From 94cb37cb3080cb0377e0f922e84411ba256190a7 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 16 Aug 2023 16:54:13 -0400
Subject: [PATCH] prepare-root: Minor clarifications

No functional changes.
---
 docs/composefs.md                    |  2 +-
 src/switchroot/ostree-prepare-root.c | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/docs/composefs.md b/docs/composefs.md
index bf2161dc..ebc26af3 100644
--- a/docs/composefs.md
+++ b/docs/composefs.md
@@ -60,7 +60,7 @@ The exact usage of the signature is up to the user, but a common way
 to use it with transient keys. This is done like this:
  * Generate a new keypair before each build
  * Embed the public key in the initrd that is part of the commit.
- * Ensure the initrd has a `prepare-root.conf` with `keyfile=/path/to/key`
+ * Ensure the initrd has a `prepare-root.conf` with `[composefs] enabled=signed`, and either use `keypath` or inject `/etc/ostree/initramfs-root-binding.key`; for more see `man ostree-prepare-root`
  * After committing, run `ostree --sign` with the private key.
  * Throw away the private key.
 
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
index 7b32f6bb..93167272 100644
--- a/src/switchroot/ostree-prepare-root.c
+++ b/src/switchroot/ostree-prepare-root.c
@@ -80,7 +80,11 @@
 const char *config_roots[] = { "/usr/lib", "/etc" };
 #define PREPARE_ROOT_CONFIG_PATH "ostree/prepare-root.conf"
 
-#define DEFAULT_KEYPATH "/etc/ostree/initramfs-root-binding.key"
+// This key is used by default if present in the initramfs to verify
+// the signature on the target commit object.  When composefs is
+// in use, the ostree commit metadata will contain the composefs image digest,
+// which can be used to fully verify the target filesystem tree.
+#define BINDING_KEYPATH "/etc/ostree/initramfs-root-binding.key"
 
 #define SYSROOT_KEY "sysroot"
 #define READONLY_KEY "readonly"
@@ -300,6 +304,7 @@ free_composefs_config (ComposefsConfig *config)
 
 G_DEFINE_AUTOPTR_CLEANUP_FUNC (ComposefsConfig, free_composefs_config)
 
+// Parse the [composefs] section of the prepare-root.conf.
 static ComposefsConfig *
 load_composefs_config (GKeyFile *config, GError **error)
 {
@@ -317,7 +322,8 @@ load_composefs_config (GKeyFile *config, GError **error)
                                                   OT_TRISTATE_MAYBE, &ret->enabled, error))
     return NULL;
 
-  if (!ot_keyfile_get_value_with_default (config, COMPOSEFS_KEY, KEYPATH_KEY, DEFAULT_KEYPATH,
+  // Look for a key - we default to the initramfs binding path.
+  if (!ot_keyfile_get_value_with_default (config, COMPOSEFS_KEY, KEYPATH_KEY, BINDING_KEYPATH,
                                           &ret->signature_pubkey, error))
     return NULL;
 
-- 
2.30.2