prepare-root: Also support configuration via OSTREE_COMPOSEFS

In general, kernel arguments should be parsed by the Linux kernel and init. For code that's already running in the initramfs like we are, we're already in a position to parse config files or environment variables. In the interest of simplicitly, let's do the latter for now. I started to add a config file like `/usr/lib/ostree/prepare-root.conf` but it's probably not worth it right now.
ostreedev · Jul 13, 2023 · ad3d7cb · ad3d7cb
1 parent be6d8ae
commit ad3d7cb
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/docs/composefs.md b/docs/composefs.md
@@ -32,16 +32,20 @@ shared with the current `/ostree/repo/objects`.
 
 ### Kernel argument ot-composefs
 
-The `ostree-prepare-root` binary will look for a kernel argument called `ot-composefs`.
+The `ostree-prepare-root` binary will look for two things:
 
-The default value is `maybe` (this will likely become a build and initramfs-configurable option)
-in the future too.
+- An environment variable `OSTREE_COMPOSEFS` (preferred); set this via e.g.
+  a systemd drop-in in the initramfs.  (Or just hardcode it at build time
+  for your OS if you prefer)
+- A kernel argument called `ot-composefs` (this will likely be removed).
+
+The default value is `maybe`.
 
 The possible values are:
 
 - `off`: Never use composefs
 - `maybe`: Use composefs if supported and there is a composefs image in the deployment directory
-- `on`: Require composefs
+- `on`: Require composefs (but do not perform any integrity or signature checks)
 - `digest=<sha256>`: Require the mounted composefs image to have a particular digest
 - `signed=<path>`: Require that the commit is signed as validated by the ed25519 public key specified
    by `path` (the path is resolved in the initrd).

diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
@@ -241,8 +241,13 @@ load_composefs_config (GError **error)
   g_autoptr (ComposefsConfig) ret = g_new0 (ComposefsConfig, 1);
   ret->enabled = OT_TRISTATE_MAYBE;
 
-  // TODO: Drop this kernel argument in favor of just the config file in the initramfs
-  autofree char *ot_composefs = read_proc_cmdline_key (OT_COMPOSEFS_KARG);
+  // This can be set via e.g. systemd unit drop-ins
+  const char *ot_composefs = g_getenv ("OSTREE_COMPOSEFS");
+
+  // TODO: Drop this kernel argument in favor of just the environment variable
+  autofree char *composefs_karg = NULL;
+  if (!ot_composefs)
+    ot_composefs = composefs_karg = read_proc_cmdline_key (OT_COMPOSEFS_KARG);
   if (ot_composefs)
     {
       if (strcmp (ot_composefs, "off") == 0)