Skip to main content

composefs/
lib.rs

1//! Rust bindings and utilities for working with composefs images and repositories.
2//!
3//! Composefs is a read-only FUSE filesystem that enables efficient sharing
4//! of container filesystem layers by using content-addressable storage
5//! and fs-verity for integrity verification.
6
7#![forbid(unsafe_code)]
8// This is a library: emit diagnostics via the `log` crate (or return them),
9// never by writing to the process's stdout/stderr. Genuinely-intentional
10// exceptions carry a local `#[allow]` with justification. Test code is exempt.
11#![cfg_attr(not(test), deny(clippy::print_stdout, clippy::print_stderr))]
12
13pub mod dumpfile;
14pub mod dumpfile_parse;
15pub mod erofs;
16pub mod filesystem_ops;
17pub mod fs;
18pub mod fsverity;
19pub mod mount;
20pub mod mountcompat;
21pub mod progress;
22pub mod repository;
23pub use repository::ImageNotFound;
24pub mod splitstream;
25pub mod tree;
26pub mod util;
27
28pub mod generic_tree;
29#[cfg(any(test, feature = "test"))]
30pub mod test;
31
32/// Files with this many bytes or fewer are stored inline in the erofs image
33/// (and in splitstreams).  Files above this threshold are written to object
34/// storage and referenced via overlay metacopy xattrs.
35///
36/// Changing this value is effectively a format break: it affects which files
37/// get fs-verity checksums (external) vs. which are stored directly (inline),
38/// so images produced with different thresholds are not interchangeable.
39/// A future composefs format version may change this size
40/// (see <https://github.com/composefs/composefs-rs/issues/107>).
41///
42/// For the *parsing* safety bound enforced when reading untrusted input, see
43/// [`MAX_INLINE_CONTENT`].
44pub const INLINE_CONTENT_MAX_V0: usize = 64;
45
46/// Maximum inline content size accepted when parsing untrusted input (dumpfiles,
47/// EROFS images in composefs-restricted mode).
48///
49/// This is intentionally higher than [`INLINE_CONTENT_MAX_V0`] to allow for future
50/// increases to the inline threshold (see
51/// <https://github.com/composefs/composefs-rs/issues/107>).
52pub const MAX_INLINE_CONTENT: usize = 512;
53
54/// Maximum symlink target length in bytes.
55///
56/// XFS limits symlink targets to 1024 bytes (`XFS_SYMLINK_MAXLEN`). Since
57/// generic Linux containers are commonly backed by XFS, we enforce that
58/// limit rather than the Linux VFS `PATH_MAX` of 4096.
59pub const SYMLINK_MAX: usize = 1024;
60
61/// Internal constants shared across workspace crates.
62///
63/// Not part of the public API — may change without notice.
64#[doc(hidden)]
65pub mod shared_internals {
66    /// Default I/O buffer capacity for BufWriter/BufReader in streaming paths.
67    ///
68    /// The stdlib default of 8 KiB is suboptimal for large file I/O.
69    /// 64 KiB provides significantly better throughput.
70    /// See <https://github.com/bootc-dev/ocidir-rs/pull/63>.
71    pub const IO_BUF_CAPACITY: usize = 64 * 1024;
72}