Update composefs, unified storage#2044
Merged
cgwalters merged 14 commits intobootc-dev:mainfrom May 5, 2026
Merged
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request refactors how container image manifest and configuration are handled for composefs deployments. Instead of storing them in a separate .imginfo file, the manifest digest is now stored in the .origin file, and the manifest/config are read directly from the composefs repository. This is a good improvement that centralizes image metadata storage. The changes are consistent across the codebase, and backward compatibility for older deployments with .imginfo files is maintained. I've found one area for improvement regarding repository handling efficiency.
cgwalters
force-pushed
the
prep-composefs-manifest
branch
3 times, most recently
from
ef5cb0f to
d1f366d
Compare
Collaborator
Author
|
OK, this is passing tests now and I think is a notable cleanup. I think this may be one of the last ~breaking changes for the composefs installation layout. |
Collaborator
Author
|
Actually thinking about this more...it feels like we should really be creating tags in the cfs repo instead of using this additional root stuff. That's effectively what ostree does with Basically we create
In particular a key thing is that this works if the composefs repo holds other data such as app images. |
cgwalters
force-pushed
the
prep-composefs-manifest
branch
2 times, most recently
from
215b824 to
e3b7826
Compare
| needless_borrow = "allow" | ||
| needless_borrows_for_generic_args = "allow" | ||
|
|
||
| [patch."https://github.com/composefs/composefs-rs"] |
Collaborator
There was a problem hiding this comment.
I don't think we need this
Collaborator
Author
There was a problem hiding this comment.
We do it's for composefs/composefs-rs#263
|
|
||
| tracing::debug!("img_bootloader_diff: {img_bootloader_diff:#?}"); | ||
| // Bootloader entries without a state dir are from interrupted cleanups. | ||
| let orphaned_boot_entries: Vec<_> = bootloader_entries |
Collaborator
There was a problem hiding this comment.
this will always be an empty vec iiuc? Since we always delete the bootloader entries first
Johan-Liebert1
pushed a commit
to cgwalters/composefs-rs
that referenced
this pull request
Mar 17, 2026
The open_config() return type changed from a tuple to the OpenConfig struct. Point the bootc reverse-dep CI at bootc-dev/bootc#2044 which has the matching API update, until that PR is merged to main. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
github-merge-queue Bot
pushed a commit
to composefs/composefs-rs
that referenced
this pull request
Apr 2, 2026
The OCI digest cleanup breaks the bootc API boundary. Re-enable once bootc-dev/bootc#2044 lands on bootc main. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
force-pushed
the
prep-composefs-manifest
branch
3 times, most recently
from
1af0080 to
e19a663
Compare
Closed
cgwalters
force-pushed
the
prep-composefs-manifest
branch
from
e19a663 to
d5ba655
Compare
github-actions
Bot
added
area/system-reinstall-bootc
cgwalters
force-pushed
the
prep-composefs-manifest
branch
from
d5ba655 to
c936426
Compare
Open
cgwalters
force-pushed
the
prep-composefs-manifest
branch
2 times, most recently
from
af78b32 to
9bee491
Compare
`just bcvk up` with `BOOTC_variant=composefs` silently ignored the variant — it read the env var but never passed `--composefs-backend` or related flags to `bcvk libvirt run`, so the VM always installed with the ostree backend. Extract a shared `BcvkInstallOpts` helper (new `bcvk.rs` module) that both `sysext.rs` and `tmt.rs` use to build bcvk CLI arguments from `BOOTC_*` environment variables. This fixes the sysext path and eliminates the duplicated firmware/install arg construction in tmt. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
The xtask run-tmt command now reads BOOTC_bootloader, BOOTC_filesystem, BOOTC_seal_state, and BOOTC_boot_type directly via clap env support. When BOOTC_variant=composefs, --composefs-backend is implied automatically. This means `just test-tmt` works correctly with composefs env vars set, without the Justfile needing to forward flags manually. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
Add a podman_client module for pulling container images through podman's native libpod HTTP API with streaming per-blob download progress displayed via indicatif. Starts a transient `podman system service` against bootc's custom storage root (reusing bind_storage_roots and setup_auth helpers) and talks to it over a Unix socket. The response NDJSON stream is read line-by-line via AsyncBufReadExt. Also fix get_ensure_imgstore() to work on composefs-only systems by falling back to physical_root when ostree is not initialized. Factor setup_auth() out of new_podman_cmd_in() so both the CLI podman commands and the API service share the same auth setup. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
The composefs backend has a multi-dimensional configuration space (variant, bootloader, boot_type, seal_state, filesystem) with non-obvious constraints between them. Add a clear reference table and common workflow examples to CONTRIBUTING.md, and a quick-start cheat sheet to the Justfile header. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
By far the biggest change here is to how we do our GC logic. Now, composefs-rs itself holds refs to the EROFS images; we just need to hold onto the images themselves. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
Add unified storage support to the composefs path, leveraging the new support for containers-storage. See: composefs/composefs-rs#285 Assisted-by: OpenCode (Claude Opus 4) Assisted-by: OpenCode (Claude Sonnet 4.6) Signed-off-by: Colin Walters <walters@verbum.org>
Instead of reading the in memory filesystem to get /usr/lib/os-release get it from the mounted EROFS. This is also prep for providing backwards compatibility due to our newly introduced prefix `bootc_composefs-` where we'll need to create new boot entries and we can get the `os_id` from the mounted root Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com> Signed-off-by: Colin Walters <walters@verbum.org>
While finishing up GC, we had come up with the idea of prepending our boot binaries (UKI PEs, BLS directories) with a certain prefix and we ended up hard requiring these prefixes. If someone has an older version of bootc which they used to install their system with, then upgrade to a new version, many if not all of the important operations would cease to work. This basically handles the backwards compatibility of new binaries on older systems by prepending our custom prefix to all existing boot binaries Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com> Signed-off-by: Colin Walters <walters@verbum.org>
prepend_custom_prefix() already checks has_prefix on each entry and skips those that already have it, so it is safe to call on every boot with no extra cost when migration is already done. Running it unconditionally ensures it fires correctly on systems upgrading from older bootc versions that lacked the prefix. Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com> Signed-off-by: Colin Walters <walters@verbum.org>
Add some basic infra to mock up enough of an installed root to use in unit tests - specifically targeted for the bootloader logic. Assisted-by: OpenCode (Claude Opus 4) Signed-off-by: Colin Walters <walters@verbum.org>
…yment Switching to an image whose composefs EROFS digest is identical to any existing deployment (booted, staged, rollback, or pinned) is now an error. Two images from different sources can produce byte-identical content; silently reusing an existing state directory would be wrong because its /etc was seeded from a different image. Assisted-by: OpenCode (Claude Sonnet 4.5) Signed-off-by: Colin Walters <walters@verbum.org>
When a user has previously opted into unified storage, all subsequent switch and upgrade operations should continue using that path. Previously only the target image was checked; this also checks the booted image, so that switching to a new image while already on unified storage automatically stays on the unified path without requiring an explicit flag. Assisted-by: OpenCode (Claude Sonnet 4.5) Signed-off-by: Colin Walters <walters@verbum.org>
When iterating with the bcvk dev VM, developers often have a locally built composefs image (localhost/bootc). Automatically using that if it exists avoids having to explicitly set BOOTC_BASE_IMAGE on every invocation, and ensures the VM uses the correct bootloader (e.g. systemd-boot) rather than the upstream base's grub. Assisted-by: OpenCode (Claude Sonnet 4.5) Signed-off-by: Colin Walters <walters@verbum.org>
Regression test for bootc-dev#1808 where `bootc internals cfs gc` was deleting objects backing live deployments. Add `--assert-no-op` to `bootc internals composefs-gc` (implies `--dry-run`) which exits non-zero if GC would remove any objects or prune any OCI symlinks. This gives tests and health-checks a clean machine-readable signal without parsing human-readable output. Use it in the composefs readonly smoke test in place of the previous approach of capturing stdout and grepping for count strings. Assisted-by: OpenCode (Claude Sonnet 4.6) Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
force-pushed
the
prep-composefs-manifest
branch
from
9bee491 to
9fcb406
Compare
Johan-Liebert1
approved these changes
May 5, 2026
github-merge-queue
Bot
removed this pull request from the merge queue due to no response for status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
Collaborator
Author
|
Man, it was just one job that flaked on koji. bootc-dev/infra#143 (comment) |
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The latest composefs-rs stores manifest and config objects and
the manifest becomes a GC root, so we can use that instead of
.imginfosidecar files.
The flow now is:
bootloader entry -> deployment -> origin file
-> manifest digest -> manifest -> [config | objects]
For backward compatibility, fall back to the legacy .imginfo
file if the .origin does not contain a manifest_digest key.
Drop the really old hacky fallback that did network fetches.
Note the manifest becomes part of the GC root.
Closes: #1977