Commit Graph

3791 Commits

Author SHA1 Message Date
dependabot[bot]
970a85844b
build(deps): bump libdnf from fefe0b6 to 1b9efdc
Bumps [libdnf](https://github.com/rpm-software-management/libdnf) from `fefe0b6` to `1b9efdc`.
- [Release notes](https://github.com/rpm-software-management/libdnf/releases)
- [Commits](fefe0b69e8...1b9efdcb7e)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-24 05:50:03 +00:00
Jonathan Lebon
da84ab872c
Merge pull request #2827 from cgwalters/client-cliwrap
Add support for `rpm-ostree deploy --ex-cliwrap=true`
2021-05-19 15:57:41 -04:00
Colin Walters
d40434db47 Add support for rpm-ostree deploy --ex-cliwrap=true
This is a better alternative to https://github.com/coreos/fedora-coreos-config/pull/830

Basically rather than trying to send this out to all FCOS users,
it's much saner to allow people to opt-in to it locally.

If we'd finished https://github.com/coreos/rpm-ostree/issues/2326
then this would be something as trivial as:
```
$ echo 'cliwrap: true' > /etc/rpm-ostree.d/cliwrap.yaml
$ rpm-ostree rebuild
```

Unfortunately that's not the world we live in, so a whole lot of
layers here need crossing to just propagate a boolean.  And it
interacts in a tricky way with our change detection code.

But, it works and will allow people to try this out.

Other fixed problems:

- Our `rpm --verify` wrapping was broken
- Dropping privileges clashed with the default directory being `/root`,
  so `chdir(/)` too
2021-05-19 14:42:18 -04:00
Colin Walters
79c3641166 daemon: If we can't figure out auth rule, use override
This is needed for `deploy --ex-cliwrap=true` which is kind
of like a local override.
2021-05-19 14:42:18 -04:00
Jonathan Lebon
11718b9715
Merge pull request #2841 from cgwalters/remove-more-rojig
Remove large chunks of rojig code
2021-05-19 10:51:21 -04:00
Jonathan Lebon
1a6eedf0e3 man/rpm-ostree: Document install --idempotent
This was brought up in #2830.
2021-05-18 17:32:35 -04:00
Colin Walters
562e03f7c1 Remove large chunks of rojig code
The inevitable followup to https://github.com/coreos/rpm-ostree/pull/2278
that I was too cowardly to do at the time.  But it's time to admit
the 2 months or so of work on this was wasted.  We have too much
tech debt and this is a large chunk of C/C++ code that touches everything
in the codebase in a nontrivial way.

Bigger picture, I'm going to work on
https://github.com/coreos/fedora-coreos-tracker/issues/828
which will strongly orient rpm-ostree towards the container world instead.
We'll still obviously keep the rpm package world around, but only
as a secondary layer.  What rojig was trying to do in putting "images"
inside an RPM was conflating layers.  It would have had a lot of
benefits probably if we'd truly pushed it over the edge into completion,
but that didn't happen.  Let's focus on containers instead.

There's still a lot more rojig code to delete but this first patch removes
the bulk of it.  Touching everything that references e.g. `RPMOSTREE_REFSPEC_TYPE_ROJIG`
etc. can come as a 3rd phase.
2021-05-18 17:31:36 -04:00
Luca Bruno
ba6a2acb4d
Merge pull request #2837 from lucab/ups/importer-var-lib-rpm
importer: align /var/lib/rpm handling
2021-05-18 15:09:26 +00:00
Colin Walters
54a011df40 Update to ostree-ext v0.1.2, add new ex-container command
This new `rpm-ostree ex-container` CLI is just code copied
from the `ostree-ext-cli container` binary code.  In the future
I may just add the CLI code as a library API too to simplify this.

For now, I don't want to try to add a new Rust CLI as an RPM
package for example.  This exposes it via rpm-ostree, and
in the future rpm-ostree may have some layering on top of this
anyways.
2021-05-18 09:51:35 -04:00
Luca BRUNO
62f311ba9b
importer: align /var/lib/rpm handling
This reworks the special-case handling of `/var/lib/rpm`, in order
to make it uniform across codepaths and outside of auto-tmpfiles logic.
It prepares for further oxidation and auto-tmpfiles codepaths unification.
2021-05-18 12:36:45 +00:00
Luca Bruno
38c25bfb75
Merge pull request #2834 from coreos/dependabot/cargo/serde-1.0.126
build(deps): bump serde from 1.0.125 to 1.0.126
2021-05-17 12:16:39 +00:00
dependabot[bot]
cd27dc3825
build(deps): bump serde from 1.0.125 to 1.0.126
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.125 to 1.0.126.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.125...v1.0.126)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 11:15:08 +00:00
Luca Bruno
3b33848d75
Merge pull request #2835 from coreos/dependabot/cargo/curl-0.4.37
build(deps): bump curl from 0.4.36 to 0.4.37
2021-05-17 11:14:07 +00:00
dependabot[bot]
a9aa742bc8
build(deps): bump curl from 0.4.36 to 0.4.37
Bumps [curl](https://github.com/alexcrichton/curl-rust) from 0.4.36 to 0.4.37.
- [Release notes](https://github.com/alexcrichton/curl-rust/releases)
- [Commits](https://github.com/alexcrichton/curl-rust/compare/curl-sys-0.4.36...curl-sys-0.4.37)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 08:11:26 +00:00
Luca Bruno
b2edfd94d4
Merge pull request #2832 from coreos/dependabot/cargo/subprocess-0.2.7
build(deps): bump subprocess from 0.2.6 to 0.2.7
2021-05-17 07:51:00 +00:00
Luca Bruno
3ef74fac0c
Merge pull request #2833 from coreos/dependabot/cargo/ostree-ext-0.1.2
build(deps): bump ostree-ext from 0.1.0 to 0.1.2
2021-05-17 07:42:51 +00:00
dependabot[bot]
275bf4a2bd
build(deps): bump ostree-ext from 0.1.0 to 0.1.2
Bumps [ostree-ext](https://github.com/ostreedev/ostree-ext) from 0.1.0 to 0.1.2.
- [Release notes](https://github.com/ostreedev/ostree-ext/releases)
- [Commits](https://github.com/ostreedev/ostree-ext/commits)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 06:05:20 +00:00
dependabot[bot]
e6d64586f2
build(deps): bump subprocess from 0.2.6 to 0.2.7
Bumps [subprocess](https://github.com/hniksic/rust-subprocess) from 0.2.6 to 0.2.7.
- [Release notes](https://github.com/hniksic/rust-subprocess/releases)
- [Commits](https://github.com/hniksic/rust-subprocess/compare/release/0.2.6...release/0.2.7)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-17 06:05:15 +00:00
Colin Walters
a6da3c08d4 passwd: Make default perms 0644
This matches the default from the RPM, and we don't want
the file to be writable if an admin adds a user to the `root`
group.  (Which IMO is just a bad idea, but
for historical reasons OpenShift suggests this for
images
https://docs.openshift.com/container-platform/4.7/openshift_images/create-images.html#images-create-guide-openshift_create-images
for example)
2021-05-13 17:49:07 -04:00
Luca Bruno
58684c43f1
Merge pull request #2823 from coreos/ups/release-steps
docs: update release steps
2021-05-11 19:12:23 +00:00
Jonathan Lebon
8cc31a20b2
Merge pull request #2816 from travier/rename-ext
*: rename master branch to main (for external projects)
2021-05-11 13:15:33 -04:00
Luca BRUNO
1e50821bcb
docs: update release step
This fixes the release instructions.
2021-05-11 16:11:36 +00:00
Timothée Ravier
aed0f194ad *: rename master branch to main (external repos) 2021-05-11 18:11:30 +02:00
Jonathan Lebon
195807870a
Merge pull request #2815 from travier/rename
*: rename master branch to main
2021-05-11 12:03:08 -04:00
Luca Bruno
2f75135d56
Merge pull request #2822 from lucab/release-2021.5
Release 2021.5
2021-05-11 15:09:07 +00:00
Luca BRUNO
c0081311dd
Release 2021.5
New release `2021.5`.
2021-05-11 13:56:26 +00:00
Jonathan Lebon
5d79fbf375
Merge pull request #2819 from jlebon/pr/skip-branch-validation
app/deploy: Add --skip-branch-check
2021-05-11 09:18:20 -04:00
Luca BRUNO
7c7d00421f libpriv/importer: move path-checking logic to Rust
This moves the path-checking logic to Rust.
Additionally it tweaks the /opt conditions to use absolute paths.
2021-05-10 19:49:18 -04:00
Jonathan Lebon
ffb8353b11 lockfile: Allow metadata field in locked packages
This field will allow humans to shove additional structured metadata
into lockfiles which could then be used by higher-level tools.

See: https://github.com/coreos/fedora-coreos-config/pull/965
2021-05-10 19:48:42 -04:00
Jonathan Lebon
771361d59b lockfile: Add missing serde(deny_unknown_fields)
Match the treefile spec and default to denying unknown fields.
2021-05-10 19:48:42 -04:00
Jonathan Lebon
18a00f2825
Merge pull request #2820 from Razaloc/fu2776
kargs: Simplify conditional statements
2021-05-10 11:46:09 -04:00
Rafael G. Ruiz
6d6ebd324d kargs: Simplify conditional statements
Follow-up for PR #2776
Simplify multiple if statements into one if  else statement

Signed-off-by: Rafael G. Ruiz <llerrak@hotmail.com>
2021-05-09 03:38:25 +02:00
Jonathan Lebon
7c1072f965 app/deploy: Add --skip-branch-check
In Fedora CoreOS, updates are driven by Zincati and we thus completely
trust the information it gives us. The branch validation rpm-ostree does
is thus not necessary. It's also harmful in the case where the node is
extremely out of date because it may not be able to GPG verify the
commit at the tip of the branch (because the GPG key isn't yet in the
tree).

See: https://github.com/coreos/fedora-coreos-tracker/issues/749
2021-05-07 17:45:09 -04:00
Jonathan Lebon
57250d11ab
Merge pull request #2813 from kelvinfan001/pr/detect-inactive-driver
app/clientlib: Don't error if updates driver inactive
2021-05-07 17:12:42 -04:00
Kelvin Fan
86cf6ad479 app/clientlib: Don't error if update driver "stopped"
If updates driver is registered but "stopped", ignore driver (i.e.
do not error out during deploy, rebase, ugprade).

We define "stopped" to mean the driver's `ActiveState` is not in
the following states: "active", "activating", "reloading", "failed".
2021-05-07 18:41:45 +00:00
Timothée Ravier
95de194f59 *: rename master branch to main 2021-05-07 16:12:45 +02:00
Timothée Ravier
c7bf08789d countme: Drop SELinux workaround/unpriv copy of rpm-ostree
The SELinux policy change has been merged and released upstream.

This reverts:
5d5ccf01 Install a temporary copy of rpm-ostree for unprivileged use
2021-05-07 08:41:22 -04:00
Jonathan Lebon
c05460380a treefile: Fix rpmdb backend casing
We're using `kebab-case` so serde translates capitalized letters like
`BDB` as `b-d-b`, which is not what we want here.
2021-05-06 15:49:21 -04:00
Luca Bruno
c29421c429
Merge pull request #2811 from coreos/dependabot/cargo/tracing-0.1.26
build(deps): bump tracing from 0.1.25 to 0.1.26
2021-05-06 14:00:15 +00:00
Jonathan Lebon
f33c2c8c6c
Merge pull request #2776 from Razaloc/exit-77
kargs: Add CLI switch --unchanged-exit-77
2021-05-06 09:41:42 -04:00
dependabot[bot]
5243f95ee2
build(deps): bump tracing from 0.1.25 to 0.1.26
Bumps [tracing](https://github.com/tokio-rs/tracing) from 0.1.25 to 0.1.26.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-0.1.25...tracing-0.1.26)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-06 12:55:18 +00:00
Luca Bruno
5b068dadfe
Merge pull request #2803 from coreos/dependabot/cargo/tracing-subscriber-0.2.18
build(deps): bump tracing-subscriber from 0.2.17 to 0.2.18
2021-05-06 12:54:23 +00:00
dependabot[bot]
29a5d3b2ad
build(deps): bump tracing-subscriber from 0.2.17 to 0.2.18
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.2.17 to 0.2.18.
- [Release notes](https://github.com/tokio-rs/tracing/releases)
- [Commits](https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.2.17...tracing-subscriber-0.2.18)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-06 10:54:53 +00:00
Luca Bruno
0d9a5dc1a3
Merge pull request #2804 from coreos/dependabot/cargo/cxx-build-1.0.49
build(deps): bump cxx-build from 1.0.47 to 1.0.49
2021-05-06 10:53:49 +00:00
Luca Bruno
5ce024676f
Merge pull request #2802 from coreos/dependabot/cargo/cxx-1.0.49
build(deps): bump cxx from 1.0.48 to 1.0.49
2021-05-06 10:53:24 +00:00
dependabot[bot]
221796a4ec
build(deps): bump cxx-build from 1.0.47 to 1.0.49
Bumps [cxx-build](https://github.com/dtolnay/cxx) from 1.0.47 to 1.0.49.
- [Release notes](https://github.com/dtolnay/cxx/releases)
- [Commits](https://github.com/dtolnay/cxx/compare/1.0.47...1.0.49)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-06 09:03:49 +00:00
dependabot[bot]
a6a73d9e38
build(deps): bump cxx from 1.0.48 to 1.0.49
Bumps [cxx](https://github.com/dtolnay/cxx) from 1.0.48 to 1.0.49.
- [Release notes](https://github.com/dtolnay/cxx/releases)
- [Commits](https://github.com/dtolnay/cxx/compare/1.0.48...1.0.49)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-06 09:03:40 +00:00
Rafael G. Ruiz
6246b990a9 kargs: Add CLI switch --unchanged-exit-77
The new switch will rise an exit code 77 if kernel args are unchanged

Closes: #1802

Signed-off-by: Rafael G. Ruiz <llerrak@hotmail.com>
2021-05-05 23:19:52 +02:00
Jonathan Lebon
13dcc5950b
Merge pull request #2799 from cgwalters/minor-treefile-cleanup
treefile: Minor cleanup of handle_repo_packages_overrides()
2021-05-05 16:50:54 -04:00
Colin Walters
73b9d2ff3b treefile: Minor cleanup of handle_repo_packages_overrides()
This isn't important at all, but I am just trying to up my
"Rust iterator and mapping" skills.  Here:

- In this case we always want to go from `Option<T>` to `Option<T>`,
  so instead of destructuring `Some()` back to another `Some()`
  we can use `as_mut()` to manipulate the inner vector directly.
- Now instead of destroying the inner `Vec<>` we need to use `drain()`
  instead
- And then we can just `extend()` with a reversed iterator from
  our explicit temporary
2021-05-05 15:52:52 -04:00