Build and mount deduplicated, integrity-verified, read-only filesystem images. Learn composefs's content-addressed design, EROFS + overlayfs architecture, and fs-verity.

Welcome to composefs: Verified, Deduplicated Filesystems.

A practical, in-depth guide to composefs, the open-source Linux technology for content-addressed, integrity-verified, deduplicated read-only filesystem images. Learn how composefs makes images lean and tamper-proof: the filesystem image problem (duplication, slow extraction, missing integrity), content-addressed storage and deduplication, the composefs architecture (an EROFS metadata image plus a shared objects store, composed via overlayfs), fs-verity and end-to-end integrity (sealed images, a root of trust), mounting images directly (no extraction, lazy content, density), building images (mkcomposefs, digests, sealing), use cases (container storage, OSTree/bootc, immutable OSes, trusted boot), operations/security/best practices, and composefs in practice.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What composefs Is
2. Chapter 2 — The Filesystem Image Problem
3. Chapter 3 — Content-Addressed Storage and Deduplication
4. Chapter 4 — The composefs Architecture
5. Chapter 5 — fs-verity and Integrity
6. Chapter 6 — Mounting composefs Images
7. Chapter 7 — Building composefs Images
8. Chapter 8 — Use Cases: Containers, OSTree, and Bootable Systems
9. Chapter 9 — Operations, Security, and Best Practices
10. Chapter 10 — composefs in Practice