Two minor composefs patches

crates/lib/src/bootc_composefs/boot.rs

@@ -588,7 +588,7 @@ fn write_pe_to_esp(
     file: &RegularFile<Sha512HashValue>,
     file_path: &Utf8Path,
     pe_type: PEType,
-    uki_id: &String,
+    uki_id: &Sha512HashValue,
     is_insecure_from_opts: bool,
     mounted_efi: impl AsRef<Path>,
     bootloader: &Bootloader,
@@ -619,7 +619,7 @@ fn write_pe_to_esp(
             _ => { /* no-op */ }
         }
 
-        if composefs_cmdline.to_hex() != *uki_id {
+        if composefs_cmdline != *uki_id {
             anyhow::bail!(
                 "The UKI has the wrong composefs= parameter (is '{composefs_cmdline:?}', should be {uki_id:?})"
             );
@@ -648,7 +648,7 @@ fn write_pe_to_esp(
         Some(parent) => {
             let renamed_path = match parent.as_str().ends_with(EFI_ADDON_DIR_EXT) {
                 true => {
-                    let dir_name = format!("{}{}", uki_id, EFI_ADDON_DIR_EXT);
+                    let dir_name = format!("{}{}", uki_id.to_hex(), EFI_ADDON_DIR_EXT);
 
                     parent
                         .parent()
@@ -672,7 +672,7 @@ fn write_pe_to_esp(
         .with_context(|| format!("Opening {final_pe_path:?}"))?;
 
     let pe_name = match pe_type {
-        PEType::Uki => &format!("{}{}", uki_id, EFI_EXT),
+        PEType::Uki => &format!("{}{}", uki_id.to_hex(), EFI_EXT),
         PEType::UkiAddon => file_path
             .components()
             .last()
@@ -856,11 +856,7 @@ pub(crate) fn setup_composefs_uki_boot(
 ) -> Result<()> {
     let (root_path, esp_device, bootloader, is_insecure_from_opts, uki_addons) = match setup_type {
         BootSetupType::Setup((root_setup, state, ..)) => {
-            if let Some(v) = &state.config_opts.karg {
-                if v.len() > 0 {
-                    tracing::warn!("kargs passed for UKI will be ignored");
-                }
-            }
+            state.require_no_kargs_for_uki()?;
 
             let esp_part = esp_in(&root_setup.device_info)?;
 
@@ -932,7 +928,7 @@ pub(crate) fn setup_composefs_uki_boot(
                     &entry.file,
                     utf8_file_path,
                     entry.pe_type,
-                    &id.to_hex(),
+                    &id,
                     is_insecure_from_opts,
                     esp_mount.dir.path(),
                     &bootloader,

crates/lib/src/install.rs

@@ -523,6 +523,20 @@ impl State {
         Ok(())
     }
 
+    /// Return an error if kernel arguments are provided, intended to be used for UKI paths
+    pub(crate) fn require_no_kargs_for_uki(&self) -> Result<()> {
+        if self
+            .config_opts
+            .karg
+            .as_ref()
+            .map(|v| !v.is_empty())
+            .unwrap_or_default()
+        {
+            anyhow::bail!("Cannot use externally specified kernel arguments with UKI");
+        }
+        Ok(())
+    }
+
     fn stateroot(&self) -> &str {
         self.config_opts
             .stateroot

crates/xtask/src/xtask.rs

@@ -531,9 +531,6 @@ fn check_dependencies(sh: &Shell) -> Result<()> {
 }
 
 const COMMON_INST_ARGS: &[&str] = &[
-    // We don't use cloud-init with bcvk right now, but it needs to be there for
-    // testing-farm+tmt
-    "--karg=ds=iid-datasource-none",
     // TODO: Pass down the Secure Boot keys for tests if present
     "--firmware=uefi-insecure",
     "--label=bootc.test=1",

hack/Containerfile

@@ -9,13 +9,11 @@ COPY . /
 
 # An intermediate layer which caches the extended RPMS
 FROM localhost/bootc as extended
-# We support e.g. adding cloud-init
-ARG variant=
 # And this layer has additional stuff for testing, such as nushell etc.
 RUN --mount=type=bind,from=context,target=/run/context <<EORUN
 set -xeuo pipefail
 cd /run/context/
-./provision-derived.sh "$variant"
+./provision-derived.sh
 EORUN
 
 # And the configs

hack/Containerfile.packit

@@ -29,7 +29,7 @@ cp test-artifacts.repo /etc/yum.repos.d/
 dnf -y update bootc
 # Required by tmt avc checking after test
 dnf -y install audit
-./provision-derived.sh
+./provision-derived.sh cloudinit
 
 # For test-22-logically-bound-install
 cp -a lbi/usr/. /usr

hack/provision-derived.sh

@@ -4,6 +4,13 @@ set -xeu
 # using it in our test suite because it's better than bash. First,
 # enable EPEL to get it.
 
+cloudinit=0
+case ${1:-} in
+  cloudinit) cloudinit=1 ;;
+  "") ;;
+  *) echo "Unhandled flag: ${1:-}" 1>&2; exit 1 ;;
+esac
+
 # Ensure this is pre-created
 mkdir -p -m 0700 /var/roothome
 mkdir -p ~/.config/nushell
@@ -39,25 +46,23 @@ esac
 
 # Extra packages we install
 grep -Ev -e '^#' packages.txt | xargs dnf -y install
-dnf clean all
 
 # Cloud bits
 cat <<KARGEOF >> /usr/lib/bootc/kargs.d/20-console.toml
 kargs = ["console=ttyS0,115200n8"]
 KARGEOF
-# And cloud-init stuff, unless we're doing a UKI which is always
-# tested with bcvk
-if test '!' -d /boot/EFI; then
+if test $cloudinit = 1; then
+  dnf -y install cloud-init
   ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants
-fi
-
-# Allow root SSH login for testing with bcvk/tmt
+  # Allow root SSH login for testing with bcvk/tmt
 mkdir -p /etc/cloud/cloud.cfg.d
 cat > /etc/cloud/cloud.cfg.d/80-enable-root.cfg <<'CLOUDEOF'
 # Enable root login for testing
 disable_root: false
 CLOUDEOF
+fi
 
+dnf clean all
 # Stock extra cleaning of logs and caches in general (mostly dnf)
 rm /var/log/* /var/cache /var/lib/{dnf,rpm-state,rhsm} -rf
 # And clean root's homedir