IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Per http://fedoraproject.org/wiki/Features/RemoveSETUID
many programs (famously /usr/bin/ping) switched to using
"file capabilities" instead of setuid.
rpm-ostree had code to specially handle SELinux labels, but was
discarding other xattrs. Let's just whitelist reading in
security.capability.
Closes#14
They get deleted anyways since we blow away the tmpdir, but we expect
people to be using a local HTTP proxy. We stopped trying to cache
packages internally as that caused conflicts with the yum lock with
concurrently executing composes.
After a discussion on what the status command should offer a
sysadmin, we decided to try a column output format similar to that
of systemctl or docker images. This will print the timestamp,
a truncated checksum, the osname, and the refspec of each
deployment. It also includes a --pretty option to print
the information formatted in rows with the full checksum and a
title to specify the default and the rollback target.
This includes several changes to format the code to follow GNU Coding Standards as per
the restof rpm-ostree. This includes fixing indentations, adding spaces between
identifers and parentheses, replacing "goto print" with an else structure, and
reformatting print statements into complete sentences for internationalization.
This allows administrators to configure between deployments and easily see which deployment
they are booted into as well as indicating which is chronologically most recent. This makes
the process more user-friendly, rather than requiring the user to remember which deployment
checksum corresponds to the most recent upgrade.
Currently the systemd RPM ships with default.target ->
graphical.target, which is either itself changed by Anaconda (via
parsing /etc/sysconfig/desktop, which...anyways let's stop here).
Or anaconda might set it directly to multi-user.target.
For rpm-ostree, we perform some minimal level of "preconfiguration"
per tree, so they are directly usable without an intervening
installer.
As an example for fedora-atomic/base/core, we just want
multi-user.target. Thus, this patch provides the treefile author a
declarative mechanism to set it.
Currently on an Atomic compose, I'm seeing abrtd trying to write to
/usr/share/rpm/.dbenv.lock, which is denied by policy because it's
usr_t. There are multiple ways to address this, but there's no good
reason to leave the lock files and __db* files around.
rpm appears to operate correctly without them if calling process
merely gets EROFS.
This is exactly the code from "ostree admin switch", except it's
called "rebase" because in the future it will also carry along any
locally layered packages.
And do the same for "sign". This way we can have the compose server
utilities cleanly separated from what most people will see, which is
the client side tools.
The way this works is still fairly naive in that we hash in two
inputs:
1) The treefile JSON
2) The result of rpm -qa
If both of those are a hit, we reuse the existing commit.
Otherwise it just doesn't work. Note this hack is only necessary for
the case where some package pulls in e.g. fedora-release in the
initial transaction set when we're trying to install nss-altfiles.