IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I'd like to move `cargo fmt` checking out of Jenkins; among
other things, GH actions are *much* faster and nicer for this.
This leaves Jenkins to be more heavyweight testing.
This tweaks the data and types parsed from `check-passwd` and
`check-groups`, so that it can be more easily iterated and
consumed by passwd-handling logic.
Install a copy of rpm-ostree as rpm-ostree-unpriv to get a `bin_t`
labeled binary as a temporary workaround for:
https://bugzilla.redhat.com/show_bug.cgi?id=1937404
Also modify the rpm-ostree count me service to use that binary.
* Use OnBootSec=5m to give a chance for the timer to trigger on the
first week the system is booted up.
* Use '1s' for AccuracySec as this is accurate enough for this use
case.
It's a bit silly to have a two bridged functions here; instead
have just a single one on the C++ side that calls multiple
on the Rust side.
Prep for moving more to Rust.
The manual `std::mem::drop()` bits are ugly; while we can do
function pointers from Rust to C++, let's just add the obvious
high level wrapper in Rust that accepts a `FnOnce()`.
Note in one instance we directly pass a function pointer which
is quite clean.
I was thinking about privilege separation today with
systemd units, and that led me to the problem of "lifecycle binding".
We really want e.g. `systemctl stop rpm-ostreed` to kill any
separate systemd units we're managing.
systemd already has a mechanism for this with `BindsTo=`.
And then I realized we weren't doing this for the systemd-tmpfiles
invocations in the `live.rs` code.
Generalize this into a small `isolation` module that fixes this
and several other things at the same time. I'd like to build
on this to further improve our multi-process isolation story
later.
This code really makes sense as a method on the treefile.
And when that's done, we no longer need to expose
`get_postprocess_script()` via cxx, so we can return a nicely
Rust native `Option<&mut File>`.
Port add-files handling to Rust.
Note that there's one very magical line of diff here worth calling out:
We dropped an interface from the cxxrs bridge, because both sides
are now Rust! The treefile code can directly return an `&mut File` reference
instead of needing to pass the raw fd as `i32`.
The ugly C code for this turns into shorter Rust with a unit
test, a lot less allocation (notice how we don't malloc `NUL` terminated
strings in so many places).
It turns out there's a naming clash between `to_string()` here in
Rust *and* introspection is incorrectly associating the method
with `ostree::Deployment` because of the naming prefix.
The compose tests are expensive; each run involves running
all the `%post` scripts and `dracut` etc. This is definitely
a source of timeouts in CCI.
Remove `test-boot-location-modules.sh` - it's the default
now and is used by FCOS. Add dedicated script where we can
test all these things by default after a `cosa build`.
This aims to move the compose tests to only cover bits *not*
in cosa like the non-unified-core path.
Where I stalled out before is this file has `pkg-add foo`, but
now that we have the `foo` package pre-built we can move all
this stuff into `misc.sh`.
I dropped the YAML parsing of `--version` because we don't
have python. This is related to
https://github.com/coreos/coreos-assembler/issues/1645
I don't like the use of `HY_GLOB` in the lockfile package matching. We
have all the information in the Rust object, so it's silly to condense
that to a single string in a hashmap.
Fix this by returning the `LockfileConfig` object itself and then adding
a function to fetch the list of locked packages. This allows the C++
side to see all the individual fields which makes filtering trivial.
The next step is moving all the code which needs the lockfile to Rust.
Then we can drop the shared `LockedPackage` type.
(I did start on converting `find_locked_packages`, though it requires
adding bindings for all the `HyQuery` stuff, which... isn't great (and
also runs into the fact that `hy_query_run` needs to return a
GPtrArray). I think instead of a 1:1 mapping, we'll probably want the
libdnf-sys API wrappers to provide some sugar for the common paths.)
