install/bootloader bind-mount rootfs to /run before chrooting

jbtrystram · jbtrystram · commit 858bcec019e8 · 2025-12-17T22:14:29.000+01:00
diff --git a/crates/lib/src/bootloader.rs b/crates/lib/src/bootloader.rs
@@ -10,6 +10,7 @@ use fn_error_context::context;
 use bootc_blockdev::{Partition, PartitionTable};
 use bootc_mount as mount;
 use rustix::mount::UnmountFlags;
+use rustix::path::Arg;
 
 use crate::bootc_composefs::boot::{mount_esp, SecurebootKeys};
 use crate::{discoverable_partition_specification, utils};
@@ -59,13 +60,18 @@ pub(crate) fn install_via_bootupd(
     // When not running inside the target container (through `--src-imgref`) we chroot
     // into the deployment before running bootupd. This makes sure we use binaries
     // from the target image rather than the buildroot
-    // But then `/target` (or wherever the user mounted the target FS) is not available,
-    // but since bootupd use that just to find the underlying device,
-    // we can use the deployement path just fine.
-    // Another way of doing this would be to enforce having the target
-    // rootfs mounted under `/run` so we'd get access to it as part of
-    // the standard bind-mounts below.
-    let chroot_root: Option<&str>;
+    // In some cases (e.g. --write-uuid), bootupd needs to find the underlying device
+    // for /boot. But since we don't control where the destination rootfs is mounted
+    // let's bind mount it to a temp mountpoint under /run
+    // so it gets carried over in the chroot.
+
+    let rootfs_mount = if rootfs.starts_with("/run") {
+        rootfs.to_path_buf().into_std_path_buf()
+    } else {
+        let rootfs_mount = tempfile::tempdir_in("/run")?.keep();
+        rustix::mount::mount_bind_recursive(rootfs.as_std_path(), &rootfs_mount)?;
+        rootfs_mount
+    };
     let bind_mount_dirs = ["/dev", "/run", "/proc", "/sys"];
     let chroot_args = if let Some(target_root) = abs_deployment_path.as_deref() {
         tracing::debug!("Setting up bind-mounts before chrooting to the target deployment");
@@ -77,12 +83,10 @@ pub(crate) fn install_via_bootupd(
             tracing::debug!("bind mounting {}", dest.display());
             rustix::mount::mount_bind_recursive(src, dest)?;
         }
-        chroot_root = Some("/");
         // Append the `bootupctl` command, it will be passed as
         // an argument to chroot
         vec![target_root.as_str(), "bootupctl"]
     } else {
-        chroot_root = None;
         vec![]
     };
 
@@ -98,8 +102,7 @@ pub(crate) fn install_via_bootupd(
         .args(["backend", "install", "--write-uuid"])
         .args(verbose)
         .args(bootupd_opts.iter().copied().flatten())
-        .args(["--device", devpath.as_str()])
-        .args(chroot_root.or(Some(rootfs.as_str())))
+        .args(["--device", devpath.as_str(), rootfs_mount.as_str()?])
         .log_debug()
         .run_inherited_with_cmd_context();
 
