From e629fb3a13d5eea9fa114e32ee512e4f570418ba Mon Sep 17 00:00:00 2001
From: Simon de Vlieger <cmdr@supakeen.com>
Date: Mon, 22 Jun 2026 13:20:23 +0200
Subject: [PATCH] many: plumb sdboot options

We introduced additional options for systemd-boot configuration but
never actually plumbed them through into the configuration or
definitions.

Let's do that now so they can be set.

Signed-off-by: Simon de Vlieger <cmdr@supakeen.com>
---
 pkg/distro/defs/loader_test.go      | 33 +++++++++++++++++++++++++++++
 pkg/distro/generic/images.go        |  2 ++
 pkg/distro/image_config.go          |  2 ++
 pkg/manifest/os.go                  |  2 ++
 pkg/manifest/raw.go                 |  6 ++++++
 pkg/osbuild/bootctl_install_root.go |  6 ++++++
 6 files changed, 51 insertions(+)

diff --git a/pkg/distro/defs/loader_test.go b/pkg/distro/defs/loader_test.go
index 814d49ffe5..08f03c61d1 100644
--- a/pkg/distro/defs/loader_test.go
+++ b/pkg/distro/defs/loader_test.go
@@ -702,6 +702,39 @@ image_types:
 	})
 }
 
+func TestDefsDistroImageConfigSystemdBoot(t *testing.T) {
+	fakeDistroYaml := `
+distros:
+  - name: test-distro-1
+    vendor: test-vendor
+    defs_path: test-distro-1/
+    image_config:
+      default:
+        systemd_boot:
+          random-seed: "no"
+          make-entry-directory: "yes"
+          entry-token: "os-id"
+`
+
+	fakeImageTypeYaml := `
+image_types:
+  test_type:
+    filename: foo
+`
+	baseDir := makeFakeDistrosYAML(t, fakeDistroYaml, fakeImageTypeYaml)
+	restore := defs.MockDataFS(baseDir)
+	defer restore()
+	dist, err := defs.NewDistroYAML("test-distro-1")
+	assert.NoError(t, err)
+	assert.Equal(t, &distro.ImageConfig{
+		SystemdBoot: &osbuild.SystemdBootConfig{
+			RandomSeed:         "no",
+			MakeEntryDirectory: "yes",
+			EntryToken:         "os-id",
+		},
+	}, dist.ImageConfig())
+}
+
 func TestDefsPartitionTableErrorsNotForImageType(t *testing.T) {
 	badDistroYamlMissingPartitionTable := `
 image_types:
diff --git a/pkg/distro/generic/images.go b/pkg/distro/generic/images.go
index 7924507592..21d986de4a 100644
--- a/pkg/distro/generic/images.go
+++ b/pkg/distro/generic/images.go
@@ -346,6 +346,8 @@ func osCustomizations(t *imageType, osPackageSet rpmmd.PackageSet, options distr
 		osc.NoBLS = *imageConfig.NoBLS
 	}
 
+	osc.SystemdBoot = imageConfig.SystemdBoot
+
 	ca, err := c.GetCACerts()
 	if err != nil {
 		panic(fmt.Sprintf("unexpected error checking CA certs: %v", err))
diff --git a/pkg/distro/image_config.go b/pkg/distro/image_config.go
index b0cf4a1fb5..fee698a2f5 100644
--- a/pkg/distro/image_config.go
+++ b/pkg/distro/image_config.go
@@ -116,6 +116,8 @@ type ImageConfig struct {
 	// instead of BLS. Required for legacy systems like RHEL 7.
 	NoBLS *bool `yaml:"no_bls,omitempty"`
 
+	SystemdBoot *osbuild.SystemdBootConfig `yaml:"systemd_boot,omitempty"`
+
 	// OSTree specific configuration
 
 	// Read only sysroot and boot
diff --git a/pkg/manifest/os.go b/pkg/manifest/os.go
index 71aa77b066..4de104ad3b 100644
--- a/pkg/manifest/os.go
+++ b/pkg/manifest/os.go
@@ -180,6 +180,8 @@ type OSCustomizations struct {
 	// instead of BLS. Required for legacy systems like RHEL 7.
 	NoBLS bool
 
+	SystemdBoot *osbuild.SystemdBootConfig
+
 	// InstallWeakDeps enables installation of weak dependencies for packages
 	// that are statically defined for the pipeline.
 	// Defaults to True.
diff --git a/pkg/manifest/raw.go b/pkg/manifest/raw.go
index 96a7c607e4..c6febcb0bc 100644
--- a/pkg/manifest/raw.go
+++ b/pkg/manifest/raw.go
@@ -121,6 +121,12 @@ func (p *RawImage) serialize() (osbuild.Pipeline, error) {
 		// an error it's empty and the stage options will omit it
 		opts.BootPath, _ = findXBootLDRMountpoint(p.treePipeline.PartitionTable)
 
+		if cfg := p.treePipeline.OSCustomizations.SystemdBoot; cfg != nil {
+			opts.RandomSeed = cfg.RandomSeed
+			opts.MakeEntryDirectory = cfg.MakeEntryDirectory
+			opts.EntryToken = cfg.EntryToken
+		}
+
 		pipeline.AddStage(osbuild.NewBootctlInstallRootStage(opts, bootctlDevices, bootctlMounts))
 	}
 
diff --git a/pkg/osbuild/bootctl_install_root.go b/pkg/osbuild/bootctl_install_root.go
index e4cf919247..40432e7b08 100644
--- a/pkg/osbuild/bootctl_install_root.go
+++ b/pkg/osbuild/bootctl_install_root.go
@@ -1,5 +1,11 @@
 package osbuild
 
+type SystemdBootConfig struct {
+	RandomSeed         string `json:"random-seed,omitempty" yaml:"random-seed,omitempty"`
+	MakeEntryDirectory string `json:"make-entry-directory,omitempty" yaml:"make-entry-directory,omitempty"`
+	EntryToken         string `json:"entry-token,omitempty" yaml:"entry-token,omitempty"`
+}
+
 type BootctlInstallRootStageOptions struct {
 	Root               string `json:"root"`
 	ESPPath            string `json:"esp-path,omitempty"`