Commit Graph

366 Commits

Author SHA1 Message Date
Colin Walters
485c1862ce live: Disallow replacement/removal by default, add --allow-replacement
There's a huge difference between live updates that change
existing things, versus simply adding new packages (files).

The latter is really quite safe, and live layering is one
of the most requested features.
2021-03-08 20:54:18 +01:00
Colin Walters
2a9423ccb8 tests: Port apply-live to kola ext tests
Continuing the momentum to use kola ext tests.

One obvious benefit of this as the porting continues
is that we can share our built test RPMs across
different tests, e.g. we can have a `testdaemon` package
instead of a `test-livefs-service` package.
2021-03-08 20:54:18 +01:00
Colin Walters
85f22baec7 tests: Add RPMs to installed kola tests, port layering-local
I'd like to get to the point where we drop the `vmcheck.sh`/`libvm.sh` stuff.
Instead we use kola directly, and write our tests in a way that they
default to run on the target, not on the host because it's *much*
more natural to type e.g. `rpm-ostree upgrade` instead of `vm_rpmostree upgrade`.

We'd done a bit of porting, but a blocker was that a lot of our
tests dynamically generate RPMs and send them over.  Instead,
let's generate the RPMs ahead of time in a "build" step, then
they all get passed at once via kola ext data.  Add the concept
of multiple repo versions too.

Right now we only generate the one RPM needed for the `layering-local`
test and port it.
2021-03-02 09:47:03 -08:00
Colin Walters
7367aa8469 tests/apply-live: Upgrade+liveapply no-package changes
Came up on `#fedora-iot` channel, some people are hitting
"No packages in transaction".  I believe we have a bug,
but I didn't hit it with at least this simple test case.
It may be related to layering while doing this too, going to
test that next.
2021-03-01 20:40:48 +01:00
Colin Walters
732e0f232a daemon: Fix crash on upgrade with remote:checksum
The refspec code really needs to be cleaned up and oxidized (and
unit tested more).

The original intention is that if you're pinned to a commit, we say
"No upgrade available" but we were crashing if one (understandably)
rebased to the combination of `remote:checksum` instead of just `checksum`.

But, we can't change the classifier to call this `CHECKSUM` and
output an error, because that just conflicts with us accepting
the syntax `rpm-ostree rebase :<checksum>`.

I'm actually coming around to the idea that this `remote:checksum` syntax means
"no upgrade available" is correct, whereas pinning to just `checksum`
is more of an error when you try to upgrade.

Closes: https://github.com/coreos/rpm-ostree/issues/2603
2021-03-01 16:57:51 +01:00
Kelvin Fan
1c826e993b app/dbus-helpers: Don't error out if caller is updates driver
If the systemd unit associated with the client's PID is the updates
driver's unit, don't require the --bypass-driver option for operations
like upgrade, deploy, and rebase.
This is useful for updates drivers that shell out to rpm-ostree's
binary (e.g. Zincati, currently).
Also refactor some helper functions to make them more general and
reusable.
2021-02-25 06:44:53 +01:00
Kelvin Fan
705b22df28 app/{deploy,rebase}: Do not deploy/rebase if updates driver registered
Follow up to https://github.com/coreos/rpm-ostree/pull/2566.
Error out if users try to manually do a deploy/rebase if an updates
driver is registered. Provide `--bypass-driver` option to proceed
anyway.
2021-02-25 06:44:53 +01:00
Colin Walters
5a79ca9035 apply-live: Rework to use refs to store state
Came out of discussion in https://github.com/coreos/rpm-ostree/pull/2581
around some racy code for checking for the live commit object.

The reliability of apply-live depends on the
underlying commits not being garbage collected.  Our diff logic
is in terms of ostree commits, not the physical filesystem (this
allows us to make various optimizations too).

Ultimately I think we should drive some of the live-apply
logic into libostree itself; we can more easily have an atomic
state file instead of the two split refs.

(Or perhaps what we should add to ostree is like a refs.d model
 where a single atomic file can refer to multiple commits)

For now though let's rework the code here to write refs.  We
retain the file in `/run` as just a "stamp file" that signals
that a deployment has had `apply-live` run.
2021-02-23 21:51:22 -05:00
Kelvin Fan
626d021edb app/upgrade: Do not upgrade if updates driver registered
Do not perform an upgrade if detected that an updates driver has
been registered.

Add --bypass-driver option to force an upgrade regardless of whether an
updates driver has been registered.
2021-02-17 11:43:34 -05:00
Colin Walters
7bf885ecf7 tests: Fix bodhi link
From review in https://github.com/coreos/rpm-ostree/pull/2585#discussion_r577149232
2021-02-16 18:18:27 -05:00
Colin Walters
c1ff933bc3 tests/layering-non-root-caps: Adapt to new libcap output
I didn't deep dive on this, just observed that the new output
matches what we laid down.  There's ~2.5 years of changes
and ~200 commits between 2.28 and 2.48.
2021-02-16 17:08:27 -05:00
Kelvin Fan
4dd80a8b9c app/status: Use AutomaticUpdatesDriver if updates driven by external driver
When automatic updates are driven by an external driver like Zincati,
display e.g. `AutomaticUpdatesDriver: Zincati` instead of
`AutomaticUpdates: driven by Zincati`, since the latter might suggest it
is rpm-ostree's own built-in support for automatic updates.
2021-02-03 09:52:43 -05:00
Kelvin Fan
1e79e5abde app/status: Show update driver's state and status
Display update driver's systemd unit's `ActiveState` property.
Also display `StatusText` property if unit is a service unit and
property is available.
2021-02-03 09:52:43 -05:00
Kelvin Fan
34746d0428 deploy: Allow empty string argument if --register-driver
It is sometimes useful to only register an update driver without
actually deploying anything. If the argument for `deploy` is an
empty string, only register driver and then no-op.
2021-01-26 01:32:52 +01:00
Kelvin Fan
e7558c3dc9 app/status: Display update driver info
Read from `/run/rpm-ostree/update-driver.gv` and display the update
driver name (and systemd unit if verbose).
2021-01-24 06:28:08 +01:00
Kelvin Fan
7586503ee2 vmcheck/test-misc-2: Fix $cursor variable
Minor cleanup.

Follow up from https://github.com/coreos/rpm-ostree/pull/2461/.
2021-01-20 15:20:41 -05:00
Kelvin Fan
3f9fe06d24 daemon: Record agent's systemd service
In https://github.com/coreos/rpm-ostree/pull/2395/, agent's id is
recorded in the journal. Similarly, record the systemd service that
called the client, as well.

Related to https://github.com/coreos/rpm-ostree/issues/1747.
2021-01-20 10:13:02 -05:00
Colin Walters
2f82733e65 apply-live: Extend /etc test case
- Further nested sub/sub directories
- symbolic links that point to various corner cases like `/`, are
  broken, to parents etc.
2021-01-18 05:51:05 -05:00
Colin Walters
d0c6871d80 apply-live: Avoid clobbering changes in /etc
Gather the current diff of `/etc`, and filter out changes in
the tree which would overwrite it.

There is an OSTree API for diffs but it's a bit awkward, missing
some APIs in the Rust bindings and also `GFile` based unfortunately.
Doing this in Rust is nicer.  The dirdiff code obviously needs
a lot more testing, but I think it's right.
2021-01-15 05:41:53 -05:00
Colin Walters
6c66bf1072 Rename livefs → apply-live in more places
Keep up the renaming momentum by using the new name in more
places.

Prep for further work.
2021-01-12 03:15:49 -05:00
Colin Walters
485dbe8472 apply-live: Print a package diff
The cool thing about this is it emphasizes how "integrated" apply-live
is versus the uncontrolled `rpm-ostree usroverlay`.  We're still
tracking the state of things reliably and can print it.
2020-12-23 16:23:43 +01:00
Colin Walters
9d927e9850 daemon: Record the agent ID in the journal
Related to https://github.com/coreos/rpm-ostree/issues/1747

Basically after this we can have `rpm-ostree status` output
e.g. `Agent: zincati` at least *after* an upgrade has happened.
2020-12-16 13:55:11 +00:00
Colin Walters
d9e9e5cf9b Rename ex livefs to ex apply-live
(Keeping the old name for muscle memory compatibility for now)

I think `apply-live` is a clearer name; it's more imperative
and it may not be obvious (particularly to non-native English speakers)
to parse "livefs" as "live fs".
2020-12-14 11:55:09 -05:00
Colin Walters
cd2307ccc2 tests: Add case for running rpm -q in a %post
On traditional rpm systems this can hang because the outer
process may have an rpmdb lock, and the inner one wants
to acquire a lock.  Here we're sandboxing the `%post` script
and it's targeting a separate temporary filesystem compared to
the booted one (so there's no double locking).  Plus we don't
create the rpmdb in the target until all scripts have run.

Inspired by https://twitter.com/_msw_/status/1335981558717587473
2020-12-07 15:09:44 -05:00
Luca BRUNO
1b00f13d34 tests/override-kernel: support f33 2020-12-07 07:58:18 -05:00
Colin Walters
956d96bd1f livefs: Fix --target, add --reset and print diff
Makes this more useful.
2020-11-17 22:34:44 +01:00
Colin Walters
a76ddf0cef Rewrite livefs
Now always based on an overlayfs:
f2773c1b55
This fixes a whole swath of problems with the previous design,
including the danger in replacing `/usr/lib/ostree-boot` which
broke booting for some people.

Further, we don't need to push a rollback deployment; the livefs
changes are always transient.  So now we store livefs state
in `/run` instead of in the origin file.

Since we're doing a rewrite, it's now in Rust for much more safety.

We also always work in terms of incremental diffs between commits;
the previous huge hammer of swapping `/usr` was way too dangerous.
2020-11-16 19:07:16 +01:00
Colin Walters
5650f376fb Add --enable-rojig, disable by default
We're seeing some CI failures that I think are a bug in rojig.
In the bigger picture...we never actually started using this,
and I think longer term shipping os updates via containers
probably makes more sense.

I put a *lot* of effort into this code and it's pretty cool
so it's hard to just delete it.  And *maybe* someone out there
is using it (but I doubt it).  So rather than just deleting
it entirely let's make it a build-time option.

I verified that it builds at least.
2020-10-22 15:38:50 -04:00
Jonathan Lebon
71992e3d11 core: Use SOLVER_LOCK for locking base packages
For the Fedora CoreOS extensions work, when layering packages, we need
to be able to tell libsolv to pick the packages which will go with the
base packages. IOW, it needs to know that the base packages shouldn't be
uninstalled.

While investigating
https://github.com/coreos/fedora-coreos-tracker/issues/525, I realized
that libsolv does have a flag which allows us to express this:
`SOLVER_LOCK`.

This then allows libsolv to choose the right package for us (if found).
And in the case where it can't find a matching package, libsolv itself
will print exactly what the conflict is, which is more informative than
the "forbidden replacements" error we currently print out.

Update submodule: libdnf
2020-08-28 12:44:46 -04:00
Jonathan Lebon
2c6d24de0a vmcheck/rojig: Don't use ci.centos.org
It doesn't resolve to the right node from inside the CentOS CI:
https://lists.centos.org/pipermail/ci-users/2016-July/000301.html
2020-07-16 15:46:06 -04:00
Jonathan Lebon
f608eb09ed app: Add --lock-finalization switch to other commands
Both `upgrade` and `deploy` already support this. There's no reason why
all the remaining "deployment-creating" commands shouldn't. Prompted by
https://github.com/openshift/machine-config-operator/issues/1897 which
will need this specifically for `rebase`.
2020-07-08 16:02:59 +02:00
Colin Walters
1db9fa000f rebase: Remove requirement for --experimental with local rebases
We've been shipping the MCO code using this for a long time,
it needs to stay in its current form and is not experimental.
2020-05-29 15:14:32 -04:00
Colin Walters
37e7ab2e33 test-override-kernel: Support f32
CI is failing on this now that FCOS has switched.
2020-05-29 12:35:15 -04:00
Colin Walters
6df03da742 tests: Move more code to kola
Continuing the migration.
2020-05-12 00:34:26 +02:00
Colin Walters
22bf449296 tests: Drain more readonly tests into nondestructive/misc
Part of migrating the test suite to kola.
2020-04-30 21:50:41 +02:00
Colin Walters
a238ca9c76 status: Don't output AutomaticUpdates: disabled by default
Pre-FCOS we made an effort for automatic updates but nowadays
with Fedora CoreOS we generally expect people to be using zincati.

Until we fix the "agent registration" problem:
https://github.com/coreos/rpm-ostree/issues/1747
Let's not confuse people by printing `AutomaticUpdates: disabled`.

Only print if it's set to a value in non-verbose mode.
2020-04-22 16:45:05 +02:00
Colin Walters
e41a8ab26f Add support for wrapping binaries (rpm, dracut, grubby)
We need to be friendlier to people who are transitioning from
"traditional" yum managed systems.  This patchset starts to lay
out the groundwork for supporting "intercepting" binaries that
are in the tree.

For backwards compatibility, this feature is disabled by default,
to enable it, one can add `cliwrap: true` to the manifest.

To start with for example, we wrap `/usr/bin/rpm` and cause it
to drop privileges.  This way it can't corrupt anything; we're
not just relying on the read-only bind mount.  For example nothing
will accidentally get written to `/var/lib/rpm`.

Now a tricky thing with this one is we *do* want it to write if
we're in an unlocked state.

There are various other examples of binaries we want to intercept,
among them:

 - `grubby` -> `rpm-ostree kargs`
 - `dracut` -> `rpm-ostree initramfs`
 - `yum` -> well...we'll talk about that later
2020-04-15 16:22:57 +02:00
Colin Walters
770856d018 tests: Start converting some bits into kola ext framework
Start the ball rolling on converting some of our tests into
the coreos-assembler/kola framework:
d940420b78/mantle/kola/README-kola-ext.md

The nondestructive ones are easy.
2020-04-09 23:07:45 +02:00
Colin Walters
659fb0b23a importer: Quote filenames with spaces for tmpfiles.d
This way we handle filenames with spaces in `/var` in general,
like `/var/app/foo bar`, but *also* the special `/opt/foo bar`
translation bits.

I saw this bug and thought "oh that'd be easy".  But hoo boy
did it take me down a rat's nest.  The first thing was verifying
that `systemd-tmpfiles` supports any kind of quotation/escaping; it does.
The next thing was figuring out *exactly* what the syntax for that
is and how it works, as it's obviously not widely used.

Writing tests for this ended up being a painful exercise because
of the multiple levels of shell script, e.g. our `build_rpm` shell
script ends up being inlined into RPM specs, which then interprets
again...and not to mention the usual annoying issues with `ssh`
eating quotes.

Anyways, all that and:
Closes: https://github.com/coreos/rpm-ostree/issues/2029
2020-03-23 19:16:36 +01:00
Jonathan Lebon
c6e5e80d94 vmcheck: Work around read-only /sysroot
We need to adapt some of our tests here which assume that `/sysroot` is
writable. However, in FCOS this is no longer the case now that we enable
`sysroot.readonly`.

We only remount rw for the couple of operations that need it so that we
still retain coverage for the ro path everywhere else.
2020-03-19 16:24:04 +01:00
Jonathan Lebon
7745728669 vmcheck: Run vm_kola_spawn separately from if-statement
Classic shell gotcha. We don't want to run `vm_kola_spawn` as part of
the if-statement or otherwise we lose the `set -e` behaviour.
2020-03-19 16:24:04 +01:00
Jonathan Lebon
e9011530e5 initramfs: Use dracut args from commitmeta if available
This is the second half of the previous commit. We check if the
canonical dracut args are available in the commit metadata, and prefer
those over using `--rebuild`. The latter is delegated as a backcompat
fallback.
2020-02-27 21:09:54 +01:00
Jonathan Lebon
1675058768 initramfs: Fix using local /etc when also replacing kernel
Instead of basing our decision to use the local `/etc` on whether we're
using `dracut --rebuild`, base it directly on a boolean parameter.

This is relevant in the client-side when initramfs regeneration is
requested as well as a kernel override. In such cases, we do want to use
the local `/etc`, but we'd skip that path because we didn't also use
`dracut --rebuild`.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1806588
2020-02-27 04:50:59 +01:00
Jonathan Lebon
7501b39cbf spec: Bump libmodulemd version requirement
This matches the latest bump in libdnf:
763ccc3e33
2020-02-25 16:48:15 +01:00
Colin Walters
b797a42f3e core,kernel: Set up /etc/passwd for dracut
This fixes a longstanding spew of error messages from the initramfs
because we don't have nss-altfiles set up there.  Rather than
trying to do it, just do the dance of re-synthesizing `/etc/passwd`
as it traditionally looks around running dracut, the same as we
do for scripts during core layering.

Yes, this is all a mess and hopefully I'll get to sysusers soon...
2020-02-13 23:26:04 +01:00
Jonathan Lebon
c09f5412a5 libpriv/util: Fix human diff printing for upgrades/downgrades
We were basing whether to print the `Upgraded`/`Downgraded` heading on
the iteration count rather than the actual first iteration where a valid
upgrade/downgrade was found. And because of how we print our diff, this
confusingly can make it look like downgrades are part of the same
upgrade section.

Closes: #1821
2020-01-21 18:36:53 +01:00
Jonathan Lebon
9daea46d66 tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.

I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).

(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)

Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)

However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2020-01-08 16:42:54 +01:00
Colin Walters
4881435663 tests: Misc tweaks
- Have libvm.sh inherit libtest, otherwise we don't have `fatal`
- Add `error: ` prefix to `fatal` messages for clarity
- Add missing plural
2019-12-16 15:17:01 +01:00
Jonathan Lebon
c7a9c3b1dd Rework vmcheck to use kola spawn, move off of PAPR
There's a lot going on here, but essentially:

1. We change the `vmcheck` model so that it always operates on an
   immutable base image. It takes that image and dynamically launches a
   separate VM for each test using `kola spawn`. This means we can drop
   a lot of hacks around re-using the same VMs.
2. Following from 1., `vmoverlay` now takes as input a base image,
   overlays the built rpm-ostree bits, then creates a new base image. Of
   course, we don't have to do this in CI, because we build FCOS with
   the freshly built RPMs (so it uses `SKIP_VMOVERLAY=1`). `vmoverlay`
   then will be more for the developer case where one doesn't want to
   iterate via `cosa build` to test rpm-ostree changes. I say "will"
   because the functionality doesn't exist yet; I'd like to enhance
   `cosa dev-overlay` to do this. (Note `vmsync` should still works just
   as before too.)
3. `vmcheck` can be run without building the tree first, as
   `tests/vmcheck.sh`. The `make vmcheck` target still exists though for
   finger compatibility and better meshing with `vmoverlay` in the
   developer case.

What's really nice about using kola spawn is that it takes care of a lot
of things for us, such as the qemu command, journal and console
gathering, and SSH.

Similarly to the compose testsuites, we're using parallel here to run
multiple vmcheck tests at once. (On developer laptops, we cap
parallelism at `$(nproc) - 1`).
2019-12-13 19:18:30 +01:00
Colin Walters
75c676715a daemon: Use MountFlags=slave and opt-in to OSTree read-only /sysroot
This is all we need to tell libostree that we support a read-only
`/sysroot` and `/boot`.

See https://github.com/ostreedev/ostree/issues/1265
PR in https://github.com/ostreedev/ostree/pull/1767
2019-12-13 01:44:56 +01:00