cli/composefs: Handle rollback for composefs

This commit does not handle the edge cases that arise with rollbacks
when there is a staged deployment present.

For Grub BLS case, we create a new `loader/entries.staged` directory,
write the new boot entries, then atomically swap `loader/entries` and
`loader/entries.staged`.

For Grub UKI case, we regenerate `grub2/user.cfg` using the images
present in `/sysroot/state/deploy/`

To distinguish whether the currently booted system is booted with a UKI
or BLS, we add an entry to origin file called `boot_type`

Signed-off-by: Johan-Liebert1 <[email protected]>

Author: Johan-Liebert1

lib/Cargo.toml

@@ -54,6 +54,8 @@ uuid = { version = "1.8.0", features = ["v4"] }
 tini = "1.3.0"
 comfy-table = "7.1.1"
 thiserror = { workspace = true }
+openat = "0.1.21"
+openat-ext = "0.2.3"
 
 [dev-dependencies]
 similar-asserts = { workspace = true }

lib/src/cli.rs

@@ -25,7 +25,7 @@ use ostree_ext::ostree;
 use schemars::schema_for;
 use serde::{Deserialize, Serialize};
 
-use crate::deploy::RequiredHostSpec;
+use crate::deploy::{composefs_rollback, RequiredHostSpec};
 use crate::install::{
     pull_composefs_repo, setup_composefs_bls_boot, setup_composefs_uki_boot, write_composefs_state,
     BootSetupType, BootType,
@@ -949,8 +949,7 @@ async fn switch_composefs(opts: SwitchOpts) -> Result<()> {
         anyhow::bail!("Target image is undefined")
     };
 
-    let (repo, entries, id) =
-        pull_composefs_repo(&target_imgref.transport, &target_imgref.image).await?;
+    let (repo, entries, id) = pull_composefs_repo(&"docker".into(), &target_imgref.image).await?;
 
     let Some(entry) = entries.into_iter().next() else {
         anyhow::bail!("No boot entries!");
@@ -1043,8 +1042,12 @@ async fn switch(opts: SwitchOpts) -> Result<()> {
 /// Implementation of the `bootc rollback` CLI command.
 #[context("Rollback")]
 async fn rollback(opts: RollbackOpts) -> Result<()> {
-    let sysroot = &get_storage().await?;
-    crate::deploy::rollback(sysroot).await?;
+    if composefs_booted()? {
+        composefs_rollback().await?
+    } else {
+        let sysroot = &get_storage().await?;
+        crate::deploy::rollback(sysroot).await?;
+    };
 
     if opts.apply {
         crate::reboot::reboot()?;

lib/src/deploy.rs

@@ -3,7 +3,9 @@
 //! Create a merged filesystem tree with the image and mounted configmaps.
 
 use std::collections::HashSet;
+use std::fs::create_dir_all;
 use std::io::{BufRead, Write};
+use std::path::PathBuf;
 
 use anyhow::Ok;
 use anyhow::{anyhow, Context, Result};
@@ -21,13 +23,17 @@ use ostree_ext::ostree::{self, Sysroot};
 use ostree_ext::sysroot::SysrootLock;
 use ostree_ext::tokio_util::spawn_blocking_cancellable_flatten;
 
+use crate::bls_config::{parse_bls_config, BLSConfig};
+use crate::install::{get_efi_uuid_source, get_user_config, BootType};
 use crate::progress_jsonl::{Event, ProgressWriter, SubTaskBytes, SubTaskStep};
 use crate::spec::ImageReference;
-use crate::spec::{BootOrder, HostSpec};
-use crate::status::labels_of_config;
+use crate::spec::{BootOrder, HostSpec, BootEntry};
+use crate::status::{composefs_deployment_status, labels_of_config};
 use crate::store::Storage;
 use crate::utils::async_task_with_spinner;
 
+use openat_ext::OpenatDirExt;
+
 // TODO use https://github.com/ostreedev/ostree-rs-ext/pull/493/commits/afc1837ff383681b947de30c0cefc70080a4f87a
 const BASE_IMAGE_PREFIX: &str = "ostree/container/baseimage/bootc";
 
@@ -740,6 +746,165 @@ pub(crate) async fn stage(
     Ok(())
 }
 
+
+#[context("Rolling back UKI")]
+pub(crate) fn rollback_composefs_uki(current: &BootEntry, rollback: &BootEntry) -> Result<()> {
+    let user_cfg_name = "grub2/user.cfg.staged";
+    let user_cfg_path = PathBuf::from("/sysroot/boot").join(user_cfg_name);
+
+    let efi_uuid_source = get_efi_uuid_source();
+
+    // TODO: Need to check if user.cfg.staged exists
+    let mut usr_cfg = std::fs::OpenOptions::new()
+        .write(true)
+        .create(true)
+        .truncate(true)
+        .open(user_cfg_path)
+        .with_context(|| format!("Opening {user_cfg_name}"))?;
+
+    usr_cfg.write(efi_uuid_source.as_bytes())?;
+
+    let verity = if let Some(composefs) = &rollback.composefs {
+        composefs.verity.clone()
+    } else {
+        // Shouldn't really happen
+        anyhow::bail!("Verity not found for rollback deployment")
+    };
+    usr_cfg.write(get_user_config(&verity).as_bytes())?;
+
+    let verity = if let Some(composefs) = &current.composefs {
+        composefs.verity.clone()
+    } else {
+        // Shouldn't really happen
+        anyhow::bail!("Verity not found for booted deployment")
+    };
+    usr_cfg.write(get_user_config(&verity).as_bytes())?;
+
+    Ok(())
+}
+
+/// Filename for `loader/entries`
+const CURRENT_ENTRIES: &str = "entries";
+const ROLLBACK_ENTRIES: &str = "entries.staged";
+
+#[context("Getting boot entries")]
+pub(crate) fn get_sorted_boot_entries(ascending: bool) -> Result<Vec<BLSConfig>> {
+    let mut all_configs = vec![];
+
+    for entry in std::fs::read_dir(format!("/sysroot/boot/loader/{CURRENT_ENTRIES}"))? {
+        let entry = entry?;
+
+        let file_name = entry.file_name();
+
+        let file_name = file_name
+            .to_str()
+            .ok_or(anyhow::anyhow!("Found non UTF-8 characters in filename"))?;
+
+        if !file_name.ends_with(".conf") {
+            continue;
+        }
+
+        let contents = std::fs::read_to_string(&entry.path())
+            .with_context(|| format!("Failed to read {:?}", entry.path()))?;
+
+        let config = parse_bls_config(&contents).context("Parsing bls config")?;
+
+        all_configs.push(config);
+    }
+
+    all_configs.sort_by(|a, b| if ascending { a.cmp(b) } else { b.cmp(a) });
+
+    return Ok(all_configs);
+}
+
+#[context("Rolling back BLS")]
+pub(crate) fn rollback_composefs_bls() -> Result<()> {
+    // Sort in descending order as that's the order they're shown on the boot screen
+    // After this:
+    // all_configs[0] -> booted depl
+    // all_configs[1] -> rollback depl
+    let mut all_configs = get_sorted_boot_entries(false)?;
+
+    // Update the indicies so that they're swapped
+    for (idx, cfg) in all_configs.iter_mut().enumerate() {
+        cfg.version = idx as u32;
+    }
+
+    assert!(all_configs.len() == 2);
+
+    // Write these
+    let dir_path = PathBuf::from(format!("/sysroot/boot/loader/{ROLLBACK_ENTRIES}"));
+    create_dir_all(&dir_path).with_context(|| format!("Failed to create dir: {dir_path:?}"))?;
+
+    // Write the BLS configs in there
+    for cfg in all_configs {
+        let file_name = format!("bootc-composefs-{}.conf", cfg.version);
+
+        let mut file = std::fs::OpenOptions::new()
+            .create(true)
+            .write(true)
+            .open(dir_path.join(&file_name))
+            .with_context(|| format!("Opening {file_name}"))?;
+
+        file.write_all(cfg.to_string().as_bytes())
+            .with_context(|| format!("Writing to {file_name}"))?;
+    }
+
+    // Atomically exchange "entries" <-> "entries.rollback"
+    let dir = openat::Dir::open("/sysroot/boot/loader").context("Opening loader dir")?;
+
+    tracing::debug!("Atomically exchanging for {ROLLBACK_ENTRIES} and {CURRENT_ENTRIES}");
+    dir.local_exchange(ROLLBACK_ENTRIES, CURRENT_ENTRIES)
+        .context("local exchange")?;
+
+    tracing::debug!("Removing {ROLLBACK_ENTRIES}");
+    dir.remove_all(ROLLBACK_ENTRIES)
+        .context("Removing entries.rollback")?;
+
+    tracing::debug!("Syncing to disk");
+    dir.syncfs().context("syncfs")?;
+
+    Ok(())
+}
+
+#[context("Rolling back composefs")]
+pub(crate) async fn composefs_rollback() -> Result<()> {
+    let host = composefs_deployment_status().await?;
+
+    let new_spec = {
+        let mut new_spec = host.spec.clone();
+        new_spec.boot_order = new_spec.boot_order.swap();
+        new_spec
+    };
+
+    // Just to be sure
+    host.spec.verify_transition(&new_spec)?;
+
+    let reverting = new_spec.boot_order == BootOrder::Default;
+    if reverting {
+        println!("notice: Reverting queued rollback state");
+    }
+
+    let rollback_status = host
+        .status
+        .rollback
+        .ok_or_else(|| anyhow!("No rollback available"))?;
+
+    // TODO: Handle staged deployment
+    // Ostree will drop any staged deployment on rollback but will keep it if it is the first item
+    // in the new deployment list
+    let Some(rollback_composefs_entry) = &rollback_status.composefs else {
+        anyhow::bail!("Rollback deployment not a composefs deployment")
+    };
+
+    match rollback_composefs_entry.boot_type {
+        BootType::Bls => rollback_composefs_bls(),
+        BootType::Uki => rollback_composefs_uki(&host.status.booted.unwrap(), &rollback_status),
+    }?;
+
+    Ok(())
+}
+
 /// Implementation of rollback functionality
 pub(crate) async fn rollback(sysroot: &Storage) -> Result<()> {
     const ROLLBACK_JOURNAL_ID: &str = "26f3b1eb24464d12aa5e7b544a6b5468";

lib/src/install.rs

@@ -67,6 +67,7 @@ use ostree_ext::{
 #[cfg(feature = "install-to-disk")]
 use rustix::fs::FileTypeExt;
 use rustix::fs::MetadataExt as _;
+use rustix::path::Arg;
 use serde::{Deserialize, Serialize};
 use schemars::JsonSchema;
 
@@ -1696,7 +1697,7 @@ pub fn get_esp_partition(device: &str) -> Result<(String, Option<String>)> {
     Ok((esp.node, esp.uuid))
 }
 
-fn get_user_config(uki_id: &str) -> String {
+pub(crate) fn get_user_config(uki_id: &str) -> String {
     let s = format!(
         r#"
 menuentry "Fedora Bootc UKI: ({uki_id})" {{
@@ -1712,15 +1713,27 @@ menuentry "Fedora Bootc UKI: ({uki_id})" {{
 }
 
 /// Contains the EFP's filesystem UUID. Used by grub
-const EFI_UUID_FILE: &str = "efiuuid.cfg";
+pub(crate) const EFI_UUID_FILE: &str = "efiuuid.cfg";
+
+/// Returns the beginning of the grub2/user.cfg file
+/// where we source a file containing the ESPs filesystem UUID
+pub(crate) fn get_efi_uuid_source() -> String {
+    format!(
+        r#"
+if [ -f ${{config_directory}}/{EFI_UUID_FILE} ]; then
+        source ${{config_directory}}/{EFI_UUID_FILE}
+fi
+"#
+    )
+}
 
 #[context("Setting up UKI boot")]
 pub(crate) fn setup_composefs_uki_boot(
     setup_type: BootSetupType,
     // TODO: Make this generic
     repo: ComposefsRepository<Sha256HashValue>,
     id: &Sha256HashValue,
-    entry: BootEntry<Sha256HashValue>,
+    entry: ComposefsBootEntry<Sha256HashValue>,
 ) -> Result<()> {
     let (root_path, esp_device) = match setup_type {
         BootSetupType::Setup(root_setup) => {
@@ -1784,13 +1797,7 @@ pub(crate) fn setup_composefs_uki_boot(
 
     let is_upgrade = matches!(setup_type, BootSetupType::Upgrade);
 
-    let efi_uuid_source = format!(
-        r#"
-if [ -f ${{config_directory}}/{EFI_UUID_FILE} ]; then
-        source ${{config_directory}}/{EFI_UUID_FILE}
-fi
-"#
-    );
+    let efi_uuid_source = get_efi_uuid_source();
 
     let user_cfg_name = if is_upgrade {
         "grub2/user.cfg.staged"
@@ -1800,6 +1807,8 @@ fi
     let user_cfg_path = boot_dir.join(user_cfg_name);
 
     // Iterate over all available deployments, and generate a menuentry for each
+    //
+    // TODO: We might find a staged deployment here
     if is_upgrade {
         let mut usr_cfg = std::fs::OpenOptions::new()
             .write(true)
@@ -1863,7 +1872,7 @@ pub(crate) async fn pull_composefs_repo(
     image: &String,
 ) -> Result<(
     ComposefsRepository<Sha256HashValue>,
-    Vec<BootEntry<Sha256HashValue>>,
+    Vec<ComposefsBootEntry<Sha256HashValue>>,
     Sha256HashValue,
 )> {
     let rootfs_dir = cap_std::fs::Dir::open_ambient_dir("/sysroot", cap_std::ambient_authority())?;

lib/src/spec.rs

@@ -10,6 +10,7 @@ use ostree_ext::{container::OstreeImageReference, oci_spec};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
+use crate::install::BootType;
 use crate::{k8sapitypes, status::Slot};
 
 const API_VERSION: &str = "org.containers.bootc/v1";
@@ -169,6 +170,8 @@ pub struct BootEntryOstree {
 pub struct BootEntryComposefs {
     /// The erofs verity
     pub verity: String,
+    /// Whether this deployment is to be booted via BLS or UKI
+    pub boot_type: BootType,
 }
 
 /// A bootable entry