Commit Graph

88 Commits

Author SHA1 Message Date
Jonathan Lebon
0e5044ca92 postprocess: Add /home -> /var/home SELinux substitution
Manually patch `file_contexts.subs_dist` so that `/home` is equivalent
to `/var/home`. This is required now that the generated homedirs rules
use `/var/home`. Otherwise, `matchpathcon` for example will return wrong
results.

This patch also includes the *removal* of `/var/home -> /home` so that
we're not dependent on this selinux-policy patch making it at the same
time as downstream:

https://src.fedoraproject.org/rpms/selinux-policy/pull-request/14

(See the conversation there for more information.)

Closes: #1754
Approved by: cgwalters
2019-02-14 17:24:09 +00:00
Jonathan Lebon
677c083f24 libpriv: Rebuild policy during postprocessing
It's possible for some postprocessing scripts to affect the final
SELinux policy. This is the case for the new `/etc/default/useradd` edit
we now do (#1726), but it could've been the case beforehand too with
user scripts modifying e.g. booleans (though ideally all these
modifications would be part of RPMs).

Do a final `semodule -nB` during postprocessing so that the final policy
we commit is "up to date". Otherwise, users may only see changes take
effect if they layer packages that trigger a rebuild.

The motivation for this is specifically for `/etc/default/useradd`.
There is magic in `selinux-policy` that parses the file and generates
templated rules from the value of `HOME`.

For more info, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1669982
https://src.fedoraproject.org/rpms/selinux-policy/pull-request/14

Closes: #1754
Approved by: cgwalters
2019-02-14 17:24:09 +00:00
Colin Walters
9ca74d0c31 compose: Fix install --unified-core
There's lots of gyrations here for unified-core vs not; it's
been broken in the case of `--unified-core` for a while I think.
In that case our workdir is tmpdir, so rename that directory.

Closes: #1743
Approved by: jlebon
2019-02-05 22:26:11 +00:00
Colin Walters
56e6ddb8e5 compose: Change /etc/default/useradd to use HOME=/var/home
For a long time I've resisted encoding "policy" into rpm-ostree
as much as possible.  Doing so makes it more distribution specific
for example.  That said, for `/var/home` there argument for doing
this in rpm-ostree is that we already make that symlink in our
hardcoded rootfs.  So we might as well do the other fixups for it.

https://github.com/coreos/fedora-coreos-config/pull/18
https://pagure.io/workstation-ostree-config/pull-request/121
https://discussion.fedoraproject.org/t/adapting-user-home-in-etc-passwd/487/6
https://github.com/justjanne/powerline-go/issues/94

Closes: #1726
Approved by: jlebon
2019-01-07 15:35:37 +00:00
Jonathan Lebon
544d79fd3f compose: Fix EBADF in unified core mode without cachedir
If no cache dir is given in the workdir, we would alias the cache dir fd
to the workdir fd. But of course, this meant that we'd try to close the
same fd twice when freeing the compose context. Instead, let's just copy
the fd as is also done in the non-unified path.

Closes: #1697

Closes: #1698
Approved by: lucab
2018-12-06 13:44:19 +00:00
Colin Walters
50b255a8a9 Move varsubst code into Rust, use it in treefile parsing
External tools often want to parse the ref; for example coreos-assembler
currently does so.  Let's ensure `${basearch}` is expanded with
`--print-only` so they can parse that JSON to get the expanded version
reliably.

Implementation note: this is the first Rust code which exposes a
"GLib-like" C API, notably with GHashTable, so we're making more use
of the glib-rs bindings.

Closes: #1653

Closes: #1655
Approved by: jlebon
2018-11-02 20:36:28 +00:00
Colin Walters
88ffdc0ae2 Add compose rojig command
This currently requires a `--i-know-this-is-experimental` flag;
I know it'd be a bit more consistent to have it under `ex`, but
what feels weird about that is *most* of the `ex` commands people
use are client side.  This is where we want it to ultimately end
up.

We've landed a lot of prep patches, but I know there's still
a notable amount of code duplication with `compose tree`.  What's
left is about ~700 lines but it's mostly not hard/complex code
anymore.

In the future, I'd like to extract more of the compose code
to a `rust/src/compose.rs` or so, but I think this is sustainable
fow now.

My high level goal is to get this into coreos-assembler and stand
up a Silverblue build that uses it.

Closes: #1512
Approved by: jlebon
2018-10-31 17:57:45 +00:00
Colin Walters
5b8b37658f compose: Make --print-only happen earlier and be quiet
Don't print the version or other warnings; ensure we output clean JSON.

Prep for fixing https://github.com/coreos/fedora-coreos-config/pull/24
(This helps, but we still need to expand `${basearch}`)

Closes: #1648
Approved by: jlebon
2018-10-30 15:04:21 +00:00
Jonathan Lebon
940fc1364a compose: Check that add-files are compatible after parsing
While serde gives us type checking, it of course doesn't understand
semantics beyond that. One example is checking the compatibility of
`add-files` entries with the OSTree model. This is something we can do
upfront early on to avoid surprises for users.

Also tweak the docs to reflect this new check.

Related: #1642

Closes: #1643
Approved by: cgwalters
2018-10-26 20:48:07 +00:00
Colin Walters
95c1ed3695 tests/compose: Use workdir in tmpdir
This way when debugging if I want to preserve the state so I can
go there and rerun command under gdb for exmaple, all I need
to do is set `env TEST_SKIP_CLEANUP=1` rather than also needing
to find a separate dir and also set `env RPMOSTREE_PRESERVE_TMPDIR=1`.

Closes: #1630
Approved by: jlebon
2018-10-23 13:40:46 +00:00
Jonathan Lebon
cdda3a01ba postprocess: Add ostree-finalize-staged.path
In preparations for https://github.com/ostreedev/ostree/pull/1740, just
hard enable this path unit for now since centrally-maintained distro
presets still need to be updated.

Closes: #1617
Approved by: cgwalters
2018-10-16 20:05:41 +00:00
Colin Walters
b3f6f25637 core,scripts: When no cachedir+unified-core, disable rofiles-fuse
This is prep for running inside (unprivileged) Kube containers
as they exist today: https://github.com/projectatomic/rpm-ostree/issues/1329

Sadly FUSE today uses a suid binary that ends up wanting CAP_SYS_ADMIN.
I think there's some work on FUSE-in-containers but I'm not sure of
the current status.

What rofiles-fuse here is doing here is protecting is the hardlinked
repo imports.  But if `--cachedir` isn't specified, that repository
gets thrown away anyways.  So there's no real value to using FUSE
here.

Also since nothing is cached, disable the devino cache.

We also make use of --force-copy-zerosized that just landed
in libostree: https://github.com/ostreedev/ostree/pull/1752

Down the line ideally we gain the capability to detect if either
unprivileged overlayfs/FUSE are available.  Then if `--cachedir`
is specified we can make things work.

Closes: #1591
Approved by: jlebon
2018-10-12 19:03:26 +00:00
Colin Walters
f7f2cfeb61 tests: Add validation for provided passwd/group files
Surprising we didn't have this yet.  Prep for oxidizing.

Closes: #1600
Approved by: jlebon
2018-10-11 16:03:02 +00:00
Colin Walters
a86ad96669 compose: Support not specifying a ref
Split out of supporting "pure rojig" work.  We also want
to support this for doing "oscontainers" as is planned for
Red Hat CoreOS.  The user experience in both cases is oriented
around versioning of the external wrapper, not the inner ref/commit.

Note for users/builders who want to make use of this feature:
You probably want to mirror the changes in our test suite here to
use the compose JSON and parse the resulting `ostree-commit` out of that.

Closes: #1603
Approved by: jlebon
2018-10-09 19:47:25 +00:00
Colin Walters
638fab02bd tests: Add a test for inheritance order of postprocess
Since I got it backwards when rewriting it in Rust.

Closes: #1574
Approved by: jlebon
2018-10-04 13:17:47 +00:00
Colin Walters
3c9e212f71 compose-tests: Use yaml.safe_dump
Otherwise we end up with weird `!!python/unicode` stuff:
https://stackoverflow.com/questions/20352794/pyyaml-is-producing-undesired-python-unicode-output/20369984

Closes: #1597
Approved by: jlebon
2018-10-02 18:03:22 +00:00
Colin Walters
c6de759cc0 compose: Drop combined ostree+rojig compose tree
Currently `compose tree` supports writing to both an OSTree
repository and optionally simultaneously generating a rojig
RPM or rojig set.

We are instead going to split off a separate `compose rojig` verb,
since we want to support a "pure rojig" mode, and having all
3 options would make this code far too complex.

For now anyone who wants *both* formats can use `compose tree` then
follow up with `ex commit2rojig`.

This is also inline with the new coreos-assembler push, where
we'll treat `rpm-ostree compose` as more of a "low level" API,
and wrap it in a more opinionated model there.

Closes: #1570
Approved by: jlebon
2018-09-21 14:42:14 +00:00
Colin Walters
16f48afd5e commit2rojig: Take a (YAML) manifest, not a spec file
This completes the removal of externally-provided rojig spec files.

In the current flow then `compose tree --ex-rojig-output-*` will
end up parsing the manifest twice.  But this is prep for defaulting
rojig to "pure" mode without a separate ostree repo.  Then
anyone who wants to do both can run `commit2rojig` after.

Closes: #1561
Approved by: jlebon
2018-09-17 23:45:57 +00:00
Colin Walters
e208383526 tests: Add rojig spec into base config
This is prep for fully dropping the separate spec file, which
is now just used by `commit2rojig`.

A compose test can now specify it wants YAML instead of JSON.

Closes: #1561
Approved by: jlebon
2018-09-17 23:45:57 +00:00
Colin Walters
fe87ad4f29 tests: Drop conditionals for Rust enablement
We now hard require it, so change these tests to do so as
well.

Closes: #1544
Approved by: jlebon
2018-09-10 13:19:51 +00:00
Colin Walters
6f6728b992 compose: Add --write-composejson-to
For higher level tools driving rpm-ostree, the command line arguments
are mostly OK as inputs, but the addition of `--write-commitid-to`
shows that we really want structured data that these tools can parse.
JSON is a good enough interchange format, let's use that.

Most notably this does a pkgdiff in the JSON which several higher
level tools do too.

Closes: #1529
Approved by: jlebon
2018-09-07 18:52:54 +00:00
Colin Walters
b9e3bfd7b3 importer: Don't generate var-tmpfiles.d for rpm itself
This caused `/var/lib/rpm` to be a directory in my Fedora CoreOS
builds.

Closes: #1532
Approved by: sinnykumari
2018-09-07 15:10:10 +00:00
Colin Walters
961482f088 Add inputhash Provides to rojig RPMs
Prep for rojig-only compose support.  We want to be able
to quickly detect whether or not there were changes in the
input, just like we do when targeting an OSTree repository.

Closes: #1528
Approved by: jlebon
2018-09-06 14:33:48 +00:00
Colin Walters
279e7c4f1b treefile: Support inline postprocess element (for inheritance)
I'm trying to have a more opinionated model where custom builds
use inheritance, and currently one can only have a single
`postprocess-script`.

Further, in YAML it's very convenient to use inline vs external
data.

Closes: #1527
Approved by: jlebon
2018-09-05 15:27:07 +00:00
Colin Walters
3d60a31aaa Fix include: with machineid-compat and a few other keys
It turns out we basically have to slap an `Option<T>` around
everything, (in particular `bool` etc.) we need to be able
to distinguish in (I believe) all the cases between
"value unspecified" and "value provided".

Concretely it didn't work to try to set `machineid-compat: false`
in an included yaml treefile becuase it was just defaulted to `true`
by the toplevel.

Down the line we should move all of the parsing into Rust
and have two different `struct` types for "YAML we load" versus
"verified treefile".

Closes: https://github.com/projectatomic/rpm-ostree/issues/1524

Closes: #1525
Approved by: lucab
2018-08-29 12:59:34 +00:00
Colin Walters
40be3fb1cf Add recommends to treefile (default on)
This is for: https://github.com/projectatomic/rpm-ostree/issues/718
But I'm not going to close that issue as this only does the server
side, and I think we should support it client side too.

Since I wrote that issue, we ended up skipping the `dnf_transaction_depsolve()`
API, and hence we don't need to block on a libdnf change.  So
this was quite simple.

Closes: #1513
Approved by: jlebon
2018-08-23 04:24:07 +00:00
Jonathan Lebon
7c87a553e4 tests/compose: Fix wrong assert in test-rojig-e2e
We should be expecting testpkg-1.1-1 here, not 1.0-1. This was passing
before because of the nondeterministic `find` output (fixed in the
previous commit) which could spit out the older rojig RPM.

Closes: #1491
Approved by: cgwalters
2018-08-07 16:00:13 +00:00
Jonathan Lebon
3891aa2563 tests/compose: Simplify test-rojig-e2e file search
This test was relying on the order in which `find` reports matching path
names to find the right RPM. This was failing for me locally sometimes
because it matched the wrong RPM file. Fix this by just directly
referencing the full path name since we can.

Closes: #1491
Approved by: cgwalters
2018-08-07 16:00:13 +00:00
Jonathan Lebon
dce98e4a53 tests/compose: Split out machineid-compat test
My fix to the testsuite in #1488 in which I made the `machineid-compat`
test part of `test-basic.sh` wasn't correct since the basic tests in
`libbasic-test.sh` also check that the default behaviour without the
`machineid-compat` option is to include it.

Let's just do this right and split out the `machineid-compat` test into
its own run.

Closes: #1491
Approved by: cgwalters
2018-08-07 16:00:13 +00:00
Jonathan Lebon
391a684b5f tests/compose: Fix run-test.sh regression
Regression from hasty hack in #1488. We want to return nonzero if the
test failed so that `parallel` fails too.

Closes: #1491
Approved by: cgwalters
2018-08-07 16:00:13 +00:00
Jonathan Lebon
e94f8c9b5f compose: Fix mutate-os-release handling
I noticed that the latest Fedora Atomic Host 28 and Silverblue did not
have an `OSTREE_VERSION` line in `/etc/os-release` even though both
specified `mutate-os-release` in their manifests. This turned out to be
due to the fact that `/usr/lib/os-release` is now a symlink to a
variant-specific file (e.g. `os-release-atomichost`), so we would
fallback to mutating `/usr/lib/os.release.d/os-release-fedora` instead.

Fix this by just taking the nuclear option of running `realpath` in the
rootfs directly. This is more maintainable than trying to keep up with
changes in variants/naming/etc. There's related discussions to this in
the original [PR](https://github.com/projectatomic/rpm-ostree/pull/410)
which introduced the feature re. resolving symlinks within the rootfs.

Closes: #1481
Approved by: jlebon
2018-08-06 01:32:49 +00:00
Jonathan Lebon
1c899c5e9e compose-tests: Rename dir based on failure
Should make it easier to tell which compose test failed rather than
going through the verbose output of parallel.

Closes: #1488
Approved by: jlebon
2018-08-06 00:33:56 +00:00
Colin Walters
588a0327db postprocess: Error if units with machineid-compat: false
Rather than silently ignoring it.

In theory...we could write to /usr/lib/systemd instead of `/etc`
but eh...I feel like what we really want to do is make it convenient
to write a preset file from the YAML.

(We could have an `add-files` content that takes values literally
 which would be nice in YAML and suck in JSON)

A general thread running through this is that for people making
*derivatives* of a CoreOS-like system, having to create their
own `exampleos-release` package is an annoying hurdle.

Anyways for now we're fixing the bug that we were silently ignoring
it.

Closes: #1488
Approved by: jlebon
2018-08-06 00:33:56 +00:00
Colin Walters
344aee1d76 rust: Add support for inline rojig spec files
The rojig spec is almost entirely rpm-ostree implementation details;
let's not have lots of people fork/duplicate it.  Rather add the bits
of rojig to the treefile that people need to define (most notably
the name).

Prep for stabilizing rojig.

I had a few false starts with this PR; managing ownership/lifetimes
across C/Rust is just complicated.  I got bit hard by the fact that
the workdir in `--unified-core` is really dfd-relative, and had to
do a dance to propagate the dfd into rust, as well as down into
the rojig builder.

Closes: #1484
Approved by: jlebon
2018-08-03 16:54:47 +00:00
Colin Walters
23badcd288 compose: Write a preset file to enable ostree-remount.service
I've lost count now of how many times people have hit variants
of https://github.com/projectatomic/centos-release-atomic-host-devel/pull/6
Let's just bake it in.

Closes: #1482
Approved by: jlebon
2018-08-01 20:11:38 +00:00
Colin Walters
628a3aa22f tests/compose: Write logs directly
Make logging work the same as it does for the vmcheck-STI work
(at some point I'll try to unify the 3 parallel+script implementions
 we have).  This fixes the problem that when the test times out,
the filename won't have `.txt` and S3 won't have the right MIME type.

Closes: #1479
Approved by: jlebon
2018-08-01 18:05:09 +00:00
Colin Walters
800402b00a tests/compose: Add some time logging
To help us profile.

Closes: #1479
Approved by: jlebon
2018-08-01 18:05:09 +00:00
Colin Walters
e858a30eca compose: Stabilize --unified-core
In line with the recent trend of marking things stable, and in
preparation for stabilizing `rojig://` - Let's stabilize the `--unified-core`
option for `compose tree`.

I'm not sure we could make it the default anytime soon; today it trips
over bugs in the PAM package in RHEL7 for example.  But it
works fine for Fedora, and I think the code/design are good enough to be stable.

Closes: #1465
Approved by: jlebon
2018-07-24 23:06:50 +00:00
Colin Walters
77e2e19c1f postprocess: Set default.target in /usr
Follow-up improvement after
https://github.com/openshift/os/pull/135

This should ensure it survives systemd's preset run on firstboot.

Although honestly...what we should *really* do is check whether
the `default.target` symlink target exists, and if not reset it
to `multi-user.target` so no one would have to care, but that'd
be conceptually separate from this, so I may do it later.

Closes: #1427
Approved by: jlebon
2018-06-25 20:45:32 +00:00
Colin Walters
d7342731ab Add a treefile option to stop creating /etc/machine-id
We actually want systemd's `ConditionFirstBoot` to fire.  The
primary rationale here is that we're adopting Ignition for Fedora CoreOS,
and having `ConditionFirstBoot=` function will help a lot, as the idea
is it only runs once.

However, I discovered that this breaks the `units` directive for example,
as systemd blows away all the unit state in `/etc`.  The correct thing
to do from the start is to use presets.  We could add an implementation of
`units` which works with this on and instead writes a preset file but...eh.
My plan is to at some point introduce an "epoch" and flip various defaults,
this one, `tmp-is-dir`, the passwd file handling, etc.

See: https://github.com/dustymabe/bootengine/pull/11

Closes: #1425
Approved by: jlebon
2018-06-25 16:19:00 +00:00
Jonathan Lebon
479406e6a5 Add support for YAML treefiles
Let's modernize and start supporting YAML treefiles. I'll dare make the
sweeping generalization that most people would prefer reading and
writing YAML over JSON.

This takes bits from coreos-assembler[1] that know how to serialize a
YAML file and spit it back out as a JSON and makes it into a shared lib
that we can link against. We could use this eventually for JSON inputs
as well to force a validation check before composing.

If we go this route, we could then turn on `--enable-rust` in FAHC for
now and drop the duplicate code in coreos-assembler.

[1] https://github.com/cgwalters/coreos-assembler

Closes: #1377
Approved by: cgwalters
2018-06-05 13:08:33 +00:00
Jonathan Lebon
592d6052b9 ci: Bump to F28
Closes: #1358
Approved by: cgwalters
2018-05-23 14:18:41 +00:00
Colin Walters
36071d3c69 rojig-rename: (almost) Everything else
This renames the remaining C files, tests, etc.  There are only
a few hits for `jigdo` left; changing them would be a format break,
so let's wait to do that until we need to.

Closes: #1279
Approved by: jlebon
2018-03-01 22:35:46 +00:00
Colin Walters
b304a433a0 Second renaming pass for "rojig"
We're continuing an incremental renaming process; previously we changed
the most user-visible strings.  Now we're doing some internal variables,
and notably the cached refs and the origin files - the latter set is
things that end up on disk.

This leaves the biggest items; renaming APIs, files, and tests.

Closes: #1276
Approved by: jlebon
2018-02-27 18:45:10 +00:00
Colin Walters
3dd132285a Initial renaming pass of "jigdo" to "rojig"
I noticed that Ubuntu also uses the original "jigdo", so let's start
pulling off the band-aid here and do a mass rename.

For this first pass I'm focusing on CLI entrypoints and docs, as that's what
people are going to see; renaming all of the internal C functions, structure
variables etc. can come later.

Closes: #1269
Approved by: jlebon
2018-02-26 15:32:50 +00:00
Colin Walters
5879b96a64 jigdo V5: Use number of objects as cache invalidation trigger
Changes in a server-side tree can cause the need for clients to import different
objects from packages. For example, turning on documentation. Another more
subtle case is where an object might "move" from package A to B by being deleted
from A - then the jigdo build process will pick the B version.

We need a "cache validation key"; a way for the server to tell the client that
the objects it should import from the package have changed. Initially I was
thinking of using the libostree "content hash" but that would be awkward as we'd
have to do an import on the server side too.

After more consideration I realized a simple *count* of the number of objects
actually works, because (as I note in a comment) changing a file in the tree
will result in it ending up in the jigdoRPM (and count as a deletion).  And
obviously adding or removing objects changes the count too.

In fact we could have done this *without* breaking the format by just having the
client start recording the number of xattr entries, but this adds greater
flexibility down the line since we can in theory change how we do cache
invalidation if we *really* need to (but at the cost of triggering clients to
redownload packages).

Note the client logic got moved around as now we need to parse all the xattrs
before we decide what packages to download.

My test case here is turning on docs - I noticed this actually affects *every*
package which was surprising to me; I expected at least some packages wouldn't
have docs. I'll double check this.

It'd be good to have a "moving object" case too which I may look at.

Closes: https://github.com/projectatomic/rpm-ostree/issues/1197

Closes: #1256
Approved by: jlebon
2018-02-16 18:45:51 +00:00
Colin Walters
a4d8980d59 tests/jigdo-e2e: Strictly require npkgs to import
Since we changed things to have `jigdoSet = pkgSet`, we can just require exactly
`${npkgs}` here on import, which is what we found from `db list`.

Closes: #1256
Approved by: jlebon
2018-02-16 18:45:51 +00:00
Colin Walters
0a4f6bdab4 jigdo: Use separate rpmostree/jigdo/... refs
The way we import packages in jigdo mode is different from package layering; we
may only import a subset of files for example. In general, we need to treat
jigdo differently.

Related: https://github.com/projectatomic/rpm-ostree/issues/1197

Closes: #1238
Approved by: jlebon
2018-02-13 20:08:13 +00:00
Colin Walters
852b574d01 tests/compose: f is valid in a hex checksum
I *think* this is why our tests started failing recently. It seems somehow very
unlikely to me though that we'd somehow managed to avoid `f` in the boot
checksums until now, but without doing some math...it seems plausible.

Closes: #1243
Approved by: jlebon
2018-02-13 17:26:54 +00:00
Colin Walters
3e9c6cf230 Fix "releasever" option, test it by default
In #875 AKA b46fc35901 we
added support for the `releasever` option in treefiles.  I am
pretty sure it worked at the time...but I didn't add tests.

Either it never worked or some refactoring broke it. The whole chain of
`GKeyFile` → `GVariant` is so confusing. Anyways fix it by copying the string.
Now let's use it by default in the compose tests, and while we're here bump
those to F27.

I'm doing this patch now as I was playing with doing a compose from
the `/usr/share/rpm-ostree/treefile.json` and wanted to use the stock
`.repo` files.

Closes: #1220
Approved by: jlebon
2018-01-23 15:18:52 +00:00