From 93699cc54611fef1214966cd8292f565f6b7b11e Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 12 Jul 2023 16:48:56 -0400 Subject: [PATCH] prepare-root: Add metadata for composefs to `/run/ostree-booted` Particularly for the signature case, having this metadata acts as a reliable "proof of execution" of the signature verification code (as opposed to parsing a log file or so). Besides that, this is also just a stronger check for "we're using composefs" instead of checking for "overlayfs on /". --- src/libotcore/otcore.h | 9 +++++++++ src/switchroot/ostree-prepare-root.c | 15 ++++++++++++++- tests/inst/src/composefs.rs | 7 +++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/src/libotcore/otcore.h b/src/libotcore/otcore.h index a335fa3d..7bb6364b 100644 --- a/src/libotcore/otcore.h +++ b/src/libotcore/otcore.h @@ -45,3 +45,12 @@ gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes // The name of the composefs metadata root #define OSTREE_COMPOSEFS_NAME ".ostree.cfs" + +// The file written in the initramfs which contains an a{sv} of metadata +// from ostree-prepare-root. +#define OTCORE_RUN_BOOTED "/run/ostree-booted" +// This key will be present if composefs was successfully used. +#define OTCORE_RUN_BOOTED_KEY_COMPOSEFS "composefs" +// This key if present contains the public key successfully used +// to verify the signature. +#define OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE "composefs.signed" diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index a0dd1be9..696ace27 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -322,6 +322,8 @@ main (int argc, char *argv[]) if (chdir (deploy_path) < 0) err (EXIT_FAILURE, "failed to chdir to deploy_path"); + GVariantBuilder metadata_builder; + g_variant_builder_init (&metadata_builder, G_VARIANT_TYPE ("a{sv}")); bool using_composefs = false; /* We construct the new sysroot in /sysroot.tmp, which is either the composfs @@ -362,6 +364,9 @@ main (int argc, char *argv[]) errx (EXIT_FAILURE, "No valid signatures found for public key"); g_print ("Validated commit signature using '%s'\n", composefs_pubkey); + g_variant_builder_add (&metadata_builder, "{sv}", + OTCORE_RUN_BOOTED_KEY_COMPOSEFS_SIGNATURE, + g_variant_new_string (composefs_pubkey)); g_autoptr (GVariant) metadata = g_variant_get_child_value (commit, 0); g_autoptr (GVariant) cfs_digest_v = g_variant_lookup_value ( @@ -401,6 +406,8 @@ main (int argc, char *argv[]) (void)close (fd); using_composefs = 1; + g_variant_builder_add (&metadata_builder, "{sv}", OTCORE_RUN_BOOTED_KEY_COMPOSEFS, + g_variant_new_boolean (true)); } else { @@ -543,7 +550,13 @@ main (int argc, char *argv[]) } /* This can be used by other things to signal ostree is in use */ - touch_run_ostree (); + { + g_autoptr (GVariant) metadata = g_variant_ref_sink (g_variant_builder_end (&metadata_builder)); + const guint8 *buf = g_variant_get_data (metadata) ?: (guint8 *)""; + if (!glnx_file_replace_contents_at (AT_FDCWD, OTCORE_RUN_BOOTED, buf, + g_variant_get_size (metadata), 0, NULL, &error)) + errx (EXIT_FAILURE, "Writing %s: %s", OTCORE_RUN_BOOTED, error->message); + } if (chdir (TMP_SYSROOT) < 0) err (EXIT_FAILURE, "failed to chdir to " TMP_SYSROOT); diff --git a/tests/inst/src/composefs.rs b/tests/inst/src/composefs.rs index a75af870..3a737a3c 100644 --- a/tests/inst/src/composefs.rs +++ b/tests/inst/src/composefs.rs @@ -1,4 +1,5 @@ use anyhow::Result; +use ostree_ext::glib; use xshell::cmd; pub(crate) fn itest_composefs() -> Result<()> { @@ -27,5 +28,11 @@ pub(crate) fn itest_composefs() -> Result<()> { let fstype = cmd!(sh, "findmnt -n -o FSTYPE /").read()?; assert_eq!(fstype.as_str(), "overlay"); + let metadata = std::fs::read("/run/ostree-booted")?; + let metadata = glib::Variant::from_bytes::(&glib::Bytes::from(&metadata)); + let metadata = glib::VariantDict::new(Some(&metadata)); + + assert_eq!(metadata.lookup::("composefs").unwrap(), Some(true)); + Ok(()) } -- 2.30.2