From 4449e551b212f5b8d392339047a319ba3a62c921 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 25 Feb 2025 14:49:58 -0500
Subject: [PATCH] chunking: Fix working as rootful

The previous change made us work rootless, but broke running
rootful. This is going to be quite painful in practice to unwind...
right now I care more about rootful, so let's make that one work
again (and test going from containers-storage -> containers-storage in CI).

Signed-off-by: Colin Walters <walters@verbum.org>
---
 .github/workflows/ci.yaml      | 6 +++---
 rust/src/compose.rs            | 8 +++++++-
 rust/src/containers_storage.rs | 1 +
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index c8149b1b14..c2851fa66a 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -275,9 +275,9 @@ jobs:
             -v /var/lib/containers:/var/lib/containers \
             -v /var/tmp:/var/tmp \
             -v $(pwd):/output \
-            localhost/builder rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 --max-layers 99 --from localhost/base --output oci:/output/base-chunked
-          sudo skopeo inspect oci:base-chunked
-          new_created=$(sudo skopeo inspect --raw --config oci:base-chunked | jq -r .created)
+            localhost/builder rpm-ostree experimental compose build-chunked-oci --bootc --format-version=1 --max-layers 99 --from localhost/base --output containers-storage:localhost/chunked
+          sudo skopeo inspect containers-storage:localhost/chunked
+          new_created=$(sudo skopeo inspect --raw --config containers-storage:localhost/chunked | jq -r .created)
           # ostree only stores seconds, so canonialize the rfc3339 data to seconds
           test "$(date --date="${orig_created}" --rfc-3339=seconds)" = "$(date --date="${new_created}" --rfc-3339=seconds)"
 
diff --git a/rust/src/compose.rs b/rust/src/compose.rs
index 0af7a29be9..0e5ca28615 100644
--- a/rust/src/compose.rs
+++ b/rust/src/compose.rs
@@ -253,7 +253,13 @@ impl BuildChunkedOCIOpts {
             FileSource::Rootfs(rootfs)
         } else {
             let image = self.from.as_deref().unwrap();
-            crate::containers_storage::reexec_if_needed()?;
+            // TODO: Fix running this inside unprivileged podman too. We'll likely need
+            // to refactor things into a two-step process where we do the mount+ostree repo commit
+            // in a subprocess that has the "unshare", and then the secondary main process
+            // just reads/operates on that.
+            // Note that this would all be a lot saner with a composefs-native container storage
+            // as we could cleanly operate on that, asking c/storage to synthesize one for us.
+            // crate::containers_storage::reexec_if_needed()?;
             FileSource::Podman(Mount::new_for_image(image)?)
         };
         let rootfs = match &rootfs_source {
diff --git a/rust/src/containers_storage.rs b/rust/src/containers_storage.rs
index e41f18319f..206b2b2d5b 100644
--- a/rust/src/containers_storage.rs
+++ b/rust/src/containers_storage.rs
@@ -12,6 +12,7 @@ use crate::cmdutils::CommandRunExt;
 /// Ensure that we're in a new user+mountns, so that "buildah mount"
 /// will work reliably.
 /// https://github.com/containers/buildah/issues/5976
+#[allow(dead_code)]
 pub(crate) fn reexec_if_needed() -> Result<()> {
     if ostree_ext::container_utils::running_in_container() {
         crate::reexec::reexec_with_guardenv(