microsoft · ayaegashi · Oct 20, 2025 · Oct 21, 2025 · Oct 21, 2025 · Oct 21, 2025
diff --git a/crates/trident/src/engine/boot/mod.rs b/crates/trident/src/engine/boot/mod.rs
@@ -1,4 +1,4 @@
-use std::path::Path;
+use std::{any::Any, path::Path};
 
 use log::debug;
 use strum::IntoEnumIterator;
@@ -25,6 +25,10 @@ impl Subsystem for BootSubsystem {
         "boot"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     #[tracing::instrument(name = "boot_configuration", skip_all)]
     fn configure(&mut self, ctx: &EngineContext) -> Result<(), TridentError> {
         if ctx.is_uki()? {

@@ -257,6 +257,10 @@ fn stage_clean_install(
         return Err(original_error).message("Failed to execute in chroot");
     }
 
+    // Update Host Configuration with the paths of extension images.
+    let updated_hc =
+        engine::get_extensions_subsystem(subsystems)?.update_host_configuration(&ctx)?;
+
     // At this point, clean install has been staged, so update Host Status
     debug!(
         "Updating host's servicing state to '{:?}'",
@@ -265,7 +269,7 @@ fn stage_clean_install(
     state.with_host_status(|hs| {
         *hs = HostStatus {
             servicing_state: ServicingState::CleanInstallStaged,
-            spec: host_config.clone(),
+            spec: updated_hc,
             spec_old: Default::default(),
             ab_active_volume: None,
             partition_paths: ctx.partition_paths,

@@ -1,4 +1,5 @@
 use std::{
+    any::Any,
     fs,
     path::{Path, PathBuf},
     sync::Mutex,
@@ -22,6 +23,7 @@ use crate::{
     engine::boot::BootSubsystem,
     subsystems::{
         esp::EspSubsystem,
+        extensions::ExtensionsSubsystem,
         hooks::HooksSubsystem,
         initrd::InitrdSubsystem,
         management::ManagementSubsystem,
@@ -59,6 +61,8 @@ pub(crate) use update::{finalize_update, update};
 pub(crate) trait Subsystem: Send {
     fn name(&self) -> &'static str;
 
+    fn as_any(&self) -> &dyn Any;
+
     fn writable_etc_overlay(&self) -> bool {
         true
     }
@@ -115,6 +119,7 @@ lazy_static::lazy_static! {
         Box::<HooksSubsystem>::default(),
         Box::<InitrdSubsystem>::default(),
         Box::<SelinuxSubsystem>::default(),
+        Box::<ExtensionsSubsystem>::default(),
     ]);
 }
 
@@ -319,6 +324,22 @@ fn configure(
     Ok(())
 }
 
+pub fn get_extensions_subsystem(
+    subsystems: &[Box<dyn Subsystem>],
+) -> Result<&ExtensionsSubsystem, TridentError> {
+    subsystems
+        .iter()
+        .find(|s| s.name() == ExtensionsSubsystem::default().name())
+        .structured(InternalError::Internal(
+            "Failed to find Extensions subsystem",
+        ))?
+        .as_any()
+        .downcast_ref::<ExtensionsSubsystem>()
+        .structured(InternalError::Internal(
+            "Failed to downcast to ExtensionsSubsystem",
+        ))
+}
+
 pub fn reboot() -> Result<(), TridentError> {
     // Sync all writes to the filesystem.
     info!("Syncing filesystem");

@@ -253,14 +253,18 @@ fn stage_update(
         engine::configure(subsystems, &ctx)?;
     };
 
+    // Update Host Configuration with the paths of extension images.
+    let updated_hc =
+        engine::get_extensions_subsystem(subsystems)?.update_host_configuration(&ctx)?;
+
     // At this point, deployment has been staged, so update servicing state
     debug!(
         "Updating host's servicing state to '{:?}'",
         ServicingState::AbUpdateStaged
     );
     state.with_host_status(|hs| {
         *hs = HostStatus {
-            spec: ctx.spec,
+            spec: updated_hc,
             spec_old: ctx.spec_old,
             servicing_state: ServicingState::AbUpdateStaged,
             ab_active_volume: ctx.ab_active_volume,

diff --git a/crates/trident/src/subsystems/esp.rs b/crates/trident/src/subsystems/esp.rs
@@ -1,4 +1,5 @@
 use std::{
+    any::Any,
     fs,
     io::Read,
     path::{Path, PathBuf},
@@ -42,6 +43,10 @@ impl Subsystem for EspSubsystem {
         "esp"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     #[tracing::instrument(name = "esp_provision", skip_all)]
     fn provision(&mut self, ctx: &EngineContext, mount_path: &Path) -> Result<(), TridentError> {
         // Perform file-based deployment of ESP images, if needed, after filesystems have been

@@ -1,4 +1,5 @@
 use std::{
+    any::Any,
     fmt::Display,
     fs,
     path::{Path, PathBuf},
@@ -10,7 +11,7 @@ use tempfile::NamedTempFile;
 
 use osutils::{dependencies::Dependency, path};
 use trident_api::{
-    config::Extension,
+    config::{Extension, HostConfiguration},
     constants::internal_params::HTTP_CONNECTION_TIMEOUT_SECONDS,
     error::{InternalError, ReportError, TridentError},
     primitives::hash::Sha384Hash,
@@ -90,6 +91,10 @@ impl Subsystem for ExtensionsSubsystem {
         "extensions"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     fn provision(&mut self, ctx: &EngineContext, mount_path: &Path) -> Result<(), TridentError> {
         // Define staging directory, in which extension images will be downloaded.
         let staging_dir = path::join_relative(mount_path, EXTENSION_IMAGE_STAGING_DIRECTORY);
@@ -253,6 +258,51 @@ impl ExtensionsSubsystem {
 
         Ok(())
     }
+
+    pub(crate) fn update_host_configuration(
+        &self,
+        ctx: &EngineContext,
+    ) -> Result<HostConfiguration, TridentError> {
+        let mut updated_hc = ctx.spec.clone();
+
+        // Update paths of sysexts in the Host Configuration.
+        for sysext in self
+            .extensions
+            .iter()
+            .filter(|ext| ext.ext_type == ExtensionType::Sysext)
+        {
+            // Find corresponding sysext in Host Configuration.
+            let hc_ext = updated_hc
+                .os
+                .sysexts
+                .iter_mut()
+                .find(|ext| ext.sha384 == sysext.sha384)
+                .structured(InternalError::Internal(
+                    "Failed to find previously processed sysext in Host Configuration",
+                ))?;
+            hc_ext.path = Some(sysext.path.clone());
+        }
+
+        // Update paths of confexts in the Host Configuration.
+        for confext in self
+            .extensions
+            .iter()
+            .filter(|ext| ext.ext_type == ExtensionType::Confext)
+        {
+            // Find corresponding confext in Host Configuration.
+            let hc_ext = updated_hc
+                .os
+                .confexts
+                .iter_mut()
+                .find(|ext| ext.sha384 == confext.sha384)
+                .structured(InternalError::Internal(
+                    "Failed to find previously processed confext in Host Configuration",
+                ))?;
+            hc_ext.path = Some(confext.path.clone());
+        }
+
+        Ok(updated_hc)
+    }
 }
 
 /// Helper function to identify if the extension exists in the old Host
@@ -322,6 +372,7 @@ mod tests {
     use super::*;
 
     use tempfile::env::temp_dir;
+    use url::Url;
 
     #[test]
     fn test_populate_extensions_empty() {
@@ -339,6 +390,108 @@ mod tests {
             "ExtensionsSubsystem extensions_old should be empty when there are no extensions in the old Host Configuration"
         );
     }
+
+    #[test]
+    fn test_update_host_configuration_sysexts() {
+        let mut ctx = EngineContext::default();
+        ctx.spec.os.sysexts = vec![
+            Extension {
+                url: Url::parse("https://example.com/sysext1.raw").unwrap(),
+                sha384: Sha384Hash::from("a".repeat(96)),
+                path: None,
+            },
+            Extension {
+                url: Url::parse("https://example.com/sysext2.raw").unwrap(),
+                sha384: Sha384Hash::from("b".repeat(96)),
+                path: Some(PathBuf::from("/etc/extensions/sysext2.raw")),
+            },
+        ];
+
+        let subsystem = ExtensionsSubsystem {
+            extensions: vec![
+                ExtensionData {
+                    id: "sysext1".to_string(),
+                    name: "sysext1".to_string(),
+                    sha384: Sha384Hash::from("a".repeat(96)),
+                    path: PathBuf::from("/var/lib/extensions/sysext1.raw"),
+                    temp_path: Some(
+                        PathBuf::from(EXTENSION_IMAGE_STAGING_DIRECTORY).join("sysext1.raw"),
+                    ),
+                    ext_type: ExtensionType::Sysext,
+                },
+                ExtensionData {
+                    id: "sysext2".to_string(),
+                    name: "sysext2".to_string(),
+                    sha384: Sha384Hash::from("b".repeat(96)),
+                    path: PathBuf::from("/etc/extensions/sysext2.raw"),
+                    temp_path: Some(
+                        PathBuf::from(EXTENSION_IMAGE_STAGING_DIRECTORY).join("sysext2.raw"),
+                    ),
+                    ext_type: ExtensionType::Sysext,
+                },
+            ],
+            extensions_old: vec![],
+        };
+        let updated_hc = subsystem.update_host_configuration(&ctx).unwrap();
+
+        for i in 0..subsystem.extensions.len() {
+            assert_eq!(
+                updated_hc.os.sysexts[i].path,
+                Some(subsystem.extensions[i].path.clone())
+            )
+        }
+    }
+
+    #[test]
+    fn test_update_host_configuration_confexts() {
+        let mut ctx = EngineContext::default();
+        ctx.spec.os.confexts = vec![
+            Extension {
+                url: Url::parse("https://example.com/confext1.raw").unwrap(),
+                sha384: Sha384Hash::from("a".repeat(96)),
+                path: None,
+            },
+            Extension {
+                url: Url::parse("https://example.com/confext2.raw").unwrap(),
+                sha384: Sha384Hash::from("b".repeat(96)),
+                path: Some(PathBuf::from("/usr/lib/confexts/confext2.raw")),
+            },
+        ];
+
+        let subsystem = ExtensionsSubsystem {
+            extensions: vec![
+                ExtensionData {
+                    id: "confext1".to_string(),
+                    name: "confext1".to_string(),
+                    sha384: Sha384Hash::from("a".repeat(96)),
+                    path: PathBuf::from("/var/lib/confexts/confext1.raw"),
+                    temp_path: Some(
+                        PathBuf::from(EXTENSION_IMAGE_STAGING_DIRECTORY).join("confext1.raw"),
+                    ),
+                    ext_type: ExtensionType::Confext,
+                },
+                ExtensionData {
+                    id: "confext2".to_string(),
+                    name: "confext2".to_string(),
+                    sha384: Sha384Hash::from("b".repeat(96)),
+                    path: PathBuf::from("/usr/lib/confexts/confext2.raw"),
+                    temp_path: Some(
+                        PathBuf::from(EXTENSION_IMAGE_STAGING_DIRECTORY).join("confext2.raw"),
+                    ),
+                    ext_type: ExtensionType::Confext,
+                },
+            ],
+            extensions_old: vec![],
+        };
+        let updated_hc = subsystem.update_host_configuration(&ctx).unwrap();
+
+        for i in 0..subsystem.extensions.len() {
+            assert_eq!(
+                updated_hc.os.confexts[i].path,
+                Some(subsystem.extensions[i].path.clone())
+            )
+        }
+    }
 }
 
 #[cfg(feature = "functional-test")]

diff --git a/crates/trident/src/subsystems/hooks.rs b/crates/trident/src/subsystems/hooks.rs
@@ -1,4 +1,5 @@
 use std::{
+    any::Any,
     collections::HashMap,
     ffi::OsStr,
     os::unix::fs::PermissionsExt,
@@ -40,6 +41,10 @@ impl Subsystem for HooksSubsystem {
         "hooks"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     fn writable_etc_overlay(&self) -> bool {
         self.writable_etc_overlay
     }

diff --git a/crates/trident/src/subsystems/initrd.rs b/crates/trident/src/subsystems/initrd.rs
@@ -1,3 +1,5 @@
+use std::any::Any;
+
 use log::{debug, info};
 
 use osutils::mkinitrd;
@@ -12,6 +14,10 @@ impl Subsystem for InitrdSubsystem {
         "initrd"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     fn writable_etc_overlay(&self) -> bool {
         false
     }

diff --git a/crates/trident/src/subsystems/management.rs b/crates/trident/src/subsystems/management.rs
@@ -1,6 +1,7 @@
 //! Subsystem in charge of configuring the Trident agent on the target OS.
 
 use std::{
+    any::Any,
     fs::{self},
     path::Path,
 };
@@ -29,6 +30,10 @@ impl Subsystem for ManagementSubsystem {
         "management"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     fn validate_host_config(&self, ctx: &EngineContext) -> Result<(), TridentError> {
         if ctx.spec.trident.disable {
             return Ok(());

diff --git a/crates/trident/src/subsystems/network.rs b/crates/trident/src/subsystems/network.rs
@@ -1,4 +1,4 @@
-use std::{fs, path::Path};
+use std::{any::Any, fs, path::Path};
 
 use anyhow::Context;
 use log::debug;
@@ -19,6 +19,10 @@ impl Subsystem for NetworkSubsystem {
         "network"
     }
 
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
     #[tracing::instrument(name = "network_configuration", skip_all)]
     fn configure(&mut self, ctx: &EngineContext) -> Result<(), TridentError> {
         match ctx.spec.os.netplan.as_ref() {