Composefs test parity with ostree

.github/workflows/ci.yml

@@ -161,11 +161,17 @@ jobs:
       matrix:
         # No fedora-44 due to https://bugzilla.redhat.com/show_bug.cgi?id=2429501
         test_os: [fedora-43, centos-9, centos-10]
-        variant: [ostree, composefs-sealeduki-sdboot]
+        variant: [ostree, composefs-sealeduki-sdboot, composefs-sdboot, composefs-grub]
         exclude:
           # centos-9 UKI is experimental/broken (https://github.com/bootc-dev/bootc/issues/1812)
           - test_os: centos-9
             variant: composefs-sealeduki-sdboot
+          # centos-9 fails with EUCLEAN (https://github.com/bootc-dev/bootc/issues/1812)
+          # See: https://github.com/bootc-dev/bcvk/pull/204
+          - test_os: centos-9
+            variant: composefs-sdboot
+          - test_os: centos-9
+            variant: composefs-grub
 
     runs-on: ubuntu-24.04
 
@@ -182,7 +188,32 @@ jobs:
         run: |
           BASE=$(just pullspec-for-os base ${{ matrix.test_os }})
           echo "BOOTC_base=${BASE}" >> $GITHUB_ENV
-          echo "BOOTC_variant=${{ matrix.variant }}" >> $GITHUB_ENV
+          echo "RUST_BACKTRACE=full" >> $GITHUB_ENV
+          echo "RUST_LOG=trace" >> $GITHUB_ENV
+
+          case "${{ matrix.variant }}" in
+            composefs-grub)
+              echo "BOOTC_variant=composefs" >> $GITHUB_ENV
+              echo "BOOTC_bootloader=grub" >> $GITHUB_ENV
+            ;;
+
+            composefs-sdboot)
+              echo "BOOTC_variant=composefs" >> $GITHUB_ENV
+              echo "BOOTC_bootloader=systemd" >> $GITHUB_ENV
+            ;;
+
+            composefs-sealeduki-sdboot)
+              echo "BOOTC_variant=${{ matrix.variant }}" >> $GITHUB_ENV
+              echo "BOOTC_bootloader=systemd" >> $GITHUB_ENV
+            ;;
+
+            ostree)
+              echo "BOOTC_variant=${{ matrix.variant }}" >> $GITHUB_ENV
+              echo "BOOTC_bootloader=grub" >> $GITHUB_ENV
+            ;;
+          esac
+
+
 
           if [ "${{ matrix.variant }}" = "composefs-sealeduki-sdboot" ]; then
             BUILDROOTBASE=$(just pullspec-for-os buildroot-base ${{ matrix.test_os }})
@@ -197,7 +228,8 @@ jobs:
 
       - name: Build container
         run: |
-          BOOTC_SKIP_PACKAGE=1 just build
+          BOOTC_SKIP_PACKAGE=1 just bootloader=$BOOTC_bootloader build
+
           # Extra cross-check (duplicating the integration test) that we're using the right base
           used_vid=$(podman run --rm localhost/bootc bash -c '. /usr/lib/os-release && echo ${ID}-${VERSION_ID}')
           test ${{ matrix.test_os }} = "${used_vid}"
@@ -211,11 +243,12 @@ jobs:
 
       - name: Run TMT integration tests
         run: |
-          if [ "${{ matrix.variant }}" = "composefs-sealeduki-sdboot" ]; then
-            just test-composefs
+          if [[ "${{ matrix.variant }}" = composefs* ]]; then
+            just "test-${{ matrix.variant }}"
           else
             just test-tmt integration
           fi
+
           just clean-local-images
 
       - name: Archive TMT logs

Dockerfile

@@ -34,7 +34,8 @@ WORKDIR /src
 # We aren't using the full recommendations there, just the simple bits.
 # First we download all of our Rust dependencies
 # Note: Local path dependencies (from [patch] sections) are auto-detected and bind-mounted by the Justfile
-RUN --mount=type=tmpfs,target=/run --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/src/target --mount=type=cache,target=/var/roothome cargo fetch
+RUN --mount=type=tmpfs,target=/run --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/src/target --mount=type=cache,target=/var/roothome \
+    rm -rf /var/roothome/.cargo/registry; cargo fetch
 
 # We always do a "from scratch" build
 # https://docs.fedoraproject.org/en-US/bootc/building-from-scratch/
@@ -143,12 +144,13 @@ RUN --network=none --mount=type=tmpfs,target=/run --mount=type=tmpfs,target=/tmp
 # Perform all filesystem transformations except generating the sealed UKI (if configured)
 FROM base as base-penultimate
 ARG variant
+ARG bootloader
 # Switch to a signed systemd-boot, if configured
 RUN --network=none --mount=type=tmpfs,target=/run --mount=type=tmpfs,target=/tmp \
     --mount=type=bind,from=packaging,src=/,target=/run/packaging \
     --mount=type=bind,from=sdboot-signed,src=/,target=/run/sdboot-signed <<EORUN
 set -xeuo pipefail
-if test "${variant}" = "composefs-sealeduki-sdboot"; then
+if [[ "${bootloader}" == "systemd" ]]; then
   /run/packaging/switch-to-sdboot /run/sdboot-signed
 fi
 EORUN

Justfile

@@ -20,6 +20,7 @@ upgrade_img := base_img + "-upgrade"
 
 # Build variant: ostree (default) or composefs-sealeduki-sdboot (sealed UKI)
 variant := env("BOOTC_variant", "ostree")
+bootloader := env("BOOTC_bootloader", "grub")
 # Base container image to build from
 base := env("BOOTC_base", "quay.io/centos-bootc/centos-bootc:stream10")
 # Buildroot base image
@@ -38,7 +39,7 @@ lbi_images := "quay.io/curl/curl:latest quay.io/curl/curl-base:latest registry.a
 fedora-coreos := "quay.io/fedora/fedora-coreos:testing-devel"
 generic_buildargs := ""
 _extra_src_args := if extra_src != "" { "-v " + extra_src + ":/run/extra-src:ro --security-opt=label=disable" } else { "" }
-base_buildargs := generic_buildargs + " " + _extra_src_args + " --build-arg=base=" + base + " --build-arg=variant=" + variant
+base_buildargs := generic_buildargs + " " + _extra_src_args + " --build-arg=base=" + base + " --build-arg=variant=" + variant + " --build-arg=bootloader=" + bootloader
 buildargs := base_buildargs \
              + " --cap-add=all --security-opt=label=type:container_runtime_t --device /dev/fuse" \
              + " --secret=id=secureboot_key,src=target/test-secureboot/db.key --secret=id=secureboot_cert,src=target/test-secureboot/db.crt"
@@ -105,9 +106,24 @@ test-container: build build-units
 
 # Build and test sealed composefs images
 [group('core')]
-test-composefs:
+test-composefs-sealeduki-sdboot:
     just variant=composefs-sealeduki-sdboot test-tmt readonly local-upgrade-reboot
 
+[group('core')]
+test-composefs bootloader:
+    just variant=composefs bootloader={{bootloader}} \
+        test-tmt --composefs-backend --bootloader {{bootloader}} integration
+
+# Build and test composefs images booted using Type1 boot entries and systemd-boot as the bootloader
+[group('core')]
+test-composefs-sdboot:
+    just test-composefs systemd
+
+# Build and test composefs images booted using Type1 boot entries and grub as the bootloader
+[group('core')]
+test-composefs-grub:
+    just test-composefs grub
+
 # Run cargo fmt and clippy checks in container
 [group('core')]
 validate:
@@ -220,6 +236,7 @@ clean-local-images:
     podman image prune -f
     podman rmi {{fedora-coreos}} -f
 
+
 # Build packages (RPM) into target/packages/
 [group('maintenance')]
 package:

crates/lib/src/bootc_composefs/boot.rs

@@ -68,7 +68,7 @@ use std::path::Path;
 
 use anyhow::{Context, Result, anyhow, bail};
 use bootc_blockdev::find_parent_devices;
-use bootc_kernel_cmdline::utf8::{Cmdline, Parameter};
+use bootc_kernel_cmdline::utf8::{Cmdline, Parameter, ParameterKey};
 use bootc_mount::inspect_filesystem_of_dir;
 use bootc_mount::tempmount::TempMount;
 use camino::{Utf8Path, Utf8PathBuf};
@@ -566,6 +566,12 @@ pub(crate) fn setup_composefs_bls_boot(
         }
     };
 
+    // Remove "root=" from kernel cmdline as systemd-auto-gpt-generator should use DPS
+    // UUID
+    if bootloader == Bootloader::Systemd {
+        cmdline_refs.remove(&ParameterKey::from("root"));
+    }
+
     let is_upgrade = matches!(setup_type, BootSetupType::Upgrade(..));
 
     let current_root = if is_upgrade {

crates/tests-integration/src/container.rs

@@ -52,8 +52,8 @@ pub(crate) fn test_bootc_container_inspect() -> Result<()> {
         .expect("kernel.unified should be a boolean");
     if let Some(variant) = std::env::var("BOOTC_variant").ok() {
         match variant.as_str() {
-            "ostree" => {
-                assert!(!unified, "Expected unified=false for ostree variant");
+            v @ "ostree" | v @ "composefs" => {
+                assert!(!unified, "Expected unified=false for variant {v}");
                 // For traditional kernels, version should look like a uname (contains digits)
                 assert!(
                     version.chars().any(|c| c.is_ascii_digit()),
@@ -159,7 +159,7 @@ fn test_variant_base_crosscheck() -> Result<()> {
         // TODO add this to `bootc status` or so?
         let boot_efi = Utf8Path::new("/boot/EFI");
         match variant.as_str() {
-            "ostree" => {
+            "composefs" | "ostree" => {
                 assert!(!boot_efi.try_exists()?);
             }
             "composefs-sealeduki-sdboot" => {