Commit Graph

69 Commits

Author SHA1 Message Date
Colin Walters
f05b980094 build-sys: Mark libpriv symbols as private
This was caught by the abicheck in Fedora; since we were building with default
visibility for `librpmostreepriv.la` which was linked statically into the public
library, we'd end up with lots of internals as public ABI.

Fix this by using `-fvisibility=private` for the libpriv build and for good
measure elsewhere so we remember to use it by default.

Closes: #1320
Approved by: jlebon
2018-03-28 15:18:11 +00:00
Colin Walters
bb86912de9 tests: Dip our toes into using Ansible
This adds a shell primitive to make it easy to execute a playbook
task list.

The big picture idea is to sync with https://github.com/ostreedev/ostree/pull/1462
and rewrite some of the libvm shell stuff as playbooks, allowing easier
code sharing with a-h-t and just in general being a better library for
talking ssh and executing commnads.

Closes: #1297
Approved by: jlebon
2018-03-09 19:04:32 +00:00
Jonathan Lebon
51fb641305 Initial support for automatic updates
This patch introduces a new `AutomaticUpdatePolicy` configuration. This
was a long time coming for rpm-ostree, given that its update model makes
it extremely apt for such a feature.

The config supports a `check` mode, which should be very useful to
Atomic Workstation users, as well as a `reboot` mode, which could be
used in its present form in simple single node Atomic Host situations.

There is still a lot of work to be done, including integrating
advisories, and supporting a `deploy` mode. This feature hopefully will
be leveraged as well by higher-level projects like GNOME Software and
Cockpit.

Closes: #1147
Approved by: cgwalters
2018-01-27 23:52:43 +00:00
Colin Walters
1c5c4a457e tests: Correctly error out if some part of install.sh fails
It took me way, way, way too long to debug that my dev container somehow missing
`ostree-grub2` caused the script to fail early, but we'd still continue trying
to sync, leading to us not actually changing the installed `rpm-ostree` binary,
leading to test suite failures.

Also add the chmod hammer at the top so we can delete even if we fail after
doing an rsync.

Closes: #1115
Approved by: jlebon
2017-11-29 14:42:25 +00:00
Ruixin Bao
5ca9c731d7 tests/check: Add unit tests for kargs options
Added unit tests for rpm-ostree ex kargs --delete,
--append and --replace.

Also exposed two getter functions for kargs table
and array so people can retrieve information from
kargs.

Also includes a minor fix for a bug caught by the unit
test.

Closes: #1013
Approved by: cgwalters
2017-11-06 18:49:36 +00:00
Jonathan Lebon
5c25945dd3 Makefile-tests.am: actually support SKIP_INSTALL
This was supposed to be part of #968. `HACKING.md` already refers to
a `SKIP_INSTALL` variable, which basically ensures that we use the
install tree as-is.

Closes: #1032
Approved by: cgwalters
2017-10-02 20:36:07 +00:00
Colin Walters
e066dc93c8 tests: Skip running introspection tests if built with ASAN
This is the rpm-ostree equivalent of
<47b4dd1b38>

Unfortunately, introspection uses `dlopen(), which doesn't quite
work when the DSO is compiled with ASAN but the outer executable
isn't.

Prep for syncing PAPR config with ostree.

Closes: #1000
Approved by: jlebon
2017-09-24 13:32:00 +00:00
Jonathan Lebon
bed10f650a Makefile-tests.am: fail on first command
The shell invocations from make don't have errexit on, so just chain
commands with && manually.

Closes: #983
Approved by: cgwalters
2017-09-11 18:38:43 +00:00
Jonathan Lebon
b22d7d764d vmcheck: rename build.sh to install.sh
I had meant for this to be in the other PR#968. I originally did both
`make` and `make install` there, but now it only does `make install`, so
let's just rename it to make that more obvious.

Closes: #953
Approved by: cgwalters
2017-09-07 14:41:19 +00:00
Jonathan Lebon
7fbf9f32d4 hacking: make it easier to use a custom tree
Let's make using a custom install tree easier and document the process.
We split out the insttree step into `build.sh` so that we no longer have
to `flock(1)` around it, and also share between `overlay.sh` and
`sync.sh`.

Closes: #968
Approved by: cgwalters
2017-09-01 19:58:55 +00:00
Jonathan Lebon
c7837d003a Makefile-tests.am: drop vmshell target
I actually stopped using this a long time ago. Looking at it now, it
doesn't make much sense in multi-host situations. Let's just nix it.

Closes: #899
Approved by: cgwalters
2017-08-24 20:43:16 +00:00
Colin Walters
fee6d06bf4 lib: Expose new API around basearch
For https://pagure.io/atomic-wg/issue/299 we need to make it
more convenient to substitute the architecture in an installation
context.  I plan to use this API inside `rpmostreepayload` in Anaconda,
so we can substitute the same value of `${basearch}` we use in treefiles
since https://github.com/projectatomic/rpm-ostree/pull/305

Now, you might wonder - why do we need an API wrapping libdnf? It's because
libdnf is not API stable yet. We're just exposing a tiny subset. In theory we
could use the Python dnf bindings in Anaconda, but things get slightly weird if
rpmostreepayload depends on dnf. Perhaps we'll do that down the road, but for
now this a small API surface to maintain (forever).

This change reworks the internal `varsubst` bits to take a pure `DnfContext`,
since we don't want to spin up a whole `RpmOstreeContext` just to do some
string substitutions.

Closes: #877
Approved by: jlebon
2017-07-21 16:02:41 +00:00
Jonathan Lebon
760110596b ci: start testing on F26
Now that PAPR has support for pre-release images of Fedora Atomic Host
26, let's start testing there. We mark it as not required for the time
being.

Closes: #860
Approved by: cgwalters
2017-07-06 18:24:47 +00:00
Jonathan Lebon
2b547c2d0a tests: transition to build_rpm
Nuke all the previous goop that was used to create RPMs at `make check`
time and transition all the tests to use the new `build_rpm` function.
It definitely feels cleaner to use. It's also really nice to have the
spec live in the same file as the test that uses it.

Closes: #854
Approved by: cgwalters
2017-06-29 16:16:54 +00:00
Jonathan Lebon
47cc5f60ed tests/check: remove test-compose.sh
Nowadays, we have a much more in-depth and realistic compose test suite
that obsoletes this test.

Closes: #854
Approved by: cgwalters
2017-06-29 16:16:54 +00:00
Jonathan Lebon
4445df2c01 tests: add libtest.c for binary tests
Import libostreetest.c from ostreedev/ostree as libtest.c. This is just
a really useful and outrageous way of using libtest.sh from C.

Closes: #854
Approved by: cgwalters
2017-06-29 16:16:54 +00:00
Jonathan Lebon
853737f667 unpacker: encode NEVRA info in commit metadata
It seems silly that to find out more detailed information about the
NEVRA of a cached pkg, we have to resort to write out the header to
disk, then reading it back in with librpm in order to tease out the info
we want. Let's just encode that information directly in the commit
metadata and provide a helper to fetch it.

Closes: #847
Approved by: cgwalters
2017-06-23 17:47:22 +00:00
Jonathan Lebon
44bcb9d60a tests: merge cache_branch_to_nevra into test-utils
I didn't realize at the time I wrote the cache_branch_to_nevra test that
the already existing test-utils.c would be the perfect place to add this
test. Merge the two together now.

Closes: #847
Approved by: cgwalters
2017-06-23 17:47:21 +00:00
Jonathan Lebon
b9f6d09f91 vmcheck: add new test for override remove
Closes: #797
Approved by: cgwalters
2017-06-05 20:48:50 +00:00
Colin Walters
95e9aa4284 Introduce ex livefs
There are a few different use cases here. First, for layering new packages,
there's no good reason for us to force a reboot. Second, we want some support
for cherry-picking security updates and allowing admins to restart services.  Finally,
at some point we should offer support for entirely replacing the running tree
if that's what the user wants.

Until now we've been very conservative, but there's a spectrum here. In
particular, this patch changes things so we push a rollback before we start
doing anything live. I think in practice, many use cases would be totally fine
with doing most changes live, and falling back to the rollback if something went
wrong.

This initial code drop *only* supports live layering of new packages.  However,
a lot of the base infrastructure is laid for future work.

For now, this will be classified as an experimental feature, hence `ex livefs`.

Part of: https://github.com/projectatomic/rpm-ostree/issues/639

Closes: #652
Approved by: jlebon
2017-05-12 15:00:59 +00:00
Colin Walters
e4b5e77e64 tests: Add unit tests for varsubst
Trying to debug https://bugzilla.redhat.com/show_bug.cgi?id=1381357

I don't see the problem yet, but let's exercise the code a bit.

Closes: #755
Approved by: jlebon
2017-04-27 18:57:10 +00:00
Colin Walters
7d98e3efc8 libpriv: Add a helper function to print pkg diff
I want to use this in livefs, where I'll end up doing some diff
computations on the server and am currently rendering text there.

It might also be a step towards using this in `db diff`.

Closes: #709
Approved by: jlebon
2017-04-26 14:26:00 +00:00
Colin Walters
d33807437f libglnx: declare TESTS earlier
Otherwise libglnx won't be able to add to it.

Closes: #699
Approved by: cgwalters
2017-03-22 17:07:10 +00:00
Colin Walters
62a93c7850 postprocess: Handle f26 /etc/nsswitch.conf configuration
F26 put sss first, which broke our regexp. When we switch to sysusers, man it'll
be nice to dump ♲ this.

Closes: https://github.com/projectatomic/rpm-ostree/issues/685

Closes: #686
Approved by: jlebon
2017-03-16 18:39:38 +00:00
Jonathan Lebon
29840bcecb vmcheck: add support for parallel runs
Allow the `make vmcheck` target to take a HOSTS var, which is simply a
space-separated list of hosts on which we can run testsuites. Add a
multitest.py script that takes care of monitoring and scheduling the
tests onto the nodes.

The script itself is "dumb": we don't know how long each test can take,
so we can't do any smart/heuristic scheduling that could save more time.

Closes: #675
Approved by: cgwalters
2017-03-13 00:42:13 +00:00
Jonathan Lebon
5c5ebc1b0a core: add support for installing from cache
We start by adding support in the core for installing packages strictly
from the cache repo. We fool the libdnf stack by re-exporting the header
as an RPM, and explicitly marking it for install. The treefile format
supports specifying the expected SHA-256 of the metadata header, in case
the cache for a specific NEVRA changed.

Closes: #657
Approved by: cgwalters
2017-03-10 18:35:11 +00:00
Colin Walters
ddbaf19f1e importer: Error importing RPMs which install to /opt (outside of /usr)
See https://github.com/projectatomic/rpm-ostree/issues/233 - for RPMs which
place files in e.g. `/opt`, we have different behavior in the treecompose case
(silently drop it) versus package layering (does the wrong thing).

Since the unpacker right now is only used in the layering case, this just
ensures we'll get a consistent error there.

Closes: #624
Approved by: jlebon
2017-02-14 22:15:56 +00:00
Colin Walters
59f34e8a03 tests: Disable ASAN leak checks
Right now we're far from leak free, and I want to use ASAN
as a sanity checker, not a leak checker.

Closes: #576
Approved by: jlebon
2017-01-18 16:52:46 +00:00
Colin Walters
d3bf60d373 tests: Add a pkg with rofiles violation that should fail
To ensure we don't accidentally allow mutations.

Closes: #560
Approved by: jlebon
2017-01-11 18:39:25 +00:00
Jonathan Lebon
9f8136e097 vmcheck: add test-layering-non-root-caps.sh
This new test exercises the new support for non-root file paths and
files with capabilities.

Closes: #561
Approved by: cgwalters
2017-01-08 21:05:06 +00:00
Jonathan Lebon
670f2c5e79 Makefile-tests.am: add SKIP_VMOVERLAY
This is useful when you want to rerun vmcheck after changing the test
case (rather than any compiled code), so no new overlay is actually
required.

Closes: #561
Approved by: cgwalters
2017-01-08 21:05:06 +00:00
Jonathan Lebon
12c4b5b16f vmcheck: adapt for non-vagrant hosts
This is just the final bit required to make sure the vagrant and
non-vagrant paths can work happily together. It's mostly minor fixes,
though the most major change which also affects vagrant is that we now
sync to the root home dir, rather than ~vagrant.

Closes: #524
Approved by: cgwalters
2016-11-22 17:15:20 +00:00
Colin Walters
2f9d586bdc Redo vmcheck to abstract over ssh-config, drop all building
My development environment is now using "pet" docker containers.
I use VMs for testing things that require that (like rpm-ostree).

This patch builds on work from @jlebon in
https://github.com/projectatomic/rpm-ostree/pull/509
to rework `vmcheck` such that it can work on any `ssh-config`.  By
default we expect this to be Vagrant.

However, I go a lot farther and delete the `vmbuild` code that was
trying to do builds in a container on the target VM.  I think this is
still worth pursuing at some point, but for now I think it's
reasonable to assume that the rpm-ostree developer audience uses Linux
as their host workstation and hence has containers.

(There's another important point here in that for developing lower
 level things like rpm-ostree, there's a strong push to make the VM
 disposable and not a pet)

Closes: #516
Approved by: jlebon
2016-11-16 18:14:23 +00:00
Jonathan Lebon
accd2b9f6f vmcheck: add a test for RPM scripts
Thought it'd be fun to write a test for verifying proper handling of
scriptlets during package layering. There's obviously a lot more that
could go in here (patches welcome!), but it's a start.

Closes: #434
Approved by: cgwalters
2016-08-17 21:28:01 +00:00
Jonathan Lebon
83ee4ee638 testenv: add builddir to PATH
Closes: #434
Approved by: cgwalters
2016-08-17 21:28:01 +00:00
Colin Walters
39913a2c25 Update for libhif -> libdnf
Still not many PRs outstanding, so it's a good time to take this plunge.
Mostly automated via `sed`.

Closes: #416
Approved by: Conan-Kudo
2016-08-04 01:10:08 +00:00
Jonathan Lebon
52b325970d vmcheck: move vmbuild and vmoverlay to scripts
That way we can make use of libvm instead of relying on vagrant.

Closes: #394
Approved by: cgwalters
2016-07-15 19:14:19 +00:00
Colin Walters
cc2551dc06 Switch to glib cleanup macros
We don't have a lot of outstanding changes to the C code, so now seems
like a good time to do this.  I implemented this with some highly
sophisticated sed commands like:

```
find -name '*.c' | while read name; do sed -i -e 's,gs_unref_object \([A-Za-z]*\) \*,g_autoptr(\1),' ${name}; done
```

Part of dropping the dependency on libgsystem, same as what we're
doing in ostree.

Closes: #393
Approved by: jlebon
2016-07-15 13:08:58 +00:00
Jonathan Lebon
dba554a76b tests: use our self-built libhif library
Tests were failing because we were silently falling back to the system
libhif, which, as of PR #158, changed a string from non-const to const,
which meant we were double free-ing strings.

Closes: #373
Approved by: cgwalters
2016-07-04 22:18:06 +00:00
Jonathan Lebon
4fc6dd8b97 hacking: add make vmoverlay for faster hacking
For the regular hack/build/test cycles, creating a new deployment each
time becomes overkill. We add a new `make vmoverlay` target which
directly overlays the newly built binaries on an unlocked system.

We also make rsync smarter so that we can afford to not `make clean`
everytime while still allowing the host's repo to be fully configured.

Closes: #360
Approved by: cgwalters
2016-06-29 19:17:38 +00:00
Jonathan Lebon
d718b820ef Makefile-tests.am: more cleanups and add pkg bar
The new package bar will be used to test conflicting packages.

Closes: #360
Approved by: cgwalters
2016-06-29 19:17:38 +00:00
Jonathan Lebon
5479ed5240 tests: refactor rpm building and add package foo
We're going to be create many different packages in the future. Let's
refactor and generalize the targets so that they can build anything.

We also add a package foo, which will be used soon for a basic test of
package layering.

Closes: #344
Approved by: cgwalters
2016-06-23 00:05:09 +00:00
Jonathan Lebon
c0924b8997 vmcheck: add a basic test harness
This is a very simple test harness inspired by the atomic one. It's a
simple bash script that sets up a permanent ssh connection to the host
and runs the test scripts. Also add a "demo" test-basic.sh test to make
sure that it works.

Closes: #344
Approved by: cgwalters
2016-06-23 00:05:09 +00:00
Jonathan Lebon
f411c0babb testenv: include same vars as real test environment
Closes: #325
Approved by: cgwalters
2016-06-15 20:41:45 +00:00
Jonathan Lebon
816194cd58 Makefile-tests: add toplevel vm* targets
The `make vmshell` target makes it even easier to immediately try out
your changes in a live running Atomic Host. It will automatically
provision the VM, sync your latest changes, build, install in a new
deployment onto which the VM is rebooted, and drop you in the shell.

Closes: #321
Approved by: cgwalters
2016-06-15 13:38:34 +00:00
Jonathan Lebon
acd3c8ff41 tests: restructure dirs
- Move all the uninstalled, non-destructive tests to check/
- Add a README
- Move utilities to utils/
- Move common files to common/

Closes: #304
Approved by: cgwalters
2016-06-06 21:14:07 +00:00
Jonathan Lebon
9eefc59220 tests: no longer use installed tests
For now, we don't remove the ability to install tests (e.g. the
necessary blurbs in glib-tap.mk are still there), but we take out all
our previously installed tests from the list.

All the previously installed tests are then converted to work
uninstalled. This also allows us to do some simplifications in the test
cases.

Also do some cleanups in the Makefile to improve legibility.

Closes: #304
Approved by: cgwalters
2016-06-06 21:14:07 +00:00
Jonathan Lebon
336f765810 Makefile-tests.am: add env var to know when in testenv
Closes: #289
Approved by: cgwalters
2016-05-27 22:18:44 +00:00
Giuseppe Scrivano
9f29b24805 tests: add tests for compose+add files
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #253
Approved by: cgwalters
2016-04-27 20:21:12 +00:00
Colin Walters
ed7fc02b04 postprocess: Ensure we error out if selinux is enabled, but no policy found
I was tracking another regression where we seem to have lost
`/usr/etc` contents which manifested as `Labeling with... (null)`
which was clearly wrong.

Now this change actually impacts the test suite - we now (again IMO
correctly) error out if `selinux: true`.  The `no-selinux-tag` test
no longer makes sense, so delete it.

We do need more "real" tests that use selinux on and off.

Pull request: #243
Approved by: jlebon
2016-03-22 18:35:33 +00:00