keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6faaf1fd65
rpm-ostree/src/rpmostree-compose-builtin-tree.c

1040 lines
31 KiB
C
Raw Normal View History

Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
*
* Copyright (C) 2013,2014 Colin Walters <walters@verbum.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published
* by the Free Software Foundation; either version 2 of the licence or (at
* your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General
* Public License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place, Suite 330,
* Boston, MA 02111-1307, USA.
*/
#include "config.h"
#include <string.h>
#include <glib-unix.h>
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
#include <json-glib/json-glib.h>
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
#include <sys/mount.h>
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
#include <gio/gunixoutputstream.h>
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
#include <sys/types.h>
#include <sys/prctl.h>
#include <stdio.h>
#include <sys/fsuid.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <sys/capability.h>
#include <sched.h>
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Add new "compose" builtin, rename "treecompose" -> "compose tree" And do the same for "sign". This way we can have the compose server utilities cleanly separated from what most people will see, which is the client side tools.
2014-05-26 23:05:08 +04:00
#include "rpmostree-compose-builtins.h"
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
#include "rpmostree-util.h"
compose: Split out JSON helpers into separate file In preparation for using some of them in the postprocessing code too. Yeah, parsing JSON in C sucks =( Oh well.
2014-11-13 22:53:43 +03:00
#include "rpmostree-json-parsing.h"
Centralize cleanup function definitions We might as well do what systemd does and have a big header which defines all of them, to more conveniently share them for libraries that don't include them (like hawkey/librepo, as well as things that libgsystem doesn't yet cover).
2014-11-12 02:40:58 +03:00
#include "rpmostree-cleanup.h"
treecompose: Replace shell callout for package caching with builtin C This is taking us closer to deeper integration in the treecompose side with RPM instead of forking out to things. It works except...we end up with the dreaded __db.001, .dbenv.lock files =/ Best option would be to teach RPM how to open a database really read-only. Failing that, could use the immutable bit?
2014-10-31 06:49:18 +03:00
#include "rpmostree-treepkgdiff.h"
Unify rpm-ostree into one binary And start making an internal library.
2014-01-29 23:37:44 +04:00
#include "rpmostree-postprocess.h"
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
#include "libgsystem.h"
static char *opt_workdir;
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
static gboolean opt_workdir_tmpfs;
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
static char *opt_cachedir;
static char *opt_proxy;
compose tree: Add --output-repodata-dir This could be used by higher level tools like fedmsg-atomic-composer that want to merge the yum repodata used for input with the tree content.
2014-10-24 01:14:14 +04:00
static char *opt_output_repodata_dir;
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
static char **opt_metadata_strings;
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
static char *opt_repo;
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
static char **opt_override_pkg_repos;
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
static gboolean opt_print_only;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
static GOptionEntry option_entries[] = {
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
{ "add-metadata-string", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_strings, "Append given key and value (in string format) to metadata", "KEY=VALUE" },
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
{ "workdir", 0, 0, G_OPTION_ARG_STRING, &opt_workdir, "Working directory", "WORKDIR" },
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
{ "workdir-tmpfs", 0, 0, G_OPTION_ARG_NONE, &opt_workdir_tmpfs, "Use tmpfs for working state", NULL },
compose tree: Add --output-repodata-dir This could be used by higher level tools like fedmsg-atomic-composer that want to merge the yum repodata used for input with the tree content.
2014-10-24 01:14:14 +04:00
{ "output-repodata-dir", 0, 0, G_OPTION_ARG_STRING, &opt_output_repodata_dir, "Save downloaded repodata in DIR", "DIR" },
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
{ "cachedir", 0, 0, G_OPTION_ARG_STRING, &opt_cachedir, "Cached state", "CACHEDIR" },
{ "repo", 'r', 0, G_OPTION_ARG_STRING, &opt_repo, "Path to OSTree repository", "REPO" },
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
{ "add-override-pkg-repo", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_override_pkg_repos, "Include an additional package repository from DIRECTORY", "DIRECTORY" },
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
{ "proxy", 0, 0, G_OPTION_ARG_STRING, &opt_proxy, "HTTP proxy", "PROXY" },
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
{ "print-only", 0, 0, G_OPTION_ARG_NONE, &opt_print_only, "Just expand any includes and print treefile", NULL },
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{ NULL }
};
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
typedef struct {
GPtrArray *treefile_context_dirs;
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
GFile *workdir;
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
GBytes *serialized_treefile;
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
} RpmOstreeTreeComposeContext;
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
static char *
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
strv_join_shell_quote (char **argv)
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
{
GString *ret = g_string_new ("");
char **strviter;
for (strviter = argv; strviter && *strviter; strviter++)
{
gs_free char *quoted = g_shell_quote (*strviter);
treecompose: Add missing space in subprocess printing
2014-05-06 01:57:16 +04:00
g_string_append_c (ret, ' ');
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
g_string_append (ret, quoted);
}
return g_string_free (ret, FALSE);
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
typedef struct {
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
gboolean running;
pid_t pid;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
GFile *tmp_reposdir_path;
GDataOutputStream *stdin;
} YumContext;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
static gboolean
yum_context_close (YumContext *yumctx,
GCancellable *cancellable,
GError **error)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
gboolean ret = FALSE;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
if (!yumctx)
return TRUE;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
if (yumctx->running)
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
{
if (yumctx->stdin)
{
if (!g_output_stream_close ((GOutputStream*)yumctx->stdin, cancellable, error))
goto out;
g_clear_object (&yumctx->stdin);
}
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
compose: Refactor sync waitpid into helper Will be used for a future commit.
2014-11-20 01:37:15 +03:00
g_print ("Waiting for yum...\n");
if (!_rpmostree_sync_wait_on_pid (yumctx->pid, error))
goto out;
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
compose: Refactor sync waitpid into helper Will be used for a future commit.
2014-11-20 01:37:15 +03:00
g_print ("Waiting for yum [OK]\n");
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
}
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
ret = TRUE;
out:
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
return ret;
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
static void
yum_context_free (YumContext *yumctx)
{
if (!yumctx)
return;
(void) yum_context_close (yumctx, NULL, NULL);
g_free (yumctx);
}
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
static inline
void cleanup_keyfile_unref (void *loc)
{
GKeyFile *locp = *((GKeyFile**)loc);
if (locp)
g_key_file_unref (locp);
}
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
static gboolean
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
append_repo_and_cache_opts (RpmOstreeTreeComposeContext *self,
JsonObject *treedata,
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
GPtrArray *args,
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
GCancellable *cancellable,
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
GError **error)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
gboolean ret = FALSE;
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
JsonArray *enable_repos = NULL;
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
guint i;
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
char **iter;
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
gs_unref_object GFile *yumcache_lookaside = NULL;
gs_unref_object GFile *repos_tmpdir = NULL;
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
gs_unref_ptrarray GPtrArray *reposdir_args = g_ptr_array_new_with_free_func (g_free);
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
compose tree: Add --output-repodata-dir This could be used by higher level tools like fedmsg-atomic-composer that want to merge the yum repodata used for input with the tree content.
2014-10-24 01:14:14 +04:00
if (opt_output_repodata_dir)
yumcache_lookaside = g_file_new_for_path (opt_output_repodata_dir);
else
{
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
yumcache_lookaside = g_file_resolve_relative_path (self->workdir, "yum-cache");
compose tree: Add --output-repodata-dir This could be used by higher level tools like fedmsg-atomic-composer that want to merge the yum repodata used for input with the tree content.
2014-10-24 01:14:14 +04:00
if (!gs_file_ensure_directory (yumcache_lookaside, TRUE, cancellable, error))
goto out;
}
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
repos_tmpdir = g_file_resolve_relative_path (self->workdir, "tmp-repos");
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
if (!gs_shutil_rm_rf (repos_tmpdir, cancellable, error))
goto out;
if (!gs_file_ensure_directory (repos_tmpdir, TRUE, cancellable, error))
goto out;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
if (g_getenv ("RPM_OSTREE_OFFLINE"))
g_ptr_array_add (args, g_strdup ("-C"));
treecompose: Honor http_proxy environment variable
2014-05-18 17:29:51 +04:00
{
const char *proxy;
if (opt_proxy)
proxy = opt_proxy;
else
proxy = g_getenv ("http_proxy");
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
treecompose: Honor http_proxy environment variable
2014-05-18 17:29:51 +04:00
if (proxy)
g_ptr_array_add (args, g_strconcat ("--setopt=proxy=", proxy, NULL));
}
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
g_ptr_array_add (args, g_strdup ("--disablerepo=*"));
/* Add the directory for each treefile to the reposdir argument */
for (i = 0; i < self->treefile_context_dirs->len; i++)
{
GFile *contextdir = self->treefile_context_dirs->pdata[i];
g_ptr_array_add (reposdir_args, g_file_get_path (contextdir));
}
/* Process local overrides */
for (iter = opt_override_pkg_repos; iter && *iter; iter++)
{
const char *repodir = *iter;
gs_free char *bn = g_path_get_basename (repodir);
gs_free char *reponame = g_strconcat ("rpm-ostree-override-", repodir, NULL);
gs_free char *baseurl = g_strconcat ("file://", repodir, NULL);
gs_free char *tmprepo_filename = g_strconcat (reponame, ".repo", NULL);
gs_unref_object GFile *tmprepo_path = g_file_get_child (repos_tmpdir, tmprepo_filename);
__attribute__ ((cleanup(cleanup_keyfile_unref))) GKeyFile *keyfile = NULL;
gs_free char *data = NULL;
gsize len;
keyfile = g_key_file_new ();
g_key_file_set_string (keyfile, reponame, "name", reponame);
g_key_file_set_string (keyfile, reponame, "baseurl", baseurl);
data = g_key_file_to_data (keyfile, &len, NULL);
if (!g_file_replace_contents (tmprepo_path, data, len, NULL, FALSE, 0, NULL,
cancellable, error))
goto out;
g_ptr_array_add (args, g_strconcat ("--enablerepo=", reponame, NULL));
}
if (opt_override_pkg_repos)
g_ptr_array_add (reposdir_args, g_file_get_path (repos_tmpdir));
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
{
gboolean first = TRUE;
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
GString *reposdir_value = g_string_new ("--setopt=reposdir=");
for (i = 0; i < reposdir_args->len; i++)
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
{
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
const char *reponame = reposdir_args->pdata[i];
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
if (first)
first = FALSE;
else
g_string_append_c (reposdir_value, ',');
compose: Add a --add-override-pkg-repo argument As a developer, a workflow I have for testing things is to create an RPM, toss it into a local yum repository, then do a compose. However at the moment to add the local overrides I have to edit the treefile, which is annoying. Let's add a commandline override for this. Note this also deletes the old "repos_data" code which was not being used.
2014-07-11 22:02:45 +04:00
g_string_append (reposdir_value, reponame);
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
}
g_ptr_array_add (args, g_string_free (reposdir_value, FALSE));
}
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
if (json_object_has_member (treedata, "repos"))
enable_repos = json_object_get_array_member (treedata, "repos");
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
if (enable_repos)
{
guint i;
guint n = json_array_get_length (enable_repos);
for (i = 0; i < n; i++)
{
compose: Split out JSON helpers into separate file In preparation for using some of them in the postprocessing code too. Yeah, parsing JSON in C sucks =( Oh well.
2014-11-13 22:53:43 +03:00
const char *reponame = _rpmostree_jsonutil_array_require_string_element (enable_repos, i, error);
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
if (!reponame)
goto out;
g_ptr_array_add (args, g_strconcat ("--enablerepo=", reponame, NULL));
}
}
core: Use --setopt=cachedir rather than copying/moving I don't know why I wasn't doing this before, it's clearly better.
2014-01-31 04:04:58 +04:00
compose: Tell yum not to cache packages locally They get deleted anyways since we blow away the tmpdir, but we expect people to be using a local HTTP proxy. We stopped trying to cache packages internally as that caused conflicts with the yum lock with concurrently executing composes.
2014-06-19 19:57:33 +04:00
g_ptr_array_add (args, g_strdup ("--setopt=keepcache=0"));
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
g_ptr_array_add (args, g_strconcat ("--setopt=cachedir=",
gs_file_get_path_cached (yumcache_lookaside),
NULL));
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
ret = TRUE;
out:
return ret;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
}
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
static void perror_fatal (const char *message) __attribute__ ((noreturn));
static void perror_fatal (const char *message)
{
perror (message);
exit (1);
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
static YumContext *
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
yum_context_new (RpmOstreeTreeComposeContext *self,
JsonObject *treedata,
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
GFile *yumroot,
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
GCancellable *cancellable,
GError **error)
{
gboolean success = FALSE;
YumContext *yumctx = NULL;
compose: Support 'install-langs' This should exist for the same reason the yum and RPM options do; some people want to construct more minimal systems.
2014-11-14 04:39:42 +03:00
JsonNode *install_langs_n;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
GPtrArray *yum_argv = g_ptr_array_new_with_free_func (g_free);
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
pid_t child;
int clone_flags = SIGCHLD | CLONE_NEWNS | CLONE_NEWPID;
int pipefds[2];
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
g_ptr_array_add (yum_argv, g_strdup ("yum"));
g_ptr_array_add (yum_argv, g_strdup ("-y"));
core: Use --setopt=cachedir rather than copying/moving I don't know why I wasn't doing this before, it's clearly better.
2014-01-31 04:04:58 +04:00
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
if (!append_repo_and_cache_opts (self, treedata, yum_argv,
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
cancellable, error))
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
goto out;
core: Use --setopt=cachedir rather than copying/moving I don't know why I wasn't doing this before, it's clearly better.
2014-01-31 04:04:58 +04:00
compose: Support 'install-langs' This should exist for the same reason the yum and RPM options do; some people want to construct more minimal systems.
2014-11-14 04:39:42 +03:00
install_langs_n = json_object_get_member (treedata, "install-langs");
if (install_langs_n != NULL)
{
JsonArray *instlangs_a = json_node_get_array (install_langs_n);
guint len = json_array_get_length (instlangs_a);
guint i;
GString *opt = g_string_new ("--setopt=override_install_langs=");
for (i = 0; i < len; i++)
{
g_string_append (opt, json_array_get_string_element (instlangs_a, i));
if (i < len - 1)
g_string_append_c (opt, ',');
}
g_ptr_array_add (yum_argv, opt->str);
g_string_free (opt, FALSE);
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
g_ptr_array_add (yum_argv, g_strconcat ("--installroot=",
gs_file_get_path_cached (yumroot),
NULL));
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
g_ptr_array_add (yum_argv, g_strdup ("shell"));
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
g_ptr_array_add (yum_argv, NULL);
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
if (!g_unix_open_pipe (pipefds, FD_CLOEXEC, error))
goto out;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
if ((child = syscall (__NR_clone, clone_flags, NULL)) < 0)
{
util: Add helper function to set GError from errno Really this should be in libgsystem (or possibly glib-unix.h), we have a copy in ostree. But we can refactor to use a shared version later.
2014-11-20 02:32:08 +03:00
_rpmostree_set_error_from_errno (error, errno);
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
goto out;
}
if (child == 0)
{
if (dup2 (pipefds[0], 0) != 0)
perror_fatal ("dup2()");
/* This is used at the moment, but eventually I'd like to teach
* Fedora's kernel.spec to e.g. skip making an initramfs,
* because we're going to be making one.
*/
setenv ("OSTREE_KERNEL_INSTALL_NOOP", "1", TRUE);
/* See fedora's kernel.spec; we don't need this because ostree
* itself takes care of dedup-via-hardlink.
*/
setenv ("HARDLINK", "no", TRUE);
/* Turn off setuid binaries, we shouldn't need them */
if (mount (NULL, "/", "none", MS_PRIVATE | MS_REMOUNT | MS_NOSUID, NULL) < 0)
perror_fatal ("mount(/, MS_PRIVATE | MS_NOSUID)");
if (execvp ("yum", (char**)yum_argv->pdata) < 0)
perror_fatal ("execvp");
}
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
(void) close (pipefds[0]);
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
{
gs_free char *cmdline = strv_join_shell_quote ((char**)yum_argv->pdata);
g_print ("Starting %s\n", cmdline);
}
treecompose: Fix use-before-alloc
2014-05-05 16:34:45 +04:00
yumctx = g_new0 (YumContext, 1);
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
yumctx->running = TRUE;
yumctx->pid = child;
treecompose: Fix use-before-alloc
2014-05-05 16:34:45 +04:00
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
{
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
gs_unref_object GOutputStream *yumproc_stdin = g_unix_output_stream_new (pipefds[1], TRUE);
yumctx->stdin = (GDataOutputStream*)g_data_output_stream_new (yumproc_stdin);
Support "repos_data" in treefiles, use it for automatic overrides/ For convenience, allow users to create an "overrides/" directory which is a repo. If it exists, the builder automatically adds it. (However, we should likely disallow distributing these builds on the network)
2014-02-26 02:07:59 +04:00
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
success = TRUE;
out:
if (!success)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
yum_context_free (yumctx);
return NULL;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
return yumctx;
}
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
static gboolean
yum_context_command (YumContext *yumctx,
const char *cmd,
GPtrArray **out_lines,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
gsize bytes_written;
gs_unref_ptrarray GPtrArray *lines = g_ptr_array_new_with_free_func (g_free);
gs_free char *cmd_nl = g_strconcat (cmd, "\n", NULL);
g_print ("yum> %s", cmd_nl);
if (!g_output_stream_write_all ((GOutputStream*)yumctx->stdin,
cmd_nl, strlen (cmd_nl), &bytes_written,
cancellable, error))
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
goto out;
ret = TRUE;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
gs_transfer_out_value (out_lines, &lines);
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
out:
return ret;
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
static gboolean
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
yuminstall (RpmOstreeTreeComposeContext *self,
JsonObject *treedata,
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
GFile *yumroot,
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
char **packages,
GCancellable *cancellable,
GError **error)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
gboolean ret = FALSE;
char **strviter;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
YumContext *yumctx;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
yumctx = yum_context_new (self, treedata, yumroot, cancellable, error);
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
if (!yumctx)
goto out;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
for (strviter = packages; strviter && *strviter; strviter++)
{
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
gs_free char *cmd = NULL;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
const char *package = *strviter;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
gs_unref_ptrarray GPtrArray *lines = NULL;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
if (g_str_has_prefix (package, "@"))
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
cmd = g_strconcat ("group install ", package, NULL);
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
else
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
cmd = g_strconcat ("install ", package, NULL);
if (!yum_context_command (yumctx, cmd, &lines,
cancellable, error))
goto out;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
}
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
{
gs_unref_ptrarray GPtrArray *lines = NULL;
if (!yum_context_command (yumctx, "run", &lines,
cancellable, error))
goto out;
}
if (!yum_context_close (yumctx, cancellable, error))
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
goto out;
ret = TRUE;
out:
return ret;
}
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
static gboolean
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
process_includes (RpmOstreeTreeComposeContext *self,
GFile *treefile_path,
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
guint depth,
JsonObject *root,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
const char *include_path;
const guint maxdepth = 50;
if (depth > maxdepth)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Exceeded maximum include depth of %u", maxdepth);
goto out;
}
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
{
gs_unref_object GFile *parent = g_file_get_parent (treefile_path);
gboolean existed = FALSE;
if (self->treefile_context_dirs->len > 0)
{
GFile *prev = self->treefile_context_dirs->pdata[self->treefile_context_dirs->len-1];
if (g_file_equal (parent, prev))
existed = TRUE;
}
if (!existed)
{
g_ptr_array_add (self->treefile_context_dirs, parent);
parent = NULL; /* Transfer ownership */
}
}
compose: Split out JSON helpers into separate file In preparation for using some of them in the postprocessing code too. Yeah, parsing JSON in C sucks =( Oh well.
2014-11-13 22:53:43 +03:00
if (!_rpmostree_jsonutil_object_get_optional_string_member (root, "include", &include_path, error))
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
goto out;
if (include_path)
{
gs_unref_object GFile *treefile_dirpath = g_file_get_parent (treefile_path);
gs_unref_object GFile *parent_path = g_file_resolve_relative_path (treefile_dirpath, include_path);
gs_unref_object JsonParser *parent_parser = json_parser_new ();
JsonNode *parent_rootval;
JsonObject *parent_root;
GList *members;
GList *iter;
if (!json_parser_load_from_file (parent_parser,
gs_file_get_path_cached (parent_path),
error))
goto out;
parent_rootval = json_parser_get_root (parent_parser);
if (!JSON_NODE_HOLDS_OBJECT (parent_rootval))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Treefile root is not an object");
goto out;
}
parent_root = json_node_get_object (parent_rootval);
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
if (!process_includes (self, parent_path, depth + 1, parent_root,
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
cancellable, error))
goto out;
members = json_object_get_members (parent_root);
for (iter = members; iter; iter = iter->next)
{
const char *name = iter->data;
JsonNode *parent_val = json_object_get_member (parent_root, name);
JsonNode *val = json_object_get_member (root, name);
g_assert (parent_val);
if (!val)
json_object_set_member (root, name, json_node_copy (parent_val));
else
{
JsonNodeType parent_type =
json_node_get_node_type (parent_val);
JsonNodeType child_type =
json_node_get_node_type (val);
if (parent_type != child_type)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Conflicting element type of '%s'",
name);
goto out;
}
if (child_type == JSON_NODE_ARRAY)
{
JsonArray *parent_array = json_node_get_array (parent_val);
JsonArray *child_array = json_node_get_array (val);
JsonArray *new_child = json_array_new ();
guint i, len;
len = json_array_get_length (parent_array);
for (i = 0; i < len; i++)
json_array_add_element (new_child, json_node_copy (json_array_get_element (parent_array, i)));
len = json_array_get_length (child_array);
for (i = 0; i < len; i++)
json_array_add_element (new_child, json_node_copy (json_array_get_element (child_array, i)));
json_object_set_array_member (root, name, new_child);
}
}
}
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
json_object_remove_member (root, "include");
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
}
ret = TRUE;
out:
return ret;
}
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
static char *
cachedir_fssafe_key (const char *primary_key)
{
GString *ret = g_string_new ("");
for (; *primary_key; primary_key++)
{
const char c = *primary_key;
if (!g_ascii_isprint (c) || c == '-')
g_string_append_printf (ret, "\\%02x", c);
else if (c == '/')
g_string_append_c (ret, '-');
else
g_string_append_c (ret, c);
}
return g_string_free (ret, FALSE);
}
static GFile *
cachedir_keypath (GFile *cachedir,
const char *primary_key)
{
gs_free char *fssafe_key = cachedir_fssafe_key (primary_key);
return g_file_get_child (cachedir, fssafe_key);
}
static gboolean
cachedir_lookup_string (GFile *cachedir,
const char *key,
char **out_value,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
gs_free char *ret_value = NULL;
if (cachedir)
{
gs_unref_object GFile *keypath = cachedir_keypath (cachedir, key);
if (!_rpmostree_file_load_contents_utf8_allow_noent (keypath, &ret_value,
cancellable, error))
goto out;
}
ret = TRUE;
gs_transfer_out_value (out_value, &ret_value);
out:
return ret;
}
static gboolean
cachedir_set_string (GFile *cachedir,
const char *key,
const char *value,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
gs_unref_object GFile *keypath = NULL;
if (!cachedir)
return TRUE;
keypath = cachedir_keypath (cachedir, key);
if (!g_file_replace_contents (keypath, value, strlen (value), NULL,
FALSE, 0, NULL,
cancellable, error))
goto out;
ret = TRUE;
out:
return ret;
}
static gboolean
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
compute_checksum_for_compose (RpmOstreeTreeComposeContext *self,
JsonObject *treefile_rootval,
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
GFile *yumroot,
char **out_checksum,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
gs_free char *ret_checksum = NULL;
GChecksum *checksum = g_checksum_new (G_CHECKSUM_SHA256);
{
gsize len;
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
const guint8* buf = g_bytes_get_data (self->serialized_treefile, &len);
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
g_checksum_update (checksum, buf, len);
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
}
tree compose: Delete .dbenv.lock and __db.* files from /usr/share/rpm Currently on an Atomic compose, I'm seeing abrtd trying to write to /usr/share/rpm/.dbenv.lock, which is denied by policy because it's usr_t. There are multiple ways to address this, but there's no good reason to leave the lock files and __db* files around. rpm appears to operate correctly without them if calling process merely gets EROFS.
2014-06-06 22:51:18 +04:00
/* Query the generated rpmdb, to see if anything has changed. */
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
{
treecompose: Replace shell callout for package caching with builtin C This is taking us closer to deeper integration in the treecompose side with RPM instead of forking out to things. It works except...we end up with the dreaded __db.001, .dbenv.lock files =/ Best option would be to teach RPM how to open a database really read-only. Failing that, could use the immutable bit?
2014-10-31 06:49:18 +03:00
_cleanup_hysack_ HySack sack = NULL;
_cleanup_hypackagelist_ HyPackageList pkglist = NULL;
HyPackage pkg;
guint i;
if (!rpmostree_get_pkglist_for_root (yumroot, &sack, &pkglist,
cancellable, error))
tree compose: Delete .dbenv.lock and __db.* files from /usr/share/rpm Currently on an Atomic compose, I'm seeing abrtd trying to write to /usr/share/rpm/.dbenv.lock, which is denied by policy because it's usr_t. There are multiple ways to address this, but there's no good reason to leave the lock files and __db* files around. rpm appears to operate correctly without them if calling process merely gets EROFS.
2014-06-06 22:51:18 +04:00
{
treecompose: Replace shell callout for package caching with builtin C This is taking us closer to deeper integration in the treecompose side with RPM instead of forking out to things. It works except...we end up with the dreaded __db.001, .dbenv.lock files =/ Best option would be to teach RPM how to open a database really read-only. Failing that, could use the immutable bit?
2014-10-31 06:49:18 +03:00
g_prefix_error (error, "Reading package set: ");
tree compose: Delete .dbenv.lock and __db.* files from /usr/share/rpm Currently on an Atomic compose, I'm seeing abrtd trying to write to /usr/share/rpm/.dbenv.lock, which is denied by policy because it's usr_t. There are multiple ways to address this, but there's no good reason to leave the lock files and __db* files around. rpm appears to operate correctly without them if calling process merely gets EROFS.
2014-06-06 22:51:18 +04:00
goto out;
}
compose-tree: Fix location of rpmdb querying for caching We were just repeatedly hitting the cache...oops. Also add an assertion that the returned data isn't empty.
2014-05-29 22:57:55 +04:00
treecompose: Replace shell callout for package caching with builtin C This is taking us closer to deeper integration in the treecompose side with RPM instead of forking out to things. It works except...we end up with the dreaded __db.001, .dbenv.lock files =/ Best option would be to teach RPM how to open a database really read-only. Failing that, could use the immutable bit?
2014-10-31 06:49:18 +03:00
FOR_PACKAGELIST(pkg, pkglist, i)
compose-tree: Fix location of rpmdb querying for caching We were just repeatedly hitting the cache...oops. Also add an assertion that the returned data isn't empty.
2014-05-29 22:57:55 +04:00
{
treecompose: Replace shell callout for package caching with builtin C This is taking us closer to deeper integration in the treecompose side with RPM instead of forking out to things. It works except...we end up with the dreaded __db.001, .dbenv.lock files =/ Best option would be to teach RPM how to open a database really read-only. Failing that, could use the immutable bit?
2014-10-31 06:49:18 +03:00
gs_free char *nevra = hy_package_get_nevra (pkg);
g_checksum_update (checksum, (guint8*)nevra, strlen (nevra));
compose-tree: Fix location of rpmdb querying for caching We were just repeatedly hitting the cache...oops. Also add an assertion that the returned data isn't empty.
2014-05-29 22:57:55 +04:00
}
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
}
ret_checksum = g_strdup (g_checksum_get_string (checksum));
ret = TRUE;
gs_transfer_out_value (out_checksum, &ret_checksum);
out:
if (checksum) g_checksum_free (checksum);
return ret;
}
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
static gboolean
parse_keyvalue_strings (char **strings,
GVariant **out_metadata,
GError **error)
{
gboolean ret = FALSE;
char **iter;
gs_unref_variant_builder GVariantBuilder *builder = NULL;
builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
for (iter = strings; *iter; iter++)
{
const char *s;
const char *eq;
gs_free char *key = NULL;
s = *iter;
eq = strchr (s, '=');
if (!eq)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Missing '=' in KEY=VALUE metadata '%s'", s);
goto out;
}
key = g_strndup (s, eq - s);
g_variant_builder_add (builder, "{sv}", key,
g_variant_new_string (eq + 1));
}
ret = TRUE;
*out_metadata = g_variant_builder_end (builder);
g_variant_ref_sink (*out_metadata);
out:
return ret;
}
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
static gboolean
bind_mount_readonly (const char *path, GError **error)
{
gboolean ret = FALSE;
if (mount (path, path, NULL, MS_BIND | MS_PRIVATE, NULL) != 0)
{
util: Add helper function to set GError from errno Really this should be in libgsystem (or possibly glib-unix.h), we have a copy in ostree. But we can refactor to use a shared version later.
2014-11-20 02:32:08 +03:00
_rpmostree_set_prefix_error_from_errno (error, errno, "mount(MS_BIND)");
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
goto out;
}
if (mount (path, path, NULL, MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY, NULL) != 0)
{
util: Add helper function to set GError from errno Really this should be in libgsystem (or possibly glib-unix.h), we have a copy in ostree. But we can refactor to use a shared version later.
2014-11-20 02:32:08 +03:00
_rpmostree_set_prefix_error_from_errno (error, errno, "mount(MS_BIND | MS_RDONLY)");
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
goto out;
}
ret = TRUE;
out:
return ret;
}
core: Use generic "builtin" infrastructure for command handling I want to have more options than just "create".
2014-03-22 23:05:41 +04:00
gboolean
Add new "compose" builtin, rename "treecompose" -> "compose tree" And do the same for "sign". This way we can have the compose server utilities cleanly separated from what most people will see, which is the client side tools.
2014-05-26 23:05:08 +04:00
rpmostree_compose_builtin_tree (int argc,
char **argv,
GCancellable *cancellable,
GError **error)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
core: Use generic "builtin" infrastructure for command handling I want to have more options than just "create".
2014-03-22 23:05:41 +04:00
gboolean ret = FALSE;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
GOptionContext *context = g_option_context_new ("- Run yum and commit the result to an OSTree repository");
const char *ref;
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
RpmOstreeTreeComposeContext selfdata = { NULL, };
RpmOstreeTreeComposeContext *self = &selfdata;
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
JsonNode *treefile_rootval = NULL;
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
JsonObject *treefile = NULL;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
gs_free char *ref_unix = NULL;
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
gs_free char *cachekey = NULL;
gs_free char *cached_compose_checksum = NULL;
gs_free char *new_compose_checksum = NULL;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
gs_unref_object GFile *cachedir = NULL;
gs_unref_object GFile *yumroot = NULL;
gs_unref_object GFile *targetroot = NULL;
gs_unref_object GFile *yumroot_varcache = NULL;
Unify rpm-ostree into one binary And start making an internal library.
2014-01-29 23:37:44 +04:00
gs_unref_object OstreeRepo *repo = NULL;
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
gs_unref_ptrarray GPtrArray *bootstrap_packages = NULL;
gs_unref_ptrarray GPtrArray *packages = NULL;
gs_unref_object GFile *treefile_path = NULL;
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
gs_unref_object GFile *repo_path = NULL;
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
gs_unref_object JsonParser *treefile_parser = NULL;
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
gs_unref_variant GVariant *metadata = NULL;
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
gboolean workdir_is_tmp = FALSE;
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
self->treefile_context_dirs = g_ptr_array_new_with_free_func ((GDestroyNotify)g_object_unref);
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
g_option_context_add_main_entries (context, option_entries, NULL);
if (!g_option_context_parse (context, &argc, &argv, error))
goto out;
core: Use generic "builtin" infrastructure for command handling I want to have more options than just "create".
2014-03-22 23:05:41 +04:00
if (argc < 2)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
Add new "compose" builtin, rename "treecompose" -> "compose tree" And do the same for "sign". This way we can have the compose server utilities cleanly separated from what most people will see, which is the client side tools.
2014-05-26 23:05:08 +04:00
g_printerr ("usage: rpm-ostree compose tree TREEFILE\n");
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Option processing failed");
goto out;
}
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
if (!opt_repo)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"--repo must be specified");
goto out;
}
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
/* Use a private mount namespace to avoid polluting the global
* namespace, and to ensure any tmpfs mounts get cleaned up if we
* exit unexpectedly.
*
* We also rely on this for the yum confinement.
*/
if (unshare (CLONE_NEWNS) != 0)
{
util: Add helper function to set GError from errno Really this should be in libgsystem (or possibly glib-unix.h), we have a copy in ostree. But we can refactor to use a shared version later.
2014-11-20 02:32:08 +03:00
_rpmostree_set_prefix_error_from_errno (error, errno, "unshare(CLONE_NEWNS): ");
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
goto out;
}
if (mount (NULL, "/", "none", MS_PRIVATE | MS_REC, NULL) == -1)
{
util: Add helper function to set GError from errno Really this should be in libgsystem (or possibly glib-unix.h), we have a copy in ostree. But we can refactor to use a shared version later.
2014-11-20 02:32:08 +03:00
_rpmostree_set_prefix_error_from_errno (error, errno, "mount(/, MS_PRIVATE): ");
compose: Protect the system during treecompose using container APIs I was looking again at using hawkey/librepo, and realized just how much I'd have to fight all of these libraries to avoid affecting the running system. What we really want to do with librepo/hawkey is run them effectively unprivileged, and to hide the system's RPM database from them. This is a baby step towards that, by confining our existing yum. - /usr, /etc, and /var/lib/rpm are mounted read-only - yum is now run under CLONE_NEWPID, to avoid stray %post scripts affecting system processes
2014-11-10 04:28:10 +03:00
goto out;
}
/* Mount several directories read only for protection from librpm
* and any stray code in yum/hawkey.
*/
{
struct stat stbuf;
/* Protect /var/lib/rpm if (and only if) it's a regular directory.
This happens when you're running compose-tree from inside a
"mainline" system. On an rpm-ostree based system,
/var/lib/rpm -> /usr/share/rpm, which is already protected by a read-only
bind mount. */
if (lstat ("/var/lib/rpm", &stbuf) == 0 && S_ISDIR (stbuf.st_mode))
{
if (!bind_mount_readonly ("/var/lib/rpm", error))
goto out;
}
/* Protect the system's /etc and /usr */
if (!bind_mount_readonly ("/etc", error))
goto out;
if (!bind_mount_readonly ("/usr", error))
goto out;
}
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
repo_path = g_file_new_for_path (opt_repo);
repo = ostree_repo_new (repo_path);
if (!ostree_repo_open (repo, cancellable, error))
goto out;
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
core: Use generic "builtin" infrastructure for command handling I want to have more options than just "create".
2014-03-22 23:05:41 +04:00
treefile_path = g_file_new_for_path (argv[1]);
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
if (opt_workdir)
{
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
self->workdir = g_file_new_for_path (opt_workdir);
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
}
else
{
gs_free char *tmpd = g_mkdtemp (g_strdup ("/var/tmp/rpm-ostree.XXXXXX"));
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
self->workdir = g_file_new_for_path (tmpd);
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
workdir_is_tmp = TRUE;
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
if (opt_workdir_tmpfs)
{
if (mount ("tmpfs", tmpd, "tmpfs", 0, (const void*)"mode=755") != 0)
{
util: Add helper function to set GError from errno Really this should be in libgsystem (or possibly glib-unix.h), we have a copy in ostree. But we can refactor to use a shared version later.
2014-11-20 02:32:08 +03:00
_rpmostree_set_prefix_error_from_errno (error, errno,
"mount(tmpfs): ");
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
goto out;
}
}
treecompose: Remove internal caching, require --repo argument It's a lot clearer if the inputs, outputs, and cache state are cleanly separated. At least the "lorax" tool relies on a local HTTP cache instead of keeping around the yum repos - let's do the same. This commit causes treecompose to require a --repo argument, and it also gains an optional --proxy argument.
2014-05-03 14:55:35 +04:00
}
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
if (opt_cachedir)
compose-tree: Auto-create cache directory It's just more friendly.
2014-06-07 02:25:08 +04:00
{
cachedir = g_file_new_for_path (opt_cachedir);
if (!gs_file_ensure_directory (cachedir, FALSE, cancellable, error))
goto out;
}
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
if (opt_metadata_strings)
{
if (!parse_keyvalue_strings (opt_metadata_strings,
&metadata, error))
goto out;
}
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
if (chdir (gs_file_get_path_cached (self->workdir)) != 0)
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
{
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Failed to chdir to '%s': %s",
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
gs_file_get_path_cached (self->workdir),
strerror (errno));
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
goto out;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
}
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
treefile_parser = json_parser_new ();
if (!json_parser_load_from_file (treefile_parser,
gs_file_get_path_cached (treefile_path),
error))
goto out;
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
treefile_rootval = json_parser_get_root (treefile_parser);
if (!JSON_NODE_HOLDS_OBJECT (treefile_rootval))
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Treefile root is not an object");
goto out;
}
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
treefile = json_node_get_object (treefile_rootval);
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
if (!process_includes (self, treefile_path, 0, treefile,
treecompose: Add support for an "include" key This greatly increases the practiality of using treefiles directly instead of the old products.json.
2014-05-03 18:05:43 +04:00
cancellable, error))
goto out;
if (opt_print_only)
{
gs_unref_object JsonGenerator *generator = json_generator_new ();
gs_unref_object GOutputStream *stdout = g_unix_output_stream_new (1, FALSE);
json_generator_set_pretty (generator, TRUE);
json_generator_set_root (generator, treefile_rootval);
(void) json_generator_to_stream (generator, stdout, NULL, NULL);
ret = TRUE;
goto out;
}
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
yumroot = g_file_get_child (self->workdir, "rootfs.tmp");
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
if (!gs_shutil_rm_rf (yumroot, cancellable, error))
goto out;
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
targetroot = g_file_get_child (self->workdir, "rootfs");
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Split out JSON helpers into separate file In preparation for using some of them in the postprocessing code too. Yeah, parsing JSON in C sucks =( Oh well.
2014-11-13 22:53:43 +03:00
ref = _rpmostree_jsonutil_object_require_string_member (treefile, "ref", error);
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
if (!ref)
goto out;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
ref_unix = g_strdelimit (g_strdup (ref), "/", '_');
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
bootstrap_packages = g_ptr_array_new ();
packages = g_ptr_array_new ();
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Make 'bootstrap_packages' actually optional now It has in practice been optional since: 827e711eb74135f075f02f5c44685e4e35c1a8b1 Now let's let people write treefiles without it.
2014-11-17 23:48:08 +03:00
if (json_object_has_member (treefile, "bootstrap_packages"))
{
jsonutil: Remove useless GCancellable Spotted by mbarnes from review of https://github.com/projectatomic/rpm-ostree/pull/52/commits
2014-11-18 00:08:03 +03:00
if (!_rpmostree_jsonutil_append_string_array_to (treefile, "bootstrap_packages", packages, error))
compose: Make 'bootstrap_packages' actually optional now It has in practice been optional since: 827e711eb74135f075f02f5c44685e4e35c1a8b1 Now let's let people write treefiles without it.
2014-11-17 23:48:08 +03:00
goto out;
}
jsonutil: Remove useless GCancellable Spotted by mbarnes from review of https://github.com/projectatomic/rpm-ostree/pull/52/commits
2014-11-18 00:08:03 +03:00
if (!_rpmostree_jsonutil_append_string_array_to (treefile, "packages", packages, error))
Switch to taking JSON as input, generate "treefile" from products.json This is somewhat similar to what we've been doing with Continuous; we take the manifest.json, and turn it into a "snapshot". Except here there is a notion of inheritance. This gets stored into the tree as /usr/share/rpm-ostree/treefile.json. Additionally, it goes into the autobuilder directory in products-built.json. Though really we should split up that file, since it will be kind of...large.
2014-02-13 03:26:31 +04:00
goto out;
g_ptr_array_add (packages, NULL);
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
compose: Serialize treefile early This way we don't emit a critical if we exit due to having already cached content.
2014-09-30 00:24:53 +04:00
{
gs_unref_object JsonGenerator *generator = json_generator_new ();
char *treefile_buf = NULL;
gsize len;
json_generator_set_root (generator, treefile_rootval);
json_generator_set_pretty (generator, TRUE);
treefile_buf = json_generator_to_data (generator, &len);
self->serialized_treefile = g_bytes_new_take (treefile_buf, len);
}
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
if (!yuminstall (self, treefile, yumroot,
compose: Migrate content of /etc/{passwd,group} to /usr/lib more sanely I had an epiphany today while working on https://bugzilla.redhat.com/show_bug.cgi?id=1098304 - I realized that I can just do an install, and then copy over everything except the root entries from /etc/passwd into /usr/lib/passwd. No need for a patched shadow-utils. No need to modify the /etc/nsswitch.conf before doing the install root. It totally works. I have no idea why I originally overcomplicated this. The thing that sucks a bit about this code is that I have to drop to the FILE * APIs so that I can use the glibc APIs for processing group/shadow. Also, the way I deduplicated the code paths for processing passwd/group is crappy, but I think it's better than duplicating them (as systemd-sysusers does). The good: We don't need a two-step RPM transaction, we don't need a patch for shadow-utils, it's just saner The bad: Code is not the most beautiful? Not really bad. The ugly: I didn't think of this in the first place and spent months beating my head against the wall of shadow-utils...
2014-07-11 02:28:22 +04:00
(char**)packages->pdata,
treecompose: De-indent unnecessarily indented region
2014-05-16 01:47:47 +04:00
cancellable, error))
goto out;
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
cachekey = g_strconcat ("treecompose/", ref, NULL);
if (!cachedir_lookup_string (cachedir, cachekey,
&cached_compose_checksum,
cancellable, error))
goto out;
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
if (!compute_checksum_for_compose (self, treefile, yumroot,
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
&new_compose_checksum,
cancellable, error))
goto out;
if (g_strcmp0 (cached_compose_checksum, new_compose_checksum) == 0)
{
g_print ("No changes to input, reusing cached commit\n");
ret = TRUE;
goto out;
}
treecompose: De-indent unnecessarily indented region
2014-05-16 01:47:47 +04:00
ref_unix = g_strdelimit (g_strdup (ref), "/", '_');
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
treecompose: De-indent unnecessarily indented region
2014-05-16 01:47:47 +04:00
if (g_strcmp0 (g_getenv ("RPM_OSTREE_BREAK"), "post-yum") == 0)
goto out;
Resolve dependencies before building This allows us to skip the whole install process if the RPMs haven't changed, which is a rather large win. Part of this commit involves some code to attempt to talk to "yum shell" for dependency resolution, in an attempt to avoid depsolving twice, which just isn't really going to work, since "yum shell" isn't an API as it turns out. The only other real alternative is doing something PackageKit-like, which is ~4000 lines of very nontrivial Python.
2014-01-26 19:13:45 +04:00
compose: Support 'postprocess-script' This is obviously a total cop-out. However, without glibc fixes, we can't do better. See: https://bugzilla.redhat.com/show_bug.cgi?id=156477
2014-11-14 19:53:21 +03:00
if (!rpmostree_treefile_postprocessing (yumroot, self->treefile_context_dirs->pdata[0],
self->serialized_treefile, treefile,
compose: Move content processing code into -postprocess It seems clearer to me if all code which is operating on the content (such as enabling systemd units) is under -postprocess. The "compose tree" code should be tying everything together and calling out to sub-components. This is prep for adding more postprocessing code.
2014-11-13 22:54:33 +03:00
cancellable, error))
goto out;
compose: Move boot-location handling to postprocessing Originally I was trying to have all of the treefile parsing in treecompose, and then call other functions as API. But that turns out to be unrealistic. We'll need finer grained control over this in the future. Therefore, let's move the boot-location handling down, in preparation for further commits which parse the treefile in the commit phase.
2014-11-17 17:18:02 +03:00
if (!rpmostree_prepare_rootfs_for_commit (yumroot, treefile, cancellable, error))
goto out;
autobuilder: Avoid critical if there's no gpg_key
2014-03-29 04:15:43 +04:00
treecompose: De-indent unnecessarily indented region
2014-05-16 01:47:47 +04:00
{
const char *gpgkey;
compose: Split out JSON helpers into separate file In preparation for using some of them in the postprocessing code too. Yeah, parsing JSON in C sucks =( Oh well.
2014-11-13 22:53:43 +03:00
if (!_rpmostree_jsonutil_object_get_optional_string_member (treefile, "gpg_key", &gpgkey, error))
treecompose: De-indent unnecessarily indented region
2014-05-16 01:47:47 +04:00
goto out;
autobuilder: Avoid critical if there's no gpg_key
2014-03-29 04:15:43 +04:00
treecompose: Add --add-metadata-string argument for versioning This will be used by rpm-ostree-toolbox to inject version numbers for the trees.
2014-10-14 17:32:29 +04:00
if (!rpmostree_commit (yumroot, repo, ref, metadata, gpgkey,
treecompose: De-indent unnecessarily indented region
2014-05-16 01:47:47 +04:00
json_object_get_boolean_member (treefile, "selinux"),
cancellable, error))
Unify rpm-ostree into one binary And start making an internal library.
2014-01-29 23:37:44 +04:00
goto out;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
}
treecompose: Add initial caching The way this works is still fairly naive in that we hash in two inputs: 1) The treefile JSON 2) The result of rpm -qa If both of those are a hit, we reuse the existing commit.
2014-05-16 01:46:51 +04:00
if (!cachedir_set_string (cachedir, cachekey,
new_compose_checksum,
cancellable, error))
goto out;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
g_print ("Complete\n");
out:
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
compose tree: Cleanup workdir always Particularly if we hit the cached case, but we might as well always do it.
2014-06-11 15:27:31 +04:00
if (workdir_is_tmp)
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
{
if (opt_workdir_tmpfs)
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
(void) umount (gs_file_get_path_cached (self->workdir));
(void) gs_shutil_rm_rf (self->workdir, NULL, NULL);
compose: Add --workdir-tmpfs This ~halves the write traffic to my SSD when doing local composes. My laptop has 12GiB of RAM, plenty for this.
2014-07-02 06:07:56 +04:00
}
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
if (self)
{
compose: Move 'workdir' to be 'self' member This avoids passing another parameter around.
2014-11-17 04:05:47 +03:00
g_clear_object (&self->workdir);
compose: Put the expanded treefile content in /usr/share/rpm-ostree/treefile.json Since the treefile format now supports includes, we would need to either include the whole chain, or just the expanded portion we use in the compose. This patch does the latter. This should allow a client to take the same treefile and generate a similar tree (if they want to reproduce with the same RPMs, those can be extracted from the RPM database inside the tree).
2014-09-07 20:38:34 +04:00
g_clear_pointer (&self->serialized_treefile, g_bytes_unref);
treecompose: Look for yum repo configs in same directory as treefiles This is significantly easier than requiring mutation of the host yum configuration.
2014-05-18 22:13:31 +04:00
g_ptr_array_unref (self->treefile_context_dirs);
}
core: Use generic "builtin" infrastructure for command handling I want to have more options than just "create".
2014-03-22 23:05:41 +04:00
return ret;
Rewrite core utilities in C There are two major reasons: 1) I want to do things like process SELinux labels here, and that type of thing is best done in C. 2) There are presently 3 languages in this code, and this takes us down to just two.
2014-01-24 22:34:19 +04:00
}
Reference in New Issue Copy Permalink