composefs: Read manifest+config from composefs repo instead of .imginfo

As of recently composefs-oci stores the manifest+config in the composefs
repo too, so switch over to using that by default. We discover
which manifest is in use by storing its digest in the origin.

For backwards compatibility, get_imginfo() falls back to reading
legacy .imginfo files for deployments created before this change.

But we can now drop the original version of this which fetched
from the network.

Assisted-by: OpenCode (Claude Opus 4)
Signed-off-by: Colin Walters <walters@verbum.org>

Author: cgwalters

crates/lib/src/bootc_composefs/boot.rs

@@ -93,31 +93,20 @@ use rustix::{mount::MountFlags, path::Arg};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
+use crate::bootc_composefs::state::{get_booted_bls, write_composefs_state};
+use crate::bootc_kargs::compute_new_kargs;
+use crate::composefs_consts::{TYPE1_BOOT_DIR_PREFIX, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED};
+use crate::parsers::bls_config::{BLSConfig, BLSConfigType};
 use crate::task::Task;
-use crate::{
-    bootc_composefs::repo::get_imgref,
-    composefs_consts::{TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED},
-};
 use crate::{
     bootc_composefs::repo::open_composefs_repo,
     store::{ComposefsFilesystem, Storage},
 };
-use crate::{
-    bootc_composefs::state::{get_booted_bls, write_composefs_state},
-    composefs_consts::TYPE1_BOOT_DIR_PREFIX,
-};
-use crate::{
-    bootc_composefs::status::get_container_manifest_and_config, bootc_kargs::compute_new_kargs,
-};
 use crate::{bootc_composefs::status::get_sorted_grub_uki_boot_entries, install::PostFetchState};
-use crate::{
-    composefs_consts::UKI_NAME_PREFIX,
-    parsers::bls_config::{BLSConfig, BLSConfigType},
-};
 use crate::{
     composefs_consts::{
         BOOT_LOADER_ENTRIES, COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST,
-        STAGED_BOOT_LOADER_ENTRIES, STATE_DIR_ABS, USER_CFG, USER_CFG_STAGED,
+        STAGED_BOOT_LOADER_ENTRIES, STATE_DIR_ABS, UKI_NAME_PREFIX, USER_CFG, USER_CFG_STAGED,
     },
     spec::{Bootloader, Host},
 };
@@ -1259,23 +1248,23 @@ fn get_secureboot_keys(fs: &Dir, p: &str) -> Result<Option<SecurebootKeys>> {
 pub(crate) async fn setup_composefs_boot(
     root_setup: &RootSetup,
     state: &State,
-    image_id: &str,
+    pull_result: &composefs_oci::skopeo::PullResult<Sha512HashValue>,
     allow_missing_fsverity: bool,
 ) -> Result<()> {
     const COMPOSEFS_BOOT_SETUP_JOURNAL_ID: &str = "1f0e9d8c7b6a5f4e3d2c1b0a9f8e7d6c5";
 
     tracing::info!(
         message_id = COMPOSEFS_BOOT_SETUP_JOURNAL_ID,
         bootc.operation = "boot_setup",
-        bootc.image_id = image_id,
+        bootc.config_digest = pull_result.config_digest,
         bootc.allow_missing_fsverity = allow_missing_fsverity,
         "Setting up composefs boot",
     );
 
     let mut repo = open_composefs_repo(&root_setup.physical_root)?;
     repo.set_insecure(allow_missing_fsverity);
 
-    let mut fs = create_composefs_filesystem(&repo, image_id, None)?;
+    let mut fs = create_composefs_filesystem(&repo, &pull_result.config_digest, None)?;
     let entries = fs.transform_for_boot(&repo)?;
     let id = fs.commit_image(&repo, None)?;
     let mounted_fs = Dir::reopen_dir(
@@ -1343,11 +1332,7 @@ pub(crate) async fn setup_composefs_boot(
         None,
         boot_type,
         boot_digest,
-        &get_container_manifest_and_config(&get_imgref(
-            &state.source.imageref.transport.to_string(),
-            &state.source.imageref.name,
-        ))
-        .await?,
+        &pull_result.manifest_digest,
         allow_missing_fsverity,
     )
     .await?;

crates/lib/src/bootc_composefs/export.rs

@@ -43,7 +43,7 @@ pub async fn export_repo_to_image(
 
     let depl_verity = depl_verity.ok_or_else(|| anyhow::anyhow!("Image {source} not found"))?;
 
-    let imginfo = get_imginfo(storage, &depl_verity, None).await?;
+    let imginfo = get_imginfo(storage, &depl_verity)?;
 
     // We want the digest in the form of "sha256:abc123"
     let config_digest = format!("{}", imginfo.manifest.config().digest());

crates/lib/src/bootc_composefs/gc.rs

@@ -313,7 +313,7 @@ pub(crate) async fn composefs_gc(
             continue;
         }
 
-        let image = get_imginfo(storage, verity, None).await?;
+        let image = get_imginfo(storage, verity)?;
         let stream = format!("oci-config-{}", image.manifest.config().digest());
 
         additional_roots.push(verity.clone());

crates/lib/src/bootc_composefs/repo.rs

@@ -100,7 +100,6 @@ pub(crate) fn get_imgref(transport: &str, image: &str) -> String {
 
 /// Result of pulling a composefs repository, including the OCI manifest digest
 /// needed to reconstruct image metadata from the local composefs repo.
-#[allow(dead_code)]
 pub(crate) struct PullRepoResult {
     pub(crate) repo: crate::store::ComposefsRepository,
     pub(crate) entries: Vec<ComposefsBootEntry<Sha512HashValue>>,

crates/lib/src/bootc_composefs/state.rs

@@ -26,16 +26,14 @@ use rustix::{
 
 use crate::bootc_composefs::boot::BootType;
 use crate::bootc_composefs::repo::get_imgref;
-use crate::bootc_composefs::status::{
-    ImgConfigManifest, StagedDeployment, get_sorted_type1_boot_entries,
-};
+use crate::bootc_composefs::status::{StagedDeployment, get_sorted_type1_boot_entries};
 use crate::parsers::bls_config::BLSConfigType;
 use crate::store::{BootedComposefs, Storage};
 use crate::{
     composefs_consts::{
         COMPOSEFS_CMDLINE, COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR,
-        ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_BOOT_TYPE, SHARED_VAR_PATH,
-        STATE_DIR_RELATIVE,
+        ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_BOOT_TYPE, ORIGIN_KEY_IMAGE,
+        ORIGIN_KEY_MANIFEST_DIGEST, SHARED_VAR_PATH, STATE_DIR_RELATIVE,
     },
     parsers::bls_config::BLSConfig,
     spec::ImageReference,
@@ -222,15 +220,15 @@ pub(crate) fn update_boot_digest_in_origin(
 /// * `staged`            - Whether this is a staged deployment (writes to transient state dir)
 /// * `boot_type`         - Boot loader type (`Bls` or `Uki`)
 /// * `boot_digest`       - Optional boot digest for verification
-/// * `container_details` - Container manifest and config used to create this deployment
+/// * `manifest_digest`   - OCI manifest content digest, stored in the origin file so the
+///                         manifest+config can be retrieved from the composefs repo later
 ///
 /// # State Directory Structure
 ///
 /// Creates the following structure under `/sysroot/state/deploy/{deployment_id}/`:
 /// * `etc/`                    - Copy of system configuration files
 /// * `var`                     - Symlink to shared `/var` directory
-/// * `{deployment_id}.origin`  - OSTree-style origin configuration
-/// * `{deployment_id}.imginfo` - Container image manifest and config as JSON
+/// * `{deployment_id}.origin`  - Origin configuration with image ref, boot, and image metadata
 ///
 /// For staged deployments, also writes to `/run/composefs/staged-deployment`.
 #[context("Writing composefs state")]
@@ -241,7 +239,7 @@ pub(crate) async fn write_composefs_state(
     staged: Option<StagedDeployment>,
     boot_type: BootType,
     boot_digest: String,
-    container_details: &ImgConfigManifest,
+    manifest_digest: &str,
     allow_missing_fsverity: bool,
 ) -> Result<()> {
     let state_path = root_path
@@ -290,18 +288,15 @@ pub(crate) async fn write_composefs_state(
         .section(ORIGIN_KEY_BOOT)
         .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
 
+    // Store the OCI manifest digest so we can retrieve the manifest+config
+    // from the composefs repository later (composefs-rs stores them as splitstreams).
+    config = config
+        .section(ORIGIN_KEY_IMAGE)
+        .item(ORIGIN_KEY_MANIFEST_DIGEST, manifest_digest);
+
     let state_dir =
         Dir::open_ambient_dir(&state_path, ambient_authority()).context("Opening state dir")?;
 
-    // NOTE: This is only supposed to be temporary until we decide on where to store
-    // the container manifest/config
-    state_dir
-        .atomic_write(
-            format!("{}.imginfo", deployment_id.to_hex()),
-            serde_json::to_vec(&container_details)?,
-        )
-        .context("Failed to write to .imginfo file")?;
-
     state_dir
         .atomic_write(
             format!("{}.origin", deployment_id.to_hex()),

crates/lib/src/bootc_composefs/status.rs

@@ -3,20 +3,21 @@ use std::{collections::HashSet, io::Read, sync::OnceLock};
 use anyhow::{Context, Result};
 use bootc_kernel_cmdline::utf8::Cmdline;
 use bootc_mount::inspect_filesystem;
+use cfsctl::composefs::fsverity::Sha512HashValue;
+use cfsctl::composefs_oci::OciImage;
 use fn_error_context::context;
 use serde::{Deserialize, Serialize};
 
 use crate::{
     bootc_composefs::{
         boot::BootType,
-        repo::get_imgref,
         selinux::are_selinux_policies_compatible,
         state::get_composefs_usr_overlay_status,
         utils::{compute_store_boot_digest_for_uki, get_uki_cmdline},
     },
     composefs_consts::{
-        COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG,
-        USER_CFG_STAGED,
+        COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST,
+        TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG, USER_CFG_STAGED,
     },
     install::EFI_LOADER_INFO,
     parsers::{
@@ -358,57 +359,73 @@ pub(crate) fn get_bootloader() -> Result<Bootloader> {
     }
 }
 
-/// Reads the .imginfo file for the provided deployment
-#[context("Reading imginfo")]
-pub(crate) async fn get_imginfo(
-    storage: &Storage,
-    deployment_id: &str,
-    imgref: Option<&ImageReference>,
-) -> Result<ImgConfigManifest> {
-    let imginfo_fname = format!("{deployment_id}.imginfo");
-
+/// Retrieves the OCI manifest and config for a deployment from the composefs repository.
+///
+/// The manifest digest is read from the deployment's `.origin` file,
+/// then `OciImage::open()` retrieves manifest+config from the composefs repo
+/// where composefs-rs stores them as splitstreams during pull.
+///
+/// Falls back to reading legacy `.imginfo` files for backwards compatibility
+/// with deployments created before the manifest digest was stored in `.origin`.
+#[context("Reading image info for deployment {deployment_id}")]
+pub(crate) fn get_imginfo(storage: &Storage, deployment_id: &str) -> Result<ImgConfigManifest> {
     let depl_state_path = std::path::PathBuf::from(STATE_DIR_RELATIVE).join(deployment_id);
-    let path = depl_state_path.join(imginfo_fname);
 
-    let mut img_conf = storage
+    let state_dir = storage
         .physical_root
-        .open_optional(&path)
-        .context("Failed to open file")?;
+        .open_dir(&depl_state_path)
+        .with_context(|| format!("Opening state dir for {deployment_id}"))?;
 
-    let Some(img_conf) = &mut img_conf else {
-        let imgref = imgref.ok_or_else(|| anyhow::anyhow!("No imgref or imginfo file found"))?;
+    let origin_filename = format!("{deployment_id}.origin");
+    let origin_contents = state_dir
+        .read_to_string(&origin_filename)
+        .with_context(|| format!("Reading {origin_filename}"))?;
+
+    let ini = tini::Ini::from_string(&origin_contents).context("Failed to parse origin file")?;
 
-        let container_details =
-            get_container_manifest_and_config(&get_imgref(&imgref.transport, &imgref.image))
-                .await?;
+    // Try to read the manifest digest from the origin file (new path)
+    if let Some(manifest_digest) = ini.get::<String>(ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST) {
+        let repo = storage.get_ensure_composefs()?;
+        let oci_image = OciImage::<Sha512HashValue>::open(&repo, &manifest_digest, None)
+            .with_context(|| format!("Opening OCI image for manifest {manifest_digest}"))?;
 
-        let state_dir = storage.physical_root.open_dir(depl_state_path)?;
+        let manifest = oci_image.manifest().clone();
+        let config = oci_image
+            .config()
+            .cloned()
+            .ok_or_else(|| anyhow::anyhow!("OCI image has no config (artifact?)"))?;
 
-        state_dir
-            .atomic_write(
-                format!("{}.imginfo", deployment_id),
-                serde_json::to_vec(&container_details)?,
-            )
-            .context("Failed to write to .imginfo file")?;
+        return Ok(ImgConfigManifest { config, manifest });
+    }
 
-        let state_dir = state_dir.reopen_as_ownedfd()?;
+    // Fallback: read legacy .imginfo file for deployments created before
+    // the manifest digest was stored in .origin
+    let imginfo_fname = format!("{deployment_id}.imginfo");
+    let path = depl_state_path.join(&imginfo_fname);
 
-        rustix::fs::fsync(state_dir).context("fsync")?;
+    let mut img_conf = storage
+        .physical_root
+        .open_optional(&path)
+        .with_context(|| format!("Opening legacy {imginfo_fname}"))?;
 
-        return Ok(container_details);
+    let Some(img_conf) = &mut img_conf else {
+        anyhow::bail!(
+            "No manifest_digest in origin and no legacy .imginfo file \
+             for deployment {deployment_id}"
+        );
     };
 
     let mut buffer = String::new();
     img_conf.read_to_string(&mut buffer)?;
 
     let img_conf = serde_json::from_str::<ImgConfigManifest>(&buffer)
-        .context("Failed to parse file as JSON")?;
+        .context("Failed to parse .imginfo file as JSON")?;
 
     Ok(img_conf)
 }
 
 #[context("Getting composefs deployment metadata")]
-async fn boot_entry_from_composefs_deployment(
+fn boot_entry_from_composefs_deployment(
     storage: &Storage,
     origin: tini::Ini,
     verity: &str,
@@ -418,7 +435,7 @@ async fn boot_entry_from_composefs_deployment(
             let ostree_img_ref = OstreeImageReference::from_str(&img_name_from_config)?;
             let img_ref = ImageReference::from(ostree_img_ref);
 
-            let img_conf = get_imginfo(storage, &verity, Some(&img_ref)).await?;
+            let img_conf = get_imginfo(storage, &verity)?;
 
             let image_digest = img_conf.manifest.config().digest().to_string();
             let architecture = img_conf.config.architecture().to_string();
@@ -742,8 +759,7 @@ async fn composefs_deployment_status_from(
         let ini = tini::Ini::from_string(&config)
             .with_context(|| format!("Failed to parse file {verity_digest}.origin as ini"))?;
 
-        let mut boot_entry =
-            boot_entry_from_composefs_deployment(storage, ini, &verity_digest).await?;
+        let mut boot_entry = boot_entry_from_composefs_deployment(storage, ini, &verity_digest)?;
 
         // SAFETY: boot_entry.composefs will always be present
         let boot_type_from_origin = boot_entry.composefs.as_ref().unwrap().boot_type;

crates/lib/src/bootc_composefs/switch.rs

@@ -75,15 +75,8 @@ pub(crate) async fn switch_composefs(
             }
 
             UpdateAction::Proceed => {
-                return do_upgrade(
-                    storage,
-                    booted_cfs,
-                    &host,
-                    &target_imgref,
-                    &img_config,
-                    &do_upgrade_opts,
-                )
-                .await;
+                return do_upgrade(storage, booted_cfs, &host, &target_imgref, &do_upgrade_opts)
+                    .await;
             }
 
             UpdateAction::UpdateOrigin => {
@@ -95,15 +88,7 @@ pub(crate) async fn switch_composefs(
         }
     }
 
-    do_upgrade(
-        storage,
-        booted_cfs,
-        &host,
-        &target_imgref,
-        &img_config,
-        &do_upgrade_opts,
-    )
-    .await?;
+    do_upgrade(storage, booted_cfs, &host, &target_imgref, &do_upgrade_opts).await?;
 
     Ok(())
 }