feat: add support for erofs layers

Ramkumar Chinchani · rchincha · commit ed7a2590abfb · 2025-02-15T16:23:20.000-08:00
atomfs has added support for additional filesystem types such as erofs.

Signed-off-by: Ramkumar Chinchani &lt;rchincha@cisco.com&gt;
Signed-off-by: Ramkumar Chinchani &lt;rchincha.dev@gmail.com&gt;
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -67,6 +67,7 @@ jobs:
       - name: install dependencies
         run: |
           ./install-build-deps.sh
+          sudo apt-get install -y linux-modules-extra-$(uname -r)
           echo "running kernel is: $(uname -a)"
       - name: docker-clone
         run: |
diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml
@@ -32,7 +32,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     services:
       registry:
         image: ghcr.io/project-stacker/registry:2
@@ -68,6 +68,7 @@ jobs:
       - name: install dependencies
         run: |
           ./install-build-deps.sh
+          sudo apt-get install -y linux-modules-extra-$(uname -r)
           echo "running kernel is: $(uname -a)"
       - name: docker-clone
         run: |
diff --git a/cmd/stacker/build.go b/cmd/stacker/build.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 
 	cli "github.com/urfave/cli/v2"
-	"machinerun.io/atomfs/squashfs"
+	"machinerun.io/atomfs/pkg/verity"
 	"stackerbuild.io/stacker/pkg/stacker"
 	"stackerbuild.io/stacker/pkg/types"
 )
@@ -52,12 +52,12 @@ func initCommonBuildFlags() []cli.Flag {
 		},
 		&cli.StringSliceFlag{
 			Name:  "layer-type",
-			Usage: "set the output layer type (supported values: tar, squashfs); can be supplied multiple times",
+			Usage: "set the output layer type (supported values: tar, squashfs, erofs); can be supplied multiple times",
 			Value: cli.NewStringSlice("tar"),
 		},
 		&cli.BoolFlag{
-			Name:  "no-squashfs-verity",
-			Usage: "do not append dm-verity data to squashfs archives",
+			Name:  "no-verity",
+			Usage: "do not append dm-verity data to fs archives",
 		},
 		&cli.BoolFlag{
 			Name:  "require-hash",
@@ -103,7 +103,7 @@ func newBuildArgs(ctx *cli.Context) (stacker.BuildArgs, error) {
 		AnnotationsNamespace: ctx.String("annotations-namespace"),
 	}
 	var err error
-	verity := squashfs.VerityMetadata(!ctx.Bool("no-squashfs-verity"))
+	verity := verity.VerityMetadata(!ctx.Bool("no-verity"))
 	args.LayerTypes, err = types.NewLayerTypes(ctx.StringSlice("layer-type"), verity)
 	return args, err
 }
diff --git a/cmd/stacker/inspect.go b/cmd/stacker/inspect.go
@@ -11,7 +11,7 @@ import (
 	"github.com/opencontainers/umoci/oci/casext"
 	"github.com/pkg/errors"
 	cli "github.com/urfave/cli/v2"
-	stackeroci "machinerun.io/atomfs/oci"
+	stackeroci "machinerun.io/atomfs/pkg/oci"
 )
 
 var inspectCmd = cli.Command{
diff --git a/cmd/stacker/internal_go.go b/cmd/stacker/internal_go.go
@@ -9,7 +9,7 @@ import (
 	"github.com/pkg/errors"
 	cli "github.com/urfave/cli/v2"
 	"golang.org/x/sys/unix"
-	"machinerun.io/atomfs"
+	"machinerun.io/atomfs/pkg/molecule"
 	"stackerbuild.io/stacker/pkg/lib"
 	"stackerbuild.io/stacker/pkg/log"
 	"stackerbuild.io/stacker/pkg/overlay"
@@ -176,14 +176,14 @@ func doAtomfsMount(ctx *cli.Context) error {
 	tag := ctx.Args().Get(0)
 	mountpoint := ctx.Args().Get(1)
 
-	opts := atomfs.MountOCIOpts{
+	opts := molecule.MountOCIOpts{
 		OCIDir:                 config.OCIDir,
 		Tag:                    tag,
 		Target:                 mountpoint,
 		AllowMissingVerityData: true,
 	}
 
-	mol, err := atomfs.BuildMoleculeFromOCI(opts)
+	mol, err := molecule.BuildMoleculeFromOCI(opts)
 	if err != nil {
 		return err
 	}
@@ -199,5 +199,5 @@ func doAtomfsUmount(ctx *cli.Context) error {
 	}
 
 	mountpoint := ctx.Args().Get(0)
-	return atomfs.Umount(mountpoint)
+	return molecule.Umount(mountpoint)
 }
diff --git a/cmd/stacker/publish.go b/cmd/stacker/publish.go
@@ -3,7 +3,7 @@ package main
 import (
 	"github.com/pkg/errors"
 	cli "github.com/urfave/cli/v2"
-	"machinerun.io/atomfs/squashfs"
+	"machinerun.io/atomfs/pkg/verity"
 	"stackerbuild.io/stacker/pkg/lib"
 	"stackerbuild.io/stacker/pkg/stacker"
 	"stackerbuild.io/stacker/pkg/types"
@@ -69,7 +69,7 @@ var publishCmd = cli.Command{
 		},
 		&cli.StringSliceFlag{
 			Name:  "layer-type",
-			Usage: "set the output layer type (supported values: tar, squashfs); can be supplied multiple times",
+			Usage: "set the output layer type (supported values: tar, squashfs, erofs); can be supplied multiple times",
 			Value: cli.NewStringSlice("tar"),
 		},
 		&cli.StringSliceFlag{
@@ -108,7 +108,7 @@ func beforePublish(ctx *cli.Context) error {
 }
 
 func doPublish(ctx *cli.Context) error {
-	verity := squashfs.VerityMetadata(!ctx.Bool("no-squashfs-verity"))
+	verity := verity.VerityMetadata(!ctx.Bool("no-verity"))
 	layerTypes, err := types.NewLayerTypes(ctx.StringSlice("layer-type"), verity)
 	if err != nil {
 		return err
diff --git a/cmd/stacker/validate.go b/cmd/stacker/validate.go
@@ -50,6 +50,8 @@ func validateLayerTypeFlags(ctx *cli.Context) error {
 			break
 		case "squashfs":
 			break
+		case "erofs":
+			break
 		default:
 			return errors.Errorf("unknown layer type: %s", layerType)
 		}
diff --git a/go.mod b/go.mod
@@ -19,7 +19,7 @@ require (
 	github.com/mitchellh/hashstructure v1.1.0
 	github.com/moby/buildkit v0.11.4
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.0-rc4
+	github.com/opencontainers/image-spec v1.1.0
 	github.com/opencontainers/umoci v0.4.8-0.20220412065115-12453f247749
 	github.com/pkg/errors v0.9.1
 	github.com/pkg/xattr v0.4.9
@@ -290,5 +290,6 @@ require (
 
 replace (
 	github.com/opencontainers/umoci => github.com/project-stacker/umoci v0.0.0-20240906174318-e9397ba4ced0
+	machinerun.io/atomfs => github.com/rchincha/atomfs v0.0.0-20250216002037-e582f37114f4
 	stackerbuild.io/stacker-bom => github.com/project-stacker/stacker-bom v0.0.0-20240509203427-4d685e046780
 )
diff --git a/go.sum b/go.sum
@@ -754,8 +754,8 @@ github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3ev
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
-github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
 github.com/opencontainers/runc v1.2.3 h1:fxE7amCzfZflJO2lHXf4y/y8M1BoAqp+FVmG19oYB80=
 github.com/opencontainers/runc v1.2.3/go.mod h1:nSxcWUydXrsBZVYNSkTjoQ/N6rcyTtn+1SD5D4+kRIM=
 github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
@@ -821,6 +821,8 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/rchincha/atomfs v0.0.0-20250216002037-e582f37114f4 h1:3V1d2yzgSHqMwe5CQnFV/N6Zej1qpQV1OrQpnmTsmv4=
+github.com/rchincha/atomfs v0.0.0-20250216002037-e582f37114f4/go.mod h1:jrGbuGXiCPi4LFoMvcPRnqPGlxe3pW8UtLEnhUcGRmI=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@@ -1598,8 +1600,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-machinerun.io/atomfs v1.1.3 h1:oV1SH7VI2MqAks7FlirhLLKvyVcJkMB0NFevXF8EJaU=
-machinerun.io/atomfs v1.1.3/go.mod h1:qXz4epm3/7vEpEyf9YaTCafp3CwbUeDa1XrYyx7qbPc=
 modernc.org/libc v1.37.6 h1:orZH3c5wmhIQFTXF+Nt+eeauyd+ZIt2BX6ARe+kD+aw=
 modernc.org/libc v1.37.6/go.mod h1:YAXkAZ8ktnkCKaN9sw/UDeUVkGYJ/YquGO4FTi5nmHE=
 modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
diff --git a/install-build-deps.sh b/install-build-deps.sh
@@ -44,6 +44,8 @@ installdeps_ubuntu() {
         squashfuse
         libarchive-tools
         shellcheck
+        erofs-utils
+        erofsfuse
     )
 
     case "$VERSION_ID" in
diff --git a/pkg/lib/image_test.go b/pkg/lib/image_test.go
@@ -13,7 +13,8 @@ import (
 	"github.com/opencontainers/umoci/mutate"
 	"github.com/opencontainers/umoci/oci/casext"
 	"github.com/stretchr/testify/assert"
-	"machinerun.io/atomfs/squashfs"
+	"machinerun.io/atomfs/pkg/squashfs"
+	"machinerun.io/atomfs/pkg/verity"
 )
 
 func createImage(dir string, tag string) error {
@@ -48,7 +49,7 @@ func createImage(dir string, tag string) error {
 
 	// need *something* in the layer, why not just recursively include the
 	// OCI image for maximum confusion :)
-	layer, mediaType, _, err := squashfs.MakeSquashfs(dir, path.Join(dir, "oci"), nil, squashfs.VerityMetadataMissing)
+	layer, mediaType, _, err := squashfs.MakeSquashfs(dir, path.Join(dir, "oci"), nil, verity.VerityMetadataMissing)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/overlay/metadata.go b/pkg/overlay/metadata.go
@@ -10,7 +10,7 @@ import (
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/umoci/oci/casext"
 	"github.com/pkg/errors"
-	stackeroci "machinerun.io/atomfs/oci"
+	stackeroci "machinerun.io/atomfs/pkg/oci"
 	"stackerbuild.io/stacker/pkg/log"
 	"stackerbuild.io/stacker/pkg/types"
 )
diff --git a/pkg/overlay/pack.go b/pkg/overlay/pack.go
@@ -22,8 +22,9 @@ import (
 	"github.com/opencontainers/umoci/oci/layer"
 	"github.com/pkg/errors"
 	"github.com/pkg/xattr"
-	stackeroci "machinerun.io/atomfs/oci"
-	"machinerun.io/atomfs/squashfs"
+	stackerfs "machinerun.io/atomfs/pkg/fs"
+	stackeroci "machinerun.io/atomfs/pkg/oci"
+	"machinerun.io/atomfs/pkg/verity"
 	"stackerbuild.io/stacker/pkg/lib"
 	"stackerbuild.io/stacker/pkg/log"
 	"stackerbuild.io/stacker/pkg/storage"
@@ -280,7 +281,8 @@ func generateBlob(layerType types.LayerType, contents string, ociDir string, low
 		blob = layer.GenerateInsertLayer(contents, "/", false, &packOptions)
 		mediaType = ispec.MediaTypeImageLayer
 	} else {
-		blob, mediaType, rootHash, err = squashfs.MakeSquashfs(ociDir, contents, nil, layerType.Verity)
+		fsi := stackerfs.New(stackerfs.FilesystemType(layerType.Type))
+		blob, mediaType, rootHash, err = fsi.Make(ociDir, contents, nil, layerType.Verity)
 		if err != nil {
 			return nil, "", "", err
 		}
@@ -303,7 +305,7 @@ func ociPutBlob(blob io.ReadCloser, config types.StackerConfig, layerMediaType s
 
 	annotations := map[string]string{}
 	if rootHash != "" {
-		annotations[squashfs.VerityRootHashAnnotation] = rootHash
+		annotations[verity.VerityRootHashAnnotation] = rootHash
 	}
 
 	desc := ispec.Descriptor{
@@ -443,7 +445,7 @@ func generateLayer(config types.StackerConfig, _ casext.Engine, mutators []*muta
 		} else {
 			annotations := map[string]string{}
 			if rootHash != "" {
-				annotations[squashfs.VerityRootHashAnnotation] = rootHash
+				annotations[verity.VerityRootHashAnnotation] = rootHash
 			}
 			desc, err = mutator.Add(context.Background(), mediaType, blob, history, mutate.NoopCompressor, annotations)
 			if err != nil {
@@ -693,10 +695,11 @@ func unpackOne(l ispec.Descriptor, ociDir string, extractDir string) error {
 		return nil
 	}
 
-	if squashfs.IsSquashfsMediaType(l.MediaType) {
-		return squashfs.ExtractSingleSquash(
+	if fsi := stackerfs.NewFromMediaType(l.MediaType); fsi != nil {
+		return fsi.ExtractSingle(
 			path.Join(ociDir, "blobs", "sha256", l.Digest.Encoded()), extractDir)
 	}
+
 	switch l.MediaType {
 	case ispec.MediaTypeImageLayer, ispec.MediaTypeImageLayerGzip:
 		tarEx.Lock()
diff --git a/pkg/types/layer_type.go b/pkg/types/layer_type.go
@@ -7,14 +7,16 @@ import (
 
 	ispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
-	"machinerun.io/atomfs/squashfs"
+	"machinerun.io/atomfs/pkg/erofs"
+	"machinerun.io/atomfs/pkg/squashfs"
+	"machinerun.io/atomfs/pkg/verity"
 )
 
 var ErrEmptyLayers = errors.New("empty layers")
 
 type LayerType struct {
 	Type   string
-	Verity squashfs.VerityMetadata
+	Verity verity.VerityMetadata
 }
 
 func (lt LayerType) String() string {
@@ -44,15 +46,17 @@ func (lt *LayerType) UnmarshalText(text []byte) error {
 		return errors.Wrapf(err, "bad verity bool: %s", fields[1])
 	}
 
-	lt.Verity = squashfs.VerityMetadata(result)
+	lt.Verity = verity.VerityMetadata(result)
 
 	return nil
 }
 
-func NewLayerType(lt string, verity squashfs.VerityMetadata) (LayerType, error) {
+func NewLayerType(lt string, verity verity.VerityMetadata) (LayerType, error) {
 	switch lt {
 	case "squashfs":
 		return LayerType{Type: lt, Verity: verity}, nil
+	case "erofs":
+		return LayerType{Type: lt, Verity: verity}, nil
 	case "tar":
 		return LayerType{Type: lt}, nil
 	default:
@@ -62,31 +66,38 @@ func NewLayerType(lt string, verity squashfs.VerityMetadata) (LayerType, error)
 
 func NewLayerTypeManifest(manifest ispec.Manifest) (LayerType, error) {
 	if len(manifest.Layers) == 0 {
-		return NewLayerType("tar", squashfs.VerityMetadataMissing)
+		return NewLayerType("tar", verity.VerityMetadataMissing)
 	}
 
+	_, verityMetadataPresent := manifest.Layers[0].Annotations[verity.VerityRootHashAnnotation]
+
 	switch manifest.Layers[0].MediaType {
 	case squashfs.BaseMediaTypeLayerSquashfs:
 		// older stackers generated media types without compression information
 		fallthrough
-	case squashfs.GenerateSquashfsMediaType(squashfs.GzipCompression, squashfs.VerityMetadataMissing):
+	case squashfs.GenerateSquashfsMediaType(squashfs.GzipCompression):
+		fallthrough
+	case squashfs.GenerateSquashfsMediaType(squashfs.ZstdCompression):
+		return NewLayerType("squashfs", verity.VerityMetadata(verityMetadataPresent))
+	case erofs.BaseMediaTypeLayerErofs:
+		// older stackers generated media types without compression information
+		fallthrough
+	case erofs.GenerateErofsMediaType(erofs.LZ4HCCompression):
 		fallthrough
-	case squashfs.GenerateSquashfsMediaType(squashfs.ZstdCompression, squashfs.VerityMetadataMissing):
-		return NewLayerType("squashfs", squashfs.VerityMetadataMissing)
-	case squashfs.GenerateSquashfsMediaType(squashfs.GzipCompression, squashfs.VerityMetadataPresent):
+	case erofs.GenerateErofsMediaType(erofs.LZ4Compression):
 		fallthrough
-	case squashfs.GenerateSquashfsMediaType(squashfs.ZstdCompression, squashfs.VerityMetadataPresent):
-		return NewLayerType("squashfs", squashfs.VerityMetadataPresent)
+	case erofs.GenerateErofsMediaType(erofs.ZstdCompression):
+		return NewLayerType("erofs", verity.VerityMetadata(verityMetadataPresent))
 	case ispec.MediaTypeImageLayerGzip:
 		fallthrough
 	case ispec.MediaTypeImageLayer:
-		return NewLayerType("tar", squashfs.VerityMetadataMissing)
+		return NewLayerType("tar", verity.VerityMetadataMissing)
 	default:
 		return LayerType{}, errors.Errorf("invalid layer type %s", manifest.Layers[0].MediaType)
 	}
 }
 
-func NewLayerTypes(lts []string, verity squashfs.VerityMetadata) ([]LayerType, error) {
+func NewLayerTypes(lts []string, verity verity.VerityMetadata) ([]LayerType, error) {
 	ret := []LayerType{}
 	for _, lt := range lts {
 		hoisted, err := NewLayerType(lt, verity)
diff --git a/test/atomfs-erofs.bats b/test/atomfs-erofs.bats
diff --git a/test/atomfs-squashfs.bats b/test/atomfs-squashfs.bats

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import (`
`11`	`11`	`"github.com/opencontainers/umoci/oci/casext"`
`12`	`12`	`"github.com/pkg/errors"`
`13`	`13`	`cli "github.com/urfave/cli/v2"`
`14`		`- stackeroci "machinerun.io/atomfs/oci"`
	`14`	`+ stackeroci "machinerun.io/atomfs/pkg/oci"`
`15`	`15`	`)`
`16`	`16`
`17`	`17`	`var inspectCmd = cli.Command{`
Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,8 @@ func validateLayerTypeFlags(ctx *cli.Context) error {`
`50`	`50`	`break`
`51`	`51`	`case "squashfs":`
`52`	`52`	`break`
	`53`	`+ case "erofs":`
	`54`	`+ break`
`53`	`55`	`default:`
`54`	`56`	`return errors.Errorf("unknown layer type: %s", layerType)`
`55`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,8 @@ installdeps_ubuntu() {`
`44`	`44`	`squashfuse`
`45`	`45`	`libarchive-tools`
`46`	`46`	`shellcheck`
	`47`	`+ erofs-utils`
	`48`	`+ erofsfuse`
`47`	`49`	`)`
`48`	`50`
`49`	`51`	`case "$VERSION_ID" in`