mosb publish: auto-fill bootkit and hostfs layers

If bootkit layer is not specified, then add the one for the
specified trust org.

If hostfs layer is not specified, use the upstream demo one.

This makes less paperwork for the user.

Add a '--skip-boot' option to mosb manifest publish, for use when we
are testing fake mosctl install.

Signed-off-by: Serge Hallyn <[email protected]>

.github/workflows/build.yml

@@ -77,7 +77,7 @@ jobs:
           dir: 'layers'
           build-args: |
             ZOT_VERSION=2.0.0-rc5
-            ROOTFS_VERSION=v0.0.17.231018
+            ROOTFS_VERSION=v0.0.18.231121
             TOPDIR=${{ env.TOPDIR }}
           url: docker://zothub.io/machine/bootkit
           layer-type: squashfs

Makefile

@@ -22,6 +22,7 @@ else
 #error "Unsupported architecture: $(archout)"
 endif
 
+CLEAN_VERSION ?= $(shell git describe --always || echo no-git)
 MAIN_VERSION ?= $(shell git describe --always --dirty || echo no-git)
 ifeq ($(MAIN_VERSION),$(filter $(MAIN_VERSION), "", no-git))
 $(error "Bad value for MAIN_VERSION: '$(MAIN_VERSION)'")
@@ -33,6 +34,7 @@ all: mosctl mosb trust $(ZOT) $(ORAS) $(REGCTL)
 
 VERSION_LDFLAGS=-X github.com/project-machine/mos/pkg/mosconfig.Version=$(MAIN_VERSION) \
 	-X github.com/project-machine/mos/pkg/trust.Version=$(MAIN_VERSION) \
+	-X github.com/project-machine/mos/pkg/trust.RelVersion=$(CLEAN_VERSION) \
 	-X github.com/project-machine/mos/pkg/mosconfig.LayerVersion=0.0.4 \
 	-X github.com/project-machine/mos/pkg/trust.BootkitVersion=$(BOOTKIT_VERSION)
 

cmd/mosb/manifest.go

@@ -37,6 +37,10 @@ var manifestCmd = cli.Command{
 					Usage: "Password to authenticate to OCI repository.  Taken from stdin if user but no password is provided",
 					Value: "",
 				},
+				cli.BoolFlag{
+					Name:  "skip-boot, skip-bootkit",
+					Usage: "Do not add in a bootkit layer",
+				},
 			},
 		},
 	},

pkg/mosconfig/files.go

@@ -274,6 +274,42 @@ type ImportFile struct {
 	UpdateType UpdateType  `yaml:"update_type"`
 }
 
+func (i *ImportFile) HasTarget(name string) bool {
+	for _, t := range i.Targets {
+		if t.ServiceName == name {
+			return true
+		}
+	}
+	return false
+}
+
+func (i *ImportFile) CompleteTargets(keyProject string) (UserTargets, error) {
+	if !i.HasTarget("hostfs") {
+		s := fmt.Sprintf("docker://zothub.io/machine/bootkit/demo-target-rootfs:%s-squashfs", trust.RelVersion)
+		newT := UserTarget{
+			ServiceName: "hostfs",
+			ServiceType: "hostfs",
+			Source:      s,
+			Version:     trust.BootkitVersion,
+		}
+		i.Targets = append(i.Targets, newT)
+	}
+	if !i.HasTarget("bootkit") {
+		bootkitDir, err := bootkitDir(keyProject)
+		if err != nil {
+			return UserTargets{}, err
+		}
+		newT := UserTarget{
+			ServiceName: "bootkit",
+			Source:      fmt.Sprintf("oci:%s/oci:bootkit-squashfs", bootkitDir),
+			Version:     "1.0.0",
+			ServiceType: "fs-only",
+		}
+		i.Targets = append(i.Targets, newT)
+	}
+	return i.Targets, nil
+}
+
 type UserTarget struct {
 	ServiceName string        `yaml:"service_name"` // name of target
 	Source      string        `yaml:"source"`       // docker url from which to fetch

pkg/mosconfig/install.go

@@ -112,10 +112,11 @@ func (is *InstallSource) SaveToZot(zotport int, name string) error {
 }
 
 type InstallOpts struct {
-	RFS       string
-	CaPath    string
-	ConfigDir string
-	StoreDir  string
+	RFS         string
+	CaPath      string
+	ConfigDir   string
+	StoreDir    string
+	SkipBootkit bool
 }
 
 func InitializeMos(ctx *cli.Context, opts InstallOpts) error {
@@ -291,10 +292,15 @@ func PublishManifestFromArgs(ctx *cli.Context) error {
 		return fmt.Errorf("file is a required positional argument")
 	}
 	infile := args[0]
-	return PublishManifest(proj, repo, destpath, infile)
+	return PublishManifest(proj, repo, destpath, infile, ctx.Bool("skip-bootkit"))
 }
 
-func PublishManifest(project, repo, destpath, manifestpath string) error {
+const (
+	SkipBootkit = true
+	UseBootkit  = false
+)
+
+func PublishManifest(project, repo, destpath, manifestpath string, skipBootkit bool) error {
 	b, err := os.ReadFile(manifestpath)
 	if err != nil {
 		return errors.Wrapf(err, "Error reading %s", manifestpath)
@@ -310,6 +316,13 @@ func PublishManifest(project, repo, destpath, manifestpath string) error {
 		return errors.Errorf("Unknown import file version: %d (I know about %d)", imports.Version, CurrentInstallFileVersion)
 	}
 
+	if !skipBootkit {
+		imports.Targets, err = imports.CompleteTargets(project)
+		if err != nil {
+			return err
+		}
+	}
+
 	install := InstallFile{
 		Version:    imports.Version,
 		Product:    imports.Product,
@@ -565,6 +578,19 @@ func PostArtifact(refDigest digest.Digest, refSize int64, path, mediatype, dest
 	return nil
 }
 
+func bootkitDir(name string) (string, error) {
+	s := strings.SplitN(name, ":", 2)
+	if len(s) != 2 {
+		return "", fmt.Errorf("Invalid project name: use keyset:project")
+	}
+	keyset := s[0]
+	h, err := os.UserHomeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(h, ".local", "share", "machine", "trust", "keys", keyset, "bootkit"), nil
+}
+
 func projectDir(name string) (string, error) {
 	s := strings.SplitN(name, ":", 2)
 	if len(s) != 2 {

pkg/mosconfig/mkboot.go

@@ -497,7 +497,7 @@ func BuildProvisioner(keysetName, projectName, isofile string) error {
 	}
 
 	fullproject := keysetName + ":" + projectName
-	err = PublishManifest(fullproject, repo, name, manifestpath)
+	err = PublishManifest(fullproject, repo, name, manifestpath, SkipBootkit)
 	if err != nil {
 		return errors.Wrapf(err, "Failed writing manifest artifacts to local zot")
 	}
@@ -556,7 +556,7 @@ func BuildInstaller(keysetName, projectName, isofile string) error {
 	}
 
 	fullproject := keysetName + ":" + projectName
-	err = PublishManifest(fullproject, repo, name, manifestpath)
+	err = PublishManifest(fullproject, repo, name, manifestpath, SkipBootkit)
 	if err != nil {
 		return errors.Wrapf(err, "Failed writing manifest artifacts to local zot")
 	}

pkg/trust/const.go

@@ -57,4 +57,5 @@ var SBFPartitionTypeID = [16]byte{
 const MiB, GiB = uint64(1024 * 1024), uint64(1024 * 1024 * 1024)
 
 var Version string
+var RelVersion string
 var BootkitVersion string

tests/helpers.bash

@@ -260,7 +260,7 @@ function good_install {
 	write_install_yaml "$spectype"
 	./mosb manifest publish \
 		--repo ${ZOT_HOST}:${ZOT_PORT} --name puzzleos/install:1.0.0 \
-		--project snakeoil:default $TMPD/manifest.yaml
+		--project snakeoil:default --skip-bootkit $TMPD/manifest.yaml
 	rm $TMPD/manifest.yaml
 	mkdir -p $TMPD/factory/secure
 	cp "$CA_PEM" "$TMPD/factory/secure/manifestCA.pem"

tests/launch.bats

@@ -23,13 +23,6 @@ version: 1
 product: default
 update_type: complete
 targets:
-  - service_name: hostfs
-    source: "docker://zothub.io/machine/bootkit/demo-target-rootfs:0.0.4-squashfs"
-    version: 1.0.0
-    service_type: hostfs
-    nsgroup: "none"
-    network:
-      type: none
   - service_name: zot
     source: "docker://zothub.io/machine/bootkit/demo-zot:0.0.4-squashfs"
     version: 1.0.0
@@ -41,13 +34,6 @@ targets:
       ports:
         - host: 80
           container: 5000
-  - service_name: bootkit
-    source: "oci:$HOME/.local/share/machine/trust/keys/snakeoil/bootkit/oci:bootkit-squashfs"
-    version: 1.0.0
-    service_type: fs-only
-    nsgroup: "none"
-    network:
-      type: none
 EOF
 
 	mosb --debug manifest publish \