daemon: start with one commit only when resolving versions

During a deploy operation, we would fetch commit objects from the remote
to resolve the version string. If gpg-verify was turned on, we would
fail to pull them if some of the commits were not signed. This is
because we pulled them in batches. We partially address this by only
fetching the HEAD commit on the first pass. This allows `upgrade`
operations to work just as well as `deploy` operations.

Though there is still an issue if we have to traverse farther back than
when signed commits become unsigned (unless they happen to fall on a
batch boundary). We leave that unsolved for now, since that would likely
require a more complex solution and it's not clear whether it's a real
world issue (signers can just retroactively sign commits).

Copy the gpghome from ostree so that we can test GPG-related cases in
our suite.

Closes: #527

Closes: #557
Approved by: cgwalters

src/daemon/rpmostreed-utils.c

@@ -260,6 +260,10 @@ rpmostreed_repo_pull_ancestry (OstreeRepo               *repo,
   int depth, ii;
   gboolean ret = FALSE;
 
+  /* Only fetch the HEAD on the first pass. See also:
+   * https://github.com/projectatomic/rpm-ostree/pull/557 */
+  gboolean first_pass = TRUE;
+
   g_return_val_if_fail (OSTREE_IS_REPO (repo), FALSE);
   g_return_val_if_fail (refspec != NULL, FALSE);
 
@@ -288,6 +292,7 @@ rpmostreed_repo_pull_ancestry (OstreeRepo               *repo,
             g_variant_new_strv ((const char * const *) refs_array, -1);
 
           g_variant_dict_init (&options, NULL);
+          if (!first_pass)
             g_variant_dict_insert (&options, "depth", "i", depth);
           g_variant_dict_insert (&options, "flags", "i", flags);
           g_variant_dict_insert_value (&options, "refs", refs_value);
@@ -307,7 +312,7 @@ rpmostreed_repo_pull_ancestry (OstreeRepo               *repo,
 
       if (visitor != NULL)
         {
-          for (ii = 0; ii < depth && checksum != NULL; ii++)
+          for (ii = 0; ii < (first_pass ? 1 : depth) && checksum != NULL; ii++)
             {
               g_autoptr(GVariant) commit = NULL;
               gboolean stop = FALSE;
@@ -332,7 +337,10 @@ rpmostreed_repo_pull_ancestry (OstreeRepo               *repo,
 
       /* Pull the next batch of commits, twice as many. */
       refs_array[0] = checksum;
+
+      if (!first_pass)
         depth = depth * 2;
+      first_pass = FALSE;
     }
 
   ret = TRUE;

tests/check/test-basic.sh

@@ -23,7 +23,7 @@ set -e
 
 ensure_dbus
 
-echo "1..13"
+echo "1..14"
 
 setup_os_repository "archive-z2" "syslinux"
 
@@ -33,9 +33,12 @@ echo "ok setup"
 #       --sysroot=sysroot to rpm-ostree commands as it will result
 #       in a warning message.
 
+OSTREE="ostree --repo=sysroot/ostree/repo"
+REMOTE_OSTREE="ostree --repo=testos-repo --gpg-homedir=${test_tmpdir}/gpghome"
+
 # This initial deployment gets kicked off with some kernel arguments 
-ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
-ostree --repo=sysroot/ostree/repo pull testos:testos/buildmaster/x86_64-runtime
+$OSTREE remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
+$OSTREE pull testos:testos/buildmaster/x86_64-runtime
 ostree admin --sysroot=sysroot deploy --karg=root=LABEL=MOO --karg=quiet --os=testos testos:testos/buildmaster/x86_64-runtime
 
 rpm-ostree status | tee OUTPUT-status.txt
@@ -53,7 +56,7 @@ fi
 os_repository_new_commit
 rpm-ostree upgrade --os=testos
 
-ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false otheros file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
+$OSTREE remote add --set=gpg-verify=false otheros file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
 rpm-ostree rebase --os=testos otheros:
 
 rpm-ostree status | tee OUTPUT-status.txt
@@ -77,7 +80,7 @@ assert_file_has_content OUTPUT-status.txt '1\.0\.9'
 echo "ok deploy older known version"
 
 # Remember the current revision for later.
-revision=$(ostree rev-parse --repo=sysroot/ostree/repo otheros:testos/buildmaster/x86_64-runtime)
+revision=$($OSTREE rev-parse otheros:testos/buildmaster/x86_64-runtime)
 
 # Jump forward to a locally known version.
 rpm-ostree deploy --os=testos 1.0.10
@@ -102,7 +105,7 @@ echo "ok deploy older version by revision"
 
 # Make a commit on a different branch and make sure that it doesn't let us
 # deploy it
-other_rev=$(ostree --repo=${test_tmpdir}/testos-repo commit -b other-branch --tree=ref=$revision)
+other_rev=$($REMOTE_OSTREE commit -b other-branch --tree=ref=$revision)
 if rpm-ostree deploy --os=testos REVISION=$other_rev 2>OUTPUT-err; then
     assert_not_reached "Deploying an out-of-branch commit unexpectedly succeeded."
 fi
@@ -121,8 +124,8 @@ assert_file_has_content OUTPUT-status.txt $(date "+%Y%m%d\.2")
 echo "ok rebase onto other branch at specific version"
 
 branch=testos/buildmaster/x86_64-runtime
-new_csum=$(ostree --repo=${test_tmpdir}/testos-repo commit -b $branch --tree=ref=$branch)
-rpm-ostree rebase --os=testos otheros:testos/buildmaster/x86_64-runtime $new_csum
+new_csum=$($REMOTE_OSTREE commit -b $branch --tree=ref=$branch)
+rpm-ostree rebase --os=testos otheros:$branch $new_csum
 rpm-ostree status | head --lines 5 | tee OUTPUT-status.txt
 assert_file_has_content OUTPUT-status.txt otheros
 assert_file_has_content OUTPUT-status.txt $new_csum
@@ -134,6 +137,15 @@ fi
 assert_file_has_content OUTPUT-err 'Checksum .* not found in .*'
 echo "ok error on rebasing onto commit on other branch"
 
+# Make sure that we can deploy from a remote which has gone from unsigned to
+# signed commits.
+$REMOTE_OSTREE commit -b $branch --tree=ref=$branch \
+    --gpg-sign=$TEST_GPG_KEYID --add-metadata-string version=gpg-signed
+$OSTREE remote add secureos file://$(pwd)/testos-repo
+
+rpm-ostree rebase --os=testos secureos:$branch gpg-signed
+echo "ok deploy from remote with unsigned and signed commits"
+
 # Ensure it returns an error when passing a wrong option.
 rpm-ostree --help | awk '/^$/ {in_commands=0} {if(in_commands==1){print $0}} /^Builtin Commands:/ {in_commands=1}' > commands
 while read command; do

tests/common/libtest.sh

@@ -28,7 +28,7 @@ LIBTEST_SH=1
 self="$(realpath $0)"
 
 if test -z "${SRCDIR:-}"; then
-    SRCDIR=$(dirname $0)
+    SRCDIR=${topsrcdir}/tests
 fi
 
 _cleanup_tmpdir () {
@@ -62,8 +62,15 @@ export G_DEBUG=fatal-warnings
 export OSTREE_SYSROOT_DEBUG=mutable-deployments
 
 export TEST_GPG_KEYID="472CDAFA"
-export TEST_GPG_KEYHOME=${SRCDIR}/gpghome
-export OSTREE_GPG_HOME=${TEST_GPG_KEYHOME}/trusted
+
+# GPG when creating signatures demands a writable
+# homedir in order to create lockfiles.  Work around
+# this by copying locally.
+echo "Copying gpghome to ${test_tmpdir}"
+cp -a "${SRCDIR}/gpghome" ${test_tmpdir}
+chmod -R u+w "${test_tmpdir}"
+export TEST_GPG_KEYHOME=${test_tmpdir}/gpghome
+export OSTREE_GPG_HOME=${test_tmpdir}/gpghome/trusted
 
 if test -n "${OT_TESTS_DEBUG:-}"; then
     set -x

tests/compose

@@ -3,6 +3,8 @@ set -euo pipefail
 
 dn=$(cd $(dirname $0) && pwd)
 
+export topsrcdir=$(cd $dn/.. && pwd)
+
 LOG=${LOG:-compose.log}
 date > ${LOG}
 

tests/gpghome/key1.asc

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFIuhBYBCADTbnocQsJgMfOELkFt3wRrAZShijoBPYZT9BrIuIKZxAbaxZJr
+Tbw8eIGgHZ51NCfdoikul0i82dt4hwtsACNVL5EGRmvTIKHPacb0yJMr1YBjcSwD
+Slo+niLPb/oVtLTbDWFt/msYKREF/lGJT9dJyXkQ5UOwWdipDaHIlwb0IKUvL7cu
+NpNthRFRm1M5d5M9OtqTCrCja6zckQ6OfvoStsbneHzfVWeH7vLcKBxxkfDhusVt
+y1iVaDk1EYT8ZxsrAWw4S7nRK/bjr86IYpFPjG2aKMd9qxyIo7hcX4r8od24jzfM
+v/ysOapnkTJuv8J6v7MakM1HkCz+TKF6gXxVABEBAAG0HU9zdHJlZSBUZXN0ZXIg
+PHRlc3RAdGVzdC5jb20+iQE5BBMBAgAjBQJSLoQWAhsDBwsJCAcDAgEGFQgCCQoL
+BBYCAwECHgECF4AACgkQf8oj2Ecs2vr/9wgAnme6WsWQy8CYeGH4q/5I6XFL6q1m
+S0+qdeGnYRmR0jJAGJ84vqDhnKxjeQzp+8Nq81DHGEJBszCkMW2o22neFi2Mo95h
+Dq3GWNZVldCDshjPs563AY6j7zACUN7Cy5XB3MK/vj5R/SrHBtJmSgPTx9WfmUgn
+n5Udg+fzSsS8z8DUtJFtexgrSnEmwH+nOmIfrsjIYL5EPg+CTTalhygROrERjINr
+pCYiShaFCKbuyt/XvyQ71y0JbB2yS7tDv0mL4SZjSuBQ1PkNE8ZQsymqBOJHA1Y3
+ppgPs1OenmtYgxaR8HQQv7uxHWZz0dmwQN93Qx8zMZwW40Odmdh1zLNQf7kBDQRS
+LoQWAQgA9i9QWg28qmFrPIzn90ZlNlUtFzoZy/8/lIk34awge1uO5aHydYBzkuWU
+jCDyBtQLWZQlwOKq8oHBbjENR2sfsmNkrYKcceQ02hSXqEJkc6jcDMCpB9eWy34K
+sPZmdl76Eo/vIIgRqJ9JPeGoMPaIBg2ouEz6Ft6jcX3EriYIKebCEA9wPk29z40x
+7D8mBZn06WrZ3JyePfbCdNJlQANEnrk7KDMNwPhhE1wcfPkiVtqBR0/FwIoUP0jn
+PishIWOuFObYnXQQ2R8sxrw/V0hGqVTh+k+iNAjzEp4yPsAvB+LdMH9nCY5rU3Vo
+1paEqVM1EHoBPu4NupRN0AjIJPr5UQARAQABiQEfBBgBAgAJBQJSLoQWAhsMAAoJ
+EH/KI9hHLNr68i4IAMdc+EgAaPZFWZcXFGBfhnOKQFC/u/W6Cu1JjqIYkGO0HxSh
+SfBkxArqlp37w4YVH4bUku6ja421bfGFNMtMfXjw2mU3HRdaDenP6OGv2jYmYmFt
+6zi0JZZhvi8ZCcAQTStZ2Ms3hwstCMiBXPmYA7KW9Gzo4JQSKCW5haICGVSWl7kh
+n0OkhOTVI9uzNr7+LhYn2ib/ynSaMKeI4hZ8v1HDuY0V1E63vFPGLFBTPaoRPpnm
+9yBnXMWhrbV97L6eEoe7faurSyPcF11LEFC5x8oENnbH+wtAXOayQo3lld+JRa9C
+JEZl8STdRU9o2NFwF8XM8BEOWntMS8aNpPoILC8=
+=ZNNc
+-----END PGP PUBLIC KEY BLOCK-----

tests/gpghome/key2.asc

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFUIM4ABCADYBuvzGgzv5nMy2wICv79l+N4bN9/o9hTdFEOzyAeCEaF5Wugc
+L9nfTgUS9NRHsSpGt9DeZVEzRm5XzccgHOPs7MlYH0Irhc4Hb9ycOO2vBZ7ZiBK/
+jbY+R5GN4Ut9XIRexbXWddOjJpRUTCWQeXw5iqV9Puqm1ge2Vcal+NZOi2AFRKKe
+p/QI9EXIIx7ca6OWtH2SS/qE2p9obDYsMNrW+Dk623dbNKQiWaWyfRD+hB91UNbt
+vK7agokTeU0hKr9C8dHrhepgl9B/Hz8SFibZQQiTxSiVH3fUu10eQsyuDC/01KHp
+z0MR28Lc4VlCs6dsJBmGMBayHHVzbyXgw6uZABEBAAG0IU9zdHJlZSBUZXN0ZXIg
+SUkgPHRlc3QyQHRlc3QuY29tPokBOAQTAQIAIgUCVQgzgAIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQ2CKM/sqVDUFpJAgAirtYbbkvnlKtBxDsCu+A6qyl
+7r+cW8IH5U1P4MqxqQwkAe1ZalfjuTSHVKYqt/K6gt0+4NvCee3A2JxXTvLq1hdR
+DNMUFAjkbZv3Y6VS8Qtj3edsviNEB7s8uyWgR/EBB312YSZCwzk5uSLzM5E7AmvM
+0/ZPIAAxjz8TpQKc8vJx1/4nqgt0Wjv5B74vuOQJT26zoFygCQM76YeN+ULzk/hN
+hW7aNp/S2STasvEv7NgwqAe6eWy45xTrvxhEhQV760/toLbI0DuuBGr6Ue/G+Id4
+P/R604HAbMg3GdCztyoD3WTuvcsY6oXD7GlSEX4DZ0LA2TqQDZB+Pqe2yF7Gi7kB
+DQRVCDOAAQgAsxH2E9JeQPbcdXGyxLCa4FyMeziCrxn7tOEsRkeqZmb76mAOn67Q
+ZuZ6SXcAQDjKOBu7QNEcFQ+bAW/urohzD/sjr09vKqibLh6v8t81DE79GHI1UZ7F
+SuYDLgcGUvOCJej8iftJcudWuzCW9SvoykNcgPcIOYEXbbJVRr2xvK4z2a34DyWL
+jEXU2r6g1KNwtGyT6hZ7Ax99MKAzCFX3to0V51EXcrnUojwz/8i4Lal9t3d4P3lu
+FZw3ITWh4e9zNxp8aSxsAN/vQ1EHccMPrNmO+d+yjhH7inTxf+vLErP3Cs5rPjxl
+FgoLvBCSCT0jQ0xP+8Aa2TDyXDcMHg85QwARAQABiQEfBBgBAgAJBQJVCDOAAhsM
+AAoJENgijP7KlQ1Bc68H/RBn5PpUe8CA1CJ8eN4LIfRee3DjacwvjGsdgiMzcLhb
+Hp/ke42kentYjT+gF1ABPbeUERDlhnZ8BguKGZV+jOGDWRI2KFrQXL444aNznjn8
+aTOQY/d4LibwSaQ3qzf4Zp4CyZq2X2Vg3+B3HoUM6pkIL/r2ao5TnFqKubCE3sEo
+St+LV4eHktoAS1GXmxYKo4Q67yMVekTZt7C/VQ2a20qfAXBn2U8UA3tUvNqKtyyJ
+XrxeTJ+T4MMv60zdC/B/UPNjjHLNyB6culIzyiYFglGw3ctx2erJN2d+aQLrw78E
+vIuMy+JcH6y3JlzVGdByWbC7628OcWWa+NL/CXnYMyQ=
+=j9RC
+-----END PGP PUBLIC KEY BLOCK-----

tests/gpghome/key3.asc

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQENBFUIM6EBCACr57QUYEEuxvkX20yM1LVt2jyYZRKKQsqXx/xCF+Pg1MNz6mYx
+Qz6R6+yZZmlADsfRdnEpRvl4Dq2g3cP0DqkjnIKwI7ffEsyXlves8OMlpwT2Vh4x
+8Lx92eIEeqmb+PT8m88+x+EPVaR2R5KBHFkGXGyVgw+Ry8Oa9ZtJEKSkL/EQvzWv
+5q+OR1Pm8rnIPe64XPh3yAx5SBJ2m7hykH/XMVrdGqaZvpuGBx77pmmqfMMjNWMC
+U09hURyuyGWUsj9lFWYgpBvAzASmJNpAf7FZTjzCwLJwqpxCYm6a3sp76yyjuY7q
+vgJOolRHp9F/XETsSLdy6966oBxclGNaD6gnABEBAAG0Ik9zdHJlZSBUZXN0ZXIg
+SUlJIDx0ZXN0M0B0ZXN0LmNvbT6JATgEEwECACIFAlUIM6ECGwMGCwkIBwMCBhUI
+AgkKCwQWAgMBAh4BAheAAAoJEA0V+uffRE1n0n4H/0Z8bC1cdr5cMFZ6YBaJlw4c
+b61krhan2qCrwQupwaXi6LHt0zMwgljOcN+X2sAlZj9Jv0CabU5S1vM1fh9DZ6OY
+2OQ/Pq2lXGk22JjrbPPq5o//xTzo92Uxptuxq6O4frVzuGCo1yPlrHJh+TxbXIc8
+XOz9C9KTfcb9OwidSSW5LlUBzQ2e3oQLSUQPsdB3TZP5zlqPIYerWn+LdETKcOTr
+JyoaobFqX2BN223d3vkA1/GcuB17eBnzbnS0OWLJH+E3bsCqjtCJMEc1uTq97tyF
+XStIk9i0gVbA+GiK/ZFMt+a5kagR5dOUwpNZ0BE+Kzf0CtkSaSWkAh1vQV/j2E65
+AQ0EVQgzoQEIAMeXa6sp5kdmJn/fVw0Pk5oluBXif7BiFt+T7K03RxCOKRpne6dI
+SS98ruwZ1B5hn0lZO0UiL5RKpBQUrI9Y7251tz+oWohU2ZkUwwP3OcBlTXtErhe0
+LctcJ1nUA5NICVP5brhJR94durULiM+Rrhr12Ccs+a9bV268btNLN51z7ICMwNI6
+xuNxLt9orVJwP82a2eelQOgkPyFpiq7UxZ1erJg4aBVfWHP+rlxyQlzawVebbQMO
+gwYW+gAawTxd2x7PV9CC3KsaM+HI6wBvDOtcWlbzo+TxzcVocd5oern4Mr5Y86Gt
+lajuO9DVsuxxIfBrvHdRut613ShhOVlfy2MAEQEAAYkBHwQYAQIACQUCVQgzoQIb
+DAAKCRANFfrn30RNZyPVB/9jNFOjcNCAZSrz9vylaO0xHsPhIn4osmkiU6BvodwO
+n+qR4eEUw7BzoWC5QqGxUPYuDneQK7N7U31SFYjmY5Y1CDMsFtcYzjPgN5qWhtaN
+iNTtE9pb5f97PyLSUwcdW1y/cfDfqoAY6rpRXieo7hJv1xBtlEzJIbSSTS1SUEd1
+4qwPCqNWMSM6qBcaFB5Yuw0Z/E6B1JfNTUw5J5jDxbGdOzkLx2mXCldte1axq9Lp
+1V17jMTvn7Ml1QdoEAqzvt4VNQci/Su/qd3XjQ46b4dFFP03+jJv7mO6tHka2luZ
+RX0zfsk5q8wqbtV2k0XZFRD+22ddKMf1j4wID157lNQs
+=Dq+d
+-----END PGP PUBLIC KEY BLOCK-----

tests/gpghome/pubring.gpg

@@ -0,0 +1 @@
+trusted/pubring.gpg