Commit Graph

2529 Commits

Author SHA1 Message Date
Jonathan Lebon
86c811af8d importer: Filter out /var/lib/rpm from rpm
Otherwise we can get a repeat of #290 in the unprivileged container
assembly path.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
6cdcd474b6 Makefile-libs.am: Work around g-ir-scanner issues with clang
Right now there's an issue in Fedora with `g-ir-scanner` picking up
`-fstack-clash-protection` from the `sysconfig` Python module and
passing it to `clang`, which doesn't understand this flag yet.

Just work around this by (1) not even building GIR bindings for our
bundled libdnf since there's no need, and (2) overridding the compiler
used by `g-ir-scanner` so it's always `gcc`.

See: https://github.com/projectatomic/rpm-ostree/pull/1787#issuecomment-473971585

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
078268d4d3 libpriv: Add more error-prefixing in sanity checks
Currently tracing through an error around that area, and this would've
helped.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
da3b33ee7b ci: Fix ex-container LOGDIR
Let's output to `ex-container-logs`, which matches the directory we
currently have specified in `artifacts:` so that we actually get test
logs uploaded.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
a4678eb67e app: Drop unused variables
Looks like `clang` got smarter in f29. It's now finding more unused
variables than before. \o/

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
95d1c6ea29 ci: Bump minimum Rust version to v1.31.0
Now that we no longer support el7, let's peg our minimum `rustc` version
to the latest Rust module available in el8 instead. That's 1.31.0 right
now.

And drop use of deprecated `trim_left_matches()` (it was deprecated in
1.33.0, which is currently used in the other testsuites that pull
`rustc` from the Fedora repos; we might want to eventually just use the
`RUST_MIN_VERSION` in all the testsuites to not get caught in the middle
like this again).

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
45b6186be0 tests/check: Tweak /usr/bin/sh path
Looks like the auto-requires got updated in f29 or something.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
d34f24581a ci: Fix repo editing in installdeps.sh
- Use `IFS=` so that we don't drop leading whitespace when reading in,
  which can be used to specify multiple baseurls on multiple lines.
- Use `-r` as good practice so we don't try to interpret anything.
- Use `echo "$line"` so that we don't drop leading whitespace when
  writing out.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
d0fdd9ac1d ci: Drop c7 support for installdeps.sh
Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
4ae3b174f5 ci: Bump to f29
Better late than never!

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
e90d0ed98e build: Move completions to /usr/share
rdgo is choking on this right now because, even though we added
`/usr/share/bash-completion` to the list of dirs to check in the spec
file[1], we don't have `bash-completion` installed in the buildroot, so
the `completionsdir` pkgconfig var isn't defined and we end up
defaulting to `/etc/bash_completion.d`.

el7's bash (not that it matters much now after #1785) is indeed new
enough to know that location. See also
https://github.com/ostreedev/ostree/pull/1083.

[1] https://src.fedoraproject.org/rpms/rpm-ostree/pull-request/30

Closes: #1786
Approved by: rfairley
2019-03-14 21:24:30 +00:00
Jonathan Lebon
bdf12cced6 ci: Stop testing on CentOS 7
Let's stop actively testing on CentOS 7 from this point on. The latest
stable version v2019.2 will be the last fully supported release on this
platform. We may backport patches there if needed.

This will allow us to shed a lot of legacy and dual-paths code that
rendered the code more complex. It'll also reduce friction on new
initiatives like unified core by default and sysusers.

Closes: #1785
Approved by: cgwalters
2019-03-13 21:16:00 +00:00
Jonathan Lebon
6e054517d3 app: Alias remove -> uninstall
For better finger compatibility with `dnf`.

Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Jonathan Lebon
57fa460837 core: Add all packages to the sack upfront
Don't go back and forth between adding packages to the sack and marking
them for install. Do the former upfront, and then do the latter.

This allows us to work around:
https://github.com/rpm-software-management/libdnf/issues/700

Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Jonathan Lebon
e2ed1036f1 core: Fix leak of a DnfPackage
We weren't freeing the `DnfPackage` that `dnf_sack_add_cmdline_package`
returned. But really, once it's marked for install, we don't need it.

Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Jonathan Lebon
3a616bd318 daemon/deployment-utils: Specify array element type
Otherwise, glib will complain if the array is empty since it can't infer
the type of the item.

While we're here, just `git grep` all instances of
`G_VARIANT_TYPE_ARRAY` and make sure they use a fully-specified format.
I added a test to sanity check that glib is happy to synthesize empty
`GVariant` arrays from `g_variant_builder()` if the format string is
specified.

Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Jonathan Lebon
cc1ac0eabe upgrader: Add missing check for error
Not that it matters much since that function can't fail right now
(though it does have a precondition check). But this just matches what
we do elsewhere and prepares us in the event the function becomes
fallible.

Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Jonathan Lebon
ed3294fa98 app/status: Fix spacing in function call
Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Colin Walters
adff1e98b6 compose: Add boot-location: modules
And this (for now at least) completes the epic journey of the
"where's the kernel"?  With this it's found solely in
`/usr/lib/modules/$kver`.

There are a few reasons to do this; most prominent is that
it avoids duplicating the content as the locations may have
different SELinux labels.

Closes: #1773
Approved by: jlebon
2019-03-08 22:49:40 +00:00
Colin Walters
f37426f1ad compose: Remove support for boot-location: both
I'd like to add a new `boot-location: modules`.  In prep
for that, let's remove the legacy `both` which drops into
`/boot`.

The libostree support for handling `/usr/lib/ostree-boot` has
existed for over 4 years:

```
commit 37a059925f6b96d30190b65bee6bdde0ae1c6915
Commit:     Colin Walters <walters@verbum.org>
CommitDate: Sun Nov 30 23:14:05 2014 -0500

    deploy: Ensure that we can deploy using only /usr/lib/ostree-boot

```

I think we assume now that no one is now making *new* treecomposes and needs
a newer rpm-ostree and that they expect people to be able to use as an
upgrade target from a libostree that predates that.

Closes: #1773
Approved by: jlebon
2019-03-08 22:49:40 +00:00
Jonathan Lebon
6b928e8f0e ci: Build the whole tree, not just rust bits
Otherwise, we're not testing everything. E.g. the cbindgen bits.

Closes: #1778
Approved by: cgwalters
2019-03-07 21:57:08 +00:00
Jonathan Lebon
e49f625b61 rust: Freeze rand crate to v0.6.1
The recent dep bump caused rand to jump to v0.6.5, which pulled in
`fuchsia-cprng`. Sadly, the cargo version we're frozen on chokes on it
because its manifest makes use of the `edition` keyword, which wasn't
stabilized yet.

Let's just freeze the problematic crate for now. We should be able to
bump our Rust toolchain soon-ish.

(Note this commit also does some other minor crate bumps as a result of
regenerating the lockfile to prune away `fuchsia-cprng`.)

Closes: #1777

Closes: #1778
Approved by: cgwalters
2019-03-07 21:57:08 +00:00
Colin Walters
b63f3720b8 ci: Add a f29 FCOS build
Let's start doing testing using coreos-assembler + Fedora CoreOS.

Closes: #1774
Approved by: jlebon
2019-03-07 19:16:12 +00:00
Jonathan Lebon
b851d9dad2 build: Hook up bash completions
Follow-up to #1499. This is mostly based on
https://github.com/ostreedev/ostree/pull/1077.

Closes: #1772
Approved by: rfairley
2019-03-07 00:47:39 +00:00
Jonathan Lebon
8b1bc9894e rust: Pass through rustfmt
Closes: #1749
Approved by: cgwalters
2019-03-02 19:20:21 +00:00
Jonathan Lebon
1fe66e91d0 rust/treefile: Support dash convention for all options
Now that we support YAML, it's a gotcha/eyesore that some of our options
use underscores rather than dashes. Let's be nice and switch those few
options over, while of course still supporting the previous name.

Co-authored-by: Colin Walters <walters@verbum.org>

Closes: #1749
Approved by: cgwalters
2019-03-02 19:20:21 +00:00
Jonathan Lebon
0ebfb6e4ff rust/treefile: Don't hardcode list of architectures
Just try to match the current architecture against any
`packages-${arch}` keys in the treefile.

Closes: #1749
Approved by: cgwalters
2019-03-02 19:20:21 +00:00
Jonathan Lebon
24335bdf1a rust/treefile: Use HashMap to collect extra fields
Instead of the `Strict` and `Permissive` variants of
`TreeComposeConfig`, just collapse all the excess fields in a new
`extra` member and check for any keys there in the strict YAML path.
This will also allow us to drop the hardcoded list of architectures in
the next patch.

Closes: #1749
Approved by: cgwalters
2019-03-02 19:20:21 +00:00
Chris Weeks
90790cabaf Add support for bash completion
This stand-alone file doesn't impact any part of the build process and
is designed to be a convenience for end-users.

Closes: #1499
Approved by: jlebon
2019-03-01 21:36:39 +00:00
Jonathan Lebon
82594b5052 rust: Bump dependencies
Notably, the latest indicatif compiles fine again. This is now the
latest of everything, except the glib stack:

```
$ cargo outdated -R
Name      Project  Compat  Latest  Kind    Platform
----      -------  ------  ------  ----    --------
gio-sys   0.7.0    ---     0.8.0   Normal  ---
glib      0.6.1    ---     0.7.1   Normal  ---
glib-sys  0.7.0    ---     0.8.0   Normal  ---
```

because it requires a newer rustc than we're currently locked at.

Closes: #1770
Approved by: cgwalters
2019-03-01 15:51:07 +00:00
Jonathan Lebon
27e4c353b2 daemon/sysroot: Fix ActiveTransaction property
Minor regression from #1755. Noticed this after seeing the following in
the journal:

```
Mar 01 02:41:03 f29-ros rpm-ostree[3931]: Failed to GetConnectionUnixUser for client /org/projectatomic/rpmostree1/fedora_atomic: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Could not get UID of name '/org/projectatomic/rpmostree1/fedora_atomic': no such name
Mar 01 02:41:03 f29-ros rpm-ostree[3931]: Failed to GetConnectionUnixProcessID for client /org/projectatomic/rpmostree1/fedora_atomic: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Could not get PID of name '/org/projectatomic/rpmostree1/fedora_atomic': no such name
```

Closes: #1769
Approved by: cgwalters
2019-03-01 15:50:33 +00:00
Colin Walters
5c69bcb4fe compose: Make initramfs.img world-readable
There's nothing secret there, it's server side generated.
Ref: https://github.com/coreos/coreos-assembler/pull/372#issuecomment-467620937

Closes: #1767
Approved by: jlebon
2019-02-27 14:33:05 +00:00
Jonathan Lebon
2be532c9e9 rust/treefile: Add basearch key
Add a `basearch` key to the manifest. This can be used at compose time
to assert the architecture the compose is running on. Though my
motivation is for the common case where it gets omitted from the input
manifest and gets automatically added by rpm-ostree into
`/usr/share/rpm-ostree/treefile.json` for introspection on the client.

(The crucial part here is that the treefile created by rpm-ostree
remains deserializable into a `TreeComposeConfig`).

Closes: https://github.com/coreos/fedora-coreos-tracker/issues/154

Closes: #1766
Approved by: cgwalters
2019-02-27 01:05:43 +00:00
Jonathan Lebon
6a57db1c36 rust/treefile: Rename arch -> basearch
We're really using this variable to substitute `${basearch}` and find
basearch-specific packages. Let's rename the variable to make that more
obvious.

Closes: #1766
Approved by: cgwalters
2019-02-27 01:05:43 +00:00
Jonathan Lebon
75f415f09f tests/libtest.sh: Lift assert_jq from libvm.sh
We already had this logic, but it was in `libvm.sh`. Prep for using it
elsewhere.

Closes: #1766
Approved by: cgwalters
2019-02-27 01:05:43 +00:00
Colin Walters
3f722b5005 rust: Bump crate dependencies
Prep for adding other crate deps for sysusers, multiprocessing work.

Closes: #1765
Approved by: jlebon
2019-02-26 16:42:42 +00:00
Colin Walters
07d621bac9 compose: Pass treefile directly to core
A lot of history here.  Long before the YAML treefiles, I was
dissatisfied with the JSON treefile syntax, and also wanted
to create a format that could be used by the (still experimental)
`container` builtin, and chose to use GKeyFile.

I don't think that really worked out; the Rust YAML is just way
better.

In the future we probably want to more cleanly split off the
"compose only" aspects of the treefile.  But for now, it's rather
tedious to pass down flags from the treefile into the keyfile/gvariant.
Let's just give direct access to the treefile to the core.

Prep for sysusers.

Closes: #1764
Approved by: jlebon
2019-02-25 20:56:44 +00:00
Colin Walters
d1eedbbd96 rust/openat: Add helper to retrieve file type
Will be used by sysusers code.

Closes: #1764
Approved by: jlebon
2019-02-25 20:56:44 +00:00
Colin Walters
579f017fc2 rust: Add clap
A few of my outstanding Rust PRs use this (multiprocess, sysusers).
Let's add it now.

Closes: #1764
Approved by: jlebon
2019-02-25 20:56:44 +00:00
Colin Walters
e7f87b03ef tests: Don't make system user with differently-named group
Sysusers doesn't really support this, and no RPMs do it.

Closes: #1763
Approved by: jlebon
2019-02-25 14:21:28 +00:00
Colin Walters
a2044f8923 main: Move cancellable creation later
We should only be calling into GIO once we've set our preparatory
environment variables etc.  Not fixing anything today that I know
of, just noticed while looking at the code.

Closes: #1763
Approved by: jlebon
2019-02-25 14:21:28 +00:00
Colin Walters
13e4976f59 bwrap: Add an API to take a file descriptor
Will be used by the sysusers code to pass down a pipe that
the child writes to.

Closes: #1763
Approved by: jlebon
2019-02-25 14:21:28 +00:00
Colin Walters
406cc51fdc compose: Support RPMOSTREE_PRESERVE_TMPDIR=on-fail
This is easy to set in the environment for local development
and avoid leaking space in the success cases.

Closes: #1763
Approved by: jlebon
2019-02-25 14:21:28 +00:00
Colin Walters
aea374710e daemon: Time out client txn connections after 30s
This removes the "transaction monitor".  Originally the idea
here was things would queue, but we never really made that
work. Since transactions started grabbing the
libostree sysroot lock in particular.

Rip out the transaction monitor code with the queue and have
a singleton txn ref in the sysroot object.  This should ensure
that if a txn is active, one always gets an error message about
which one.

Next, add a 30s timeout for connections to the transaction DBus
sockets after they're complete.

This should address https://github.com/projectatomic/rpm-ostree/issues/1692
which is a case where gnome-software was leaking the txn DBus
connection and keeping it alive.

Closes: #1755
Approved by: cgwalters
2019-02-22 14:47:02 +00:00
Colin Walters
e58ee20996 cli/cancel: Close txn bus connection after cancelling
There's no reason to keep this around, we aren't going to use it.
Motivation here is the lifetime of transactions is currently
entangled with the bus connections from clients, and we don't
want to hold them open unnecessarily.

Also, we were adding a notify on the wrong object.  I think it
was just working before because something else ran the mainloop
and we got the property notification anyways.

Closes: #1759
Approved by: jlebon
2019-02-19 16:01:50 +00:00
Jonathan Lebon
97a60f90bd Release 2019.2
Let's get the SELinux fix out (#1754).

Closes: #1757
Approved by: cgwalters
2019-02-14 18:23:37 +00:00
Jonathan Lebon
0e5044ca92 postprocess: Add /home -> /var/home SELinux substitution
Manually patch `file_contexts.subs_dist` so that `/home` is equivalent
to `/var/home`. This is required now that the generated homedirs rules
use `/var/home`. Otherwise, `matchpathcon` for example will return wrong
results.

This patch also includes the *removal* of `/var/home -> /home` so that
we're not dependent on this selinux-policy patch making it at the same
time as downstream:

https://src.fedoraproject.org/rpms/selinux-policy/pull-request/14

(See the conversation there for more information.)

Closes: #1754
Approved by: cgwalters
2019-02-14 17:24:09 +00:00
Jonathan Lebon
677c083f24 libpriv: Rebuild policy during postprocessing
It's possible for some postprocessing scripts to affect the final
SELinux policy. This is the case for the new `/etc/default/useradd` edit
we now do (#1726), but it could've been the case beforehand too with
user scripts modifying e.g. booleans (though ideally all these
modifications would be part of RPMs).

Do a final `semodule -nB` during postprocessing so that the final policy
we commit is "up to date". Otherwise, users may only see changes take
effect if they layer packages that trigger a rebuild.

The motivation for this is specifically for `/etc/default/useradd`.
There is magic in `selinux-policy` that parses the file and generates
templated rules from the value of `HOME`.

For more info, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1669982
https://src.fedoraproject.org/rpms/selinux-policy/pull-request/14

Closes: #1754
Approved by: cgwalters
2019-02-14 17:24:09 +00:00
Jonathan Lebon
58a79056a8 libpriv/scripts: Add /run/ostree-booted for scriptlets
RPM-OSTree has been pretty good so far at consuming the exact same RPMs
used for traditional OSes without modifications. This is important,
because shielding RPMs from the OSTree abstraction means we remain
compatible with a large portion of the ecosystem.

However, there are some apps that definitely require rethinking their
approach. The example right now is akmods, which has a patch proposed to
build kmods at `%post` time on OSTree systems instead of from the
daemon.[1]

In such situations, scriptlets need something to key off of for the
OSTree-specific approach. The `/run/ostree-booted` file is the de facto
API to determine if we're running on an OSTree system or not. This patch
simply extends this API so that scriptlets can naturally make use of
them.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1667014

Closes: #1750
Approved by: cgwalters
2019-02-12 14:24:48 +00:00
Colin Walters
85ab9c3181 treefile: Fix octal mode for rojig spec too
Going to need to see if clippy or something has a way for us
to reject leading `0`.

Closes: #1756
Approved by: jlebon
2019-02-11 18:21:51 +00:00