deploy: Properly use merge deployment and staging flow when booted

This won't affect the offline deploy case, but we want to be able to execute this code from a privileged container too for the online case. Previously, we were passing `None` for the merge deployment, which is fine and correct in the offline case for the *first* deployment. But te sysroot already has a handy API to do "find merge if available" which we should always use. Then, the next problem is that the Rust binding API for `simple_write_deployment` is buggy because the C API distinguishes between "NULL pointer" and "zero length array" - it's only when passing `NULL` that one gets the behavior of "inherit kernel arguments". A zero length array is treated as overriding with the empty set. The new staging API fixes this - it takes an `Option<&[&str]>`, and we can then pass `None` and propagate the merge kernel arguments.
ostreedev · Sep 18, 2022 · 3089166 · 3089166
1 parent 3d0f33a
commit 3089166
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 11 deletions.
diff --git a/ci/priv-integration.sh b/ci/priv-integration.sh
@@ -25,6 +25,7 @@ ostree-ext-cli container image deploy --sysroot "${sysroot}" \
     --stateroot "${stateroot}" --imgref "${imgref}"
 ostree admin --sysroot="${sysroot}" status
 ostree-ext-cli container image remove --repo "${sysroot}/ostree/repo" registry:"${image}"
+ostree admin --sysroot="${sysroot}" undeploy 0
 for img in "${image}" "${old_image}"; do
     ostree-ext-cli container image deploy --sysroot "${sysroot}" \
         --stateroot "${stateroot}" --imgref ostree-unverified-registry:"${img}"

diff --git a/lib/src/container/deploy.rs b/lib/src/container/deploy.rs
@@ -48,6 +48,7 @@ pub async fn deploy(
     let cancellable = ostree::gio::NONE_CANCELLABLE;
     let options = options.unwrap_or_default();
     let repo = &sysroot.repo().unwrap();
+    let merge_deployment = sysroot.merge_deployment(Some(stateroot));
     let mut imp =
         super::store::ImageImporter::new(repo, imgref, options.proxy_cfg.unwrap_or_default())
             .await?;
@@ -65,17 +66,39 @@ pub async fn deploy(
     let origin = glib::KeyFile::new();
     let target_imgref = options.target_imgref.unwrap_or(imgref);
     origin.set_string("origin", ORIGIN_CONTAINER, &target_imgref.to_string());
-    let deployment = &sysroot.deploy_tree(
-        Some(stateroot),
-        commit,
-        Some(&origin),
-        None,
-        options.kargs.unwrap_or_default(),
-        cancellable,
-    )?;
-    let flags = ostree::SysrootSimpleWriteDeploymentFlags::NONE;
-    sysroot.simple_write_deployment(Some(stateroot), deployment, None, flags, cancellable)?;
-    sysroot.cleanup(cancellable)?;
+
+    if sysroot.booted_deployment().is_some() {
+        let opts = ostree::SysrootDeployTreeOpts {
+            override_kernel_argv: options.kargs,
+            ..Default::default()
+        };
+        sysroot.stage_tree_with_options(
+            Some(stateroot),
+            commit,
+            Some(&origin),
+            merge_deployment.as_ref(),
+            &opts,
+            cancellable,
+        )?;
+    } else {
+        let deployment = &sysroot.deploy_tree(
+            Some(stateroot),
+            commit,
+            Some(&origin),
+            merge_deployment.as_ref(),
+            options.kargs.unwrap_or_default(),
+            cancellable,
+        )?;
+        let flags = ostree::SysrootSimpleWriteDeploymentFlags::NONE;
+        sysroot.simple_write_deployment(
+            Some(stateroot),
+            deployment,
+            merge_deployment.as_ref(),
+            flags,
+            cancellable,
+        )?;
+        sysroot.cleanup(cancellable)?;
+    }
 
     Ok(state)
 }