IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I hit this with librepo subbing out the $releasever with e.g. 7.2016.1
when trying to pull various URLs. It should be enough for the user to
see the ostree version in VERSION and PRETTY_NAME. For applications,
there's OSTREE_VERSION if they need just that.
Closes: #433
Approved by: cgwalters
`systemctl start/stop/try-restart` are all useless for us in
scripts, since changes should only affect the *next* boot.
`systemctl enable` is also wrong - one should use presets instead.
Currently, systemd has code to detect whether it's inside
a chroot, which works for mock, but *not* for Docker or bubblewrap.
(We should teach systemd a nicer way to disable itself, but
even if we did that we'd have to support old scripts)
So, this fixes layering `glusterfs` in CAHC.
Closes: #432
Approved by: jlebon
When executing scripts, map `/usr/lib/passwd` temporarily back to
`/etc/passwd` from the POV of the script, then move it back. This
allows client-side layered packages be merged with the base tree
version, while still being distinct from the `/etc/passwd`.
(In the future we'll likely rewrite all of this to use
`systemd-sysusers(8)`, but for now let's be incremental.)
Note in this commit it isn't very useful, because pretty much all RPMs
only call `useradd` in `%pre`, which is the next commit.
Closes: #432
Approved by: jlebon
Because OSTree includes numeric uid/gid, but package layering (and
traditional full-client-side RPM) expects to allocate UIDs on the
machine, we need to handle non-root owned files specially.
For files in /run and /var, we can convert them to
`systemd-tmpfiles(8)` snippets which will be executed at the next
boot, after a uid/gid has been assigned.
Closes: #432
Approved by: jlebon
Decided to test this on Sunday evening. Of course it was broken =(
(Actually I tested mock-in-Docker but it should be the same)
The core problem is that mock does `chroot()` without using `/`
as a mount point. This breaks an assumption in bwrap that it is.
Now, in theory we could move this same logic down into bwrap to
work around this situation, but for now let's hack it here.
Mock is old, legacy container code that doesn't really do anything
in a modern way - in fact our goal should be to replace it
with a combination of rpm-ostree and bwrap. So carrying this
hack here to get us to that future should be OK for now.
Closes: #431
Approved by: jlebon
I want a better error message if the user happens to execute
inside e.g. a Docker container without sufficient privileges
for recursive containerization.
Closes: #429
Approved by: jlebon
The previous commit https://github.com/projectatomic/rpm-ostree/pull/422
introduced a regression in the "outside of a container" path - we
get `EINVAL` trying to `mount("proc",...)` and honestly I'm not sure why.
We can either back up or plow forward, and it turns out to be
pretty straightforward to complete the port to using bwrap.
I extracted the bwrap-execution code out of the RPM script engine,
because the treecompose model is currently different (no hardlinks
yet).
NOTE: A *very* important side effect of this is that we now
require "privileged" containers on hosts without user namespaces,
and on userns hosts, require `CLONE_NEWUSER` to be exported to the
container host.
In general though, the previous path of blindly executing scripts as root
without e.g. `proc` mounted was just bad.
Closes: #429
Approved by: jlebon
The treecompose code will learn how to use bwrap instead of
libcontainer in libglnx, since the latter is a buggy copy of a subset
of the former.
Closes: #429
Approved by: jlebon
If next_dent returns `FALSE`, we need to also return `FALSE` from
the function.
I just noticed this as I happened to be reading the code randomly.
Closes: #426
Approved by: jlebon
Otherwise we try to execute as shell script which obviously doesn't
work. This was noticed when @dustymabe was trying to assemble
a Fedora container with `glibc-all-langpacks`.
Closes: #424
Approved by: jlebon
When trying to test treecomposes, it's annoying to hit the
metadata servers each time. Add a `--cache-only` option which
is kind of like yum's `-C` option (but not quite because
if the metadata doesn't exist we will update it).
Closes: #423
Approved by: jlebon
I was looking at starting to unify the treecompose path to the
"new world" infrastructure in package layering. An initial
step here is to port to fd-relative, which cleans up the code.
Note this depends on a libglnx pull.
Closes: #422
Approved by: jlebon
Until we finally do the "store packages as ostree commits and union"
thing, doing commits can be slow, particularly into archive repos
where we pay lots of cost in gzip.
Let's show a progress bar. The implementation here uses a background
thread which communicates with the "UI" via atomics. The UI uses a
timer - and if stdout isn't a tty, we assume it's Jenkins or something
and dial updates back to every 5 seconds to avoid spamming output.
Closes: #409
Approved by: giuseppe
`ostree commit --table-output` can already do this, and since we're
super noisy for `compose tree` right now, we might as well print this.
It's useful to see how many new objects were created.
Closes: #409
Approved by: giuseppe
Users/administrators can now enable the "mutate-os-release" string
key to tell rpm-ostree to modify /etc/os-release in the following ways:
- All occurrences of the key's value found in VERSION, VERSION_ID, and
PRETTY_NAME will be replaced by the version string of new compose.
- A new OSTREE_VERSION key is appended containing the version string of
the new compose.
This provides an easy way for clients and third-party applications to
find out what version they are currently running.
Also bump libglnx so that we can use the latest version of
glnx_file_replace_contents_at() which supports AT_FDCWD.
Closes: #410
Approved by: cgwalters
Commit d153ece removes redundant transaction printing, but we do still
want to print it manually when we're doing a dry run.
Closes: #407
Approved by: cgwalters
...but still do print it for `compose tree` and `container`. This
is more followup to #403, where I noticed we were printing
just the overlay transaction in the middle of `Overlaying...`.
Since we're now printing the package diff again at the end, let's just
rely on that rather than show the user over and over which packages
they requested.
Closes: #403Closes: #404
Approved by: jlebon
This came up in #403, but looking at this more, I don't see a need to
print out the input package set here. The list of overlaid packages
is very clear in `rpm-ostree status`, and the user knows what they
typed on the command line.
Closes: https://github.com/projectatomic/rpm-ostree/issues/403Closes: #404
Approved by: jlebon
It's really in-your-face for admins to see `(unsigned)` which originally
was intentional, but in practice right now at least several major
users (Fedora, RHEL) don't enable GPG signatures.
So let's just hide it if not enabled.
Perhaps in the future we should add a `-v` option or something which
would show all of the fields even if not enabled.
Closes: #399Closes: #402
Approved by: jlebon
Since some of the DBus data like `CachedUpdate/commit` derives solely
from the ostree repo state, and `upgrade --check` only writes to the
repo, we need to watch for and reload from changes there too.
Closes: #392Closes: #400
Approved by: jlebon
Previously in #353 we changed this to not resolve the rev, but
that breaks the `CachedUpdateDetails` which actually wants it
to be resolved, to show pending updates.
This effectively reverts 749a5f03a8586392cafff949075c45a040d4e984
and changes things so we set `allow_noent=TRUE` and if there is
no ref, just return the deployment checksum.
Fixes: 749a5f03a8586392cafff949075c45a040d4e984
Closes: #392Closes: #398
Approved by: jlebon
In looking at this code, I noticed we were incorrectly mixing
`Option(GVariant)` with GError handling. If the deployment
had no refspec we'd return `NULL` but not set `error`.
Fix this by requiring a respec, and change the single caller that
relied on this to check outside.
Closes: #398
Approved by: jlebon
First I noticed we needed to query the new default *after* the
transaction had run. Then, I noticed the obvious embarassing logic
error.
Fixes: 3f1e7c85a18182669899f4065d23fec6ac0962c
Closes: #396Closes: #397
Approved by: jlebon
This is a useless test for now since we should be able to test on a VM
even if there are updates available.
I initially had it just as an example of the vmcheck test harness,
without actually thinking too much into what it was testing. But we do
need a nice test-basic.sh that will give rpm-ostree a good general
workout.
Closes: #394
Approved by: cgwalters
We don't have a lot of outstanding changes to the C code, so now seems
like a good time to do this. I implemented this with some highly
sophisticated sed commands like:
```
find -name '*.c' | while read name; do sed -i -e 's,gs_unref_object \([A-Za-z]*\) \*,g_autoptr(\1),' ${name}; done
```
Part of dropping the dependency on libgsystem, same as what we're
doing in ostree.
Closes: #393
Approved by: jlebon
So that it's easier to build bubblewrap as `Source1` in an RPM
embedded (flatpak is using a git submodule, but for this I think
`Source1` is better).
Closes: #384
Approved by: jlebon
