Skip to content

Filter out BLS entries not managed by bootc#2243

Open
Dudecake wants to merge 2 commits into
bootc-dev:mainfrom
Dudecake:filter-custom-bls-entries
Open

Filter out BLS entries not managed by bootc#2243
Dudecake wants to merge 2 commits into
bootc-dev:mainfrom
Dudecake:filter-custom-bls-entries

Conversation

@Dudecake

@Dudecake Dudecake commented Jun 10, 2026

Copy link
Copy Markdown

Fixes #2228

The cases that the tests in the last commit check cannot occur anymore because of the changes in get_sorted_type1_boot_entries_helper. If they're unneeded, I can drop the commit.

@bootc-bot bootc-bot Bot requested a review from jeckersb June 10, 2026 12:59
Dudecake added 2 commits June 10, 2026 13:08
@Dudecake
Filter out BLS entries not managed by bootc
f484d79 
Signed-off-by: Dudecake <ckoomen@ckoomen.eu>
@Dudecake
Added tests for non-confirming efi BLS entries
9ade58e 
Signed-off-by: Dudecake <ckoomen@ckoomen.eu>
@Dudecake Dudecake force-pushed the filter-custom-bls-entries branch from dba7de3 to 9ade58e Compare June 10, 2026 13:08
Johan-Liebert1
Johan-Liebert1 requested changes Jun 10, 2026
View reviewed changes

@Johan-Liebert1 Johan-Liebert1 left a comment
edited
Loading

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would work, but only for the first boot, and will probably fail on updates and switches as these entries won't be copied to the staged directory.

Comment thread crates/lib/src/composefs_consts.rs
pub(crate) const UKI_NAME_PREFIX: &str = TYPE1_BOOT_DIR_PREFIX;

/// The prefix for BLS file entries
pub(crate) const BLS_ENTRY_PREFIX: &str = "bootc_";

@Johan-Liebert1 Johan-Liebert1 Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have TYPE1_BOOT_DIR_PREFIX for this

@Dudecake Dudecake Jun 10, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't want to change that from bootc_composefs- -> bootc_ as it's used in other places. The format the BLS entry seems to follow is bootc_${ID}-${verity}-${index}.conf, though maybe I've misunderstood what the BLS entry is...

@Dudecake

Dudecake commented Jun 10, 2026

Copy link
Copy Markdown
Author

This would work, but only for the first boot, and will probably fail on updates and switches as these entries won't be copied to the staged directory.

Sad face. That makes this pretty useless as installing to a populated ESP works without issue, only bootc status and bootc update are broken.

Would the caller of list_type1_entries have to filter out these entries before calling get_verity on them?

@Johan-Liebert1

Johan-Liebert1 commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Would the caller of list_type1_entries have to filter out these entries before calling get_verity on them?

yes, and these need special treatment for updates/switches. Also, we need to make sure these appear last in the boot entries list etc etc. There are a few more cases that need to be handled

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Johan-Liebert1 Johan-Liebert1 Johan-Liebert1 requested changes

@jeckersb jeckersb Awaiting requested review from jeckersb

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Adding custom BLS entry blocks most bootc operations

2 participants

@Dudecake @Johan-Liebert1