IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Part of: https://github.com/projectatomic/rpm-ostree/issues/774
Basically, for `rpm-ostree status` to accurately help people
understand whether or not their system is up to date, we need
to be showing repository timestamps.
Ideally, we'd change the libdnf API to support what we're doing
here better. But, this works for now.
Closes: #791
Approved by: jlebon
This is prep for a rework of rpm-md downloads (visualizing state better + prep
for parallelization). libdnf defaults to a week which is just too long
(particularly for async security updates).
See also the linked https://github.com/rpm-software-management/libdnf/issues/291Closes: #791
Approved by: jlebon
And tweak the comment; I'm not blindly adding everything from
e.g. a Fedora compose here, since while in practice we omit them,
the ugliness serves as a reminder to fix the packages.
(For example, pam should use tmpfiles.d snippets for `/var/log/tallylog`,
or %ghost it)
Closes: #795
Approved by: jlebon
We need to add an `__attribute((used))` to the autocleanup variable in order to
pacify its set-but-unused, so make a macro to simplify callers. This is a bit
like systemd's `PRESERVE_ERRNO` cleanup.
Closes: #794
Approved by: jlebon
This way we only have one directory to `rm_rf` at cleanup time.
A next steps might be teaching libdnf to use this. Futher, we could
consider inheriting a tmpdir from the transaction.
Closes: #792
Approved by: jlebon
In various places we thread down the tmpdir dfd. But since its lifecycle is
bound to the context, we might as well pass the context itself. This just ends
up being cleaner, and is also prep for changing how we do the tmpdir.
Closes: #792
Approved by: jlebon
The redhat-ci service has been renamed to PAPR. Previous values are
still supported though should be considered deprecated.
Closes: #790
Approved by: cgwalters
Allows us to convert the metadata download func to new code style, and is
generally in line with our cleanup-focused philosophy on code, life,
and the meaning of the universe.
Closes: #789
Approved by: jlebon
Splitting this out before I keep hacking on this file. Pretty
straightforward stuff. There is one legitimate use of the `goto out`
pattern left in which we clean up a tmpdir.
Closes: #788
Approved by: cgwalters
There are a few reasons to do this. First, systemd changed to refuse mounts on
symlinks, and hence if one *wants* "/tmp-on-tmpfs", one would need to write a
different `sysroot-tmp.mount` unit.
Second, the original rationale for having this symlink was that if you had
multiple ostree stateroots ("osnames"), it's nicer if they had the same `/tmp`
to avoid duplication. But in practice today that's already an issue due to
`/var/tmp`, and further the multiple-stateroot case is pretty unusual. And that
case is *further* broken by SELinux (if one wanted to have e.g. an Ubuntu and
Fedora) stateroots. So let's fully decouple this and make `/tmp` a plain
old directory by default, so systemd's `tmp.mount` can become useful.
Now, things get interesting for the case where someone wants a physical `/tmp`
that *does* persist across reboots. Right now, if one just did a `systemctl mask
tmp.mount` as we do in Fedora Atomic Host's cloud images, you'd get a semantic
where `/tmp` stays per-deployment, which is weird. Our recommendation for
that should likely be to set up a bind mount for `/tmp` → `/var/tmp`.
For now, this stays an option to ensure compatibility; if FAH Cloud images
want to stay with "physical /tmp", then we'd have to change the kickstart.
Closes: https://github.com/projectatomic/rpm-ostree/issues/669Closes: #778
Approved by: jlebon
This was a kind of last-minute bug introduced when I tweaked the
checkout to use `.` to avoid a `mkdir()` for files. But there were
multiple bugs with that; for files that are in subdirectories of `/etc`
we obviously need to get the right subdir and not use `/etc`.
Second, we need to handle the case where we're adding new subdirectories.
This change fixes `rpm-ostree install firewalld + rpm-ostree ex livefs`.
Closes: #783
Approved by: jlebon
This is a valid case when layering local RPMs. Otherwise (e.g. if
specific non-local packages are requested), give the nicer error rather
than letting libdnf throw something less useful.
Closes: #780Closes: #781
Approved by: cgwalters
First, we need to preserve whitespace in the regexps. Second,
in the error path, all of our variables were wrong.
Commit 376a2cc3f5 is an excellent
poster child for how many bugs one can introduce in a single commit
for a ~5 line function.
Closes: #777
Approved by: jlebon
I was about to add another one of these but it feels like a bit
overkill to run through a recompose for trivial tweaks like turning off docs.
We can do a compose with multiple options at once and test the result as a unit,
at least for the smaller/less invasive options.
This change is prep for adding a switch to do `/tmp` as a regular dir.
Closes: #777
Approved by: jlebon
This is part of: https://github.com/projectatomic/rpm-ostree/issues/774
Basically, it's very useful for debugging since one could get an out-of-date
mirror or the like.
Down the line we may more formally store this data in a permanently-persistent
way, but this is a simple extension of the journaling we do now.
Closes: #775
Approved by: jlebon
There are a few different use cases here. First, for layering new packages,
there's no good reason for us to force a reboot. Second, we want some support
for cherry-picking security updates and allowing admins to restart services. Finally,
at some point we should offer support for entirely replacing the running tree
if that's what the user wants.
Until now we've been very conservative, but there's a spectrum here. In
particular, this patch changes things so we push a rollback before we start
doing anything live. I think in practice, many use cases would be totally fine
with doing most changes live, and falling back to the rollback if something went
wrong.
This initial code drop *only* supports live layering of new packages. However,
a lot of the base infrastructure is laid for future work.
For now, this will be classified as an experimental feature, hence `ex livefs`.
Part of: https://github.com/projectatomic/rpm-ostree/issues/639Closes: #652
Approved by: jlebon
I noticed I had `/tmp/rpmostree-metadata*` directories, and there
were two cases where we created those dirs. Astonishingly,
*both* had bugs that prevented cleaning up.
Rename one of them so in the future it'll be clearer which is buggy (or both).
Closes: #772
Approved by: jlebon
Switch a couple of core functions to the new style in preparation for
some other work there. This doesn't tackle the larger assemble()
function.
Another function which escaped for now is one that uses a tmpdir. Makes
me wonder if we should add a "GlnxTmpDir" type thing which simplifies
the mkdtempat/opendirat pattern and has a shutil_rmrf cleanup.
Closes: #771
Approved by: cgwalters
Now that rpm-ostree operations are cumulative, we need to make sure we
also clean up pending deployments. Also clean up the rollback for
consistency.
We also strengthen our ref handling. Always nuke the vmcheck ref (which
might not even exist anymore if a test rebased without --skip-purge) and
recreate it from the original ref.
Closes: #769
Approved by: cgwalters
Now that the unpacker actually tracks what the RPM checksum was at
import time, we can make use of that to determine whether we should
download the newer RPM, even if it has the same NEVRA.
Closes: #769
Approved by: cgwalters
In addition to the header checksum, we also want a checksum of the RPM
file itself. This will allow us to know right away whether an RPM with
the same NEVRA in the repos is actually the same one we already
imported.
Closes: #769
Approved by: cgwalters
The actual number of imported packages is not printed right now on the
terminal. But it's useful information to have, so stick it in the
journal.
Also make both the ENABLED_REPOS and ENABLED_REPOS_SOLVABLES
comma-separated lists. This essentially makes them valid YAML/JSON,
which is a nice property to have for e.g. test/shell interactions.
Closes: #769
Approved by: cgwalters
Before this commit, in the case where we have 3 deployments, the rollback code
would pick the merge/pending deployment. This is understandable since that logic
predates us potentially creating 3 deployments.
For livefs, I want rollback to actually go to the rollback, not the pending.
Add an API to find the pending/rollback, and put it in syscore, since we have
other similar functions to this there. (Perhaps in the future we'll figure out a
way to dedup the deployment walking/filtering logic a bit).
Port the two callers to it.
Closes: #767
Approved by: jlebon
I didn't realize we had this dbus method. It was added in the initial
drop of the DBus API, and AFAICS nothing uses it; it's not exposed
via the cmdline, and a quick `git grep` in Cockpit shows it's
not used there either.
It's tempting to delete it.
However, before we take that step, let's reimplement it in terms of the new,
shiny, more powerful "cleanup" txn.
The particular reason I'm doing this is I want to change how we handle
rollbacks.
Closes: #767
Approved by: jlebon
This is a follow-up to commit 77acf62. There, we added support for
rebasing from a local branch to another local branch. But in testing,
it's also really useful to be able to rebase from a remote-based refspec
to a local branch. We allow this here by slightly expanding the syntax
of allowed refspecs.
Now, we can use rpm-ostree all the time rather than fallback to `ostree
admin deploy`, which isn't pkg-aware.
Closes: #764
Approved by: cgwalters
Conceptually: we're going to move rpm-ostree and ostree at the same
cadence most of the time; for both releases *and* for git master.
The problem so far has been the latter part. Reusing FAHC
for the build gets us half of the problem.
The other trick I realized we can do - just pull ostree out from the build
container. This avoids fetching it from the internet, and makes my workflow for
hacking on both nicer - I just `sudo make install` in my build container for
ostree.
It's tempting to make the whole thing symmetric and require `sudo make install`
for rpm-ostree and not do the insttree thing but...perhaps after.
Closes: #758
Approved by: jlebon