project: Use ImageReference from containers_image_proxy

crates/lib/src/bootc_composefs/boot.rs

@@ -1405,7 +1405,7 @@ pub(crate) async fn setup_composefs_boot(
     write_composefs_state(
         &root_setup.physical_root_path,
         &id,
-        &crate::spec::ImageReference::from(state.target_imgref.clone()),
+        &crate::spec::ImageReferenceSig::from(state.target_imgref.clone()),
         None,
         boot_type,
         boot_digest,

crates/lib/src/bootc_composefs/repo.rs

@@ -237,7 +237,7 @@ async fn pull_composefs_unified(
 /// Checks for boot entries in the image and returns them.
 #[context("Pulling composefs repository")]
 pub(crate) async fn pull_composefs_repo(
-    spec_imgref: &crate::spec::ImageReference,
+    spec_imgref: &crate::spec::ImageReferenceSig,
     allow_missing_fsverity: bool,
     use_unified: bool,
 ) -> Result<PullRepoResult> {

crates/lib/src/bootc_composefs/state.rs

@@ -38,7 +38,7 @@ use crate::{
         SHARED_VAR_PATH, STATE_DIR_RELATIVE,
     },
     parsers::bls_config::BLSConfig,
-    spec::ImageReference,
+    spec::ImageReferenceSig,
     spec::{FilesystemOverlay, FilesystemOverlayAccessMode, FilesystemOverlayPersistence},
     utils::path_relative_to,
 };
@@ -230,7 +230,7 @@ pub(crate) fn update_boot_digest_in_origin(
 pub(crate) async fn write_composefs_state(
     root_path: &Utf8PathBuf,
     deployment_id: &Sha512HashValue,
-    target_imgref: &ImageReference,
+    target_imgref: &ImageReferenceSig,
     staged: Option<StagedDeployment>,
     boot_type: BootType,
     boot_digest: String,

crates/lib/src/bootc_composefs/status.rs

@@ -25,7 +25,7 @@ use crate::{
         bls_config::{BLSConfig, BLSConfigType, parse_bls_config},
         grub_menuconfig::{MenuEntry, parse_grub_menuentry_file},
     },
-    spec::{BootEntry, BootOrder, Host, HostSpec, ImageReference, ImageStatus},
+    spec::{BootEntry, BootOrder, Host, HostSpec, ImageStatus},
     store::Storage,
     utils::{EfiError, read_uefi_var},
 };
@@ -468,7 +468,7 @@ fn boot_entry_from_composefs_deployment(
     let image = match origin.get::<String>("origin", ORIGIN_CONTAINER) {
         Some(img_name_from_config) => {
             let ostree_img_ref = OstreeImageReference::from_str(&img_name_from_config)?;
-            let img_ref = ImageReference::from(ostree_img_ref);
+            let img_ref = crate::spec::ImageReferenceSig::from(ostree_img_ref);
 
             let img_conf = get_imginfo(storage, &verity)?;
 

crates/lib/src/bootc_composefs/update.rs

@@ -29,7 +29,7 @@ use crate::{
         COMPOSEFS_STAGED_DEPLOYMENT_FNAME, COMPOSEFS_TRANSIENT_STATE_DIR, STATE_DIR_RELATIVE,
         TYPE1_ENT_PATH_STAGED, USER_CFG_STAGED,
     },
-    spec::{Bootloader, Host, ImageReference},
+    spec::{Bootloader, Host, ImageReferenceSig},
     store::{BootedComposefs, ComposefsRepository, Storage},
 };
 
@@ -54,7 +54,7 @@ use crate::{
 #[context("Checking if image {} is pulled", imgref.image)]
 pub(crate) async fn is_image_pulled(
     repo: &ComposefsRepository,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
 ) -> Result<(Option<Sha512HashValue>, ImgConfigManifest)> {
     let imgref_repr = imgref.to_image_proxy_ref()?;
     let img_config_manifest = get_container_manifest_and_config(&imgref_repr.to_string()).await?;
@@ -242,7 +242,7 @@ pub(crate) async fn do_upgrade(
     storage: &Storage,
     booted_cfs: &BootedComposefs,
     host: &Host,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
     opts: &DoUpgradeOpts,
     manifest: &ostree_ext::oci_spec::image::ImageManifest,
 ) -> Result<()> {

crates/lib/src/cli.rs

@@ -53,7 +53,7 @@ use crate::podstorage::set_additional_image_store;
 use crate::progress_jsonl::{ProgressWriter, RawProgressFd};
 use crate::spec::FilesystemOverlayAccessMode;
 use crate::spec::Host;
-use crate::spec::ImageReference;
+use crate::spec::ImageReferenceSig;
 use crate::status::get_host;
 use crate::store::{BootedOstree, Storage};
 use crate::store::{BootedStorage, BootedStorageKind};
@@ -1347,15 +1347,15 @@ async fn upgrade(
 
     Ok(())
 }
-pub(crate) fn imgref_for_switch(opts: &SwitchOpts) -> Result<ImageReference> {
+pub(crate) fn imgref_for_switch(opts: &SwitchOpts) -> Result<ImageReferenceSig> {
     let transport = ostree_container::Transport::try_from(opts.transport.as_str())?;
     let imgref = ostree_container::ImageReference {
         transport,
         name: opts.target.to_string(),
     };
     let sigverify = sigpolicy_from_opt(opts.enforce_container_sigpolicy);
     let target = ostree_container::OstreeImageReference { sigverify, imgref };
-    let target = ImageReference::from(target);
+    let target = ImageReferenceSig::from(target);
 
     return Ok(target);
 }
@@ -2482,7 +2482,7 @@ mod tests {
     #[test]
     fn test_image_reference_with_tag() {
         // Test basic tag replacement for registry transport
-        let current = ImageReference {
+        let current = ImageReferenceSig {
             image: "quay.io/example/myapp:v1.0".to_string(),
             transport: "registry".to_string(),
             signature: None,
@@ -2492,7 +2492,7 @@ mod tests {
         assert_eq!(result.transport, "registry");
 
         // Test tag replacement with digest (digest should be stripped for registry)
-        let current_with_digest = ImageReference {
+        let current_with_digest = ImageReferenceSig {
             image: "quay.io/example/myapp:v1.0@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890".to_string(),
             transport: "registry".to_string(),
             signature: None,
@@ -2501,7 +2501,7 @@ mod tests {
         assert_eq!(result.image, "quay.io/example/myapp:v2.0");
 
         // Test that non-registry transport works (containers-storage)
-        let containers_storage = ImageReference {
+        let containers_storage = ImageReferenceSig {
             image: "localhost/myapp:v1.0".to_string(),
             transport: "containers-storage".to_string(),
             signature: None,
@@ -2511,7 +2511,7 @@ mod tests {
         assert_eq!(result.transport, "containers-storage");
 
         // Test digest stripping for non-registry transport
-        let containers_storage_with_digest = ImageReference {
+        let containers_storage_with_digest = ImageReferenceSig {
             image:
                 "localhost/myapp:v1.0@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
                     .to_string(),
@@ -2523,7 +2523,7 @@ mod tests {
         assert_eq!(result.transport, "containers-storage");
 
         // Test image without tag (edge case)
-        let no_tag = ImageReference {
+        let no_tag = ImageReferenceSig {
             image: "localhost/myapp".to_string(),
             transport: "containers-storage".to_string(),
             signature: None,

crates/lib/src/deploy.rs

@@ -24,7 +24,7 @@ use ostree_ext::sysroot::SysrootLock;
 use ostree_ext::tokio_util::spawn_blocking_cancellable_flatten;
 
 use crate::progress_jsonl::{Event, ProgressWriter, SubTaskBytes, SubTaskStep};
-use crate::spec::ImageReference;
+use crate::spec::ImageReferenceSig;
 use crate::spec::{BootOrder, HostSpec};
 use crate::status::labels_of_config;
 use crate::store::Storage;
@@ -48,7 +48,7 @@ const BOOTC_DERIVED_KEY: &str = "bootc.derived";
 
 /// Variant of HostSpec but required to be filled out
 pub(crate) struct RequiredHostSpec<'a> {
-    pub(crate) image: &'a ImageReference,
+    pub(crate) image: &'a ImageReferenceSig,
 }
 
 /// State of a locally fetched image
@@ -388,7 +388,7 @@ fn check_disk_space_inner(
     fd: impl AsFd,
     bytes_to_fetch: u64,
     min_free: u64,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
 ) -> Result<()> {
     let stat = rustix::fs::fstatvfs(fd)?;
     let bytes_avail = stat.f_bsize.checked_mul(stat.f_bavail).unwrap_or(u64::MAX);
@@ -411,7 +411,7 @@ fn check_disk_space_inner(
 pub(crate) fn check_disk_space_ostree(
     repo: &ostree::Repo,
     image_meta: &PreparedImportMeta,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
 ) -> Result<()> {
     let min_free = repo.min_free_space_bytes().unwrap_or(0);
     check_disk_space_inner(
@@ -427,7 +427,7 @@ pub(crate) fn check_disk_space_ostree(
 pub(crate) fn check_disk_space_unified(
     cfs: &crate::store::ComposefsRepository,
     image_meta: &PreparedImportMeta,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
 ) -> Result<()> {
     check_disk_space_inner(cfs.objects_dir()?, image_meta.bytes_to_fetch, 0, imgref)
 }
@@ -437,7 +437,7 @@ pub(crate) fn check_disk_space_unified(
 pub(crate) fn check_disk_space_composefs(
     cfs: &crate::store::ComposefsRepository,
     manifest: &ostree_ext::oci_spec::image::ImageManifest,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
 ) -> Result<()> {
     let bytes_to_fetch: u64 = manifest
         .layers()
@@ -464,7 +464,7 @@ pub(crate) enum PreparedPullResult {
 
 pub(crate) async fn prepare_for_pull(
     repo: &ostree::Repo,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
     target_imgref: Option<&OstreeImageReference>,
     booted_deployment: Option<&ostree::Deployment>,
 ) -> Result<PreparedPullResult> {
@@ -511,7 +511,7 @@ pub(crate) async fn prepare_for_pull(
 /// Returns true if the image exists in bootc storage.
 pub(crate) async fn image_exists_in_unified_storage(
     store: &Storage,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
 ) -> Result<bool> {
     let imgstore = store.get_ensure_imgstore()?;
     let image_ref_str = imgref.to_transport_image()?;
@@ -522,7 +522,7 @@ pub(crate) async fn image_exists_in_unified_storage(
 /// This reuses the same infrastructure as LBIs.
 pub(crate) async fn prepare_for_pull_unified(
     repo: &ostree::Repo,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
     target_imgref: Option<&OstreeImageReference>,
     store: &Storage,
     booted_deployment: Option<&ostree::Deployment>,
@@ -548,7 +548,7 @@ pub(crate) async fn prepare_for_pull_unified(
 
     // Now create a containers-storage reference to read from bootc storage
     tracing::info!("Unified pull: now importing from containers-storage transport");
-    let containers_storage_imgref = ImageReference {
+    let containers_storage_imgref = ImageReferenceSig {
         transport: "containers-storage".to_string(),
         image: imgref.image.clone(),
         signature: imgref.signature.clone(),
@@ -614,7 +614,7 @@ pub(crate) async fn prepare_for_pull_unified(
 /// Unified pull: Use podman to pull to containers-storage, then read from there
 pub(crate) async fn pull_unified(
     repo: &ostree::Repo,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
     target_imgref: Option<&OstreeImageReference>,
     quiet: bool,
     prog: ProgressWriter,
@@ -642,7 +642,7 @@ pub(crate) async fn pull_unified(
                 imgref,
             )?;
             // To avoid duplicate success logs, pass a containers-storage imgref to the importer
-            let cs_imgref = ImageReference {
+            let cs_imgref = ImageReferenceSig {
                 transport: "containers-storage".to_string(),
                 image: imgref.image.clone(),
                 signature: imgref.signature.clone(),
@@ -654,7 +654,7 @@ pub(crate) async fn pull_unified(
 
 #[context("Pulling")]
 pub(crate) async fn pull_from_prepared(
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
     quiet: bool,
     prog: ProgressWriter,
     mut prepared_image: PreparedImportMeta,
@@ -729,7 +729,7 @@ pub(crate) async fn pull_from_prepared(
 /// Wrapper for pulling a container image, wiring up status output.
 pub(crate) async fn pull(
     repo: &ostree::Repo,
-    imgref: &ImageReference,
+    imgref: &ImageReferenceSig,
     target_imgref: Option<&OstreeImageReference>,
     quiet: bool,
     prog: ProgressWriter,
@@ -922,7 +922,7 @@ async fn deploy(
 }
 
 #[context("Generating origin")]
-fn origin_from_imageref(imgref: &ImageReference) -> Result<glib::KeyFile> {
+fn origin_from_imageref(imgref: &ImageReferenceSig) -> Result<glib::KeyFile> {
     let origin = glib::KeyFile::new();
     let imgref = OstreeImageReference::from(imgref.clone());
     origin.set_string(
@@ -1215,7 +1215,7 @@ fn find_newest_deployment_name(deploysdir: &Dir) -> Result<String> {
 }
 
 // Implementation of `bootc switch --in-place`
-pub(crate) fn switch_origin_inplace(root: &Dir, imgref: &ImageReference) -> Result<String> {
+pub(crate) fn switch_origin_inplace(root: &Dir, imgref: &ImageReferenceSig) -> Result<String> {
     // Log the in-place switch operation to systemd journal
     const SWITCH_INPLACE_JOURNAL_ID: &str = "3e2f1a0b9c8d7e6f5a4b3c2d1e0f9a8b7";
 
@@ -1385,7 +1385,7 @@ mod tests {
             builder,
         )?;
         let deploydir = &td.open_dir(deploydir)?;
-        let orig_imgref = ImageReference {
+        let orig_imgref = ImageReferenceSig {
             image: "quay.io/exampleos/original:sometag".into(),
             transport: "registry".into(),
             signature: None,
@@ -1398,7 +1398,7 @@ mod tests {
             )?;
         }
 
-        let target_imgref = ImageReference {
+        let target_imgref = ImageReferenceSig {
             image: "quay.io/someother/otherimage:latest".into(),
             transport: "registry".into(),
             signature: None,
@@ -1465,7 +1465,7 @@ UUID=6907-17CA          /boot/efi               vfat    umask=0077,shortname=win
     #[test]
     fn test_check_disk_space_inner() -> Result<()> {
         let td = cap_std_ext::cap_tempfile::TempDir::new(cap_std::ambient_authority())?;
-        let imgref = ImageReference {
+        let imgref = ImageReferenceSig {
             image: "quay.io/exampleos/exampleos:latest".into(),
             transport: "registry".into(),
             signature: None,

crates/lib/src/image.rs

@@ -506,7 +506,7 @@ pub(crate) async fn set_unified(sysroot: &crate::store::Storage) -> Result<()> {
 
     // Optionally verify we can import from containers-storage by preparing in a temp importer
     // without actually importing into the main repo; this is a lightweight validation.
-    let containers_storage_imgref = crate::spec::ImageReference {
+    let containers_storage_imgref = crate::spec::ImageReferenceSig {
         transport: "containers-storage".to_string(),
         image: imgref.image.clone(),
         signature: imgref.signature.clone(),

crates/lib/src/install.rs

@@ -198,7 +198,7 @@ use crate::deploy::{MergeState, PreparedPullResult, prepare_for_pull, pull_from_
 use crate::install::config::Filesystem as FilesystemEnum;
 use crate::lsm;
 use crate::progress_jsonl::ProgressWriter;
-use crate::spec::{Bootloader, ImageReference};
+use crate::spec::{Bootloader, ImageReferenceSig};
 use crate::store::Storage;
 use crate::task::Task;
 use crate::utils::sigpolicy_from_opt;
@@ -1061,7 +1061,7 @@ async fn install_container(
 
     // Pull the container image into the target root filesystem. Since this is
     // an install path, we don't need to fsync() individual layers.
-    let spec_imgref = ImageReference::from(src_imageref.clone());
+    let spec_imgref = ImageReferenceSig::from(src_imageref.clone());
     let repo = &sysroot.repo();
     repo.set_disable_fsync(true);
 
@@ -2030,7 +2030,7 @@ async fn install_to_filesystem_impl(
             crate::deploy::check_disk_space_composefs(
                 &cfs_repo,
                 &img_manifest_config.manifest,
-                &crate::spec::ImageReference {
+                &crate::spec::ImageReferenceSig {
                     image: imgref.name.clone(),
                     transport: imgref.transport.to_string(),
                     signature: None,