Commit Graph

2826 Commits

Author SHA1 Message Date
Jonathan Lebon
68432e461c lockfile: Allow omitting the digest
When manually writing lockfile overrides (see previous commit), it's
sometimes easier to not have to specify the SHA256 of the package. For
example, in FCOS, all packages on development and production streams
will be sourced uniquely from coreos-pool, so there's no question of
where the package will come from. It's of course also easier in the
context of local development.

Another motivation for this though is a subtle interaction between
Fedora infra and the way we'd like to implement lockfile management: we
want the override process to be PR-based, with a privileged bot in the
backend tagging new overrides into the pool as necessary on merge.
However, packages built in Koji are initially unsigned, and so we can't
actually *know* what the SHA256 of the package will be until it's signed
and tagged into the pool by the bot.

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
1b43ad04be lockfile: Allow specifying multiple lockfiles
Teach `rpm-ostree compose tree` to accept multiple `--ex-lockfile`
arguments. In this case, later lockfiles can override the NEVRA for
packages specified in previous lockfiles.

This will be used in the FCOS pipeline, where we want to be able to have
a shared "base lockfile" and then stream-specific "override lockfiles".

I contemplated making this an `include: ...` key instead similar to the
manifests, but I'm not sure that paradigm fits as nicely for lockfiles.
Making it separate switches instead also makes it trivial to implement
in cosa.

(And of course, this is all still prefixed with `--ex` which means we
are at liberty of changing this interface later on after gaining some
experience with it).

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
b670ab37c2 lockfile: Switch packages JSON spec to an object
There are two reasons for this:
1. I'd like to add overrides semantics to lockfiles, and keying by the
   package name only makes this much easier.
2. I'd like to make the digest optional, and keeping it as a tuple makes
   this awkward.

A map seems natural too since it makes it more clear that we don't
expect multiple specifications for the same package name.

Another tiny advantage is that it's easier to process with e.g. `jq`.

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
5e2aeb4793 lockfile: Switch to writing it from Rust
I wanted to modify the lockfile specification, but then remembered that
it currently lives in two places right now: once on the Rust side where
it's deserialized, and once more on the C side where it's serialized.

If we could write the lockfile from the Rust side, then we wouldn't have
to deal with the `GVariantBuild` and `json-glib` goop, and instead
we could consistently use serde against the same struct for both
serialization and deserialization.

But there isn't an easy way to do this given that the state to be
serialized is intrinsically linked to libdnf.

So this patch takes the next step in our oxidation process by adding a
minimal `libdnf_sys` module which allows us to call `libdnf` functions
from Rust. This is not the prettiest code I've written, and there's
definitely some polishing that could be done. But I think overall it's a
move in the right general direction: as we oxidize more things, we'll at
some point *have* to integrate more tightly with the C side in a
bidirectional way, instead of the "one-way" approach we've been using so
far.

For this patch specifically, in exchange we get a unique source of truth
for the lockfile spec, just like the treefile, and we drop a lot of C
code in the process.

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
69979bf722 lockfile: Rename function to ror_lockfile_read
Let's just make it really obvious that this is the function that reads
the lockfile.

Prep for also having a symmetric `ror_lockfile_write` function.

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
8c6402d5c1 core: Check if cached pkg is in partial state
Otherwise, we won't redownload, and then won't be able to checkout the
package during assembly. This is important, so that we can survive an
`ostree fsck --delete`. See e.g.:

https://discussion.fedoraproject.org/t/i-cant-boot-into-either-my-latest-or-previous-ostree-after-running-restorecon

Closes: #1860
Approved by: cgwalters
2019-07-17 20:39:46 +00:00
Colin Walters
3ea364ee61 scripts: Ignore new glibc lua %post
Tried a `--unified-core` build of Silverblue and it blew up on this.
Just copy-pasting the comment in the code:

34927af202

From a read of that script, none of it is necessary for rpm-ostree.  It's about working around
bugs from a traditional RPM in-place update, but rpm-ostree always starts from a clean
filesystem checkout.

Closes: #1869
Approved by: jlebon
2019-07-17 13:43:03 +00:00
Jonathan Lebon
4439567316 unpacker: Add support for zstd (#1866)
Fedora rawhide has switched its RPM payload compression to zstd:
https://fedoraproject.org/wiki/Changes/Switch_RPMs_to_zstd_compression

See also https://bugzilla.redhat.com/show_bug.cgi?id=1728346.
2019-07-12 17:45:12 -04:00
Jonathan Lebon
b381e0294f compose: Hash all treefile externals and flattened manifest
Move hashing to the Rust side so that we can easily hash over the final
set of inputs after parsing. This means that we now hash over all the
externals, like `add-files` references, any `postprocess-script` script,
and `passwd` and `group` files.

The original motivation for this was that hashing over a reserialized
version of the treefile was not deterministic now that treefiles include
hash tables (i.e. `add-commit-metadata`). So I initially included each
individual treefile as part of the hash.

I realized afterwards that just switching to `BTreeMap` fixes this, so
we can keep hashing only the final flattened reserialized treefile so we
ignore comments and whitespace too. But since I already wrote the patch,
and it fixes a real issue today... here we are.

One notable change though is that we now hash the treefile in non-pretty
mode to increase the chances that the serialized form remains stable.
Ironically, this change is likely to cause a no-op commit once it gets
to pipelines which iterate quickly. All for the greater good though.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
3326510719 bindgen: Also track Cargo.lock
For the same reasons we started doing it for the main app:
https://github.com/projectatomic/rpm-ostree/pull/1719

This time, it's `getrand` that broke us.
https://github.com/rust-random/getrandom/pull/15

We should be able to update to 1.35.0 soon, which will unblock this.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
ebb03ee730 tests/compose: Fix unified rev-parse test
We were hitting the classic "negative test passes for the wrong reason".
It was failing not because it didn't have a parent, but because we
didn't pass `--repo`. Fix this and also explicitly check for the error
message we expect.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
fc49fb0089 treefile: Add new add-commit-metadata key
Add support for a new `add-commit-metadata` key in the treefile so that
we can directly specify commit metadata we want to inject from there.

This will be useful in Fedora CoreOS, where we'll have separate
treefiles for each streams, each with stream-specific metadata values
required.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
f21113a536 app/compose: Reorder logic around treefile parsing
Move up the setting of the treefile JSON object to right after parsing,
and move down the populating of the metadata hash table to after setting
the treefile JSON object. This is pure code block moves; there's no
functional change otherwise.

Prep for future patch.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
a89754bcdb app/composeutil: Split out JSON metadata reading
Split out from `rpmostree_composeutil_read_json_metadata_from_file` the
part that actually converts to `GVariant` and inserts into the hash
table.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
40bb310e97 app/composeutil: Refactor reading JSON metadata from file
Instead of relying on `rpmostree_composeutil_read_json_metadata` to
initialize the metadata hash table, initialize it explicitly in
`context_new()` function and only call the util function if we were
passed a file with `--add-metadata-from-json`.

Accordingly rename the function
`rpmostree_composeutil_read_json_metadata_from_file`.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Rafael Fonseca
c94bd08b02 treefile: allow ${releasever} in more keys
Besides allowing ${releasever}, only do the substitution as the final
pass after merging the treefiles for all the keys (currently ${basearch}
and ${releasever}) instead of doing it per parse. This way we have the
expected semantics where one could do:

```
include: "fedora-coreos.yaml"
releasever: "42"
```

and have that releasever used.

Fixes #1809

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1848
Approved by: cgwalters
2019-06-18 18:19:42 +00:00
Rafael Fonseca
d0f90ca4dd app/status: Group EVRs for RemovedBasePackages if possible
The same way we abbreviate ReplacedBasePackages when there are matching
EVR diffs, let's do something similar for RemovedBasePackages for
matching EVRs.

Solves #1784

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1852
Approved by: jlebon
2019-06-18 14:34:13 +00:00
Rafael Fonseca
dbf28ac255 compose: Move json lockfile parsing to Rust
Using glib_json to parse the lockfile yields some oddities like
everything being wrapped in a GVariant. Let's leave the parsing to serde
in the Rust side of things. Hopefully that'll make the lockfile easier
to extend in the future.

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1851
Approved by: jlebon
2019-06-17 16:28:44 +00:00
Rafael Fonseca
e4d61b6b09 rust: Move open_file to utils.rs
Prep for next patch.

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1851
Approved by: jlebon
2019-06-17 16:28:44 +00:00
Colin Walters
313d8ea96e Add InitiatingClientDescription property to transactions
And render it in status, so if the daemon is doing something
we know who started it.  I'm doing this specifically because
gnome-software defaults to running `RefreshMd` but it's not
obvious that is happening.

Closes: #1859
Approved by: jlebon
2019-06-17 16:13:03 +00:00
Colin Walters
bbc9aa9f9c daemon: Remove unused pkgcache method
This has been dead code since we merged the pkgcache into the main
repo.  I noticed that the daemon is holding open two instances
of the system repo and came across this while trying to figure out
why.

Closes: #1853
Approved by: jlebon
2019-06-13 18:32:33 +00:00
Colin Walters
6dc300d09e daemon: Ensure dict is initialized in refresh_md impl
I was reading this code for a different bug and noticed that
the dict wasn't always initialized if we happened to exit early
due to error.

Closes: #1856
Approved by: jlebon
2019-06-13 17:38:28 +00:00
Jonathan Lebon
8ff0ee9c89 app/composeutil: Document lockfile format in codeblock
That should do for now until it's no longer experimental.

Closes: #1854
Approved by: cgwalters
2019-06-13 17:18:15 +00:00
Jonathan Lebon
035ac2eaa6 tests/vmcheck: Fully drop python 3 requirement
Drop the use of Ansible everywhere. In the few cases where we really
Python, just spawn a container instead.

This is required to be able to hack on Fedora CoreOS.

Closes: #1850
Approved by: jlebon
2019-06-10 15:36:06 +00:00
Colin Walters
5f6578ef3c compose: Add ostree-layers and ostree-override-layers
The use case for `ostree-layers` is to support injecting non-RPM
content in a more flexible way than can be done with `add-files`,
and also without dropping all the way to split composes.

This starts with support on the `compose tree` side but down the
line I'd like to make it more convenient to do *client* side too.

For `ostree-override-layers` this is mainly a development thing
for tools like coreos-assembler.  Rather than building an RPM
we just `make install DESTDIR` then commit and add to
`ostree-override-layers`.

Closes: #1830
Approved by: jlebon
2019-06-07 17:42:32 +00:00
Jonathan Lebon
c1cc0827a3 core: Strengthen how we enforce lockfiles
One problem with how we use lockfiles right now is that we don't enforce
them for dependencies. That is, if `foo` requires `bar`, but only `foo`
is in the manifest, then while `foo` will be locked, `bar` will never
be checked against the lockfile because it was never explicitly
requested.

Higher-level though, I don't like how indirect the locking here feels.
See some comments about that in:

https://github.com/projectatomic/rpm-ostree/pull/1745#discussion_r288772527
https://github.com/projectatomic/rpm-ostree/pull/1745#discussion_r289419017

Essentially, the manifest is an input file of patterns, and all we
really know from the lockfile output is that the set of packages in
there satisfies this input in some way. But:

1. there are multiple ways to satisfy the same input (hence why hints
   like `SOLVER_FAVOR` exist)
2. the solution is dependent on how the solver is implemented (i.e.
   different libsolv versions might yield different solutions)
3. the solution is dependent on flags fed to the solver (i.e. different
   libdnf versions might yield different solutions)

So any attempt at cross-checking between the input file and the lockfile
is going to be very hard. Using a stricter mode as I suggested in #1745
of only allowing pure pkgnames or NEVRAs would help, but it wouldn't
address the dependency issue. (Though I'm still thinking about possibly
doing this anyway.)

The solution I propose here is instead to take the nuclear approach: we
completely exclude from the sack all packages of the same name as
packages in our lockfiles, but which do not match the NEVRA. Therefore,
any possible solution has to also satisfy our lockfile (or error out).

Closes: #1849
Approved by: cgwalters
2019-06-06 14:06:07 +00:00
Jonathan Lebon
022622be46 core: Fix outdated misleading comment
We no longer tell libdnf to add the pkg to the goal until later (because
of https://github.com/rpm-software-management/libdnf/issues/700). Just
tweak those comments to be more explicit about that.

Closes: #1849
Approved by: cgwalters
2019-06-06 14:06:07 +00:00
Jonathan Lebon
9cbf62998b core: Use variable for sack higher up
It's nicer to read/less verbose.

Closes: #1849
Approved by: cgwalters
2019-06-06 14:06:07 +00:00
Rafael Fonseca
79dfcea42f compose: Add --ex-lockfile and --ex-write-lockfile-to
Fixes #1670

This patch introduces a new `compose tree
--ex-write-lockfile-to=manifest.lock` argument and a new `compose tree
--ex-lockfile=manifest.lock` to read it back for subsequent invocations.

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1745
Approved by: jlebon
2019-06-04 15:14:47 +00:00
Jonathan Lebon
68c416fa9c app/deploy: Add --lock-finalization switch
Of course, update agents driving rpm-ostree know exactly to which commit
they want the system to upgrade, so `upgrade --lock-finalization` is not
helpful. Teach `deploy` the `--lock-finalization` switch too.

Closes: #1846
Approved by: lucab
2019-05-27 17:18:36 +00:00
Colin Walters
bee8ba4e48 composeutil: Add error prefixing to legacy mkdev path
Had to track down via strace that it was this that was failing
in my toolbox container.

Really need to merge the unified-core-only PR.

Closes: #1845
Approved by: jlebon
2019-05-27 16:30:48 +00:00
Jonathan Lebon
7dcfb2d24a app/db-diff: Rename "old" -> "from" and "new" -> "to"
The `old` and `new` naming is odd. It implies a temporal relationship
between the two commits. Just rename those to the more apt "from" and
"to".

The difference is mostly cosmetic, but I didn't want to inherit this in
the new JSON interface. It does technically breaks the `diff` output
which is a somewhat machine-compatible interface, though the "ostree
diff commit" headers have been pretty freeform anyway, so I doubt anyone
is actually trying to read those.

Closes: #1844
Approved by: cgwalters
2019-05-23 20:24:11 +00:00
Jonathan Lebon
ae354e87ab app/db-diff: Check upfront for invalid format arg
And avoid more costly operations.

Closes: #1844
Approved by: cgwalters
2019-05-23 20:24:11 +00:00
Jonathan Lebon
c866bdfac9 daemon/package-variants: Fix docstring arguments
Some argument names were wrong, others missing.

Closes: #1844
Approved by: cgwalters
2019-05-23 20:24:11 +00:00
Jonathan Lebon
12fbe89aba app/db-diff: Add --format=json output
Add a new "json" output format. The "diff" format is also a mostly
machine-compatible one. But JSON is much more ubiquitous and easier to
consume.

Closes: #1844
Approved by: cgwalters
2019-05-23 20:24:11 +00:00
Jonathan Lebon
1ac29f25b7 Release 2019.4
It's been almost two months!

Closes: #1841
Approved by: cgwalters
2019-05-22 01:17:08 +00:00
Jonathan Lebon
a27d1a2153 daemon: Bump sysroot mtime to force reload
Right now, after calling `rpm-ostree finalize-deployment`, we update the
`DefaultDeployment` property so that its `finalization-locked` key is
updated. This allows update agents like zincati to correctly understand
the current state if the reboot is locking/inhibited.

The issue though is that this property is accessible through D-Bus only,
and current plans for zincati is to just use the CLI for now.
Unfortunately, the output of `status --json` doesn't correctly get
updated since the deployments array comes from the sysroot interface.

Just use the nuclear mtime bump instead to force a reload. Another
approach long term is to formalize the set of paths/attributes libostree
clients should be monitoring, though having a single API is nice too.

Closes: #1842
Approved by: cgwalters
2019-05-21 19:56:06 +00:00
Jonathan Lebon
461a4f792d libpriv/kargs: Tweak delete restrictions
1. Allow deleting keys without values (e.g. `nosmt`) if such a key
   variant exists (i.e. this won't work if there are only e.g.
   `nosmt=foo` and `nosmt=bar` variants).
2. Allow deleting duplicate `keys[=val]` kargs.

Closes: #1834

Closes: #1835
Approved by: cgwalters
2019-05-17 13:44:06 +00:00
Colin Walters
0c80aa9666 core: Split posttrans into separate output status
Prep for adding support for injecting native ostree layers; we still
want to run posttrans scripts (and file triggers) after these so
that adding a shared library will still have `ldconfig` run.

Closes: #1836
Approved by: jlebon
2019-05-16 20:39:11 +00:00
Colin Walters
cdd482f80b kargs: Just print args, don't add additional text
The Unix tradition is generally not to add English text unless
necessary.

This makes the output of this command more obviously parsable,
although I'm not entirely sure we should do this versus adding
`--json` or so, but eh, it's also not wrong.

Closes: #1833
Approved by: jlebon
2019-05-15 21:27:53 +00:00
Robert Fairley
d829311a3a vagrant: Add header noting coreos-assembler
Follow-up to #1826 to reflect new development occurring for
Fedora CoreOS using coreos-assembler.

Closes: #1831
Approved by: jlebon
2019-05-13 19:50:58 +00:00
Jonathan Lebon
4d845952c8 tests/compose: Add RPMOSTREE_TMPDIR_LOCATION
This allows one to run the tests from a container using overlay +
SELinux protection by running the actual compose into a non-overlay
bind-mount. Otherwise, we'll hit `ENOTSUP` when trying to set labels on
various checkouts.

Closes: #1829
Approved by: cgwalters
2019-05-09 02:10:27 +00:00
Jonathan Lebon
c035c2b574 compose: Add --no-parent option
There are cases where we do want all the things that specifying a ref
provides (e.g. change detection, version incrementing, SELinux labeling
optimizations, and of course writing the ref) but we *don't* want the
new commit to have a parent. Add a new `--no-parent` option to
accommodate this.

This will be used by coreos-assembler. See discussions at
https://github.com/coreos/coreos-assembler/issues/159.

Closes: #1829
Approved by: cgwalters
2019-05-09 02:10:27 +00:00
Jonathan Lebon
44594ca4d2 tests/compose: Fix subtest scoping
We had a subtest that wasn't actually part of the `basic_test()` and so
was being executed when the file gets sourced instead of the function
being explicitly called.

Closes: #1829
Approved by: cgwalters
2019-05-09 02:10:27 +00:00
Robert Fairley
be1be526ff vagrant: Use a Fedora 29 container
Switch the Docker + Vagrant development docs to use a Fedora 29
build container, and a Fedora 29 Atomic Host Vagrant box. CentOS
7-based testing was recently removed (#1785) - let's have the
documented development pattern reflect this.

Also no longer enables the EPEL7 repo in the Vagrant VM, as needed
dependencies are available in Fedora Atomic Host.

A note is left to later switch to Fedora CoreOS as the documented
Vagrant box to use, once Fedora CoreOS boxes are produced.
Alternatively, one may use [cosa](https://github.com/coreos/coreos-assembler).

A few notes are also added to vagrant/README.md in places where
the reader may hit problems.

squash

Closes: #1826
Approved by: cgwalters
2019-05-09 00:08:14 +00:00
Robert Fairley
03a94e21b8 HACKING: Add link to tests README
Add a link to tests/README.md to point readers to additional
information on where to find different types of tests.

Closes: #1826
Approved by: cgwalters
2019-05-09 00:08:14 +00:00
Jonathan Lebon
4c99cc765f Copy used command-line and set as transaction title
In the app, rebuild the exact command-line that the client used and pass
that to the daemon to be used as the transaction title. Especially in
transactions like `UpdateDeployment()`, we can avoid reverse-engineering
what the original command used was.

This will be used by the upcoming history feature to record the
command-line used in the journal.

Closes: #1824
Approved by: rfairley
2019-05-08 21:09:08 +00:00
Jonathan Lebon
01fbaa7ba4 libpriv/util: Expand set of safe shell chars
Expand the set to include '/' and '=' since those don't need escaping in
shells.

Closes: #1824
Approved by: rfairley
2019-05-08 21:09:08 +00:00
Jonathan Lebon
d113b6a913 app/status: Make --json output pretty JSON
Yes, it's mostly for machines, but in practice it's super useful for
humans to look at esp. when debugging.

Closes: #1828
Approved by: cgwalters
2019-05-08 19:02:32 +00:00
Jonathan Lebon
206ae24d4e tests: Bump to Python 3 only
This bumps the requirement on the controlling host to Python 3 only.
It also bumps the requirement on the target host to Python 3 as well
since FCOS doesn't ship Python 2 right now.

Though we'll need to eventually drop all Python usage anyway, but at
least let's get tests passing on FCOS first. (See related previous
patch).

Closes: #1828
Approved by: cgwalters
2019-05-08 19:02:32 +00:00