Commit Graph

792 Commits

Author SHA1 Message Date
Jonathan Lebon
1c81b7f56e test-ucontainer.sh: use test-repo in srcdir
Running `make check` would fail because test-ucontainer.sh uses
test-repo, which points directly to the installed_testdir, where it is
not installed yet.

We make another processed version of test-repo.repo.in which instead
points to the repo in the srcdir and make use of that in
test-ucontainer.sh.

There are probably other ways of solving this, but this is the one that
jumped out at me.
2016-02-23 17:53:46 -05:00
Colin Walters
a2c052bee5 Merge pull request #214 from jlebon/pr/no-daemon-dump
daemon: don't dump core on error
2016-02-22 18:06:28 -05:00
Jonathan Lebon
6a4df91cc4 daemon: don't dump core on error
There are many reasons why the daemon may not be able to start up. An
initialization error doesn't/shouldn't reflect a programming mistake,
but instead a runtime issue in the environment.

Thus, if we fail to start the daemon, we shouldn't use g_error(), which
dumps core. We should instead print the GError and clean up as nicely as
we can.

Resolves https://github.com/projectatomic/rpm-ostree/issues/194.
2016-02-22 17:00:24 -05:00
Colin Walters
397fdd8d33 Use a dummy install root for unprivileged composes
Sadly, libhif keeps trying to auto-create it.  It'll need patching
there, and possibly in librpm.
2016-02-22 14:27:46 -05:00
Colin Walters
f577279fac libpriv: Unify /usr/local, /etc -> /usr/etc, rpmdb handling
Right now we're doing the /etc -> /usr/etc inside the RPM import, but
we might as well do the /usr/local bits in both.  Also, use
/usr/share/rpm by default for treecompose too so that is unified.

Other things like systemd unit files and kernel handling are only
going to be used for host side composes.
2016-02-22 14:27:46 -05:00
Colin Walters
592f889a10 treecompose: Make use of cachedir again (just for metadata)
We need to do selinux first.
2016-02-22 14:27:46 -05:00
Colin Walters
58cf2c9403 tests: Add test coverage for rpm-ostree container 2016-02-22 14:27:46 -05:00
Colin Walters
961a036c5b Introduce "treespec" concept as GKeyFile
I debated config file formats a lot.  JSON is fairly awkward for
humans to write, and really painful to parse from C.  YAML is nice,
but also painful from C.

Both are fairly overpowered for what we really need.  Keyfiles
(desktop spec, `GKeyFile`) have a lot of limitations, but at least
it's used by systemd and `.desktop` files, and we already have a
parser.

We still parse the JSON treefiles, but internally convert them to
`GKeyFile` (which is in turn converted to `GVariant` for a canonical
form).
2016-02-22 14:27:46 -05:00
Colin Walters
06f5577770 tests: Use createrepo_c
It's what more components are standardizing on.
2016-02-22 14:27:46 -05:00
Colin Walters
20170cba4f libpriv: Make the OSTree repo implicit
It's the default for unprivileged composes if it exists.  This is an
incremental step towards always using the ostree repo.
2016-02-22 14:27:46 -05:00
Colin Walters
1eda3a022c Introduce RpmOstreeContext as an object
This helps unify some code more initially between the treecompose and
container bits.
2016-02-22 14:27:46 -05:00
Colin Walters
b3a7b4e218 Rename rpmostree-hif.[ch] -> core
This is really going to be the heart of rpm-ostree, so let's give it a
better name.
2016-02-22 14:27:46 -05:00
Colin Walters
f14d1a3536 build: Port to master libhif
This is a work-in-progress port against the libhif master + some
outstanding PRs.
2016-02-22 14:27:46 -05:00
Colin Walters
8de4f9be27 Add a container builtin
This is just a tech demo.  Example usage:

```
mkdir -p ~/.cache/rpmostree-containers
cd ~/.cache/rpmostree-containers
rpm-ostree container init
cp /etc/yum.repos.d/CentOS-Core.repo rpmmd.repos.d
rpm-ostree container assemble bash
rpm-ostree container assemble httpd
```
2016-02-22 14:27:45 -05:00
Colin Walters
b716959252 Major revamp/extension of libhif/unpacker code
This is in preparation for `rpm-ostree container`, which handles
unpacking RPMs as non-root.

At the moment, I'm copying code in from both ostree's libarchive bits
(fixable...may need to export some utility functions) and some
functions from libhif (harder, see:
http://lists.rpm.org/pipermail/rpm-ecosystem/2016-January/000297.html )

There's lots more cleanup to do here, but I don't want to block on the
resolution of the libhif changes.
2016-02-22 14:27:45 -05:00
Colin Walters
a09ba2c9aa Merge pull request #213 from jlebon/pr/mutable-deployments
tests: make ostree use mutable deployments
2016-02-19 12:48:16 -05:00
Jonathan Lebon
34fdcaaf50 tests: make ostree use mutable deployments
For the same reasons as described in GNOME/ostree#187. In summary: we
want to make it easy for testers to clean up after we're done by not
setting the immutable flag.

Note that I had to also add it to setup-session.sh so that the daemon
inherited the env var. The libtest.sh hunk is redundant in that case,
but still necessary if the tests are run directly.
2016-02-19 12:39:46 -05:00
Colin Walters
3ca0f1bcd8 Merge pull request #206 from mbarnes/dbus-policy
Update D-Bus security policy for rpm-ostreed
2016-01-12 21:24:12 -05:00
Matthew Barnes
134dd2bf44 daemon: Update D-Bus security policy
Poke some holes in the policy so normal users can introspect paths,
peek at properties, and run "rpm-ostree status".
2016-01-12 16:03:33 -05:00
Colin Walters
e5ce418fe5 Merge pull request #205 from cgwalters/libarchive-builddep
build: Add `libarchive` to pkg-config deps
2016-01-12 12:39:45 -05:00
Colin Walters
04164fc025 build: Add libarchive to pkg-config deps
For some reason my CD builder didn't trigger this, but we do actually
need `-larchive` (and we want to have the dependency metadata so
packagers know to BuildDepends on it).
2016-01-12 11:22:16 -05:00
Colin Walters
5b7e34f427 Merge pull request #204 from cgwalters/unprivileged
Add testing-only `internals` subcommand, with `unpack` verb
2016-01-12 10:38:15 -05:00
Colin Walters
ec4387afba internals: New unpack verb
This is part of taking over from librpm.  The most important high
level goal is fully unprivilged operation.

Right now we're basically starting to do what
http://libguestfs.org/supermin.1.html does, except in C, and
faster.

There's no reason that `compose tree` should require privileges.
However right now, things like `%post` scripts will want to run in the
target root - so we'd have to require `linux-user-chroot`.

Regardless of unprivileged operation though, another major thing we
can do is use our control over the unpacking process to do a lot more
sophisticated caching.  We can build up a precise mapping of (rpm
ENVR, file path, selinux label) -> object and avoid rechecksumming
each time.

And even for files that aren't known, we can parallelize commit with
unpacking, etc.  (Ok assuming treecompose-post won't mutate anything).
2016-01-12 10:22:43 -05:00
Colin Walters
b456badba3 Add testing-only internals subcommand
I'd like to experiment with different things that end up
reusing chunks of the rpm-ostree internals, such as libhif, the
helpers we already have around RPM, etc.

In this particular case I'm experimenting with unpacking/committing
RPM packages as non-root.  Eventually most of this should end up as
internal private shared library, but it's convenient to have an
ABI-unstable and hidden "internals" command to run things directly.

This commit though just adds the scaffolding for "internals".
2016-01-11 23:06:27 -05:00
Colin Walters
eda6abf13d Merge pull request #192 from puiterwijk/no-comps
There is no support for comps groups at this moment
2016-01-10 09:29:40 -05:00
Colin Walters
81bd21e77b Merge pull request #203 from cgwalters/shared-libhif-review
Honor --proxy again, tweak internal libhif API
2016-01-10 09:26:33 -05:00
Colin Walters
5a530b9c85 Honor --proxy again, tweak internal libhif API
Two nits noticed in review that I accidentally ignored before pushing.

https://github.com/projectatomic/rpm-ostree/pull/202
2016-01-10 09:11:04 -05:00
Colin Walters
3f3d59a195 Merge pull request #202 from cgwalters/shared-libhif
Extract a shared internal rpmostree-hif.[ch]
2016-01-10 09:08:23 -05:00
Colin Walters
236a3c46cd Extract a shared internal rpmostree-hif.[ch]
As we start to do more package things, extract common helper functions
around HifContext * that by default operates on the system root.

Some of these bits should go in libhif, but the immediate plan is to
iterate here, then push downwards later.
2016-01-09 11:07:12 -05:00
Patrick Uiterwijk
b03b37416b There is no support for comps groups at this moment
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-01-08 23:20:25 +01:00
Colin Walters
c1488d7e96 Merge pull request #201 from cgwalters/postprocess-cleanup-yumdb
postprocess: Delete dead code relating to yumdb
2016-01-04 16:47:19 -05:00
Colin Walters
163f50214b postprocess: Delete dead code relating to yumdb
This has been long useless because we now disable history writing in
libhif.
2016-01-04 16:23:54 -05:00
Colin Walters
9d928b19bc Merge pull request #200 from cgwalters/postprocess-cleanup
/var -> tmpfiles postprocess cleanup
2016-01-04 14:25:16 -05:00
Colin Walters
5cd40e6d86 postprocess: Cleanup more /var -> tmpfiles code to fd relative
Besides porting GFile -> fd, I specifically want it to operate in an
append mode for package layering.  Then given an existing tree, we
ensure we're not deleting the underlying tree's autovar files.
2016-01-04 12:47:31 -05:00
Colin Walters
cca057d24b postprocess: Convert some of the /var -> tmpfiles to fd relative
Part of an ongoing effort to port away from `GFile`.

Conflicts:
	src/libpriv/rpmostree-postprocess.c
2016-01-04 12:47:14 -05:00
Colin Walters
637ab495eb Merge pull request #199 from cgwalters/postprocess-selinux-prep
Postprocess selinux prep
2016-01-03 09:54:01 -05:00
Colin Walters
8de94004df libpriv: Change internal API to prepare SELinux
This function will be made public for use in package layering.
2016-01-03 09:45:14 -05:00
Colin Walters
e2fa1675f8 libpriv: Convert some SELinux labeling code to dirfd-relative
This is preparatory work for the package layering branch, which
will also reuse this code.
2016-01-03 08:00:10 -05:00
Colin Walters
49b4d721bb Merge pull request #198 from cgwalters/libglnx-update
libglnx: Update
2015-12-30 06:27:30 -05:00
Colin Walters
3f43bfb5e4 libglnx: Update
Nothing right now needs this, but I plan to use the new mkdtemp API in
a later patch.
2015-12-30 06:22:14 -05:00
Colin Walters
6d622e17ec Merge pull request #197 from cgwalters/daemon-local-gpg-verify
daemon: Treat local deployments as gpg-verify=false
2015-12-29 08:25:57 -05:00
Colin Walters
2adf0fce47 daemon: Treat local deployments as gpg-verify=false
Otherwise we trip an assertion.  In the future I think we should
likely encourage `file:///ostree/repo` or so, and thus support
`gpg-verify`.
2015-12-29 08:20:05 -05:00
Colin Walters
900da5190b Merge pull request #196 from miabbott/bootstrap
docs: Removing old content
2015-12-18 18:41:30 -05:00
Micah Abbott
2f0214fd69 docs: Removing old content
compose-server.md:  Removed redundant treefile section

treefile.md:  Edited to indicate that `bootstrap_packages` is no longer
              mandatory and is effectively deprecated
2015-12-18 16:42:42 -05:00
Colin Walters
538a9decbe Release 2015.11 2015-12-15 09:37:47 -05:00
Colin Walters
517bc2b8fb Merge pull request #189 from jlebon/pr/print-before
postprocess.c: be more verbose when running script
2015-12-10 15:30:43 -05:00
Jonathan Lebon
033830e0c0 postprocess.c: be more verbose when running script
We should tell the user that we will run the postprocess script *before*
we run it to help them diagnose issues if things go wrong.

Resolves: #188
2015-12-10 14:49:57 -05:00
Matthew Barnes
fa83724187 status: Fix some crashes
Encountered a couple crash scenarios:

1) A commit with an invalid timestamp trips an assertion.  Instead
   show the timestamp as "invalid".

2) If a deployed commit is unsigned, the daemon will not include a
   "signatures" array in the deployment's GVariant representation.
   The logic for --pretty was assuming the "signatures" array is
   always present.
2015-12-01 12:11:40 -05:00
Colin Walters
154318aff3 Merge pull request #185 from cgwalters/client-notty
app: Handle progress when not being connected to a tty
2015-11-23 21:07:47 -05:00
Colin Walters
5d4c173a9e app: Handle progress when not being connected to a tty
`rpm-ostree deploy X.Y.Z | cat` was aborting on the client side.  I
noticed this when using it via Ansible.
2015-11-23 16:53:24 -05:00