Filter out BLS entries not managed by bootc

crates/lib/src/bootc_composefs/status.rs

@@ -19,6 +19,7 @@ use crate::{
     composefs_consts::{
         COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, ORIGIN_KEY_IMAGE, ORIGIN_KEY_MANIFEST_DIGEST,
         TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG, USER_CFG_STAGED,
+        BLS_ENTRY_PREFIX,
     },
     install::EFI_LOADER_INFO,
     parsers::{
@@ -303,7 +304,7 @@ fn get_sorted_type1_boot_entries_helper(
             .to_str()
             .ok_or(anyhow::anyhow!("Found non UTF-8 characters in filename"))?;
 
-        if !file_name.ends_with(".conf") {
+        if !(file_name.starts_with(BLS_ENTRY_PREFIX) && file_name.ends_with(".conf")) {
             continue;
         }
 
@@ -1091,8 +1092,16 @@ mod tests {
             "loader/entries/random_file.txt",
             "Random file that we won't parse",
         )?;
-        tempdir.atomic_write("loader/entries/entry1.conf", entry1)?;
-        tempdir.atomic_write("loader/entries/entry2.conf", entry2)?;
+        tempdir.atomic_write(
+            "loader/entries/random_file.conf",
+            "Random file that we won't parse",
+        )?;
+        tempdir.atomic_write(
+            "loader/entries/bootc_random_file.txt",
+            "Random file that we won't parse",
+        )?;
+        tempdir.atomic_write("loader/entries/bootc_entry1.conf", entry1)?;
+        tempdir.atomic_write("loader/entries/bootc_entry2.conf", entry2)?;
 
         let result =
             get_sorted_type1_boot_entries_helper(&tempdir, true, false, Bootloader::Systemd)
@@ -1254,8 +1263,8 @@ mod tests {
 
         tempdir.create_dir_all("loader/entries")?;
         tempdir.create_dir_all("loader/entries.staged")?;
-        tempdir.atomic_write("loader/entries/active.conf", active_entry)?;
-        tempdir.atomic_write("loader/entries.staged/staged.conf", staged_entry)?;
+        tempdir.atomic_write("loader/entries/bootc_active.conf", active_entry)?;
+        tempdir.atomic_write("loader/entries.staged/bootc_staged.conf", staged_entry)?;
 
         let result = list_type1_entries(&tempdir)?;
         assert_eq!(result.len(), 2);

crates/lib/src/composefs_consts.rs

@@ -48,6 +48,9 @@ pub(crate) const TYPE1_BOOT_DIR_PREFIX: &str = "bootc_composefs-";
 /// The prefix for names of UKI and UKI Addons
 pub(crate) const UKI_NAME_PREFIX: &str = TYPE1_BOOT_DIR_PREFIX;
 
+/// The prefix for BLS file entries
+pub(crate) const BLS_ENTRY_PREFIX: &str = "bootc_";
+
 /// Prefix for OCI tags owned by bootc in the composefs repository.
 ///
 /// Tags are created as `localhost/bootc-<manifest_digest>` to act as GC roots

crates/lib/src/parsers/bls_config.rs

@@ -810,6 +810,34 @@ mod tests {
         Ok(())
     }
 
+    #[test]
+    fn test_boot_artifact_verity_efi_no_prefix() -> Result<()> {
+        let input = r#"
+            title Test
+            version 1
+            efi /EFI/boot/test.efi
+        "#;
+        let config = parse_bls_config(&input)?;
+
+        let result = config.get_verity();
+        assert!(result.is_err());
+        Ok(())
+    }
+
+    #[test]
+    fn test_boot_artifact_verity_efi_no_extension() -> Result<()> {
+        let input = r#"
+            title      Test
+            version    1
+            efi        /EFI/boot/test
+        "#;
+        let config = parse_bls_config(&input)?;
+
+        let result = config.get_verity();
+        assert!(result.is_err());
+        Ok(())
+    }
+
     /// Test that Non-EFI boot_artifact_name fails when linux path has no parent
     #[test]
     fn test_boot_artifact_name_non_efi_no_parent() {