diff --git a/src/daemon/rpmostreed-utils.c b/src/daemon/rpmostreed-utils.c index 928f6f34..ecd26935 100644 --- a/src/daemon/rpmostreed-utils.c +++ b/src/daemon/rpmostreed-utils.c @@ -260,6 +260,10 @@ rpmostreed_repo_pull_ancestry (OstreeRepo *repo, int depth, ii; gboolean ret = FALSE; + /* Only fetch the HEAD on the first pass. See also: + * https://github.com/projectatomic/rpm-ostree/pull/557 */ + gboolean first_pass = TRUE; + g_return_val_if_fail (OSTREE_IS_REPO (repo), FALSE); g_return_val_if_fail (refspec != NULL, FALSE); @@ -288,7 +292,8 @@ rpmostreed_repo_pull_ancestry (OstreeRepo *repo, g_variant_new_strv ((const char * const *) refs_array, -1); g_variant_dict_init (&options, NULL); - g_variant_dict_insert (&options, "depth", "i", depth); + if (!first_pass) + g_variant_dict_insert (&options, "depth", "i", depth); g_variant_dict_insert (&options, "flags", "i", flags); g_variant_dict_insert_value (&options, "refs", refs_value); @@ -307,7 +312,7 @@ rpmostreed_repo_pull_ancestry (OstreeRepo *repo, if (visitor != NULL) { - for (ii = 0; ii < depth && checksum != NULL; ii++) + for (ii = 0; ii < (first_pass ? 1 : depth) && checksum != NULL; ii++) { g_autoptr(GVariant) commit = NULL; gboolean stop = FALSE; @@ -332,7 +337,10 @@ rpmostreed_repo_pull_ancestry (OstreeRepo *repo, /* Pull the next batch of commits, twice as many. */ refs_array[0] = checksum; - depth = depth * 2; + + if (!first_pass) + depth = depth * 2; + first_pass = FALSE; } ret = TRUE; diff --git a/tests/check/test-basic.sh b/tests/check/test-basic.sh index 2c6eebf2..1a6e9318 100755 --- a/tests/check/test-basic.sh +++ b/tests/check/test-basic.sh @@ -23,7 +23,7 @@ set -e ensure_dbus -echo "1..13" +echo "1..14" setup_os_repository "archive-z2" "syslinux" @@ -33,9 +33,12 @@ echo "ok setup" # --sysroot=sysroot to rpm-ostree commands as it will result # in a warning message. +OSTREE="ostree --repo=sysroot/ostree/repo" +REMOTE_OSTREE="ostree --repo=testos-repo --gpg-homedir=${test_tmpdir}/gpghome" + # This initial deployment gets kicked off with some kernel arguments -ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime -ostree --repo=sysroot/ostree/repo pull testos:testos/buildmaster/x86_64-runtime +$OSTREE remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime +$OSTREE pull testos:testos/buildmaster/x86_64-runtime ostree admin --sysroot=sysroot deploy --karg=root=LABEL=MOO --karg=quiet --os=testos testos:testos/buildmaster/x86_64-runtime rpm-ostree status | tee OUTPUT-status.txt @@ -53,7 +56,7 @@ fi os_repository_new_commit rpm-ostree upgrade --os=testos -ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false otheros file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime +$OSTREE remote add --set=gpg-verify=false otheros file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime rpm-ostree rebase --os=testos otheros: rpm-ostree status | tee OUTPUT-status.txt @@ -77,7 +80,7 @@ assert_file_has_content OUTPUT-status.txt '1\.0\.9' echo "ok deploy older known version" # Remember the current revision for later. -revision=$(ostree rev-parse --repo=sysroot/ostree/repo otheros:testos/buildmaster/x86_64-runtime) +revision=$($OSTREE rev-parse otheros:testos/buildmaster/x86_64-runtime) # Jump forward to a locally known version. rpm-ostree deploy --os=testos 1.0.10 @@ -102,7 +105,7 @@ echo "ok deploy older version by revision" # Make a commit on a different branch and make sure that it doesn't let us # deploy it -other_rev=$(ostree --repo=${test_tmpdir}/testos-repo commit -b other-branch --tree=ref=$revision) +other_rev=$($REMOTE_OSTREE commit -b other-branch --tree=ref=$revision) if rpm-ostree deploy --os=testos REVISION=$other_rev 2>OUTPUT-err; then assert_not_reached "Deploying an out-of-branch commit unexpectedly succeeded." fi @@ -121,8 +124,8 @@ assert_file_has_content OUTPUT-status.txt $(date "+%Y%m%d\.2") echo "ok rebase onto other branch at specific version" branch=testos/buildmaster/x86_64-runtime -new_csum=$(ostree --repo=${test_tmpdir}/testos-repo commit -b $branch --tree=ref=$branch) -rpm-ostree rebase --os=testos otheros:testos/buildmaster/x86_64-runtime $new_csum +new_csum=$($REMOTE_OSTREE commit -b $branch --tree=ref=$branch) +rpm-ostree rebase --os=testos otheros:$branch $new_csum rpm-ostree status | head --lines 5 | tee OUTPUT-status.txt assert_file_has_content OUTPUT-status.txt otheros assert_file_has_content OUTPUT-status.txt $new_csum @@ -134,6 +137,15 @@ fi assert_file_has_content OUTPUT-err 'Checksum .* not found in .*' echo "ok error on rebasing onto commit on other branch" +# Make sure that we can deploy from a remote which has gone from unsigned to +# signed commits. +$REMOTE_OSTREE commit -b $branch --tree=ref=$branch \ + --gpg-sign=$TEST_GPG_KEYID --add-metadata-string version=gpg-signed +$OSTREE remote add secureos file://$(pwd)/testos-repo + +rpm-ostree rebase --os=testos secureos:$branch gpg-signed +echo "ok deploy from remote with unsigned and signed commits" + # Ensure it returns an error when passing a wrong option. rpm-ostree --help | awk '/^$/ {in_commands=0} {if(in_commands==1){print $0}} /^Builtin Commands:/ {in_commands=1}' > commands while read command; do diff --git a/tests/common/libtest.sh b/tests/common/libtest.sh index 04cd12e4..776fc400 100644 --- a/tests/common/libtest.sh +++ b/tests/common/libtest.sh @@ -28,7 +28,7 @@ LIBTEST_SH=1 self="$(realpath $0)" if test -z "${SRCDIR:-}"; then - SRCDIR=$(dirname $0) + SRCDIR=${topsrcdir}/tests fi _cleanup_tmpdir () { @@ -62,8 +62,15 @@ export G_DEBUG=fatal-warnings export OSTREE_SYSROOT_DEBUG=mutable-deployments export TEST_GPG_KEYID="472CDAFA" -export TEST_GPG_KEYHOME=${SRCDIR}/gpghome -export OSTREE_GPG_HOME=${TEST_GPG_KEYHOME}/trusted + +# GPG when creating signatures demands a writable +# homedir in order to create lockfiles. Work around +# this by copying locally. +echo "Copying gpghome to ${test_tmpdir}" +cp -a "${SRCDIR}/gpghome" ${test_tmpdir} +chmod -R u+w "${test_tmpdir}" +export TEST_GPG_KEYHOME=${test_tmpdir}/gpghome +export OSTREE_GPG_HOME=${test_tmpdir}/gpghome/trusted if test -n "${OT_TESTS_DEBUG:-}"; then set -x diff --git a/tests/compose b/tests/compose index 3524b00d..a81b25ac 100755 --- a/tests/compose +++ b/tests/compose @@ -3,6 +3,8 @@ set -euo pipefail dn=$(cd $(dirname $0) && pwd) +export topsrcdir=$(cd $dn/.. && pwd) + LOG=${LOG:-compose.log} date > ${LOG} diff --git a/tests/gpghome/key1.asc b/tests/gpghome/key1.asc new file mode 100644 index 00000000..17113b5d --- /dev/null +++ b/tests/gpghome/key1.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFIuhBYBCADTbnocQsJgMfOELkFt3wRrAZShijoBPYZT9BrIuIKZxAbaxZJr +Tbw8eIGgHZ51NCfdoikul0i82dt4hwtsACNVL5EGRmvTIKHPacb0yJMr1YBjcSwD +Slo+niLPb/oVtLTbDWFt/msYKREF/lGJT9dJyXkQ5UOwWdipDaHIlwb0IKUvL7cu +NpNthRFRm1M5d5M9OtqTCrCja6zckQ6OfvoStsbneHzfVWeH7vLcKBxxkfDhusVt +y1iVaDk1EYT8ZxsrAWw4S7nRK/bjr86IYpFPjG2aKMd9qxyIo7hcX4r8od24jzfM +v/ysOapnkTJuv8J6v7MakM1HkCz+TKF6gXxVABEBAAG0HU9zdHJlZSBUZXN0ZXIg +PHRlc3RAdGVzdC5jb20+iQE5BBMBAgAjBQJSLoQWAhsDBwsJCAcDAgEGFQgCCQoL +BBYCAwECHgECF4AACgkQf8oj2Ecs2vr/9wgAnme6WsWQy8CYeGH4q/5I6XFL6q1m +S0+qdeGnYRmR0jJAGJ84vqDhnKxjeQzp+8Nq81DHGEJBszCkMW2o22neFi2Mo95h +Dq3GWNZVldCDshjPs563AY6j7zACUN7Cy5XB3MK/vj5R/SrHBtJmSgPTx9WfmUgn +n5Udg+fzSsS8z8DUtJFtexgrSnEmwH+nOmIfrsjIYL5EPg+CTTalhygROrERjINr +pCYiShaFCKbuyt/XvyQ71y0JbB2yS7tDv0mL4SZjSuBQ1PkNE8ZQsymqBOJHA1Y3 +ppgPs1OenmtYgxaR8HQQv7uxHWZz0dmwQN93Qx8zMZwW40Odmdh1zLNQf7kBDQRS +LoQWAQgA9i9QWg28qmFrPIzn90ZlNlUtFzoZy/8/lIk34awge1uO5aHydYBzkuWU +jCDyBtQLWZQlwOKq8oHBbjENR2sfsmNkrYKcceQ02hSXqEJkc6jcDMCpB9eWy34K +sPZmdl76Eo/vIIgRqJ9JPeGoMPaIBg2ouEz6Ft6jcX3EriYIKebCEA9wPk29z40x +7D8mBZn06WrZ3JyePfbCdNJlQANEnrk7KDMNwPhhE1wcfPkiVtqBR0/FwIoUP0jn +PishIWOuFObYnXQQ2R8sxrw/V0hGqVTh+k+iNAjzEp4yPsAvB+LdMH9nCY5rU3Vo +1paEqVM1EHoBPu4NupRN0AjIJPr5UQARAQABiQEfBBgBAgAJBQJSLoQWAhsMAAoJ +EH/KI9hHLNr68i4IAMdc+EgAaPZFWZcXFGBfhnOKQFC/u/W6Cu1JjqIYkGO0HxSh +SfBkxArqlp37w4YVH4bUku6ja421bfGFNMtMfXjw2mU3HRdaDenP6OGv2jYmYmFt +6zi0JZZhvi8ZCcAQTStZ2Ms3hwstCMiBXPmYA7KW9Gzo4JQSKCW5haICGVSWl7kh +n0OkhOTVI9uzNr7+LhYn2ib/ynSaMKeI4hZ8v1HDuY0V1E63vFPGLFBTPaoRPpnm +9yBnXMWhrbV97L6eEoe7faurSyPcF11LEFC5x8oENnbH+wtAXOayQo3lld+JRa9C +JEZl8STdRU9o2NFwF8XM8BEOWntMS8aNpPoILC8= +=ZNNc +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/gpghome/key2.asc b/tests/gpghome/key2.asc new file mode 100644 index 00000000..3338329b --- /dev/null +++ b/tests/gpghome/key2.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFUIM4ABCADYBuvzGgzv5nMy2wICv79l+N4bN9/o9hTdFEOzyAeCEaF5Wugc +L9nfTgUS9NRHsSpGt9DeZVEzRm5XzccgHOPs7MlYH0Irhc4Hb9ycOO2vBZ7ZiBK/ +jbY+R5GN4Ut9XIRexbXWddOjJpRUTCWQeXw5iqV9Puqm1ge2Vcal+NZOi2AFRKKe +p/QI9EXIIx7ca6OWtH2SS/qE2p9obDYsMNrW+Dk623dbNKQiWaWyfRD+hB91UNbt +vK7agokTeU0hKr9C8dHrhepgl9B/Hz8SFibZQQiTxSiVH3fUu10eQsyuDC/01KHp +z0MR28Lc4VlCs6dsJBmGMBayHHVzbyXgw6uZABEBAAG0IU9zdHJlZSBUZXN0ZXIg +SUkgPHRlc3QyQHRlc3QuY29tPokBOAQTAQIAIgUCVQgzgAIbAwYLCQgHAwIGFQgC +CQoLBBYCAwECHgECF4AACgkQ2CKM/sqVDUFpJAgAirtYbbkvnlKtBxDsCu+A6qyl +7r+cW8IH5U1P4MqxqQwkAe1ZalfjuTSHVKYqt/K6gt0+4NvCee3A2JxXTvLq1hdR +DNMUFAjkbZv3Y6VS8Qtj3edsviNEB7s8uyWgR/EBB312YSZCwzk5uSLzM5E7AmvM +0/ZPIAAxjz8TpQKc8vJx1/4nqgt0Wjv5B74vuOQJT26zoFygCQM76YeN+ULzk/hN +hW7aNp/S2STasvEv7NgwqAe6eWy45xTrvxhEhQV760/toLbI0DuuBGr6Ue/G+Id4 +P/R604HAbMg3GdCztyoD3WTuvcsY6oXD7GlSEX4DZ0LA2TqQDZB+Pqe2yF7Gi7kB +DQRVCDOAAQgAsxH2E9JeQPbcdXGyxLCa4FyMeziCrxn7tOEsRkeqZmb76mAOn67Q +ZuZ6SXcAQDjKOBu7QNEcFQ+bAW/urohzD/sjr09vKqibLh6v8t81DE79GHI1UZ7F +SuYDLgcGUvOCJej8iftJcudWuzCW9SvoykNcgPcIOYEXbbJVRr2xvK4z2a34DyWL +jEXU2r6g1KNwtGyT6hZ7Ax99MKAzCFX3to0V51EXcrnUojwz/8i4Lal9t3d4P3lu +FZw3ITWh4e9zNxp8aSxsAN/vQ1EHccMPrNmO+d+yjhH7inTxf+vLErP3Cs5rPjxl +FgoLvBCSCT0jQ0xP+8Aa2TDyXDcMHg85QwARAQABiQEfBBgBAgAJBQJVCDOAAhsM +AAoJENgijP7KlQ1Bc68H/RBn5PpUe8CA1CJ8eN4LIfRee3DjacwvjGsdgiMzcLhb +Hp/ke42kentYjT+gF1ABPbeUERDlhnZ8BguKGZV+jOGDWRI2KFrQXL444aNznjn8 +aTOQY/d4LibwSaQ3qzf4Zp4CyZq2X2Vg3+B3HoUM6pkIL/r2ao5TnFqKubCE3sEo +St+LV4eHktoAS1GXmxYKo4Q67yMVekTZt7C/VQ2a20qfAXBn2U8UA3tUvNqKtyyJ +XrxeTJ+T4MMv60zdC/B/UPNjjHLNyB6culIzyiYFglGw3ctx2erJN2d+aQLrw78E +vIuMy+JcH6y3JlzVGdByWbC7628OcWWa+NL/CXnYMyQ= +=j9RC +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/gpghome/key3.asc b/tests/gpghome/key3.asc new file mode 100644 index 00000000..2ebdb6d3 --- /dev/null +++ b/tests/gpghome/key3.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFUIM6EBCACr57QUYEEuxvkX20yM1LVt2jyYZRKKQsqXx/xCF+Pg1MNz6mYx +Qz6R6+yZZmlADsfRdnEpRvl4Dq2g3cP0DqkjnIKwI7ffEsyXlves8OMlpwT2Vh4x +8Lx92eIEeqmb+PT8m88+x+EPVaR2R5KBHFkGXGyVgw+Ry8Oa9ZtJEKSkL/EQvzWv +5q+OR1Pm8rnIPe64XPh3yAx5SBJ2m7hykH/XMVrdGqaZvpuGBx77pmmqfMMjNWMC +U09hURyuyGWUsj9lFWYgpBvAzASmJNpAf7FZTjzCwLJwqpxCYm6a3sp76yyjuY7q +vgJOolRHp9F/XETsSLdy6966oBxclGNaD6gnABEBAAG0Ik9zdHJlZSBUZXN0ZXIg +SUlJIDx0ZXN0M0B0ZXN0LmNvbT6JATgEEwECACIFAlUIM6ECGwMGCwkIBwMCBhUI +AgkKCwQWAgMBAh4BAheAAAoJEA0V+uffRE1n0n4H/0Z8bC1cdr5cMFZ6YBaJlw4c +b61krhan2qCrwQupwaXi6LHt0zMwgljOcN+X2sAlZj9Jv0CabU5S1vM1fh9DZ6OY +2OQ/Pq2lXGk22JjrbPPq5o//xTzo92Uxptuxq6O4frVzuGCo1yPlrHJh+TxbXIc8 +XOz9C9KTfcb9OwidSSW5LlUBzQ2e3oQLSUQPsdB3TZP5zlqPIYerWn+LdETKcOTr +JyoaobFqX2BN223d3vkA1/GcuB17eBnzbnS0OWLJH+E3bsCqjtCJMEc1uTq97tyF +XStIk9i0gVbA+GiK/ZFMt+a5kagR5dOUwpNZ0BE+Kzf0CtkSaSWkAh1vQV/j2E65 +AQ0EVQgzoQEIAMeXa6sp5kdmJn/fVw0Pk5oluBXif7BiFt+T7K03RxCOKRpne6dI +SS98ruwZ1B5hn0lZO0UiL5RKpBQUrI9Y7251tz+oWohU2ZkUwwP3OcBlTXtErhe0 +LctcJ1nUA5NICVP5brhJR94durULiM+Rrhr12Ccs+a9bV268btNLN51z7ICMwNI6 +xuNxLt9orVJwP82a2eelQOgkPyFpiq7UxZ1erJg4aBVfWHP+rlxyQlzawVebbQMO +gwYW+gAawTxd2x7PV9CC3KsaM+HI6wBvDOtcWlbzo+TxzcVocd5oern4Mr5Y86Gt +lajuO9DVsuxxIfBrvHdRut613ShhOVlfy2MAEQEAAYkBHwQYAQIACQUCVQgzoQIb +DAAKCRANFfrn30RNZyPVB/9jNFOjcNCAZSrz9vylaO0xHsPhIn4osmkiU6BvodwO +n+qR4eEUw7BzoWC5QqGxUPYuDneQK7N7U31SFYjmY5Y1CDMsFtcYzjPgN5qWhtaN +iNTtE9pb5f97PyLSUwcdW1y/cfDfqoAY6rpRXieo7hJv1xBtlEzJIbSSTS1SUEd1 +4qwPCqNWMSM6qBcaFB5Yuw0Z/E6B1JfNTUw5J5jDxbGdOzkLx2mXCldte1axq9Lp +1V17jMTvn7Ml1QdoEAqzvt4VNQci/Su/qd3XjQ46b4dFFP03+jJv7mO6tHka2luZ +RX0zfsk5q8wqbtV2k0XZFRD+22ddKMf1j4wID157lNQs +=Dq+d +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/gpghome/pubring.gpg b/tests/gpghome/pubring.gpg new file mode 120000 index 00000000..3ada1d42 --- /dev/null +++ b/tests/gpghome/pubring.gpg @@ -0,0 +1 @@ +trusted/pubring.gpg \ No newline at end of file diff --git a/tests/gpghome/secring.gpg b/tests/gpghome/secring.gpg new file mode 100644 index 00000000..ad88437e Binary files /dev/null and b/tests/gpghome/secring.gpg differ diff --git a/tests/gpghome/trustdb.gpg b/tests/gpghome/trustdb.gpg new file mode 100644 index 00000000..d5f053e7 Binary files /dev/null and b/tests/gpghome/trustdb.gpg differ diff --git a/tests/gpghome/trusted/pubring.gpg b/tests/gpghome/trusted/pubring.gpg new file mode 100644 index 00000000..5461d9d4 Binary files /dev/null and b/tests/gpghome/trusted/pubring.gpg differ