WIP: Changes for booting composefs native systems

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/bootc-disable.preset

@@ -0,0 +1,4 @@
+# Disable services that don't work with bootc/composefs
+disable coreos-warn-invalid-mounts.service
+disable coreos-populate-lvmdevices.service
+disable coreos-oci-migration-motd.service

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/coreos-boot-edit.service.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=true

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/coreos-ignition-unique-boot.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=true

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-check-rootfs-size.conf

@@ -0,0 +1,9 @@
+[Unit]
+After=
+After=bootc-initramfs-setup.service
+
+Requires=
+Requires=bootc-initramfs-setup.service
+
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-growfs.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-mount-var.conf

@@ -0,0 +1,10 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs
+
+[Service]
+ExecStart=
+ExecStart=true
+
+ExecStop=
+ExecStop=true

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-transposefs-autosave-xfs.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-transposefs-detect.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-transposefs-restore.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-transposefs-save.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-uuid-boot.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/ignition-ostree-uuid-root.conf

@@ -0,0 +1,3 @@
+[Unit]
+ConditionKernelCommandLine=
+ConditionKernelCommandLine=composefs

overlay.d/05core/usr/lib/dracut/modules.d/40bootc-coreos/module-setup.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+check() {
+    return 0
+}
+
+depends() {
+    echo systemd
+}
+
+install() {
+    inst_simple "$moddir/coreos-boot-edit.service.conf" \
+    "/etc/systemd/system/coreos-boot-edit.service.d/coreos-boot-edit.service.conf"
+
+    inst_simple "$moddir/coreos-ignition-unique-boot.conf" \
+    "/etc/systemd/system/coreos-ignition-unique-boot.service.d/coreos-ignition-unique-boot.conf"
+
+    inst_simple "$moddir/ignition-ostree-check-rootfs-size.conf" \
+    "/etc/systemd/system/ignition-ostree-check-rootfs-size.service.d/ignition-ostree-check-rootfs-size.conf"
+
+    inst_simple "$moddir/ignition-ostree-growfs.conf" \
+    "/etc/systemd/system/ignition-ostree-growfs.service.d/ignition-ostree-growfs.conf"
+
+    inst_simple "$moddir/ignition-ostree-mount-var.conf" \
+    "/etc/systemd/system/ignition-ostree-mount-var.service.d/ignition-ostree-mount-var.conf"
+
+    inst_simple "$moddir/ignition-ostree-transposefs-autosave-xfs.conf" \
+    "/etc/systemd/system/ignition-ostree-transposefs-autosave-xfs.service.d/ignition-ostree-transposefs-autosave-xfs.conf"
+
+    inst_simple "$moddir/ignition-ostree-transposefs-detect.conf" \
+    "/etc/systemd/system/ignition-ostree-transposefs-detect.service.d/ignition-ostree-transposefs-detect.conf"
+
+    inst_simple "$moddir/ignition-ostree-transposefs-restore.conf" \
+    "/etc/systemd/system/ignition-ostree-transposefs-restore.service.d/ignition-ostree-transposefs-restore.conf"
+
+    inst_simple "$moddir/ignition-ostree-transposefs-save.conf" \
+    "/etc/systemd/system/ignition-ostree-transposefs-save.service.d/ignition-ostree-transposefs-save.conf"
+
+    inst_simple "$moddir/ignition-ostree-uuid-boot.conf" \
+    "/etc/systemd/system/ignition-ostree-uuid-boot.service.d/ignition-ostree-uuid-boot.conf"
+
+    inst_simple "$moddir/ignition-ostree-uuid-root.conf" \
+    "/etc/systemd/system/ignition-ostree-uuid-root.service.d/ignition-ostree-uuid-root.conf"
+
+    inst_simple "$moddir/bootc-disable.preset" \
+    "/etc/systemd/system-preset/bootc-disable.preset"
+}

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh

@@ -306,8 +306,30 @@ case "${1:-}" in
         if [ -d "${saved_root}" ]; then
             echo "Restoring rootfs from RAM..."
             mount_and_restore_filesystem_by_label root /sysroot "${saved_root}"
-            chcon -v --reference "${saved_root}" /sysroot  # the root of the fs itself
-            chattr +i $(ls -d /sysroot/ostree/deploy/*/deploy/*/)
+
+            cfs_cmdline=$(karg composefs)
+
+            if [[ $cfs_cmdline == "" ]]; then
+                chcon -v --reference "${saved_root}" /sysroot  # the root of the fs itself
+                chattr +i $(ls -d /sysroot/ostree/deploy/*/deploy/*/)
+            else
+                # WE don't have any reference for the objects in composefs repo
+                chcon -v system_u:object_r:root_t:s0 /sysroot  # the root of the fs itself
+
+                hash_alg=""
+
+                if [[ $cfs_cmdline =~ ^[0-9a-fA-F]{64}$ ]]; then
+                    hash_alg="sha256"
+                elif [[ $cfs_cmdline =~ ^[0-9a-fA-F]{128}$ ]]; then
+                    hash_alg="sha512"
+                else
+                    echo "Bad verity in cmdline '$cfs_cmdline'"
+                    exit 1
+                fi
+
+                echo "Enabling fs-verity again..."
+                find /sysroot/composefs/objects -type f -exec fsverity enable {} --hash-alg $hash_alg \;
+            fi
         fi
         if [ -d "${saved_boot}" ]; then
             echo "Restoring bootfs from RAM..."

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh

@@ -77,7 +77,8 @@ install() {
         rm        \
         sed       \
         sfdisk    \
-        find
+        find      \
+        fsverity
 
     # In some cases we had to vendor gdisk in Ignition.
     # If this is the case here use that one.

overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service

@@ -6,7 +6,7 @@ ConditionPathExists=!/run/ostree-live
 # This condition is required for cases where a soft-reboot is issued on the
 # firstboot. Soft reboot do not change the kernel or its command-line arguments,
 # which would cause this service to fail after the soft-reboot completes.
-ConditionPathExists=/boot/ignition.firstboot
+# ConditionPathExists=/boot/ignition.firstboot
 RequiresMountsFor=/boot
 
 [Service]

overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete

@@ -1,5 +1,5 @@
 #!/bin/bash
-set -euo pipefail
+set -euox pipefail
 
 mount -o remount,rw /boot
 
@@ -11,9 +11,52 @@ rm -rf /boot/ignition
 # Regarding the lack of `-f` for rm ; we should have only run if GRUB detected
 # this file. Fail if we are unable to remove it, rather than risking rerunning
 # Ignition at next boot.
-rm /boot/ignition.firstboot
+if [[ -f "/boot/ignition.firstboot" ]]; then
+    # Added the if check as 40bootc-coreos/coreos-ignition-firstboot-complete removes the 
+    # check existence of this file
+    rm /boot/ignition.firstboot
+fi
 
 # rdcore zipl checks for /boot/ignition.firstboot
 if [[ $(uname -m) = s390x ]]; then
     /usr/lib/dracut/modules.d/50rdcore/rdcore zipl --boot-mount=/boot
 fi
+
+# Check if we booted via UKI, if yes, remove the ignition addon
+esp=$(
+    lsblk -o name,parttype,uuid,mountpoint --json | jq -r '
+        .blockdevices[]
+        | (.children // [])
+        | map(select(.parttype == "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"))[]
+    '
+)
+
+esp_dev="$(echo "$esp" | jq -r '.name')"
+
+if [[ "$esp_dev" == "null" ]]; then
+    exit 0
+fi
+
+esp_dev="/dev/$esp_dev"
+
+esp_dev_mntpoint="$(echo "$esp" | jq -r '.mountpoint')"
+
+if [[ "$esp_dev_mntpoint" == "null" ]]; then
+    esp_dev_mntpoint="/tmp/efi"
+
+    mkdir $esp_dev_mntpoint
+    mount "$esp_dev" $esp_dev_mntpoint
+fi
+
+# TODO: Pretty crude, but okay for now
+ignition_path=$(find "$esp_dev_mntpoint" -name "ignition.addon.efi")
+
+if [[ "$ignition_path" == "" ]]; then
+    echo "Ignition addon not found in ESP"
+    echo "Ignition addon needs to have the name 'ignition.addon.efi'"
+    exit 1
+fi
+
+rm "$ignition_path"
+
+umount "$esp_dev_mntpoint"