composefs/boot: Change the way we find sharable vmlinuz + initrd

Instead of looking in the ".origin" files and trying to match the
boot_digest to digests in other origin files, we now simply re-compute
the sha256sum for vmlinuz + initrd for all boot entries present.

This fixes the bug that arises after mutiple upgrades where the original
deployment that created the boot entry has been garbage collected, so we
end up linking to another deployment that does have the same boot
digest, but the verity digest doesn't match the verity digest used for
the name of the directory where we store the kernel + initrd pair.

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>

Author: Johan-Liebert1

commits

@@ -0,0 +1,67 @@
+commit f074ee3087538faa1aca0e9a6d906d1d1bfbc25a
+Author: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+Date:   Tue Mar 31 14:24:27 2026 +0530
+
+    test: Add test for GC-ing shared Type1 entries
+    
+    Add a test to make sure we do not GC shared Type1 entries when they're
+    still referenced
+    
+    Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+
+commit b3acc1eacf1c64bd0f3027a0f5a9254e52935e80
+Author: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+Date:   Tue Mar 31 13:18:59 2026 +0530
+
+    composefs/gc: Fix shared entry GC even when they're in use
+    
+    This fixes a bug where a shared Type1 entry would get GCd even when it's
+    in use due to the original image that created it being deleted. Combined
+    with the fact that we were comparing the fsverity digest in the options
+    field of the BLS config (which will be different than the name of the
+    directory containing the vmlinuz + initrd pair).
+    
+    Now, we compare against the directory name when GC-ing boot binaries
+    
+    Fixes: https://github.com/bootc-dev/bootc/issues/2102
+    
+    Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+
+commit ce4dcd35ded9e801364613e6c86a9fa27ac25f65
+Author: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+Date:   Tue Mar 31 13:04:44 2026 +0530
+
+    composefs/boot: Change the way we find sharable vmlinuz + initrd
+    
+    Instead of looking in the ".origin" files and trying to match the
+    boot_digest to digests in other origin files, we now simply re-compute
+    the sha256sum for vmlinuz + initrd for all boot entries present.
+    
+    This fixes the bug that arises after mutiple upgrades where the original
+    deployment that created the boot entry has been garbage collected, so we
+    end up linking to another deployment that does have the same boot
+    digest, but the verity digest doesn't match the verity digest used for
+    the name of the directory where we store the kernel + initrd pair.
+    
+    Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+
+commit d33ddd2cda789e52884534bf2ec074a6648e097c
+Author: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
+Date:   Tue Mar 31 10:38:22 2026 +0530
+
+    boot/config: Add method to get boot artifact name
+    
+    Add a method in BLSConfig and Grub Menuconfig to get the boot artifact
+    name, i.e. get the name of the UKI or the name of the directory
+    containing the Kernel + Initrd. The names are stripped of all our custom
+    prefixes and suffixes, so basically they return the verity digest part
+    of the name.
+    
+    This is useful for GC-ing Kernel + Initrd that are shared among multiple
+    deployments since we can't rely on the composefs= parameter in the
+    options as the cmdline verity digest might be different than the verity
+    digest of the shared Kernel + Initrd.
+    
+    Tests written by Claude Code (Opus)
+    
+    Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>

crates/lib/src/bootc_composefs/boot.rs

@@ -116,8 +116,7 @@ use crate::{
 };
 use crate::{
     composefs_consts::{
-        BOOT_LOADER_ENTRIES, ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST, STAGED_BOOT_LOADER_ENTRIES,
-        STATE_DIR_ABS, USER_CFG, USER_CFG_STAGED,
+        BOOT_LOADER_ENTRIES, STAGED_BOOT_LOADER_ENTRIES, USER_CFG, USER_CFG_STAGED,
     },
     spec::{Bootloader, Host},
 };
@@ -328,6 +327,27 @@ fn compute_boot_digest(
     Ok(hex::encode(digest))
 }
 
+#[context("Computing boot digest for Type1 entries")]
+fn compute_boot_digest_type1(dir: &Dir) -> Result<String> {
+    let mut vmlinuz = dir
+        .open(VMLINUZ)
+        .with_context(|| format!("Opening {VMLINUZ}"))?;
+
+    let mut initrd = dir
+        .open(INITRD)
+        .with_context(|| format!("Opening {INITRD}"))?;
+
+    let mut hasher = openssl::hash::Hasher::new(openssl::hash::MessageDigest::sha256())
+        .context("Creating hasher")?;
+
+    std::io::copy(&mut vmlinuz, &mut hasher)?;
+    std::io::copy(&mut initrd, &mut hasher)?;
+
+    let digest: &[u8] = &hasher.finish().context("Finishing digest")?;
+
+    Ok(hex::encode(digest))
+}
+
 /// Compute SHA256Sum of .linux + .initrd section of the UKI
 ///
 /// # Arguments
@@ -355,52 +375,35 @@ pub(crate) fn compute_boot_digest_uki(uki: &[u8]) -> Result<String> {
 /// Given the SHA256 sum of current VMlinuz + Initrd combo, find boot entry with the same SHA256Sum
 ///
 /// # Returns
-/// Returns the verity of all deployments that have a boot digest same as the one passed in
+/// Returns the directory name that has the same sha256 digest for vmlinuz + initrd as the one
+/// that's passed in
 #[context("Checking boot entry duplicates")]
-pub(crate) fn find_vmlinuz_initrd_duplicates(digest: &str) -> Result<Option<Vec<String>>> {
-    let deployments = Dir::open_ambient_dir(STATE_DIR_ABS, ambient_authority());
-
-    let deployments = match deployments {
-        Ok(d) => d,
-        // The first ever deployment
-        Err(e) if e.kind() == std::io::ErrorKind::NotFound => return Ok(None),
-        Err(e) => anyhow::bail!(e),
-    };
-
-    let mut symlink_to: Option<Vec<String>> = None;
-
-    for depl in deployments.entries()? {
-        let depl = depl?;
-
-        let depl_file_name = depl.file_name();
-        let depl_file_name = depl_file_name.as_str()?;
-
-        let config = depl
-            .open_dir()
-            .with_context(|| format!("Opening {depl_file_name}"))?
-            .read_to_string(format!("{depl_file_name}.origin"))
-            .context("Reading origin file")?;
+pub(crate) fn find_vmlinuz_initrd_duplicate(
+    storage: &Storage,
+    digest: &str,
+) -> Result<Option<String>> {
+    let boot_dir = storage.bls_boot_binaries_dir()?;
+
+    for entry in boot_dir.entries_utf8()? {
+        let entry = entry?;
+        let dir_name = entry.file_name()?;
+
+        if !entry.file_type()?.is_dir() {
+            continue;
+        }
 
-        let ini = tini::Ini::from_string(&config)
-            .with_context(|| format!("Failed to parse file {depl_file_name}.origin as ini"))?;
+        let Some(..) = dir_name.strip_prefix(TYPE1_BOOT_DIR_PREFIX) else {
+            continue;
+        };
 
-        match ini.get::<String>(ORIGIN_KEY_BOOT, ORIGIN_KEY_BOOT_DIGEST) {
-            Some(hash) => {
-                if hash == digest {
-                    match symlink_to {
-                        Some(ref mut prev) => prev.push(depl_file_name.to_string()),
-                        None => symlink_to = Some(vec![depl_file_name.to_string()]),
-                    }
-                }
-            }
+        let entry_digest = compute_boot_digest_type1(&boot_dir.open_dir(&dir_name)?)?;
 
-            // No SHASum recorded in origin file
-            // `symlink_to` is already none, but being explicit here
-            None => symlink_to = None,
-        };
+        if entry_digest == digest {
+            return Ok(Some(dir_name));
+        }
     }
 
-    Ok(symlink_to)
+    Ok(None)
 }
 
 #[context("Writing BLS entries to disk")]
@@ -687,45 +690,20 @@ pub(crate) fn setup_composefs_bls_boot(
                     options: Some(cmdline_refs),
                 });
 
-            match find_vmlinuz_initrd_duplicates(&boot_digest)? {
-                Some(shared_entries) => {
+            let shared_entry = match setup_type {
+                BootSetupType::Setup(_) => None,
+                BootSetupType::Upgrade((storage, ..)) => {
+                    find_vmlinuz_initrd_duplicate(storage, &boot_digest)?
+                }
+            };
+
+            match shared_entry {
+                Some(shared_entry) => {
                     // Multiple deployments could be using the same kernel + initrd, but there
                     // would be only one available
                     //
                     // Symlinking directories themselves would be better, but vfat does not support
                     // symlinks
-
-                    let mut shared_entry: Option<String> = None;
-
-                    let entries =
-                        Dir::open_ambient_dir(entry_paths.entries_path, ambient_authority())
-                            .context("Opening entries path")?
-                            .entries_utf8()
-                            .context("Getting dir entries")?;
-
-                    for ent in entries {
-                        let ent = ent?;
-                        // We shouldn't error here as all our file names are UTF-8 compatible
-                        let ent_name = ent.file_name()?;
-
-                        let Some(entry_verity_part) = ent_name.strip_prefix(TYPE1_BOOT_DIR_PREFIX)
-                        else {
-                            // Not our directory
-                            continue;
-                        };
-
-                        if shared_entries
-                            .iter()
-                            .any(|shared_ent| shared_ent == entry_verity_part)
-                        {
-                            shared_entry = Some(ent_name);
-                            break;
-                        }
-                    }
-
-                    let shared_entry = shared_entry
-                        .ok_or_else(|| anyhow::anyhow!("Shared boot binaries not found"))?;
-
                     match bls_config.cfg_type {
                         BLSConfigType::NonEFI {
                             ref mut linux,