composefs · cgwalters · May 3, 2026 · May 17, 2026 · May 17, 2026 · May 3, 2026
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,5 @@
 **/fuzz/target/
 **/fuzz/corpus/
 **/fuzz/artifacts/
+.worktrees
+*.rpm
diff --git a/Justfile b/Justfile
@@ -90,6 +90,21 @@ test-integration-vm *ARGS: build _integration-container-build
 install-nextest:
     @which cargo-nextest > /dev/null 2>&1 || cargo install cargo-nextest --locked
 
+# Build and run a bls example locally.
+# Usage: just test-example-local bls arch
+#        just test-example-local bls arch fsfmt=ext4 verity=none
+# 'fsfmt' defaults to ext4, 'verity' defaults to none (no fs-verity enforcement).
+# Requires: qemu-kvm, OVMF, skopeo, mtools, fsverity, mkfs.erofs, systemd-repart, podman.
+test-example-local example os fsfmt="ext4" verity="none": build
+    #!/usr/bin/env bash
+    set -euo pipefail
+    export FS_FORMAT={{ fsfmt }}
+    export FS_VERITY_MODE={{ verity }}
+    export CFSCTL_PATH=$(pwd)/target/debug/cfsctl
+    cd examples
+    {{ example }}/build {{ os }}
+    TEST_IMAGE="{{ example }}/{{ os }}-{{ example }}-efi.qcow2" pytest test -v
+
 # Run everything: checks + full integration tests including VM
 ci: check test-integration-vm
 

diff --git a/bootc/Justfile b/bootc/Justfile
@@ -51,23 +51,25 @@ patch: clone
     #!/bin/bash
     set -euo pipefail
 
-    # Require a clean composefs-rs working tree so we test a real commit
+    # Require a clean composefs-rs working tree so we test a real commit.
+    # Only tracked files matter; untracked files are allowed.
+    # git diff HEAD already excludes untracked files.
     if ! git -C "$_COMPOSEFS_SRC" diff --quiet HEAD 2>/dev/null; then
         echo "error: composefs-rs has uncommitted changes — commit or stash first" >&2
-        git -C "$_COMPOSEFS_SRC" status --short >&2
+        git -C "$_COMPOSEFS_SRC" diff --stat HEAD >&2
         exit 1
     fi
 
-    cfs_path="$_COMPOSEFS_SRC/crates/cfsctl"
+    cfs_path="$_COMPOSEFS_SRC/crates/composefs-ctl"
 
     cd "$COMPOSEFS_BOOTC_PATH"
 
     # Add or update the [patch] section with a path override
-    patch_value="cfsctl = { path = \"${cfs_path}\" } # Patched by composefs-rs"
+    patch_value="composefs-ctl = { path = \"${cfs_path}\" } # Patched by composefs-rs"
     if grep -q '^[[:space:]]*\[patch\."https://github.com/composefs/composefs-rs"\]' Cargo.toml; then
-        # Patch section already exists (uncommented) — replace the cfsctl line
+        # Patch section already exists (uncommented) — replace the composefs-ctl line
         sed -i '/^[[:space:]]*\[patch\."https:\/\/github.com\/composefs\/composefs-rs"\]/,/^$\|^\[/{
-            s|^cfsctl = .*|'"$patch_value"'|
+            s|^composefs-ctl = .*|'"$patch_value"'|
         }' Cargo.toml
     else
         # No patch section yet — append one

diff --git a/crates/composefs-boot/src/lib.rs b/crates/composefs-boot/src/lib.rs
@@ -101,13 +101,19 @@ impl<ObjectID: FsVerityHashValue> BootOps<ObjectID> for FileSystem<ObjectID> {
     ) -> Result<Vec<BootEntry<ObjectID>>> {
         let boot_entries = get_boot_resources(self, repo)?;
         empty_toplevel_dirs(self)?;
+        // Compact the leaves table after clearing directories, so that leaves
+        // which were only referenced by /boot or /sysroot are removed and
+        // don't appear as orphans when the filesystem is validated.
+        self.compact();
         selabel::selabel(self, repo)?;
 
         Ok(boot_entries)
     }
 
     fn transform_for_boot_from_dir(&mut self, rootfs: impl AsFd) -> Result<()> {
         empty_toplevel_dirs(self)?;
+        // Same as above: compact to remove leaves orphaned by clearing dirs.
+        self.compact();
         selabel::selabel_from_dir(self, rootfs)?;
         Ok(())
     }

diff --git a/crates/composefs-boot/src/selabel.rs b/crates/composefs-boot/src/selabel.rs
@@ -581,6 +581,7 @@ mod tests {
             st_uid: 0,
             st_gid: 0,
             st_mtim_sec: 0,
+            st_mtim_nsec: 0,
             xattrs: Default::default(),
         };
 
@@ -595,6 +596,7 @@ mod tests {
                         st_uid: 0,
                         st_gid: 0,
                         st_mtim_sec: 0,
+                        st_mtim_nsec: 0,
                         xattrs: Default::default(),
                     },
                     LeafContent::Regular(RegularFile::Inline(data.to_vec().into_boxed_slice())),