Commit Graph

1854 Commits

Author SHA1 Message Date
Colin Walters
fcc30ffe5d ci/build.sh: s/26/27/ for FAHC check
Missed this in https://github.com/projectatomic/rpm-ostree/pull/1125

Closes: #1123
Approved by: jlebon
2017-12-04 20:13:34 +00:00
Colin Walters
b84e795c96 ci/papr: Update the other contexts to F27
Let's take a stab at this.

Closes: #1125
Approved by: jlebon
2017-12-04 17:45:56 +00:00
Colin Walters
f8bc9a1c9d compose/dracut: Use a host tmpdir for dracut
In unified core mode, this avoids an intense spam of errors from `cp`
because `tmpfs` doesn't support the `user.` xattr namespace, and
since [this dracut commit](61c761bc2c)
dracut tries to copy all xattrs, which was just done for IMA.
There's no point to having the SELinux labels or other xattrs
in the initramfs.

The real fix here is dracut should learn to *only* copy the IMA
xattrs, or even better disable IMA enforcement for the dracut
run or something.

Closes: #1126
Approved by: jlebon
2017-12-04 15:37:16 +00:00
Colin Walters
694b798c73 Introduce experimental "rpm-ostree jigdo"
Tracking issue: https://github.com/projectatomic/rpm-ostree/issues/1081

To briefly recap: Let's experiment with doing ostree-in-RPM, basically the
"compose" process injects additional data (SELinux labels for example) in an
"ostree image" RPM, like `fedora-atomic-host-27.8-1.x86_64.rpm`. That "ostree
image" RPM will contain the OSTree commit+metadata, and tell us what RPMs we
need need to download. For updates, like `yum update` we only download changed
RPMs, plus the new "oirpm". But SELinux labeling, depsolving, etc. are still
done server side, and we still have a reliable OSTree commit checksum.

This is a lot like [Jigdo](http://atterer.org/jigdo/)

Here we fully demonstrate the concept working end-to-end; we use the
"traditional" `compose tree` to commit a bunch of RPMs to an OSTree repo, which
has a checksum, version etc. Then the new `ex commit2jigdo` generates the
"oirpm". This is the "server side" operation. Next simulating the client side,
`jigdo2commit` takes the OIRPM and uses it and downloads the "jigdo set" RPMs,
fully regenerating *bit for bit* the final OSTree commit.

If you want to play with this, I'd take a look at the `test-jigdo.sh`; from
there you can find other useful bits like the example `fedora-atomic-host.spec`
file (though the canonical copy of this will likely land in the
[fedora-atomic](http://pagure.io/fedora-atomic) manifest git repo.

Closes: #1103
Approved by: jlebon
2017-12-04 14:24:53 +00:00
Colin Walters
42282c0a84 tests/libtest: Fix logic error in creation test-repo file
`test -n` would always be true.  Also while I have the patient open
let's make writing the file atomic.  Maybe someday I'll be motivated
enough to write an `O_TMPFILE` patch for bash.

Closes: #1103
Approved by: jlebon
2017-12-04 14:24:53 +00:00
Colin Walters
d9d8eefdc5 tests/compose: Disable fsync
I've been running these a lot locally and this helps a bit.

Closes: #1103
Approved by: jlebon
2017-12-04 14:24:53 +00:00
Colin Walters
dafb3d6daa tests/compose: Rework caching to cache RPMs
When we added the `--ex-unified-core` option our caching story got
very messy because the non-unified core caches RPMs, but unified
does ostree repo caching.

For jigdo, we want the RPMs. Fix this by mirroring the RPMs using
`--download-only` and pointing the tests consistently at that.

Closes: #1122
Approved by: jlebon
2017-12-01 19:20:40 +00:00
Colin Walters
7f5082deef compose: Add --download-only option
With jigdo this is a very useful as one needs the ability to bind together the
RPMs and commits.

And for the compose tests this is a more reliable way to do caching anyways.

Closes: #1122
Approved by: jlebon
2017-12-01 19:20:40 +00:00
Jonathan Lebon
7056e6b726 daemon: Unify pkgcache with system repo
We originally needed the pkgcache to be a separate repo due to ostree's
overzealous pruning policies. The idea was to maintain multiple commits
in each pkg branch for different SELinux policies. In practice, there's
not much use in maintaining old copies and it's just easier to always
relabel on the fly. So then, the need for a separate repo completely
melts away.

This helps simplify the mental model a bit and allows us to avoid subtle
issues like #1047. Note however that the core is still capable of
handling split repos for the `--ex-unified-core` compose use case. Once
that and the jigdo work are a bit more settled, we can have a clearer
picture of how to simplify the core further.

The tricky bit is migrating the cache. When deploying, we check if a
pkgcache repo exists and migrate its refs if so. We then leave behind a
symlink to the system repo to remain compatible with older rpm-ostrees.

Closes: #1055
Approved by: cgwalters
2017-12-01 15:41:40 +00:00
Jonathan Lebon
4d72a73b80 daemon/sysroot: Port to new style
No functional changes.
Prep for unified repo work.

Closes: #1055
Approved by: cgwalters
2017-12-01 15:41:40 +00:00
Jonathan Lebon
dfc84a6925 core: print out more details on forbidden replacements
Instead of just giving just the package that would be replaced, also
print out the package that replaces it, as well as the repo it comes
from.

Closes: #1113
Closes: #1120

Closes: #1121
Approved by: cgwalters
2017-11-30 22:40:11 +00:00
Jonathan Lebon
709ad07c5c diff_print: drop unused OstreeRepo argument
Noticed this while working on diff output somewhere else. I was
initially thinking of making use of this there too, but it's not quite
the right fit and would require a lot of churn.

Closes: #1121
Approved by: cgwalters
2017-11-30 22:40:11 +00:00
Jonathan Lebon
f504586182 core: separate scopes for each check
Rather than trying to be smart and re-use the same `GPtrArray`, let's
just segregate each check into its own scope to make it easier to
follow.

Diff best viewed with whitespace detection on.

Closes: #1121
Approved by: cgwalters
2017-11-30 22:40:11 +00:00
Jonathan Lebon
5860897092 tree: account for ephemeral nevra string
When writing this code, I made the false assumption that the nevra
string lives as long as the pool does, i.e. as long as we have a
reference to its `DnfSack`.

In fact, they have undefined lifetimes. Notably any place in which one
calls `dnf_package_get_nevra` a lot may result in the invalidation of
previously returned nevras.

This patch ensures that we copy the string in the few places where we
are susceptible to this.

There is a related libdnf patch[1] which tightens the definition here so
that we can assume the string at least lives as long as its
`DnfPackage`. It turns out that the callsites addressed in this patch
are also those in which we would break that assumption. IOW, this patch
is needed regardless of how [1] goes.

[1] https://github.com/rpm-software-management/libdnf/pull/388

Closes: #1119
Approved by: cgwalters
2017-11-29 20:05:39 +00:00
Jonathan Lebon
8f6f2dd9e4 core: fix minor memory leak
Closes: #1119
Approved by: cgwalters
2017-11-29 20:05:39 +00:00
Colin Walters
9c004e1833 Change unpacking to use a single ostree txn
Right now each ostree txn incurs a `syncfs()`; see
https://github.com/ostreedev/ostree/issues/1184
And before this patch, we were doing a txn per package import.

We can really do better in libostree - we'll fix that, but in the short term
let's use a bigger txn for every package. However, the obvious change here of
simply hoisting up the txn is that on failure for imports, we'd discard all
downloaded packages.  We fix that by changing the auto txn API to have
a `commit_on_failure` boolean, and use it in cases where we're doing
imports.

This is prep work for jigdo, where we'll be using the import path all the time.
My bigger plan is to do multithreaded imports.

Closes: #1116
Approved by: jlebon
2017-11-29 16:48:19 +00:00
Colin Walters
a822722a5b ex-unpack: Delete
I think the `ex container` path supercedes this; it was really just a demo, and
having it around is annoying since I want to change the importer API and I have
to change it here too.

Closes: #1116
Approved by: jlebon
2017-11-29 16:48:19 +00:00
Colin Walters
f58cb44fb2 txn: For --download-only, print 'changed' message if changed
I was playing with `--download-only` a bit with an eye to
having something like this be used by Cockpit/gnome-software instead
of what it's doing now, but a problem is that at the moment we
don't have a way to reflect the "changed" state back to clients.

This is a first step towards that by simply printing a different
message.

I think really to make all of this work more nicely though, including
supporting e.g. rpm database diffs, we are going to have to instead
work on the [pending deployment](https://github.com/ostreedev/ostree/issues/545)
path.  That way we'll have done the depsolve, stored repo timestamps
etc.; we'll be able to accurately show what *did* change rather than
try to recreate what will happen on the next `rpm-ostree upgrade --cache-only`.

Closes: #1118
Approved by: jlebon
2017-11-29 15:29:49 +00:00
Colin Walters
b68fe099ea tests: Use ostree commit --consume
Just noticed this while working on something else; we should use it where
possible.

Closes: #1117
Approved by: jlebon
2017-11-29 15:07:25 +00:00
Colin Walters
1c5c4a457e tests: Correctly error out if some part of install.sh fails
It took me way, way, way too long to debug that my dev container somehow missing
`ostree-grub2` caused the script to fail early, but we'd still continue trying
to sync, leading to us not actually changing the installed `rpm-ostree` binary,
leading to test suite failures.

Also add the chmod hammer at the top so we can delete even if we fail after
doing an rsync.

Closes: #1115
Approved by: jlebon
2017-11-29 14:42:25 +00:00
Ruixin Bao
2ef240d401 app/libpriv: add editor option for karg command
Add editor option for kernel arguments. The logic
was taken from the ostree-commit editor.

The user now can edit the kernel arguments from an editor.

The synchronization related issue is resolved by reloading the
sysroot and see if the sysroot has been changed since the call
of the editor prompt.

Closes: #1097
Approved by: jlebon
2017-11-28 18:29:42 +00:00
Jonathan Lebon
e35f867494 papr: fix sanity test and bump to f27
It was recently changed to use virtualenv to install and invoke ansible.

Closes: #1112
Approved by: miabbott
2017-11-22 16:55:17 +00:00
Colin Walters
b5c8915ea2 postprocess: Add envvar option, and detect NFS, skip ostree txn
This is for: https://pagure.io/atomic-wg/issue/387

Right now the way libostree stages objects into `${repo}/tmp` is basically an
anti-pattern for (possibly concurrent) operations on NFS. Having multiple
processes try to clean the tmpdir invites races, and there's really no reason to
"stage" all of the content.

(Unfortunately unless NFS supports `O_TMPFILE` we still need temp files,
 but that's a separate issue)

In this patch we auto-detect NFS which should make the Fedora pungi runs "just
work", but I also added an environment variable to opt-in.

Closes: #1111
Approved by: jlebon
2017-11-22 16:30:56 +00:00
Colin Walters
366826132a libpriv: Rename "unpacker" to "importer", split off "unpacker-core"
In the jigdo path we don't actually want to import the OIRPM literally
into ostree.  I considered adding jigdo logic into `rpmostree-unpacker.c`
but it'd be a mess as the functionality is quite logically separate
from importing.

So split off an `unpacker-core.c` file which has the bare libarchive+RPM
helpers, and rename `RpmOstreeUnpacker` to `RpmOstreeImporter`.

Closes: #1110
Approved by: jlebon
2017-11-20 20:57:33 +00:00
Colin Walters
3c0da8864b compose: Do relabel before downloading in --ex-unified-core
We removed this in review, but I rediscovered why I added it.  We
fail the `g_assert (sepolicy_matches)` if we already had packages
done with the final label when we go to reuse the cache.

(Basically, if we use the cache multiple times it's hard to avoid
 relabeling all the time which is unfortunate...gets back a bit to
 a way to annotate pkgcache commits as supporting multiple policies)

Closes: #1109
Approved by: jlebon
2017-11-20 15:35:21 +00:00
Colin Walters
d87970966b ci/papr: Update to f27-primary
I didn't try porting some of the other contexts yet...I want to see
if this works.

Note that FAHC was switched to 27, so it's only luck that things
work on 26.

Closes: #1108
Approved by: jlebon
2017-11-17 19:46:38 +00:00
Colin Walters
6bf4206223 compose: Add --ex-unified-core
The "--ex" prefix here means it's an experimental option. A tremendous change
here is that start to support non-uid 0, but there are various things to fix there;
the unpacker for example needs to learn to set imported objects fully based
on the rpmfi information (i.e. default to uid 0, since libarchive gives the
current uid by default).

And even when run as uid 0, there are some bugs, though I'm not sure
of any showstoppers yet.  For example, dracut's `dracut-install` calls
`cp --preserve=xattrs` which fails to copy the `user.ostreemeta` xattrs
from a checkout (it shouldn't be copying that anyways...)

Nevertheless, the infrastructure behind this really helps (is almost a hard
requirement for) the [jigdo effort](https://github.com/projectatomic/rpm-ostree/issues/1081).
Which is really only true due to SELinux - we need to import the packages,
then generate the final tree to get the final policy, then use that policy
to relabel all of the packages.

Closes: #940
Approved by: jlebon
2017-11-17 18:59:34 +00:00
Colin Walters
94e52abb03 core: Don't try to apply non-root uid/gid when run as non-root
In an unprivileged case, we can't do this on the real filesystem. For
`ex container`, we want to completely ignore uid/gid.  I added a test
installing `httpd` which failed previously.

TODO: For non-root `--ex-unified-core` we need to do it as a commit modifier.

Closes: #940
Approved by: jlebon
2017-11-17 18:59:34 +00:00
Colin Walters
be89b68873 unpacker: Handle uid/gid when running unprivileged (non-root)
It seems that libarchive ends up returning `getuid()` actually,
possibly because the cpio doesn't actually have ownership information?
Anyways, what we really want here is to set `0/0`, which is what
happens for the `ex container` path via
`OSTREE_REPO_COMMIT_MODIFIER_FLAGS_CANONICAL_PERMISSIONS`.

Prep for unified core 🌐.

Closes: #940
Approved by: jlebon
2017-11-17 18:59:34 +00:00
Colin Walters
71d04a44b8 tests/ex-container: Disable parallelism for now
Adding the 2nd test revealed this didn't actually work, will fix at some point.

Closes: #940
Approved by: jlebon
2017-11-17 18:59:34 +00:00
Colin Walters
9d4b760754 daemon,libpriv: Some porting to decl-after-stmt
Not immediate prep for anything, I'd just been looking at this
code recently.

(Also a bit of `glnx_throw_errno` porting)

Closes: #1107
Approved by: jlebon
2017-11-17 16:27:53 +00:00
Colin Walters
7ab8869cdd tree-wide: s/hif/dnf/
No real particular reason, just decided to do this while the outstanding patches
don't conflict too much.

Closes: #1106
Approved by: jlebon
2017-11-17 14:46:57 +00:00
Colin Walters
1240d8df2d unpacker,core: Honor nodocs flag
More work for unified core; this was one of the biggest parts of the `ostree
diff` when comparing a unified core treecompose of Fedora Atomic Host versus
the libdnf path.

This is also the first case where we're teaching the pkgcache to redownload
based on state.

Closes: #1105
Approved by: jlebon
2017-11-16 15:13:37 +00:00
Colin Walters
8c4ffc3340 unpacker,core: Handle selinux-policy-targeted at unpack time
Previously in 4a86bdd196 "postprocess: Undo Fedora SELinux policy move"
we fixed things for SELinux policy to move it out of /var and back
into /etc.

But for unified core where we're importing the RPM, the default "/var →
tmpfiles.d" kicks in before this can run. So teach the unpacker to do it too.
This is even less nice than what we had in the postprocessing code, as there we
went to some effort to handle non-targeted policy (e.g. MLS). That said I am not
super concerned about that right now...we can always deal with MLS or other
policies later. I'd be more inclined really to try to take the issue of moving
back to /etc (or implementing /usr with /etc overrides) to SELinux upstream.

Closes: #1105
Approved by: jlebon
2017-11-16 15:13:37 +00:00
Colin Walters
775e6f87ae core: (refactor) Load pkgcache commit object earlier
For unified core work, we'll be caching the "has docs" flag in the pkgcache
commit. So let's load the commit object earlier rather than having each function
load it.

Closes: #1104
Approved by: jlebon
2017-11-15 23:27:06 +00:00
Colin Walters
2e5848c5f4 core: (refactor) Style cleanup for pkg cache state load
Avoid the `goto` by initializing the output variables directly early, so we can
do a full new style consistently. Prep for unified core work.

Closes: #1104
Approved by: jlebon
2017-11-15 23:27:06 +00:00
Colin Walters
b17af329bb passwd: Always break hardlinks for shadow,gshadow, handle no merge
Prep for unified core 🌐.  First, right now `shadow-utils` always opens those with
`O_RDWR`, so let's break those links even if we don't have `usr/lib/passwd`.

Also, while not strictly requried, let's also handle the `merge_passwd_dir`
being `NULL`, as that happened when I was trying a variant of this patch.

Closes: #1098
Approved by: jlebon
2017-11-14 16:35:28 +00:00
Colin Walters
78bd4d6c64 core: Always process usr/etc/passwd
Prep for unified core 🌐. Here we don't have `/usr/lib/passwd` at the start, but
we still want to load the `usr/etc` copies for processing rpmfi overrides.

Closes: #1098
Approved by: jlebon
2017-11-14 16:35:28 +00:00
Colin Walters
5735e23a0f core: Use ADD_FILES checkout mode for "setup"
Prep for unified core 🌐.  On the treecompose path we inject
`/usr/etc/passwd`, and trying to overlay the setup package on top
with the default `UNION_IDENTICAL` fails.

This is obviously a hack; but I can't think of a way to do this significantly
better. (We could do a DB query for the owner of `/etc/passwd`, but eh.)

Closes: #1098
Approved by: jlebon
2017-11-14 16:35:28 +00:00
Jonathan Lebon
00fab1ec23 compose CLI: fix --repo consuming two arguments
I was trying to figure out why:

    rpm-ostree compose tree --repo repo/ manifest.json

would result in:

    error: opendir(manifest.json): No such file or directory

It turned out to be because we had `--repo` in *both* the `install`
options and the `commit` options. This makes sense since both these
subcommands need to be given a repo. However, in the `tree` case, we
were adding both arrays, which meant we inherited two `GOptionEntry`s
for `--repo`. This confused glib2 which consumed not one but two CLI
arguments when looking for the argument associated with `--repo`.

Our CI didn't notice this because it uses the `--repo=foo` notation,
which doesn't throw off glib2.

Fix this by factoring out the `--repo` option into a separate array so
that in the `tree` case, it only gets added once. Exercise the fix in CI
by using the two argument notation for `--repo`.

Closes: #1101
Approved by: cgwalters
2017-11-13 14:13:27 +00:00
Jonathan Lebon
bace3168ec build: allow git describe versioning in worktrees
In git worktrees, `.git` is not a directory but a regular file
containing the path to the real git directory. This was causing us to
not use `git describe` in the versioning info, which is really useful to
sanity check that you're running the code you think you're running. Fix
this by just checking that a `.git` entry exists.

Closes: #1102
Approved by: cgwalters
2017-11-13 13:48:58 +00:00
Colin Walters
d637bedf3e passwd: Don't use alloca() in a loop
Even if it's a very small loop.

Closes: #1088
Approved by: jlebon
2017-11-10 20:04:16 +00:00
Colin Walters
5a762dd458 lib: Hoist "break single hardlink" API to util.c, use in passwd
The passwd code can reuse the "break hardlink" function we had in the core; lift
it to `util.c`.

Closes: #1088
Approved by: jlebon
2017-11-10 20:04:16 +00:00
Colin Walters
bc49ec2e1c lib/db: Port to new style
No functional changes, and not prep for anything. Was just reading this code
during my jigdo work.

Closes: #1100
Approved by: jlebon
2017-11-10 18:03:14 +00:00
Colin Walters
07969136f2 lib/scripts: Only log to journal if stdout is already the journal
The jigdo work is turning into "partial unified core 🌐" (mostly due to SELinux,
but that's an aside); we made a change here previously to avoid using
the journal if `uid != 0`, but it's more correct to check whether or
not we're already using the journal.

Concretely this fixes calling `rpmostree_context_assemble_tmprootfs()` as uid 0
inside my dev container, running `rpm-ostree compose commit2jigdo`.

Closes: #1084
Approved by: jlebon
2017-11-09 03:36:23 +00:00
Colin Walters
516588d4f7 core: Use tmpdir in ${repo}/tmp for SELinux relabeling
Needed for unified core work for the treecompose side; there
`/var` may not actually be on the same mount as the repo.

Do what we do in a ton of other places (and should probably push
into ostree somehow): allocate a tmpdir in `${repo}/tmp`.

Closes: #1095
Approved by: jlebon
2017-11-09 03:15:26 +00:00
Colin Walters
b3267eb336 scripts: Ignore nfs-utils.post
The maintainer can't apparently be bothered to review my patch,
and we don't need the `%post` anyways - and this is now blocking
my jigdo work.

Closes: #1092
Approved by: jlebon
2017-11-08 16:00:20 +00:00
Colin Walters
94a1776fe7 unpacker: Error out when trying to install RPM in /usr/local
This came up with `https://developer.download.nvidia.com/compute/cuda/repos/rhel7/x86_64/cuda-license-9-0-9.0.176-1.x86_64.rpm`.
Reported by @dustymabe on IRC.

Closes: #1090
Approved by: jlebon
2017-11-08 03:56:20 +00:00
Colin Walters
407bfd5bc1 Lift 'override' out of experimental
We have a *lot* of experimental functionality.  I think the
`override` bits are fleshed out enough now that we can lift
the `ex` designation.  For example, jlebon fixed SELinux
labeling in the presence of override-replace.

Closes: #1089
Approved by: jlebon
2017-11-08 03:35:08 +00:00
Colin Walters
7ea2a5afce (refactor) Move pkgcache helper function to sysroot-core
Trying to drain the `util.c` file; this one lives more logically
there.

Closes: #1086
Approved by: jlebon
2017-11-08 03:11:36 +00:00