Commit Graph

55 Commits

Author SHA1 Message Date
Timothée Ravier
3929e38ac0 Remove rpm-ostree sysusers config 2021-03-16 19:07:20 -04:00
Timothée Ravier
101d531f3b Install rpm-ostree sysusers config and countme units
Install the systemd unit, timer and sysusers configuration for Count Me
support. We do not enable or pull as a dependency those units by default
as this is a decision that should be taken at the distribution level and
needs support on the infrastructure side.

To enable those units in a disctribution package, you can add the
following symlink:
$ ln -snf /usr/lib/systemd/system/rpm-ostree-countme.timer /usr/lib/systemd/system/rpm-ostreed.service.wants/

or add the following config snippet to the rpm-ostreed.service unit:
Wants=rpm-ostree-countme.timer
2021-02-25 16:58:14 +01:00
Colin Walters
6c66bf1072 Rename livefs → apply-live in more places
Keep up the renaming momentum by using the new name in more
places.

Prep for further work.
2021-01-12 03:15:49 -05:00
Colin Walters
4c3d3fcb45 build-sys: Drop autoconf bits to find dbus service directory
We set it to the same value in both cases.  There's no reason
to require it at build time anyways.

Part of thinning out the Autotools side in prep for using Cargo.
2020-12-22 17:14:19 -05:00
Colin Walters
509ea0dbe1 Port rpmostreed-os-experimental to C++
Prep for using https://cxx.rs/
2020-12-22 16:36:13 -05:00
Colin Walters
1d610604a2 Port rpmostree-package-variants to C++
Prep for using https://cxx.rs/
2020-12-22 16:36:13 -05:00
Colin Walters
a3aa9c29d2 Port rpmostreed-errors to C++
Prep for using https://cxx.rs/
2020-12-22 16:36:13 -05:00
Colin Walters
f0df041b95 Port rpmostreed-sysroot to C++
Prep for using https://cxx.rs/
2020-12-22 16:36:13 -05:00
Colin Walters
57a08735d5 Port rpmostreed-utils to C++
Prep for using https://cxx.rs/
2020-12-22 16:36:13 -05:00
Colin Walters
b00e87facc Port rpmostreed-daemon to C++
Prep for using https://cxx.rs/
2020-12-22 16:36:13 -05:00
Colin Walters
1ec8a341f8 Port rpmostreed-transaction-livefs to C++
Prep for using https://cxx.rs/
2020-12-21 08:58:14 +00:00
Colin Walters
ec5bdca9e5 buildsys: Compile daemon code directly with binary
A long time ago we de-duplicated the daemon and binary
into a single executable, but left the daemon code
building as an internal static library.

Let's take the next step and compile the sources directly as part
of the executable build.  For example, we can then de-duplicate
the `CFLAGS/CXXFLAGS`.  And in the future this will help us
turn on LTO.
2020-12-20 15:23:53 +00:00
Colin Walters
901649cf2c Port rpmostreed-transaction-types to C++
Prep for using https://cxx.rs
2020-12-14 11:02:56 -05:00
Colin Walters
c75ca8a5c4 Port rpmostreed-os to C++
Prep for using https://cxx.rs
2020-12-14 11:02:56 -05:00
Colin Walters
007a50c51e Port rpmostree-deployment-utils to C++
Prep for using https://cxx.rs
2020-12-14 11:02:56 -05:00
Colin Walters
7d96b598f6 Port rpmostree-sysroot-core to C++
Prep for using https://cxx.rs
2020-12-14 11:02:56 -05:00
Colin Walters
2409228d76 Port rpmostree-sysroot-upgrader to C++
Prep for usage of cxx.rs
2020-12-14 11:02:56 -05:00
Colin Walters
d1fe505d02 Port rpmostreed-transaction to C++
And add a try/catch-convert-to-GError here too.  This will
allow us to throw exceptions from transaction implementations.
2020-12-08 16:01:52 -05:00
Colin Walters
0de332bd84 build-sys: Remove --enable-new-name
We didn't ship this for a long time and...well, naming is hard, I guess
it's not going to happen soon.
2020-05-14 13:18:00 -07:00
worldofpeace
a8ee788e61 Move D-Bus conf file to $(datadir)/dbus-1/system.d
Since D-Bus 1.9.18 configuration files installed by third-party should
go in share/dbus-1/system.d. The old location is for sysadmin overrides.

Closes: #1903
Approved by: jlebon
2019-09-17 04:37:59 +00:00
Colin Walters
aea374710e daemon: Time out client txn connections after 30s
This removes the "transaction monitor".  Originally the idea
here was things would queue, but we never really made that
work. Since transactions started grabbing the
libostree sysroot lock in particular.

Rip out the transaction monitor code with the queue and have
a singleton txn ref in the sysroot object.  This should ensure
that if a txn is active, one always gets an error message about
which one.

Next, add a 30s timeout for connections to the transaction DBus
sockets after they're complete.

This should address https://github.com/projectatomic/rpm-ostree/issues/1692
which is a case where gnome-software was leaking the txn DBus
connection and keeping it alive.

Closes: #1755
Approved by: cgwalters
2019-02-22 14:47:02 +00:00
Colin Walters
5554ca10d1 Add rpm-ostree-bootstatus.service
Capturing the system state at boot aids debugging.  This is a
trivial implementation; we could in the future do structured
logging too.

The high level goal here is to help us track system state in
Red Hat CoreOS.

Closes: #1693
Approved by: jlebon
2018-12-03 15:38:50 +00:00
Jonathan Lebon
315406d8cd daemon: Don't use absolute path for gdbus-codegen
This breaks builds on platforms that don't have `gdbus-codegen`
installed at that path.  This reverts #1153, which was needed at the
time, but things appear to be fixed now.

Closes: #1383
Approved by: cgwalters
2018-06-05 18:09:59 +00:00
Colin Walters
f05b980094 build-sys: Mark libpriv symbols as private
This was caught by the abicheck in Fedora; since we were building with default
visibility for `librpmostreepriv.la` which was linked statically into the public
library, we'd end up with lots of internals as public ABI.

Fix this by using `-fvisibility=private` for the libpriv build and for good
measure elsewhere so we remember to use it by default.

Closes: #1320
Approved by: jlebon
2018-03-28 15:18:11 +00:00
Jonathan Lebon
51fb641305 Initial support for automatic updates
This patch introduces a new `AutomaticUpdatePolicy` configuration. This
was a long time coming for rpm-ostree, given that its update model makes
it extremely apt for such a feature.

The config supports a `check` mode, which should be very useful to
Atomic Workstation users, as well as a `reboot` mode, which could be
used in its present form in simple single node Atomic Host situations.

There is still a lot of work to be done, including integrating
advisories, and supporting a `deploy` mode. This feature hopefully will
be leveraged as well by higher-level projects like GNOME Software and
Cockpit.

Closes: #1147
Approved by: cgwalters
2018-01-27 23:52:43 +00:00
Jonathan Lebon
b9bae8fc5b daemon/config: add new rpm-ostreed.conf
Making this a separate commit, since it's a first for rpm-ostree. We now
have a conf file complete with man page! No options yet though.

Interestingly, there was a function called `rpmostreed_reload_config`
which was declared but never defined. Didn't look too much into that.

We make sure that the config is part of the things we reload when users
call `rpm-ostree reload`.

Closes: #1204
Approved by: cgwalters
2018-01-16 16:51:01 +00:00
Jonathan Lebon
9aaf195549 Makefile-daemon.am: work around gdbus-codegen path logic
I just rebased my pet container to F27, and this was the only hiccup
when trying to build rpm-ostree. Basically, gdbus-codegen is sensitive
to how it's called when trying to find its own Python modules. Calling
it with the explicit `/usr` prefix works around that. This was fixed
upstream in [1], but hasn't made its way down the metaphorical stream
yet. See [2] for more information.

[1] b9f2ea4235
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1485853

Closes: #1153
Approved by: cgwalters
2017-12-15 02:05:35 +00:00
Kalev Lember
417a3d8d4e daemon: Install dbus introspection files
This makes it possible to use the dbus introspection files in other apps
without having to bundle them.

Closes: #841
Approved by: cgwalters
2017-06-23 19:15:42 +00:00
Kalev Lember
84f6bcb4f0 Add polkit support
This allows non-root users access to the rpm-ostree daemon, which is
a pre-requirement for gnome-software rpm-ostree support.

Closes: #745

Closes: #825
Approved by: cgwalters
2017-06-19 21:19:42 +00:00
Colin Walters
95e9aa4284 Introduce ex livefs
There are a few different use cases here. First, for layering new packages,
there's no good reason for us to force a reboot. Second, we want some support
for cherry-picking security updates and allowing admins to restart services.  Finally,
at some point we should offer support for entirely replacing the running tree
if that's what the user wants.

Until now we've been very conservative, but there's a spectrum here. In
particular, this patch changes things so we push a rollback before we start
doing anything live. I think in practice, many use cases would be totally fine
with doing most changes live, and falling back to the rollback if something went
wrong.

This initial code drop *only* supports live layering of new packages.  However,
a lot of the base infrastructure is laid for future work.

For now, this will be classified as an experimental feature, hence `ex livefs`.

Part of: https://github.com/projectatomic/rpm-ostree/issues/639

Closes: #652
Approved by: jlebon
2017-05-12 15:00:59 +00:00
Colin Walters
1b2a7cd90c daemon: Introduce a "sysroot core" file
Right now, the `rpm-ostree cleanup` logic calls into a "public static" method of
`RpmOstreeSysrootUpgrader`. That's because today, a lot of the high level "core
server side" logic lived in that class. However, it's only for upgrades (well,
really "generating pending deployments").

As I'm working on "livefs" which is really something different, I find it needs
to interact with some of `SysrootUpgrader`'s logic. Let's introduce a "sysroot
core" which is just a set of static functions taking an `OstreeSysroot*`, and
then all 3 of cleanup, (upgrade|deploy) and livefs can use these.

Closes: #708
Approved by: jlebon
2017-03-27 19:22:32 +00:00
Colin Walters
a127bbd7b2 build: Add OSExperimental to .gitignore
Tempting to have a check that `git status` is clean after a build in CI.

Closes: #705
Approved by: jlebon
2017-03-27 17:48:39 +00:00
Colin Walters
eba8e55543 build: Fix Makefile dependency for gdbus-codegen
Also add a comment about enabling autoptr in the future.

Closes: #705
Approved by: jlebon
2017-03-27 17:48:39 +00:00
Colin Walters
3e833659b7 daemon: Add a separate OSExperimental interface
Just like `rpm-ostree ex`, for things like `ex livefs` that have DBus
interfaces, we should segregate these off so that people know they're unstable.
And conversely that they can test for the presence of the method on the main
interface for stability.

I initially tried having the same `RpmostreeOS` object implement both
but couldn't work out how to do that; see https://mail.gnome.org/archives/gtk-app-devel-list/2017-March/msg00161.html

Closes: #701
Approved by: jlebon
2017-03-23 19:24:41 +00:00
Colin Walters
687567d3ee Merge daemon binary into main binary
The actual problem I am trying to fix with this is fallout from the
introduction of `/usr/libexec/rpm-ostreed`, which required a SELinux
policy change.  Specifically for CentOS, the base policy is rev'd
slowly.

My hope was that by merging the daemon code back into `/usr/bin/rpm-ostree`
which is labeled `install_exec_t`, starting via systemd would do
the right thing.  It turns out that doesn't happen.

Now later, I'm picking this patch back up because I want to do multprocessing in
the daemon (and in the core), and it makes sense to share code between them,
because multiprocessing will need to go through a re-exec path.

Another benefit is we avoid duplicated text (libglnx, internal helpers) between
the two binaries.

Closes: #292
Approved by: jlebon
2017-02-07 16:07:09 +00:00
Colin Walters
7c7806f831 daemon: Fold pkgchange txn into deploy
The next step will be to design a DBus + commandline API for this. In the
meantime, there are some small subtle new features like honoring the dry-run
option for upgrade. I'm not testing that explicitly yet, but I think that's OK.

Closes: #593
Approved by: jlebon
2017-01-28 22:16:09 +00:00
Colin Walters
59f34e8a03 tests: Disable ASAN leak checks
Right now we're far from leak free, and I want to use ASAN
as a sanity checker, not a leak checker.

Closes: #576
Approved by: jlebon
2017-01-18 16:52:46 +00:00
Colin Walters
328b85d396 Add infrastructure for alternative name (currently nts)
See https://github.com/projectatomic/rpm-ostree/issues/405

This patch adds an (off by default) `--enable-new-name` build option
which currently defaults to `nts`.  This is purely additive, and
the intention is that we'll support the rpm-ostree name in
perpetuity most likely.

At the moment, we add a new name for:
  - /usr/bin/$name
  - The systemd unit file

But we notably *don't* attempt to add a new name to the DBus API,
as it'd be a lot more invasive of a patch, and less payoff (it's
mostly just programs/scripts that interact with the DBus).

Closes: #497
Approved by: jlebon
2016-10-20 14:22:28 +00:00
Colin Walters
125c482b1d Switch to using libhif as a git submodule
So I was trying to hack on my host's copy of rpm-ostree inside a pet
docker container, but ran into a conflict with libhif since dnf uses
it.  I think we basically need to *always* build the bundled path,
rather than what I'm doing with CAHC and FADC where it's built as a
regular RPM.

It's not really sustainable right now for us to have both bundled and
not-bundled build paths - and we need to support co-installation with
dnf.

Another major issue is that we want to version lock with libhif -
right now our CI and both CAHC/FADC track libhif master, but that
means everything breaks if libhif breaks and we don't immediately
port.

git submodules solve all of these problems - the same as we're doing
with libglnx.

libglnx is *designed* for use as a git submodule, where as libhif
needs to support being both bundled and not-bundled.  So we end up
with some hacks on our side, but I think it's all not too bad.  I've
marked build rules with `# bundled libhif` so we know where to find
them later when libhif is stable.

Closes: #357
Approved by: jlebon
2016-06-30 14:27:55 +00:00
Colin Walters
5936b53812 daemon: Unify PkgAdd/PkgDelete into PkgChange
We need the ability to both add and remove packages as one
transaction in the general case (`Conflicts:`), plus it'd
be quite nice to allow users to do multiple package things
before rebooting.

And finally, this deletes a lot of duplicate code.

Where I'm really thinking this should go is we only have one
transaction type internally for at least upgrade/pkg as a group.

Closes: #326
Approved by: jlebon
2016-06-20 14:45:49 +00:00
Jonathan Lebon
ead1ecdd23 package layering: major rework
- Move the package layering logic away from pkg-add and into the
  upgrader
- Add pkg-delete
- Add dry-run option

Closes: #289
Approved by: cgwalters
2016-05-27 22:18:44 +00:00
Colin Walters
beb026f701 pkg-add: New builtin to layer additional packages
This builds upon the earlier prototype in
https://github.com/cgwalters/atomic-pkglayer

The `.origin` file says for a replicated installation:

    [origin]
    refspec=local:rhel-atomic-host/7/x86_64/standard

If you then run `rpm-ostree pkg-add strace`, it will result in a new tree with:

    [origin]
    baserefspec=local:rhel-atomic-host/7/x86_64/standard

    [packages]
    requested=strace;

Work still remaining here is to teach `rpm-ostree status` and
`rpm-ostree upgrade` about this.

Closes: #289
Approved by: cgwalters
2016-05-27 22:18:44 +00:00
Jonathan Lebon
582650e9c7 daemon: add TaskBegin, TaskEnd, and PercentProgress
Closes: #260
Approved by: cgwalters
2016-05-11 15:03:38 +00:00
Colin Walters
a9a49e72cd build: Use git.mk, make git status clean
Having a clean `git status` is really important for not missing files
one wants to `git add`.
2016-03-10 14:36:44 -05:00
Matthew Barnes
aaadcba77b daemon: Rename all the things!
Use 'rpmostreed' as the symbol prefix.
2015-09-09 22:00:05 -04:00
Matthew Barnes
495bf4c3f3 daemon: Simplify authorization policy
The current policy is to only allow the root user access to the Sysroot
and OS interfaces, but this can be expressed in the static bus config.

The long-term intention is to integrate with PolicyKit.  Leave comments
in the code stating so but remove the unnecessary authorization handler
for the time being, just so there's less code to review.
2015-09-09 22:00:05 -04:00
Matthew Barnes
d69cb7d7c1 daemon: Convert transactions to subclasses
Implementing a template pattern for transactions.

The TransactionClass is now abstract, and transaction_new() is replaced
with various method-specific functions like transaction_new_upgrade().
These custom subclasses live in a new file transaction-types.[ch].

Further, transaction_monitor_new_transaction() is replaced with
transaction_monitor_add().  So the handlers for "OS" interface methods
need only create an appropriate transaction instance and hand it off to
the transaction monitor.
2015-09-09 22:00:05 -04:00
Matthew Barnes
cfc52adfea daemon: Catch systemd journal messages by redirecting stdout
libostree logs messages to systemd's journal and also to stdout.
Redirect our own stdout back to ourselves so we can capture those
messages and pass them on to clients.  Admittedly hokey but avoids
hacking libostree directly (for now).
2015-09-09 22:00:05 -04:00
Matthew Barnes
b6691cbdca daemon: Rework transactions
A few changes:

- Modify the D-Bus API to include a Finish() method instead of a Start()
  method, the idea being the client calls Finish() to obtain the final
  status and optional message once the transaction indicates it's done.
  Calling Finish() also removes the transaction object from the bus.

- Introduce Transaction class as a thin wrapper for RPMOSTreeTransaction.
  Stores the status info for Finish(), detects when the caller's bus name
  vanishes, and emits various status signals to TransactionMonitor.

- Introduce TransactionMonitor as a factory class for Transactions that
  also handles book keeping chores like tracking the active Transaction.
  The Sysroot and OS interfaces share a TransactionMonitor instance.
2015-09-09 22:00:05 -04:00
Matthew Barnes
a4be570c62 docs: Add generated D-Bus interfaces 2015-09-09 22:00:04 -04:00