mosb publish: auto-fill bootkit and hostfs layers

If bootkit layer is not specified, then add the one for the
specified trust org.

If hostfs layer is not specified, use the upstream demo one.

This makes less paperwork for the user.

Add a '--skip-boot' option to mosctl install, for use when we
are testing fake mosctl install.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

.github/workflows/build.yml

@@ -77,7 +77,7 @@ jobs:
           dir: 'layers'
           build-args: |
             ZOT_VERSION=2.0.0-rc5
-            ROOTFS_VERSION=v0.0.17.231018
+            ROOTFS_VERSION=v0.0.18.231121
             TOPDIR=${{ env.TOPDIR }}
           url: docker://zothub.io/machine/bootkit
           layer-type: squashfs

Makefile

@@ -22,6 +22,7 @@ else
 #error "Unsupported architecture: $(archout)"
 endif
 
+CLEAN_VERSION ?= $(shell git describe --always || echo no-git)
 MAIN_VERSION ?= $(shell git describe --always --dirty || echo no-git)
 ifeq ($(MAIN_VERSION),$(filter $(MAIN_VERSION), "", no-git))
 $(error "Bad value for MAIN_VERSION: '$(MAIN_VERSION)'")
@@ -33,6 +34,7 @@ all: mosctl mosb trust $(ZOT) $(ORAS) $(REGCTL)
 
 VERSION_LDFLAGS=-X github.com/project-machine/mos/pkg/mosconfig.Version=$(MAIN_VERSION) \
 	-X github.com/project-machine/mos/pkg/trust.Version=$(MAIN_VERSION) \
+	-X github.com/project-machine/mos/pkg/trust.RelVersion=$(CLEAN_VERSION) \
 	-X github.com/project-machine/mos/pkg/mosconfig.LayerVersion=0.0.4 \
 	-X github.com/project-machine/mos/pkg/trust.BootkitVersion=$(BOOTKIT_VERSION)
 

cmd/mosctl/install.go

@@ -34,6 +34,10 @@ var installCmd = cli.Command{
 			Usage: "Directory under which to find the mos install",
 			Value: "/",
 		},
+		cli.BoolFlag{
+			Name:  "skip-boot",
+			Usage: "do not install a bootkit (testing purposes)",
+		},
 	},
 }
 
@@ -602,10 +606,11 @@ func doPartition(opts mosconfig.InstallOpts) error {
 
 func doInstall(ctx *cli.Context) error {
 	opts := mosconfig.InstallOpts{
-		RFS:       ctx.String("rfs"),
-		StoreDir:  "/atomfs-store",
-		ConfigDir: "/config",
-		CaPath:    "/factory/secure/manifestCA.pem",
+		RFS:         ctx.String("rfs"),
+		StoreDir:    "/atomfs-store",
+		ConfigDir:   "/config",
+		CaPath:      "/factory/secure/manifestCA.pem",
+		SkipBootkit: ctx.Bool("skip-boot")
 	}
 
 	if ctx.IsSet("rfs") {

pkg/mosconfig/files.go

@@ -274,6 +274,42 @@ type ImportFile struct {
 	UpdateType UpdateType  `yaml:"update_type"`
 }
 
+func (i *ImportFile) HasTarget(name string) bool {
+	for _, t := range i.Targets {
+		if t.ServiceName == name {
+			return true
+		}
+	}
+	return false
+}
+
+func (i *ImportFile) CompleteTargets(project string) (UserTargets, error) {
+	if !i.HasTarget("hostfs") {
+		s := fmt.Sprintf("docker://zothub.io/machine/bootkit/demo-target-rootfs:%s-squashfs", trust.RelVersion)
+		newT := UserTarget{
+			ServiceName: "hostfs",
+			ServiceType: "hostfs",
+			Source:      s,
+			Version:     trust.BootkitVersion,
+		}
+		i.Targets = append(i.Targets, newT)
+	}
+	if !i.HasTarget("bootkit") {
+		bootkitDir, err := bootkitDir(project)
+		if err != nil {
+			return UserTargets{}, err
+		}
+		newT := UserTarget{
+			ServiceName: "bootkit",
+			Source:      fmt.Sprintf("oci:%s/oci:bootkit-squashfs", bootkitDir),
+			Version:     "1.0.0",
+			ServiceType: "fs-only",
+		}
+		i.Targets = append(i.Targets, newT)
+	}
+	return i.Targets, nil
+}
+
 type UserTarget struct {
 	ServiceName string        `yaml:"service_name"` // name of target
 	Source      string        `yaml:"source"`       // docker url from which to fetch

pkg/mosconfig/install.go

@@ -112,10 +112,11 @@ func (is *InstallSource) SaveToZot(zotport int, name string) error {
 }
 
 type InstallOpts struct {
-	RFS       string
-	CaPath    string
-	ConfigDir string
-	StoreDir  string
+	RFS         string
+	CaPath      string
+	ConfigDir   string
+	StoreDir    string
+	SkipBootkit bool
 }
 
 func InitializeMos(ctx *cli.Context, opts InstallOpts) error {
@@ -145,6 +146,16 @@ func InitializeMos(ctx *cli.Context, opts InstallOpts) error {
 		return errors.Wrapf(err, "Failed parsing install configuration")
 	}
 
+	if opts.SkipBootkit {
+		newset := InstallTargets{}
+		for _, target := range cf.Targets {
+			if target.ServiceName != "bootkit" {
+				newset = append(newset, target)
+			}
+		}
+		cf.Targets = newset
+	}
+
 	var boot Target
 	for _, target := range cf.Targets {
 		src := fmt.Sprintf("docker://%s/mos:%s", is.ocirepo.addr, dropHashAlg(target.Digest))
@@ -310,6 +321,11 @@ func PublishManifest(project, repo, destpath, manifestpath string) error {
 		return errors.Errorf("Unknown import file version: %d (I know about %d)", imports.Version, CurrentInstallFileVersion)
 	}
 
+	imports.Targets, err = imports.CompleteTargets(project)
+	if err != nil {
+		return err
+	}
+
 	install := InstallFile{
 		Version:    imports.Version,
 		Product:    imports.Product,
@@ -565,6 +581,19 @@ func PostArtifact(refDigest digest.Digest, refSize int64, path, mediatype, dest
 	return nil
 }
 
+func bootkitDir(name string) (string, error) {
+	s := strings.SplitN(name, ":", 2)
+	if len(s) != 2 {
+		return "", fmt.Errorf("Invalid project name: use keyset:project")
+	}
+	keyset := s[0]
+	h, err := os.UserHomeDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(h, ".local", "share", "machine", "trust", "keys", keyset, "bootkit"), nil
+}
+
 func projectDir(name string) (string, error) {
 	s := strings.SplitN(name, ":", 2)
 	if len(s) != 2 {

pkg/trust/const.go

@@ -57,4 +57,5 @@ var SBFPartitionTypeID = [16]byte{
 const MiB, GiB = uint64(1024 * 1024), uint64(1024 * 1024 * 1024)
 
 var Version string
+var RelVersion string
 var BootkitVersion string

tests/helpers.bash

@@ -264,6 +264,6 @@ function good_install {
 	rm $TMPD/manifest.yaml
 	mkdir -p $TMPD/factory/secure
 	cp "$CA_PEM" "$TMPD/factory/secure/manifestCA.pem"
-	./mosctl --debug install --rfs "$TMPD" \
+	./mosctl --debug install --rfs "$TMPD" --skip-boot \
 	    ${ZOT_HOST}:${ZOT_PORT}/puzzleos/install:1.0.0
 }

tests/launch.bats

@@ -23,13 +23,6 @@ version: 1
 product: default
 update_type: complete
 targets:
-  - service_name: hostfs
-    source: "docker://zothub.io/machine/bootkit/demo-target-rootfs:0.0.4-squashfs"
-    version: 1.0.0
-    service_type: hostfs
-    nsgroup: "none"
-    network:
-      type: none
   - service_name: zot
     source: "docker://zothub.io/machine/bootkit/demo-zot:0.0.4-squashfs"
     version: 1.0.0
@@ -41,13 +34,6 @@ targets:
       ports:
         - host: 80
           container: 5000
-  - service_name: bootkit
-    source: "oci:$HOME/.local/share/machine/trust/keys/snakeoil/bootkit/oci:bootkit-squashfs"
-    version: 1.0.0
-    service_type: fs-only
-    nsgroup: "none"
-    network:
-      type: none
 EOF
 
 	mosb --debug manifest publish \