IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Nothing in the file seems to use it. Doing this quickly via GitHub UI under assumption that the magic @walters bot will take care of running the full test suite, but otherwise I'll test it later when I get back to a machine I can use for that.
Closes: #481
Approved by: cgwalters
This makes the design fully coherent now - we don't try to store
multiple commits, we no longer reference them, and the cleanup does a
depth=0 pruning.
Closes: #475
Approved by: jlebon
My desktop system was aborting on upgrade with a missing metadata
object, which turned out to be the fact that my previous changes to
the package layering code pruned with depth=0, but the commit it was
looking for had a parent commit that had been pruned.
Closes: #475
Approved by: jlebon
I hit a pile of:
```
Oct 04 12:44:15 icarus.verbum.local rpm-ostreed[26257]: ostree_repo_resolve_partial_checksum: assertion 'error == NULL || *error == NULL' failed
```
Which turned out to be a missing metadata object (for some reason),
but this function's incorrect use of `ret = TRUE` caused the GError
to have already been set.
Fix this, and we change to "direct return" style which is more
readable.
Closes: #474
Approved by: jlebon
Per OSTree design, /var can start out empty. However, our warning
spam here is annoying. Let's first delete some known files -
obviously this won't be exhaustive, but it's way faster than trying to
fix all of this in the packages right now.
The major one is the SELinux policy, which resulted in a lot of spam.
Closes: #473
Approved by: jlebon
The API for json_generator_to_stream() says:
Return value: %TRUE if the write operation was successful, and
%FALSE on failure. In case of error, the #GError will be filled
accordingly
When in fact, because it just gives back what g_output_stream_write(),
1. it doesn't strictly return TRUE/FALSE, but a full-range uint, and
2. it will return -1 (which is as good as anything > 0 for success
checks) when an error occurs.
Although a simple <= 0 would fix it, let's just be extra strict and also
check for an error.
Closes: #468Closes: #469
Approved by: miabbott
Let's try out https://wiki.centos.org/ContainerPipeline
Having maintained Docker images for rpm-ostree seems kind of overdue.
(I didn't actually test the CP bits since I'm not sure how to do that)
Closes: #460
Approved by: jlebon
These were added to shadow-utils in recent times (Fedora 25 e.g.) and
like the other passwd files, shadow-utils opens them with `O_TRUNC`.
(At some point we should patch it to do create-new-then-replace internally)
Closes: https://github.com/projectatomic/rpm-ostree/issues/458Closes: #459
Approved by: jlebon
Commit 334cec56a0f4b21a952d29cc86187eb4638e227b had a fatal
logic error - I changed it to write a temporary ref for the final
commit, not the base.
I noticed this by getting `missing metadata object $base.commit` on my
desktop system. Hooray for dogfooding git master.
Closes: #452
Approved by: jlebon
I think these are suitable for wider consumption now, and we should
be able to support existing installs.
Rename the verb to just `install` since it's what every other package
manager uses.
Closes: #450
Approved by: jlebon
It turns out it was buggy (for some reason `PS1` wasn't propagating),
and furthermore, things mostly work if one enables `--new-chroot` i.e.
`systemd-nspawn`, which is what Fedora is going to do, and everyone
else in the world uses Docker.
While we're here, tweak the error message to use `<>` around the URL
which makes it more easily clickable from terminals.
Closes: #449
Approved by: jlebon
It needs to be under `[Unit]`. I noticed the systemd warning
in my logs; not sure how this worked when I was testing it locally.
Closes: #446
Approved by: jlebon
Right now the daemon assumes the system is using ostree, but
for various reasons people can try to start it on non-ostree systems.
This is a simple fix to avoid crashing. A better fix would
need to rework a lot of the code to return dummy/stub values but
that would be painful. Maybe later.
https://bugzilla.redhat.com/show_bug.cgi?id=1372194Closes: #445
Approved by: jlebon
Communicating information is a hard problem, but basically there
are two things here. First, the changelogs make the diff visual
spaghetti. (If we were rendering to HTML with expanders or something,
it could work).
Second, I think RPM changelogs are legacy - tooling should pull from
git.
So far when doing release announcements I've been manually stripping
out the changelogs, embarassingly enough. Time to fix that.
Anyways, we preserve the changelog-emitting code, it's just not the
default now.
Closes: #439
Approved by: jlebon
We need to manage our baselayer refs independently of the deployment
being written by libostree, so suppress the default clean; we'll do
it in rpm-ostree.
I noticed the `Freed objects:` message twice and always wondered why
until today.
Closes: #437
Approved by: jlebon
Until now, we weren't pruning the pkgcache repo at all. I ran out of
space in the root partition in my CAHC vagrant test box, so it's time
to fix this.
The basic algorithm is to walk over the full rpmdb contents of each
root, generate a set of "currently referenced" cached refs, then delete
any refs in the pkgcache repo which aren't included. Then, do a prune
of the pkgcache repo.
While we're here, factor out a `sysroot_upgrader_cleanup()` function
which does all of the cleanup. The idea is at some point we need to
introduce an `rpm-ostree cleanup` command or so which calls this, to
handle the case where the system is interrupted post-deploy but
pre-clean.
Closes: https://github.com/projectatomic/rpm-ostree/issues/428Closes: #437
Approved by: jlebon
In preparation for future changes here, rework things so
that we only walk the set of deployments once after the new
deployment has been generated.
To avoid a race where if we're interrupted after the deployment write
but before the regeneration, create a special `rpmostree/base/tmp` ref
that we delete after all the bases are regenerated.
Closes: #437
Approved by: jlebon
Currently, we do the final commit into the pkgcache repo, then
pull it to the base. The problem with this is that, combined
with the fact that we're not presently pruning the pkgcache repo,
we leak space.
In preparation for a cleaner fix for this, rework things so that the
core infra can know about *both* a base repo and a pkgcache repo. If
they're separate (as is the case for rpm-ostree-on-host), whenever we
are doing layering, explicitly pull just the `.file` objects that are
referenced into the parent repo. We do the final commit in the base
repo.
Closes: #437
Approved by: jlebon
Thought it'd be fun to write a test for verifying proper handling of
scriptlets during package layering. There's obviously a lot more that
could go in here (patches welcome!), but it's a start.
Closes: #434
Approved by: cgwalters
I hit this with librepo subbing out the $releasever with e.g. 7.2016.1
when trying to pull various URLs. It should be enough for the user to
see the ostree version in VERSION and PRETTY_NAME. For applications,
there's OSTREE_VERSION if they need just that.
Closes: #433
Approved by: cgwalters
`systemctl start/stop/try-restart` are all useless for us in
scripts, since changes should only affect the *next* boot.
`systemctl enable` is also wrong - one should use presets instead.
Currently, systemd has code to detect whether it's inside
a chroot, which works for mock, but *not* for Docker or bubblewrap.
(We should teach systemd a nicer way to disable itself, but
even if we did that we'd have to support old scripts)
So, this fixes layering `glusterfs` in CAHC.
Closes: #432
Approved by: jlebon
When executing scripts, map `/usr/lib/passwd` temporarily back to
`/etc/passwd` from the POV of the script, then move it back. This
allows client-side layered packages be merged with the base tree
version, while still being distinct from the `/etc/passwd`.
(In the future we'll likely rewrite all of this to use
`systemd-sysusers(8)`, but for now let's be incremental.)
Note in this commit it isn't very useful, because pretty much all RPMs
only call `useradd` in `%pre`, which is the next commit.
Closes: #432
Approved by: jlebon
Because OSTree includes numeric uid/gid, but package layering (and
traditional full-client-side RPM) expects to allocate UIDs on the
machine, we need to handle non-root owned files specially.
For files in /run and /var, we can convert them to
`systemd-tmpfiles(8)` snippets which will be executed at the next
boot, after a uid/gid has been assigned.
Closes: #432
Approved by: jlebon
Decided to test this on Sunday evening. Of course it was broken =(
(Actually I tested mock-in-Docker but it should be the same)
The core problem is that mock does `chroot()` without using `/`
as a mount point. This breaks an assumption in bwrap that it is.
Now, in theory we could move this same logic down into bwrap to
work around this situation, but for now let's hack it here.
Mock is old, legacy container code that doesn't really do anything
in a modern way - in fact our goal should be to replace it
with a combination of rpm-ostree and bwrap. So carrying this
hack here to get us to that future should be OK for now.
Closes: #431
Approved by: jlebon
I want a better error message if the user happens to execute
inside e.g. a Docker container without sufficient privileges
for recursive containerization.
Closes: #429
Approved by: jlebon
The previous commit https://github.com/projectatomic/rpm-ostree/pull/422
introduced a regression in the "outside of a container" path - we
get `EINVAL` trying to `mount("proc",...)` and honestly I'm not sure why.
We can either back up or plow forward, and it turns out to be
pretty straightforward to complete the port to using bwrap.
I extracted the bwrap-execution code out of the RPM script engine,
because the treecompose model is currently different (no hardlinks
yet).
NOTE: A *very* important side effect of this is that we now
require "privileged" containers on hosts without user namespaces,
and on userns hosts, require `CLONE_NEWUSER` to be exported to the
container host.
In general though, the previous path of blindly executing scripts as root
without e.g. `proc` mounted was just bad.
Closes: #429
Approved by: jlebon
The treecompose code will learn how to use bwrap instead of
libcontainer in libglnx, since the latter is a buggy copy of a subset
of the former.
Closes: #429
Approved by: jlebon
If next_dent returns `FALSE`, we need to also return `FALSE` from
the function.
I just noticed this as I happened to be reading the code randomly.
Closes: #426
Approved by: jlebon
Otherwise we try to execute as shell script which obviously doesn't
work. This was noticed when @dustymabe was trying to assemble
a Fedora container with `glibc-all-langpacks`.
Closes: #424
Approved by: jlebon
When trying to test treecomposes, it's annoying to hit the
metadata servers each time. Add a `--cache-only` option which
is kind of like yum's `-C` option (but not quite because
if the metadata doesn't exist we will update it).
Closes: #423
Approved by: jlebon
I was looking at starting to unify the treecompose path to the
"new world" infrastructure in package layering. An initial
step here is to port to fd-relative, which cleans up the code.
Note this depends on a libglnx pull.
Closes: #422
Approved by: jlebon