From 0049dbdd91cc0c1900132374645c5114063db04d Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 29 Sep 2022 14:01:07 -0400
Subject: [PATCH] compose: Handle embedded whiteouts

This pairs with
https://github.com/ostreedev/ostree/pull/2722/commits/0085494e350c72599fc5c0e00422885d80b3c660

Basically, while I think it'd make sense actually for the baseline
`ostree commit` process to handle this, for now let's put it
here in rpm-ostree (where it can be in Rust too).  Though
a definite negative is that we're now traversing the whole filesystem
again.

(cherry picked from commit fea26bdd5db59fcf0853a9bb4ab6dcb340be9470)
---
 rust/src/composepost.rs           | 63 ++++++++++++++++++++++++++++++-
 tests/compose/test-installroot.sh |  8 ++++
 2 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/rust/src/composepost.rs b/rust/src/composepost.rs
index ab5cc176..70a01497 100644
--- a/rust/src/composepost.rs
+++ b/rust/src/composepost.rs
@@ -202,6 +202,47 @@ fn postprocess_presets(rootfs_dfd: &Dir) -> Result<()> {
     Ok(())
 }
 
+fn is_overlay_whiteout(meta: &cap_std::fs::Metadata) -> bool {
+    (meta.mode() & libc::S_IFMT) == libc::S_IFCHR && meta.rdev() == 0
+}
+
+/// Auto-synthesize embedded overlayfs whiteouts; for more information
+/// see https://github.com/ostreedev/ostree/pull/2722/commits/0085494e350c72599fc5c0e00422885d80b3c660
+#[context("Postprocessing embedded overlayfs")]
+fn postprocess_embedded_ovl_whiteouts(root: &Dir) -> Result<()> {
+    const OSTREE_WHITEOUT_PREFIX: &str = ".ostree-wh.";
+    fn recurse(root: &Dir, path: &Utf8Path) -> Result<u32> {
+        let mut n = 0;
+        for entry in root.read_dir(path)? {
+            let entry = entry?;
+            let meta = entry.metadata()?;
+            let name = PathBuf::from(entry.file_name());
+            let name: Utf8PathBuf = name.try_into()?;
+            if meta.is_dir() {
+                n += recurse(root, &path.join(name))?;
+                continue;
+            }
+            if !is_overlay_whiteout(&meta) {
+                continue;
+            };
+            let srcpath = path.join(&name);
+            let targetname = format!("{OSTREE_WHITEOUT_PREFIX}{name}");
+            let destpath = path.join(&targetname);
+            root.remove_file(srcpath)?;
+            root.atomic_write_with_perms(destpath, "", meta.permissions())?;
+            n += 1;
+        }
+        Ok(n)
+    }
+    let n = recurse(root, ".".into())?;
+    if n > 0 {
+        println!("Processed {n} embedded whiteouts");
+    } else {
+        println!("No embedded whiteouts found");
+    }
+    Ok(())
+}
+
 /// Write an RPM macro file to ensure the rpmdb path is set on the client side.
 pub fn compose_postprocess_rpm_macro(rootfs_dfd: i32) -> CxxResult<()> {
     let rootfs = unsafe { &crate::ffiutil::ffi_dirfd(rootfs_dfd)? };
@@ -290,13 +331,17 @@ pub(crate) fn postprocess_cleanup_rpmdb(rootfs_dfd: i32) -> CxxResult<()> {
 /// on the target host.
 pub fn compose_postprocess_final(rootfs_dfd: i32) -> CxxResult<()> {
     let rootfs_dfd = unsafe { &crate::ffiutil::ffi_dirfd(rootfs_dfd)? };
+    // These tasks can safely run in parallel, so just for fun we do so via rayon.
     let tasks = [
         postprocess_useradd,
         postprocess_presets,
         postprocess_subs_dist,
         postprocess_rpm_macro,
     ];
-    Ok(tasks.par_iter().try_for_each(|f| f(rootfs_dfd))?)
+    tasks.par_iter().try_for_each(|f| f(rootfs_dfd))?;
+    // This task recursively traverses the filesystem and hence should be serial.
+    postprocess_embedded_ovl_whiteouts(rootfs_dfd)?;
+    Ok(())
 }
 
 #[context("Handling treefile 'units'")]
@@ -1290,6 +1335,22 @@ OSTREE_VERSION='33.4'
         Ok(())
     }
 
+    #[test]
+    fn test_overlay() -> Result<()> {
+        // We don't actually test creating whiteout devices here as that
+        // may not work.
+        let td = cap_tempfile::tempdir(cap_std::ambient_authority())?;
+        // Verify no-op case
+        postprocess_embedded_ovl_whiteouts(&td).unwrap();
+        td.create("foo")?;
+        td.symlink("foo", "bar")?;
+        postprocess_embedded_ovl_whiteouts(&td).unwrap();
+        assert!(td.try_exists("foo")?);
+        assert!(td.try_exists("bar")?);
+
+        Ok(())
+    }
+
     #[test]
     fn test_tmpfiles_d_translation() {
         use nix::sys::stat::{umask, Mode};
diff --git a/tests/compose/test-installroot.sh b/tests/compose/test-installroot.sh
index 1ac09b9a..3e40f679 100755
--- a/tests/compose/test-installroot.sh
+++ b/tests/compose/test-installroot.sh
@@ -54,6 +54,8 @@ echo "ok postprocess with treefile"
 
 testdate=$(date)
 runasroot sh -xec "
+# https://github.com/ostreedev/ostree/pull/2717/commits/e234b630f85b97e48ecf45d5aaba9b1aa64e6b54
+mknod -m 000 ${instroot}-directcommit/usr/share/foowhiteout c 0 0
 echo \"${testdate}\" > ${instroot}-directcommit/usr/share/rpm-ostree-composetest-split.txt
 ! test -f ${instroot}-directcommit/${integrationconf}
 rpm-ostree compose commit --repo=${repo} ${treefile} ${instroot}-directcommit
@@ -61,6 +63,12 @@ ostree --repo=${repo} ls ${treeref} /usr/bin/bash
 if ostree --repo=${repo} ls ${treeref} /var/lib/rpm >/dev/null; then
   echo found /var/lib/rpm in commit 1>&2; exit 1
 fi
+
+# Verify whiteout renames
+ostree --repo=${repo} ls ${treeref} /usr/share
+ostree --repo=${repo} ls ${treeref} /usr/share/.ostree-wh.foowhiteout >out.txt
+grep -Ee '^-00000' out.txt
+
 ostree --repo=${repo} cat ${treeref} /usr/share/rpm-ostree-composetest-split.txt >out.txt
 grep \"${testdate}\" out.txt
 ostree --repo=${repo} cat ${treeref} /${integrationconf}
-- 
2.38.1