Commit Graph

11 Commits

Author SHA1 Message Date
Colin Walters
d40434db47 Add support for rpm-ostree deploy --ex-cliwrap=true
This is a better alternative to https://github.com/coreos/fedora-coreos-config/pull/830

Basically rather than trying to send this out to all FCOS users,
it's much saner to allow people to opt-in to it locally.

If we'd finished https://github.com/coreos/rpm-ostree/issues/2326
then this would be something as trivial as:
```
$ echo 'cliwrap: true' > /etc/rpm-ostree.d/cliwrap.yaml
$ rpm-ostree rebuild
```

Unfortunately that's not the world we live in, so a whole lot of
layers here need crossing to just propagate a boolean.  And it
interacts in a tricky way with our change detection code.

But, it works and will allow people to try this out.

Other fixed problems:

- Our `rpm --verify` wrapping was broken
- Dropping privileges clashed with the default directory being `/root`,
  so `chdir(/)` too
2021-05-19 14:42:18 -04:00
Colin Walters
db227840f1 daemon: Always write staged JSON field
It's an important property, and it's more self-documenting if we
always emit the value rather than only when it's `true`.
2021-04-16 17:05:48 -04:00
Colin Walters
aa64df080d daemon: Fix serialization of unlocked state
It turns out there's a naming clash between `to_string()` here in
Rust *and* introspection is incorrectly associating the method
with `ostree::Deployment` because of the naming prefix.
2021-03-12 18:01:47 -05:00
Colin Walters
445af087d6 tests: Drain vmcheck/test-misc-1 into kola/misc.sh
Where I stalled out before is this file has `pkg-add foo`, but
now that we have the `foo` package pre-built we can move all
this stuff into `misc.sh`.

I dropped the YAML parsing of `--version` because we don't
have python.  This is related to
https://github.com/coreos/coreos-assembler/issues/1645
2021-03-11 16:34:07 -05:00
Colin Walters
6fd9db246a Add basic Rust CLI bindings for DBus
This stubs out sufficient infrastructure for us to register
as a client and call the Moo API.

A glaring problem here is the lack of extensive `glib::Variant`
bindings; that's covered in the next gtk-rs release.

My real goal was to try porting the `rpmostree-builtin-apply-live.cxx`
code entirely to Rust, but there's more to do to expose the
transaction helper APIs we have.
2021-03-04 09:17:21 -05:00
Colin Walters
5a79ca9035 apply-live: Rework to use refs to store state
Came out of discussion in https://github.com/coreos/rpm-ostree/pull/2581
around some racy code for checking for the live commit object.

The reliability of apply-live depends on the
underlying commits not being garbage collected.  Our diff logic
is in terms of ostree commits, not the physical filesystem (this
allows us to make various optimizations too).

Ultimately I think we should drive some of the live-apply
logic into libostree itself; we can more easily have an atomic
state file instead of the two split refs.

(Or perhaps what we should add to ostree is like a refs.d model
 where a single atomic file can refer to multiple commits)

For now though let's rework the code here to write refs.  We
retain the file in `/run` as just a "stamp file" that signals
that a deployment has had `apply-live` run.
2021-02-23 21:51:22 -05:00
Colin Walters
e6c045cada Add an rpmostree-client sub-crate
This is intended to be published to https://crates.io/crates/rpmostree-client
Part of https://github.com/coreos/rpm-ostree/issues/2389

This directly imports the code from
5551c54c6e/tests/inst/src/rpmostree.rs

Once merged and released I'll try converting the ostree test suite
over as well as Zincati.

Internally add a testutils helper to validate it works.
2021-02-16 19:22:26 -05:00
Colin Walters
1cef69cf8a lib: Don't link to libdnf
Prep for "Rust-as-main", where I want to build libdnf statically.
And this really completes the "library thinout" story because
now we avoid dragging our *private* `libdnf.so` into the caller's
address space, which can cause potential conflicts if they're
also linking the system one. (Which could easily occur with
something like gnome-software)

All we were using libdnf for (indirectly via libsolv) is comparing
version strings but librpm can already do that for us.
2021-01-28 11:15:44 -05:00
Colin Walters
7ed1c0b1e8 Remove coreos-rootfs command
This effectively reverts commit: c8113bde32
We never ended up using it; instead the `rdcore` bits from
`coreos-installer` have the rootfs reprovisioning logic.
2020-11-12 18:59:49 +01:00
Jonathan Lebon
83b385bc59 libpriv/scripts: Replace crypto-policies lua script
The latest crypto-policies package changed recently to dynamically set
the policy at install time so that if FIPS is enabled, the selected
backend is `FIPS`:

9b9c9f7378

This doesn't really make sense for us though since the compose server
configuration should be decoupled from the installroot. (More generally,
this also affects e.g. `yum install --installroot`).

Override the script for now so that we always select the `DEFAULT`
policy. We'll discuss with upstream to see what the right solution is
there.

This also works around the fact that rpm-ostree doesn't yet implement
Lua (#749).

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1847454
Resolves: https://github.com/coreos/fedora-coreos-tracker/issues/540
2020-06-17 15:05:53 -04:00
Colin Walters
75ae584e6d tests/kola: Move into tests/kolainst, run installed
Switch to the "installed" model introduced by:
https://github.com/coreos/coreos-assembler/pull/1441

It's hard to support running tests *both* from the srcdir
and installed; in this case because we have a symlink that needs
to be followed, which kola knows how to do from the srcdir
but not when installed.  Let's establish a new convention of
`tests/kolainst`.   In our case we follow the symlink manually
for now.

That bit will be cleaned up when we eventually switch entirely
to kola tests.
2020-05-26 15:34:00 -04:00