From 93a4fcc05fa2936db8a91cb2a515a81d3ae89043 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sun, 23 Jul 2023 14:39:04 -0400
Subject: [PATCH] prepare-root: Don't parse target root when composefs enabled

We shouldn't load anything from the target root filesystem *before*
verifying its integrity if composefs is enabled.

In effect, we want to force composefs users to migrate to
`/usr/lib/ostree/prepare-root.conf` which lives in the initramfs.
(But because we enable sysroot.readonly=true if composefs is enabled
 too, they don't actually need to)
---
 src/switchroot/ostree-prepare-root.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
index 12ade9ff3c..4d0cc31590 100644
--- a/src/switchroot/ostree-prepare-root.c
+++ b/src/switchroot/ostree-prepare-root.c
@@ -371,8 +371,10 @@ main (int argc, char *argv[])
   /* Fall back to querying the repository configuration in the target disk.
    * This is an operating system builder choice.  More info:
    * https://github.com/ostreedev/ostree/pull/1767
+   * However, we only do this if composefs is not enabled, because we don't
+   * want to parse the target root filesystem before verifying its integrity.
    */
-  if (!sysroot_readonly)
+  if (!sysroot_readonly && composefs_config->enabled != OT_TRISTATE_YES)
     {
       sysroot_readonly = sysroot_is_configured_ro (root_arg);
       // Encourage porting to the new config file