prepare-root: Don't parse target root when composefs enabled

We shouldn't load anything from the target root filesystem *before*
verifying its integrity if composefs is enabled.

In effect, we want to force composefs users to migrate to
`/usr/lib/ostree/prepare-root.conf` which lives in the initramfs.
(But because we enable sysroot.readonly=true if composefs is enabled
 too, they don't actually need to)

diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
index c0f9d7537888532b062ace4e968ef3810ce276b2..bf5de00a9c7e20423a0f49afeaaced54534e55bf 100644 (file)
--- a/src/switchroot/ostree-prepare-root.c
+++ b/src/switchroot/ostree-prepare-root.c
@@ -376,8 +376,10 @@ main (int argc, char *argv[])
   /* Fall back to querying the repository configuration in the target disk.
    * This is an operating system builder choice.  More info:
    * https://github.com/ostreedev/ostree/pull/1767
+   * However, we only do this if composefs is not enabled, because we don't
+   * want to parse the target root filesystem before verifying its integrity.
    */
-  if (!sysroot_readonly)
+  if (!sysroot_readonly && composefs_config->enabled != OT_TRISTATE_YES)
     {
       sysroot_readonly = sysroot_is_configured_ro (root_arg);
       // Encourage porting to the new config file