Composefs

meta-lmp-base/classes/lmp.bbclass

@@ -157,6 +157,9 @@ IMAGE_TYPES += "ota-esp"
 EXTRA_IMAGECMD:ota-esp ?= ""
 IMAGE_CMD:ota-esp = "oe_mkotaespfs ota-esp ${EXTRA_IMAGECMD}"
 
+EXTRA_OSTREE_COMMIT:append = "${@bb.utils.contains('DISTRO_FEATURES', 'cfs', ' --generate-composefs-metadata --sign-from-file=${CFS_SIGN_KEYDIR}/${CFS_SIGN_KEYNAME}.sec --sign-type=ed25519 ', '', d)}"
+IMAGE_CMD:ostreecommit[vardeps] += "EXTRA_OSTREE_COMMIT "
+
 # LMP specific cleanups after the main ostree image from meta-updater
 IMAGE_CMD:ostree:append () {
 	# No need for files under /boot as we use ostree-kernel-initramfs

meta-lmp-base/conf/distro/lmp.conf

@@ -10,6 +10,7 @@ OSTREE_OSNAME = "lmp"
 INITRAMFS_IMAGE = "initramfs-ostree-lmp-image"
 INITRAMFS_FSTYPES = "cpio.gz"
 OSTREE_KERNEL ?= "${@oe.utils.conditional('KERNEL_IMAGETYPE', 'fitImage', '${KERNEL_IMAGETYPE}-${INITRAMFS_IMAGE}-${MACHINE}-${KERNEL_FIT_LINK_NAME}', '${KERNEL_IMAGETYPE}', d)}"
+OSTREE_OTA_REPO_CONFIG:append = "${@bb.utils.contains('DISTRO_FEATURES', 'cfs', ' ex-integrity.composefs:true ex-integrity.fsverity:maybe', '', d)}"
 OSTREE_KERNEL_ARGS_COMMON ?= "root=LABEL=otaroot rootfstype=ext4"
 OSTREE_KERNEL_ARGS ?= "${OSTREE_KERNEL_ARGS_COMMON}"
 OSTREE_SPLIT_BOOT ?= "0"

meta-lmp-base/recipes-core/base-files/base-files_%.bbappend

@@ -6,6 +6,12 @@ do_install:append () {
     if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
         install -D -m 0644 ${WORKDIR}/tmpfiles.conf ${D}${nonarch_libdir}/tmpfiles.d/${PN}.conf
     fi
+    # Get rid of the /dev/root entry in fstab to avoid errors from
+    # systemd-remount-fs
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'cfs', 'true', 'false', d)}; then
+        sed -i -e '\#^ */dev/root#d' ${D}${sysconfdir}/fstab
+    fi
+
 }
 
 FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/${PN}.conf"

meta-lmp-base/recipes-core/images/initramfs-ostree-lmp-image.bb

@@ -6,6 +6,7 @@ PACKAGE_INSTALL = "initramfs-framework-base \
 	initramfs-module-ostree \
 	initramfs-module-ostree-factory-reset \
 	${VIRTUAL-RUNTIME_base-utils} \
+	${@bb.utils.contains('DISTRO_FEATURES', 'cfs', 'initramfs-module-ostree-composefs', '', d)} \
 	${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'initramfs-framework-ima', '', d)} \
 	${@bb.utils.contains('DISTRO_FEATURES', 'luks', '${PACKAGE_INSTALL_LUKS}', '', d)} \
 	udev base-passwd e2fsprogs-e2fsck \

meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/cryptfs

@@ -143,6 +143,8 @@ cryptfs_run() {
 	if ! cryptsetup isLuks ${root_dev}; then
 		# Partition not yet encrypted
 		msg "${root_dev} not yet encrypted, encrypting with LUKS2"
+		# Enable fs-verify early
+		[ -n "$bootparam_composefs" ] && tune2fs -O verity ${root_dev} 2>/dev/null
 		e2fsck_check ${root_dev}
 		block_size=`dumpe2fs -h ${root_dev} 2>/dev/null | grep "^Block size" | cut -d ':' -f 2 | tr -d ' '`
 		block_count=`dumpe2fs -h ${root_dev} 2>/dev/null | grep "^Block count" | cut -d ':' -f 2 | tr -d ' '`

meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/ostree

@@ -7,8 +7,17 @@ ostree_enabled() {
 }
 
 ostree_run() {
+	COMPOSEFS_CONF="/usr/lib/ostree/prepare-root.conf"
+
 	if [ -n "$ROOTFS_DIR" ]; then
-		info "Preparing OSTree root at '$ROOTFS_DIR'..."
+		if [ -e "$COMPOSEFS_CONF" ]; then
+			if [ -e /etc/ostree/composefs ]; then
+				. /etc/ostree/composefs
+				ostree_composefs_prepare
+			fi
+		fi
+
+		msg "Preparing OSTree root at '$ROOTFS_DIR'..."
 		/usr/lib/ostree/ostree-prepare-root $ROOTFS_DIR
 	else
 		debug "No rootfs has been set"

meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/ostree_composefs

@@ -0,0 +1,57 @@
+#!/bin/sh
+# Copyright (C) 2024 Open Source Foundries Ltd.
+# Licensed on MIT
+
+ostree_composefs_prepare() {
+	COMPOSEFS_CONF="/usr/lib/ostree/prepare-root.conf"
+	COMPOSEFS_NAME=".ostree.cfs"
+	SYSROOT_DIR="/sysroot"
+
+	composefs=$(sed -n '/\[composefs\]/{:a;n;/enabled/{s/.*=//p;q};ba}' "$COMPOSEFS_CONF")
+	[ "$composefs" != "signed" ] && return 0
+
+	# Store kernel configs in a variable
+	kernel_config=$(zcat /proc/config.gz)
+
+	# Check kernel configs
+	missing_configs=""
+	for config in "CONFIG_EROFS_FS=y" "CONFIG_OVERLAY_FS=y" "CONFIG_FS_VERITY=y"; do
+		echo "$kernel_config" | grep -q "$config" || missing_configs="$missing_configs $config"
+	done
+
+	[ -n "$missing_configs" ] && fatal "FATAL: Make sure your kernel enabled$missing_configs !!!"
+
+	# Composefs uses SYSROOT_DIR
+	ln -sf "$ROOTFS_DIR" "$SYSROOT_DIR"
+
+	force=""
+	# Check if all measurements are already available
+	for cfsfile_ in "${SYSROOT_DIR}/ostree/deploy"/*/deploy/*/"${COMPOSEFS_NAME}"; do
+		# If enabled already, skip
+		if ! fsverity measure "${cfsfile_}" > /dev/null 2>/dev/null; then
+			force="true"
+			break
+		fi
+	done
+
+	# CI already enabled fs-verity on the deployment
+	[ ! -n "$force" ] && return 0
+
+	msg "Enabling signed Composefs with fs-verity"
+
+	# Try to enable fs-verity on the disk
+	[ -n "$bootparam_root" ] && tune2fs -O verity $bootparam_root > /dev/null 2>/dev/null
+
+	# Track time spent
+	t0="$(date '+%s')"
+
+	# Enable on all repo objects
+	find "${SYSROOT_DIR}/ostree/repo/objects" -exec fsverity enable '{}' \; 2>/dev/null
+
+	# Enable on all composefs images
+	find "${SYSROOT_DIR}/ostree/deploy" -type f -name "${COMPOSEFS_NAME}" -exec fsverity enable '{}' \; 2>/dev/null
+	t1="$(date '+%s')"
+
+	# Output time spent
+	msg "fsverity: $((t1 - t0)) seconds."
+}

meta-lmp-base/recipes-core/initrdscripts/initramfs-framework/ostree_composefs.conf

@@ -0,0 +1,2 @@
+[composefs]
+enabled=signed

meta-lmp-base/recipes-core/initrdscripts/initramfs-framework_%.bbappend

@@ -5,6 +5,8 @@ SRC_URI:append = " \
 	file://cryptfs_pkcs11 \
 	file://cryptfs_tpm2 \
 	file://ostree \
+	file://ostree_composefs \
+	file://ostree_composefs.conf \
 	file://ostree_factory_reset \
 	file://ostree_recovery \
 	file://run-tmpfs.patch \
@@ -15,6 +17,7 @@ PACKAGES:append = " \
 	initramfs-module-cryptfs-pkcs11 \
 	initramfs-module-cryptfs-tpm2 \
 	initramfs-module-ostree \
+	initramfs-module-ostree-composefs \
 	initramfs-module-ostree-factory-reset \
 	initramfs-module-ostree-recovery \
 "
@@ -37,6 +40,10 @@ SUMMARY:initramfs-module-ostree = "initramfs support for ostree based filesystem
 RDEPENDS:initramfs-module-ostree = "${PN}-base ostree-switchroot"
 FILES:initramfs-module-ostree = "/init.d/98-ostree"
 
+SUMMARY:initramfs-module-ostree-composefs = "composefs support for ostree"
+RDEPENDS:initramfs-module-ostree-composefs = "initramfs-module-ostree e2fsprogs-tune2fs fsverity-utils"
+FILES:initramfs-module-ostree-composefs = "${sysconfdir}/ostree/composefs ${sysconfdir}/ostree/initramfs-root-binding.key /usr/lib/ostree/prepare-root.conf"
+
 SUMMARY:initramfs-module-ostree-factory-reset = "initramfs support for ostree based filesystems"
 RDEPENDS:initramfs-module-ostree-factory-reset = "${PN}-base ostree-switchroot"
 FILES:initramfs-module-ostree-factory-reset = "/init.d/98-ostree_factory_reset"
@@ -47,12 +54,20 @@ FILES:initramfs-module-ostree-recovery = "/init.d/98-ostree_recovery /recovery.d
 
 do_install:append() {
 	install -d ${D}/recovery.d
+
 	install -d ${D}/${sysconfdir}/cryptfs
 	install -m 0644 ${WORKDIR}/cryptfs_pkcs11 ${D}/${sysconfdir}/cryptfs/pkcs11
 	install -m 0644 ${WORKDIR}/cryptfs_tpm2 ${D}/${sysconfdir}/cryptfs/tpm2
-
 	install -m 0755 ${WORKDIR}/cryptfs ${D}/init.d/80-cryptfs
+
+	install -d ${D}/${sysconfdir}/ostree
+	install -m 0644 ${WORKDIR}/ostree_composefs ${D}/${sysconfdir}/ostree/composefs
+	install -d ${D}/usr/lib/ostree
+	install -m 0644 ${WORKDIR}/ostree_composefs.conf ${D}/usr/lib/ostree/prepare-root.conf
+	install -m 0644 ${CFS_SIGN_KEYDIR}/${CFS_SIGN_KEYNAME}.pub \
+	                    ${D}${sysconfdir}/ostree/initramfs-root-binding.key
 	install -m 0755 ${WORKDIR}/ostree ${D}/init.d/98-ostree
+
 	install -m 0755 ${WORKDIR}/ostree_factory_reset ${D}/init.d/98-ostree_factory_reset
 	install -m 0755 ${WORKDIR}/ostree_recovery ${D}/init.d/98-ostree_recovery
 }

meta-lmp-base/recipes-extended/ostree/ostree/0001-Allow-updating-files-in-the-boot-directory.patch

@@ -1,7 +1,7 @@
-From 4db0d7e240865d4a5cc13b492b38c6ff34f468ab Mon Sep 17 00:00:00 2001
+From 7c12b8576a9844c41f81d8f4a03f5545bae53fec Mon Sep 17 00:00:00 2001
 From: Gatis Paeglis <[email protected]>
 Date: Mon, 22 Aug 2016 11:32:16 +0200
-Subject: [PATCH 1/2] Allow updating files in the /boot directory
+Subject: [PATCH] Allow updating files in the /boot directory
 
 This patch adds support for copying (or hardlinking on
 single partition systems) all files from the deployment's
@@ -13,18 +13,20 @@ be enabled by 'touch .ostree-bootcsumdir-source' in
 Upstream-Status: Inappropriate [lmp specific]
 
 Signed-off-by: Ricardo Salveti <[email protected]>
+Signed-off-by: Jose Quaresma <[email protected]>
+
 ---
  Makefile-tests.am                     |   1 +
- src/libostree/ostree-sysroot-deploy.c | 139 ++++++++++++++++++++++++--
- tests/test-bootdir-update.sh          |  39 ++++++++
- 3 files changed, 172 insertions(+), 7 deletions(-)
+ src/libostree/ostree-sysroot-deploy.c | 141 ++++++++++++++++++++++++--
+ tests/test-bootdir-update.sh          |  39 +++++++
+ 3 files changed, 173 insertions(+), 8 deletions(-)
  create mode 100755 tests/test-bootdir-update.sh
 
 diff --git a/Makefile-tests.am b/Makefile-tests.am
-index efbcad9a..5193a224 100644
+index c6f9420e..eabd0462 100644
 --- a/Makefile-tests.am
 +++ b/Makefile-tests.am
-@@ -147,6 +147,7 @@ _installed_or_uninstalled_test_scripts = \
+@@ -158,6 +158,7 @@ _installed_or_uninstalled_test_scripts = \
  	tests/test-signed-pull.sh \
  	tests/test-pre-signed-pull.sh \
  	tests/test-signed-pull-summary.sh \
@@ -33,10 +35,10 @@ index efbcad9a..5193a224 100644
 
  if USE_GPGME
 diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c
-index a8bf9f44..2793617b 100644
+index f777b92f..0348fb41 100644
 --- a/src/libostree/ostree-sysroot-deploy.c
 +++ b/src/libostree/ostree-sysroot-deploy.c
-@@ -285,6 +285,37 @@ checksum_dir_recurse (int          dfd,
+@@ -282,9 +282,52 @@ checksum_dir_recurse (int dfd, const char *path, OtChecksum *checksum, GCancella
    return TRUE;
  }
 
@@ -72,12 +74,8 @@ index a8bf9f44..2793617b 100644
 +                  GError         **error);
 +
  static gboolean
- copy_dir_recurse (int              src_parent_dfd,
-                   int              dest_parent_dfd,
-@@ -292,6 +323,18 @@ copy_dir_recurse (int              src_parent_dfd,
-                   OstreeSysrootDebugFlags flags,
-                   GCancellable    *cancellable,
-                   GError         **error)
+ copy_dir_recurse (int src_parent_dfd, int dest_parent_dfd, const char *name,
+                   OstreeSysrootDebugFlags flags, GCancellable *cancellable, GError **error)
 +{
 +  return hardlink_or_copy_dir_recurse (src_parent_dfd, dest_parent_dfd, name, FALSE, flags, cancellable, error);
 +}
@@ -91,53 +89,57 @@ index a8bf9f44..2793617b 100644
 +                  GCancellable    *cancellable,
 +                  GError         **error)
  {
-   g_auto(GLnxDirFdIterator) src_dfd_iter = { 0, };
-   glnx_autofd int dest_dfd = -1;
-@@ -326,17 +369,28 @@ copy_dir_recurse (int              src_parent_dfd,
+   g_auto (GLnxDirFdIterator) src_dfd_iter = {
+     0,
+@@ -320,20 +363,31 @@ copy_dir_recurse (int src_parent_dfd, int dest_parent_dfd, const char *name,
 
        if (S_ISDIR (child_stbuf.st_mode))
          {
--          if (!copy_dir_recurse (src_dfd_iter.fd, dest_dfd, dent->d_name,
--                                 flags, cancellable, error))
-+          if (!hardlink_or_copy_dir_recurse (src_dfd_iter.fd, dest_dfd, dent->d_name,
-+                                 hardlink, flags, cancellable, error))
+-          if (!copy_dir_recurse (src_dfd_iter.fd, dest_dfd, dent->d_name, flags, cancellable,
+-                                 error))
++          if (!hardlink_or_copy_dir_recurse (src_dfd_iter.fd, dest_dfd, dent->d_name, hardlink,
++                                 flags, cancellable, error))
              return FALSE;
          }
        else
          {
--          if (!glnx_file_copy_at (src_dfd_iter.fd, dent->d_name, &child_stbuf,
--                                  dest_dfd, dent->d_name,
--                                  sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
--                                  cancellable, error))
--            return glnx_prefix_error (error, "Copying %s", dent->d_name);
-+          if (hardlink)
-+            {
-+              if (!hardlink_or_copy_at (src_dfd_iter.fd, dent->d_name,
-+                                        dest_dfd, dent->d_name,
-+                                        sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
-+                                        cancellable, error))
-+                return FALSE;
-+            }
-+          else
-+            {
-+              if (!glnx_file_copy_at (src_dfd_iter.fd, dent->d_name, &child_stbuf,
-+                                      dest_dfd, dent->d_name,
-+                                      sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
-+                                      cancellable, error))
-+                return glnx_prefix_error (error, "Copying %s", dent->d_name);
-+            }
-         }
-     }
-
-@@ -1749,6 +1803,7 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
+           if (S_ISLNK (child_stbuf.st_mode) || S_ISREG (child_stbuf.st_mode))
+             {
+-              if (!glnx_file_copy_at (src_dfd_iter.fd, dent->d_name, &child_stbuf, dest_dfd,
+-                                      dent->d_name,
+-                                      sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
+-                                      cancellable, error))
+-                return glnx_prefix_error (error, "Copying %s", dent->d_name);
+-            }
++              if (hardlink)
++                {
++                  if (!hardlink_or_copy_at (src_dfd_iter.fd, dent->d_name,
++                                            dest_dfd, dent->d_name,
++                                            sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
++                                            cancellable, error))
++                    return FALSE;
++                }
++              else
++                {
++                  if (!glnx_file_copy_at (src_dfd_iter.fd, dent->d_name, &child_stbuf, dest_dfd,
++                                          dent->d_name,
++                                          sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
++                                          cancellable, error))
++                    return glnx_prefix_error (error, "Copying %s", dent->d_name);
++                }
++          }
+           else
+             {
+               ot_journal_print (LOG_INFO,
+@@ -1888,6 +1942,7 @@ install_deployment_kernel (OstreeSysroot *sysroot, int new_bootversion,
 
  {
    GLNX_AUTO_PREFIX_ERROR ("Installing kernel", error);
 +  g_auto(GLnxDirFdIterator) dfd_iter = { 0, };
    OstreeBootconfigParser *bootconfig = ostree_deployment_get_bootconfig (deployment);
    g_autofree char *deployment_dirpath = ostree_sysroot_get_deployment_dirpath (sysroot, deployment);
    glnx_autofd int deployment_dfd = -1;
-@@ -1895,6 +1950,76 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
+@@ -2056,6 +2111,76 @@ install_deployment_kernel (OstreeSysroot *sysroot, int new_bootversion,
        g_ptr_array_add (overlay_initrds, g_steal_pointer (&destpath));
      }
 
@@ -259,6 +261,3 @@ index 00000000..f69c1253
 +assert_file_has_content sysroot/boot/ostree/testos-${bootcsum}/subdir/2 "2"
 +
 +echo "ok boot dir with .ostree-bootcsumdir-source"
--- 
-2.34.1
-

meta-lmp-base/recipes-extended/ostree/ostree/0002-u-boot-add-bootdir-to-the-generated-uEnv.txt.patch

@@ -1,7 +1,7 @@
-From 40795e2dcf1bbb0a4c1e3a4b53925d970fb5c9ff Mon Sep 17 00:00:00 2001
+From 1351d90a6a01d635ce1c26ba471110eaf9f1d1e7 Mon Sep 17 00:00:00 2001
 From: Gatis Paeglis <[email protected]>
 Date: Mon, 22 Aug 2016 15:52:21 +0200
-Subject: [PATCH 2/2] u-boot: add 'bootdir' to the generated uEnv.txt
+Subject: [PATCH] u-boot: add 'bootdir' to the generated uEnv.txt
 
 When doing a full copy of:
 
@@ -26,24 +26,26 @@ bootdir=/boot/ostree/$os-$bootcsum/ is a better approach here, as
 Upstream-Status: Inappropriate [lmp specific]
 
 Signed-off-by: Ricardo Salveti <[email protected]>
+Signed-off-by: Jose Quaresma <[email protected]>
+
 ---
  src/libostree/ostree-bootloader-uboot.c | 4 ++++
  tests/test-bootdir-update.sh            | 1 +
  2 files changed, 5 insertions(+)
 
 diff --git a/src/libostree/ostree-bootloader-uboot.c b/src/libostree/ostree-bootloader-uboot.c
-index 7e23001e..0ccb739f 100644
+index 41280cf1..bfdc5c91 100644
 --- a/src/libostree/ostree-bootloader-uboot.c
 +++ b/src/libostree/ostree-bootloader-uboot.c
-@@ -113,6 +113,7 @@ create_config_from_boot_loader_entries (OstreeBootloaderUboot     *self,
-   g_autoptr(GPtrArray) boot_loader_configs = NULL;
+@@ -106,6 +106,7 @@ create_config_from_boot_loader_entries (OstreeBootloaderUboot *self, int bootver
+   g_autoptr (GPtrArray) boot_loader_configs = NULL;
    OstreeBootconfigParser *config;
    const char *val;
 +  g_autofree char *bootdir = NULL;
 
    if (!_ostree_sysroot_read_boot_loader_configs (self->sysroot, bootversion, &boot_loader_configs,
                                                   cancellable, error))
-@@ -136,6 +137,9 @@ create_config_from_boot_loader_entries (OstreeBootloaderUboot     *self,
+@@ -129,6 +130,9 @@ create_config_from_boot_loader_entries (OstreeBootloaderUboot *self, int bootver
          }
        g_ptr_array_add (new_lines, g_strdup_printf ("kernel_image%s=/boot%s", index_suffix, val));
 
@@ -64,6 +66,3 @@ index f69c1253..9365b29e 100755
 +assert_file_has_content sysroot/boot/uEnv.txt "bootdir="
 
  echo "ok boot dir with .ostree-bootcsumdir-source"
--- 
-2.34.1
-