deploy: Honor prepare-root.conf at deploy time for composefs

[cgwalters]

lib: Move parsing of composefs config into otcore

So it can be shared with the deployment path. Prep for dropping
ex-integrity.composefs.

---

prepare-root: Fix crash if no keys were found

Handle a NULL pointer.

---

switchroot: Move a define into library too

---

deploy: Honor prepare-root.conf at deploy time

I want to try to get away from the "repository global" configuration
in the repo config.

A major problem is that there's not an obvious way to configure
it as part of an ostree commit/container build - it needs
to be managed "out of band".

With this change, we parse the usr/lib/ostree/prepare-root.conf
in the deployment root, and if composefs is enabled there,
then we honor it.

We do still honor ex-integrity.composefs but that I think
we can schedule to remove.

---

[ericcurtin]

LGTM

[alexlarsson]

We do still honor ex-integrity.composefs but that I think we can schedule to remove.

I don't think we can fully get rid of global options though. In particular, we need the fact that use_composefs implies that use_fsverity defaults to MAYBE when use_composefs is enabled.

Or maybe we should just switch use_fsverity to always be maybe?

[cgwalters]

I don't think we can fully get rid of global options though. In particular, we need the fact that use_composefs implies that use_fsverity defaults to MAYBE when use_composefs is enabled.
Or maybe we should just switch use_fsverity to always be maybe?

Ug yes, good point. There's some circularity inherent in all this if we're aiming to have the commit/image define defaults.

I think the way to break this circularity is probably to add a post-deploy phase that enables fsverity on all objects in a given commit if the prepare-root configuration says that composefs is "maybe". And hard errors if fsverity can't be enabled in a "always" mode.

[cgwalters]

Moving this to #3202