bootloader {
-        Bootloader::Grub => EFI_LINUX,
-        Bootloader::Systemd => SYSTEMD_UKI_DIR,
-        Bootloader::None => unreachable!("Checked at install time"),
-    });
-
-    create_dir_all(&efi_linux_path).context("Creating EFI/Linux")?;
+    let efi_linux_path = mounted_efi.as_ref().join(BOOTC_UKI_DIR);
+    create_dir_all(&efi_linux_path).context("Creating bootc UKI directory")?;
 
     let final_pe_path = match file_path.parent() {
         Some(parent) => {
@@ -1000,7 +1016,7 @@ fn write_systemd_uki_config(
     bls_conf
         .with_title(boot_label.boot_label)
         .with_cfg(BLSConfigType::EFI {
-            efi: format!("/{SYSTEMD_UKI_DIR}/{}{}", id.to_hex(), EFI_EXT).into(),
+            efi: format!("/{BOOTC_UKI_DIR}/{}{}", id.to_hex(), EFI_EXT).into(),
         })
         .with_sort_key(primary_sort_key.clone())
         .with_version(boot_label.version.unwrap_or_else(|| id.to_hex()));
@@ -1143,7 +1159,6 @@ pub(crate) fn setup_composefs_uki_boot(
                     &id,
                     missing_fsverity_allowed,
                     esp_mount.dir.path(),
-                    &bootloader,
                 )?;
 
                 if let Some(label) = ret {