IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Since we now run everything uninstalled, we can't expect the tmpfiles
conf file to be installed. We add an env var that will allow us to tell
rpm-ostree to look elsewhere. This is then used in test-compose.sh.
Closes: #304
Approved by: cgwalters
GPG signing an RPM doesn't change its NEVRA, and we need to support
detecting the case when RPMs change from unsigned to signed (or vice
versa).
It's also quite common for local developers to rev RPMs without
bumping the release or whatever, so this will fix that too.
Closes: #291Closes: #296
Approved by: jlebon
Some code changes in the package layering broke this to always
error out with `refs are equal`.
Reading the code I was confused for a bit until it dawned on
me that `self->refspec` was the input, and we extracted the current
one in a different way. I ended up modeling it back on the last
working commit I saw (`9eabc1ba`).
That said the logic here could be cleaned up more...it feels like we
should just have a "dry run" flag for the rebase transaction core or
something. Anyways, going for a surgical fix now.
Closes: #299
Approved by: jlebon
I wanted to avoid yet another copy of the "generate tempfile name"
code, so moved it to libglnx:
https://github.com/GNOME/libglnx/pull/14
This also closes the TODO about deduping the "break one hardlink" code
with the "break all links in one dir" code. The core observation here
is that it's simpler to copy to a tempfile and rename over the
existing, rather than rename, create, unlink.
Closes: #293
Approved by: jlebon
This patch prepares RpmOstreeContext for supporting package layering. A
relabel operation is added as well to support relabeling imported
packages if the sepolicy of the rootfs we're overlaying onto is
different from during import.
Closes: #289
Approved by: cgwalters
- Delete unpack_to_dfd path
- Get rid of copynpaste stuff and use the newly reworked ostree
libarchive API which now supports the callbacks we need
Closes: #289
Approved by: cgwalters
This patch fixes up errors in the parent commit which added pkg-add.
Some of them are due to the rebase on top of the unprivileged
infrastructure.
- fix compile errors (due to libhif changes after rebase)
- delete duplicate prototype for rpmostree_sysroot_upgrader_deploy
- include allow-older in flags type
- fix change_upgrader_refspec to use g_strdup() (this was causing the
wrong old refspec to be registered)
- in builtin-status.c, check for NULL before joining the packages array
- sysroot-upgrader: fix gtype function names
- roc_context_prepare_for_root(): delete unused param
- assemble_commit(): delete unused param
- RpmOstreeSysrootUpgraderFlags: fix docs
- Fix sysroot property name and add reboot opt
Closes: #289
Approved by: cgwalters
This builds upon the earlier prototype in
https://github.com/cgwalters/atomic-pkglayer
The `.origin` file says for a replicated installation:
[origin]
refspec=local:rhel-atomic-host/7/x86_64/standard
If you then run `rpm-ostree pkg-add strace`, it will result in a new tree with:
[origin]
baserefspec=local:rhel-atomic-host/7/x86_64/standard
[packages]
requested=strace;
Work still remaining here is to teach `rpm-ostree status` and
`rpm-ostree upgrade` about this.
Closes: #289
Approved by: cgwalters
This works around a potential issue with libsolv if we go down the
rpmostree_get_pkglist_for_root() path. Though rpm has been using the
/usr/share/rpm location (since the RpmOstreeContext set the _dbpath
macro), the /var/lib/rpm directory will still exist, but be empty.
libsolv gets confused because it sees the /var/lib/rpm dir and doesn't
even try the /usr/share/rpm location, and eventually dies when it tries
to load the data.
So we set the symlink now. This is also what we do on boot anyway for
compatibility reasons using tmpfiles.
This also means we don't have to do the /var/lib/rpm --> /usr/share/rpm
transition during the rootfs postprocess (but we still have to clean up
db and lock files).
Also get rid of the unused pkglist variable.
NB: I used the GFile & gs APIs to mesh with the surrounding code.
Closes: #290
Approved by: cgwalters
I'm trying to debug why I'm getting an older version of `docker`,
and it's useful to see the repository name we're getting something
from. Yum does this by default.
(Though we should probably consider column formatted output too
on a tty)
Closes: #282
Approved by: jlebon
Right now the `ostree.rpm` package always configures dracut to inject
the ostree setup via a conf file. But it's actually simpler and
cleaner to just have callers specify it explicitly.
https://bugzilla.redhat.com/show_bug.cgi?id=1331369Closes: #276
Approved by: jlebon
This comes from the tradition of yum repo files. It's significantly
easier for rpm-ostree users building multiple architectures if some
core templating for the treefiles is built in.
Otherwise, everyone needs to learn about a new wrapper tool for
rpm-ostree, and said tool would need to re-do the same "basearch"
evaluation that is already occuring inside libhif.
This commit also paves the way for introducing `${releasever}`
substitution.
NOTE: This depends on pending changes to libhif git.
Closes: #274
Approved by: jlebon
A future commit is going to change our parsing of the "ref" member in
treefiles, so ensure we only load it once early on in compose-tree.
We already looked up the previous commit there, so just pass it down
rather than reloading the ref.
Closes: #274
Approved by: jlebon
This will allow to copy arbitrary files into the rootfs, specifying something like:
"add-files": [["service.template", "/exports/service.template"],
["config.json.template", "/exports/config.json.template"]]
It is quite useful when building a container image.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #253
Approved by: cgwalters
If one does `rpm-ostree foo --bar`, one would expect to see
`Unknown subcommand foo`, not `Unknown option --bar`.
Closes: #267Closes: #270
Approved by: jlebon
Otherwise we `exit(0)`, but trip an internal warning.
We have so much copy/paste going on here, but let's fix the
bug first.
Closes: #261Closes: #262
Approved by: giuseppe
Because `hif_source_get_location()` is actually a reference to the
upstream repo, we shouldn't create a cache directory there.
This is just a two line fix, but I changed some things so that we keep
track of the number of local packages, in order to make the "Need to
download" print accurate.
We still need to add them (confusingly) to the `packages_to_download`
because that's also used for the container path which imports them.
Closes: #255Closes: #256
Approved by: jlebon
It's not really baked, totally undocumented etc. Let's leave it in as
a tech demonstration for people who saw my Devconf.cz talk, but that's
it for now.
Pull request: #248
Approved by: jlebon
The fact that we didn't notice this is a testament to the state of
testing =(
I think I want to change the container build path to also only
grab /usr and /etc rather than having the paths be different,
but for now - the quick fix.
Pull request: #243
Approved by: jlebon
I was tracking another regression where we seem to have lost
`/usr/etc` contents which manifested as `Labeling with... (null)`
which was clearly wrong.
Now this change actually impacts the test suite - we now (again IMO
correctly) error out if `selinux: true`. The `no-selinux-tag` test
no longer makes sense, so delete it.
We do need more "real" tests that use selinux on and off.
Pull request: #243
Approved by: jlebon
The new context methods recently added for unprivileged infrastructure
would set the ostreerepo member when calling new_unprivileged(). Since
here we will be using the sysroot repo, we need the ability to set the
repo. Just add a new set function for now, maybe move it into
new_system() later.
Also, make sure we dereference the repo on finalize.
Pull request: #240
Approved by: cgwalters
There will be cases where we don't actually want to tag a ref on the
final assembled commit. This will be true for package layering.
Pull request: #240
Approved by: cgwalters
We allow the "repos" key to be missing, which just means that we let
libhif do its job, i.e. automatically use the repos in repodir that are
enabled.
We still do a check in rpmostree_context_setup() to make sure that at
least one repo is functional.
Pull request: #240
Approved by: cgwalters
It's expected to be able to switch to something different when
rebasing, even if the current origin has unconfigured-state.
Closes#232
Pull request: #238
Approved by: jlebon
libgsystem has long been deprecated, so this is a small step for man,
and not really a gigantic leap at all for anyone but hey, at least I
changed something in git today.
While I was debugging the tests, I wanted to run the daemon
interactively under gdb but still on the session. In our previous
logic this was only possible if we were exec'd by dbus-daemon which
made attaching gdb annoying.
Let's honor the environment variable consistently on client and
server.
This was a semantic change could potentially impact a lot of users who
weren't aware of the new '77 == unchanged' status and would treat it
as an error.
We retain the 77 for `--check` as I feel it's likely fewer people were
scripting that, and the ones that were would more quickly adapt to the
change.
As part of this, change the logic for detecting a change to be more
explicit by comparing the defaults. I think this will fix a potential
bug where we could get a property change notification even if nothing
changed.
Now that the internal reading methods operate on the mainloop, and we
know there can only be one write transaction at a time, it should be
safe to drop the internal mutexes (and multithreading).
Updates to the `OstreeSysroot` instance and DBus API all happen off
the mainloop now. The write transactions now use a separate
`OstreeSysroot` instance, and do not perform any changes to process
state on their own. We always reload state from disk.
I think this is a lot simpler to reason about from a correctness point
of view, at a likely negligble loss in performance for read
transactions.
I'd like to move towards a model where internal worker threads don't
touch the "main context data", i.e. we only use message passing (via
main contexts). This means we wouldn't use a mutex.
I find this model to be significantly simpler to reason about.
Every transaction runs in a thread now, and there's no real drawback
to consistently creating a main context to go with it always. Most
of the transaction types now do a pull, which needs it.
Now that we have `ostree_sysroot_load_if_changed()`, we know more
precisely (and cheaply) when things change. Use inotify to detect
changes as before, but we don't need a timeout because all we do is
call `fstatat()` which is basically free; the inode is going to be in
memory.
This will hopefully help with
https://github.com/projectatomic/rpm-ostree/issues/220
but more investigation is needed.
We were loading the list of osnames by walking the FS, but it's a lot
simpler to just extract the set of known osnames from the deployment
array.
This is part of an effort to unify the "sync cached state with disk"
code in order to address race conditions.
We can't rely on the the GLib hash functions not changing (or being
stable across host systems). Basically here we have a "stringified"
deployment...it might be simpler to just declare this stable.
For the columns that can vary in width, check that the minimum width of
the column is at least the length of the column header. Otherwise, we
can run in a situation where some columns are stuck to each other. The
trivial strlen() should be optimized to a constant by the compiler.
There are many reasons why the daemon may not be able to start up. An
initialization error doesn't/shouldn't reflect a programming mistake,
but instead a runtime issue in the environment.
Thus, if we fail to start the daemon, we shouldn't use g_error(), which
dumps core. We should instead print the GError and clean up as nicely as
we can.
Resolves https://github.com/projectatomic/rpm-ostree/issues/194.
Right now we're doing the /etc -> /usr/etc inside the RPM import, but
we might as well do the /usr/local bits in both. Also, use
/usr/share/rpm by default for treecompose too so that is unified.
Other things like systemd unit files and kernel handling are only
going to be used for host side composes.
I debated config file formats a lot. JSON is fairly awkward for
humans to write, and really painful to parse from C. YAML is nice,
but also painful from C.
Both are fairly overpowered for what we really need. Keyfiles
(desktop spec, `GKeyFile`) have a lot of limitations, but at least
it's used by systemd and `.desktop` files, and we already have a
parser.
We still parse the JSON treefiles, but internally convert them to
`GKeyFile` (which is in turn converted to `GVariant` for a canonical
form).
This is just a tech demo. Example usage:
```
mkdir -p ~/.cache/rpmostree-containers
cd ~/.cache/rpmostree-containers
rpm-ostree container init
cp /etc/yum.repos.d/CentOS-Core.repo rpmmd.repos.d
rpm-ostree container assemble bash
rpm-ostree container assemble httpd
```
This is in preparation for `rpm-ostree container`, which handles
unpacking RPMs as non-root.
At the moment, I'm copying code in from both ostree's libarchive bits
(fixable...may need to export some utility functions) and some
functions from libhif (harder, see:
http://lists.rpm.org/pipermail/rpm-ecosystem/2016-January/000297.html )
There's lots more cleanup to do here, but I don't want to block on the
resolution of the libhif changes.
This is part of taking over from librpm. The most important high
level goal is fully unprivilged operation.
Right now we're basically starting to do what
http://libguestfs.org/supermin.1.html does, except in C, and
faster.
There's no reason that `compose tree` should require privileges.
However right now, things like `%post` scripts will want to run in the
target root - so we'd have to require `linux-user-chroot`.
Regardless of unprivileged operation though, another major thing we
can do is use our control over the unpacking process to do a lot more
sophisticated caching. We can build up a precise mapping of (rpm
ENVR, file path, selinux label) -> object and avoid rechecksumming
each time.
And even for files that aren't known, we can parallelize commit with
unpacking, etc. (Ok assuming treecompose-post won't mutate anything).
I'd like to experiment with different things that end up
reusing chunks of the rpm-ostree internals, such as libhif, the
helpers we already have around RPM, etc.
In this particular case I'm experimenting with unpacking/committing
RPM packages as non-root. Eventually most of this should end up as
internal private shared library, but it's convenient to have an
ABI-unstable and hidden "internals" command to run things directly.
This commit though just adds the scaffolding for "internals".
As we start to do more package things, extract common helper functions
around HifContext * that by default operates on the system root.
Some of these bits should go in libhif, but the immediate plan is to
iterate here, then push downwards later.
Besides porting GFile -> fd, I specifically want it to operate in an
append mode for package layering. Then given an existing tree, we
ensure we're not deleting the underlying tree's autovar files.
Encountered a couple crash scenarios:
1) A commit with an invalid timestamp trips an assertion. Instead
show the timestamp as "invalid".
2) If a deployed commit is unsigned, the daemon will not include a
"signatures" array in the deployment's GVariant representation.
The logic for --pretty was assuming the "signatures" array is
always present.
Determines a revision argument to either be a SHA256 checksum or a version
metadata value.
The revision string may have a "revision=" prefix to denote a SHA256
checksum, or a "version=" prefix to denote a version metadata value. If
the revision string lacks either prefix, the function attempts to infer
the type of revision. The prefixes are case-insensitive.
rpm-ostree upgrade --preview - Just preview package differences,
like deploy --preview
rpm-ostree upgrade --check - Just check if an upgrade is available
In both cases, the exit codes are 0 (upgrade available), 77 (no upgrade
available) and 1 (error).
The --check-diff option still works but is deprecated and not shown in
the --help option listing.
Don't remember why we're not using the daemon for this, but I already
went to the trouble of writing rpmostree_print_package_diffs() for the
"deploy" command. Use it here as well.
rpmostreed_commit_generate_cached_details_variant() returns NULL if the
origin checksum of an OstreeDeployment matches the checksum of a refspec,
which may also be the OstreeDeployment's origin.
I don't understand the reasoning for that, especially since none of the
callers are prepared to deal with a NULL return. Nor is there a comment,
so remove the check.
This was making the daemon crash on
rpm-ostree deploy --preview <current-deployment-checksum>
which should just indicate no package differences.
Deploy method locks the deployment at a particular commit by adding an
"override-commit" line to the origin file.
Upgrade method must undo the override so we always upgrade to the latest
available commit.
Deploy(revision) pulls and deploys a particular revision on the
branch of the currently booted deployment. The revision can be
expressed as a SHA256 checksum or as a version metadata value.
Similar to rpmostreed_repo_lookup_version(), except without pulling from
a remote repository. It traverses whatever commits are available in the
local repository.
rpmostreed_repo_pull_ancestry() downloads an ancestry of commit objects
starting from a given refspec. An optional visitor function is called
for each commit object. The visitor function can stop the recursion,
such as when looking for a particular commit.
rpmostreed_repo_lookup_version() builds on this by supplying a visitor
function that examines commit metadata for a particular version value.
When the version value is found, the commit's checksum is returned to
the caller.
Change the command callback return type to integer, so commands can
return a custom exit status. Usually it should be EXIT_SUCCESS (0)
or EXIT_FAILURE (1).
This should help to generate the same initrd when the files didn't
change.
Newer versions of gzip (or pigz when available) can generate rsync
friendly files and if present, Dracut already takes advantage of it.
Also use --reproducible, to instruct Dracut to generate CPIO
reproducible files. It is required a version of GNU CPIO that
has support for it.
Check that Dracut has --reproducible in its --help output before
setting it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Otherwise the `umount()` will always fail. This hasn't been a problem
so far while running in a external container (docker/systemd-nspawn),
but is when running in `mock` because it doesn't set its namespace to
be private.
This should help Fedora's Bodhi, which uses rpm-ostree inside mock.
Allows clients to see version, timestamp
and other detailed information along with
the rpm diffs for cached updates and rebases.
This will be used by the Cockpit interface.
Adds a CachedUpdate property that allows clients
to see version, timestamp and other detailed
information for pending updates. Additionally
changes to this property signal clients that a
new rpm-diff can be fetched with GetCachedUpdateRpmDiff.
This will be used by the Cockpit interface.
Various OS "diff" methods can run concurrently with whatever else is
going on since they don't have to obtain the system root lock.
Just to make sure there's no conflicts when writing deployments or
downloading RPM package details, use an internal reader/writer lock
to protect the critical sections of upgrade, rebase, rollback, etc.
Create and load a new OstreeSysroot and OstreeRepo instance as needed.
This ensures its internal state is up-to-date, since several ostree
commands can alter stored state without the daemon's knowledge.
I would prefer keeping persistent instances if these issues can be
addressed, as it would eliminate some inconvenient error handling.
But this way is safer for now.
Having the OS.Upgrade() and OS.Rebase() logic flows conflated in the
daemon had me nervous. A day's worth of debugging a failing test case
proved that nervousness well-founded. Split them into distinct backend
operations.
So the client side can read it back.
This replaces the GObject "sysroot-path" property in the wrapper class,
which created some additional daemon refactoring.
This closes a race condition where the objects might not be exported
by the time clients call methods.
Also delete the code in the "on name lost" handler - it's not going to
happen in practice (we don't allow replacement), and causes issues as
it may be run first before we get the notification that the name is
owned. github.com/cockpit-project/storaged has some better code here
which we could copy later.
This then in turn allows us to delete the "hold"/"release"
infrastructure. Basically the daemon will live forever in the
process.
If a client makes a request that is identical (that is, same method name
and same parameters) to an ongoing transaction, return the bus address of
that transaction. The client can then "tune in" to the progress messages.
(Remember the Transaction.Start() method returns a boolean to distinguish
a newly-started transaction from an ongoing transaction.)
The driving use case for this is a dropped ssh connection during a long
running transaction -- like "upgrade" -- and being able to reattach to
the transaction's progress messages mid-stream.
Few things to note:
- Cancelling a transaction no longer immediately destroys it.
- Transaction is destroyed when finished (or cancelled) and has
no client connections.
- If a client attaches to a finished transaction and calls Start(),
the transaction will re-emit the Finished signal to that client.
- The transaction bus address is not yet shared across multiple
clients, so multiple connections doesn't actually work from the
outside yet. It's just supported internally.
Change the ActiveTransaction property from the bus address of the active
transaction to a string tuple: (method name, sender name)
The bus address was only a placeholder, and not very useful since each
transaction only accepts one connection (presumably the method caller).
The current policy is to only allow the root user access to the Sysroot
and OS interfaces, but this can be expressed in the static bus config.
The long-term intention is to integrate with PolicyKit. Leave comments
in the code stating so but remove the unnecessary authorization handler
for the time being, just so there's less code to review.
Since the daemon can detect when the client closes its peer-to-peer
connection, simplify the API by converting the Finish() method to a
Finished signal that is only emitted once.
Internally, add a "closed" signal to transactions (triggered by a
closed GDBusConnection), and have the transaction monitor use that
instead of "finished" to know when to dispose of the transaction.
Because peer-to-peer endpoints don't get assigned unique names, the
sender == owner check is rendered useless. But I'm not sure we even
need a check since the transaction *is* peer-to-peer now.
One way to secure the returned bus address from prying eyes would be
to employ GcrSecretExchange, but this would only complicate the hand-
shake further and (imo) necessitate a public client-side function to
implement the handshake correctly.
Transaction progress and message signals are really only intended for
one recipient: the client that invoked the method. Use a peer-to-peer
connection for transactions so we're not spamming the system bus.
This entails returning a bus address rather than an object path in
methods that use transactions. The client opens a connection to the
bus address, connects handlers to the Transaction interface (on path
"/"), and then invokes the Start() method.
To finish a transaction, the client need only close the connection,
either explicitly or by terminating. The server will detect this
and clean up resources for that transaction.
Implementing a template pattern for transactions.
The TransactionClass is now abstract, and transaction_new() is replaced
with various method-specific functions like transaction_new_upgrade().
These custom subclasses live in a new file transaction-types.[ch].
Further, transaction_monitor_new_transaction() is replaced with
transaction_monitor_add(). So the handlers for "OS" interface methods
need only create an appropriate transaction instance and hand it off to
the transaction monitor.
Move as much as possible out of transaction_new() for the benefit of
subclasses. The GDBusMethodInvocation property for setting up D-Bus
properties and name watching in the constructed() method.
Turns out we do still need a Start() method after all. Not for lack
of trying, but I can't get away from the client and server doing some
sort of handshake at the beginning to avoid either raciness on the
client side or artificial delays on the server side.
I don't particularly like the "start" signal I've added -- I'd much
prefer subclassing -- but I'm trying to keep the changes incremental.
Expose the instance and class structures, move instance members to a
private structure. This is also towards having the TransactionClass
follow a template pattern.
libostree logs messages to systemd's journal and also to stdout.
Redirect our own stdout back to ourselves so we can capture those
messages and pass them on to clients. Admittedly hokey but avoids
hacking libostree directly (for now).
The ProgressEnd signal indicates to clients there will be no more
DownloadProgress or SignatureProgress signals in the transaction,
and any further Message signals should be output as separate lines
instead of replacing the previous progress message.
In other words, it's just a way of driving GSConsole remotely.
In the style of ostree's CLI, add some option parsing flags
RPM_OSTREE_BUILTIN_FLAG_NONE
RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD
and extend rpmostree_option_context_parse() to handle the --sysroot and
--peer options and return an OstreeSysroot proxy object (unless the flag
RPM_OSTREE_BUILTIN_FLAG_LOCAL_CMD is passed).
If g_dbus_connection_get_unique_name() returns a name, we're connected
to a message bus. Otherwise we're connected directly to a peer.
Remove redundant "out" parameters from DBus helper functions.
A few changes:
- Modify the D-Bus API to include a Finish() method instead of a Start()
method, the idea being the client calls Finish() to obtain the final
status and optional message once the transaction indicates it's done.
Calling Finish() also removes the transaction object from the bus.
- Introduce Transaction class as a thin wrapper for RPMOSTreeTransaction.
Stores the status info for Finish(), detects when the caller's bus name
vanishes, and emits various status signals to TransactionMonitor.
- Introduce TransactionMonitor as a factory class for Transactions that
also handles book keeping chores like tracking the active Transaction.
The Sysroot and OS interfaces share a TransactionMonitor instance.
This isn't finished yet but it shows the direction I'm going and some
issues I'm encountering.
The CLI layer has 3 different versions of upgrade now:
1) If --check-diff is given, execute it locally regardless of sysroot.
I'm not convinced this variation needs to be executed in the daemon,
but if it does we need a separate D-Bus method since it produces
different results.
2) Else if --sysroot is not "/", execute it locally. I don't think
the daemon currently indicates what sysroot it's operating on, and
even if it did I'm not sure the CLI should be talking to anything
but the "/" daemon.
3) Else if --sysroot is "/", defer to the daemon.
Obviously there's a lot of unwanted code duplication going on here.
I'd like to factor out the common parts and put them in libpriv for
reuse, but I'm also trying to preserve the CLI behavior and all the
various g_print() calls are causing a problem.
I was toying with the idea of adding a "message" signal to
OstreeAsyncProgress for miscellanous status messages. Those signals
could then be handled by either printing the message to stdout or
transmitting it over D-Bus via the Transaction object.
Some of those g_print() messages could then be moved directly into
the common libpriv functions and handed off to OstreeAsyncProgress.
Returns the object path for the given OS name.
This can be done entirely client side, but it requires connecting to
the object manager interface, requesting all the objects and sifting
through them to find the one with a matching Name property.
For some use cases this method is just more convenient.
Creates, configures and exports an RPMOSTreeTransaction object from a
GDBusMethodInvocation. The interface is exported relative to the object
path on which the D-Bus method was called.
Bodhi points rpm-ostree at the "gold" Fedora repo via `file:///`, and
libhif is brokenly checking the mtime on `file://` repos.
Work around that here by just ignoring cache ages, because at present
we don't actually cache really - we drop the RPMs in the tempdir.
(Long term having actual caching of the RPMs would be nice, but
we can revisit this when we get there)
Closes#156
Someday we'll enhance RPM; see
https://github.com/rpm-software-management/rpm/issues/8
But anyways right now at least a few people have tried,
and we get all the way past downloading packages and then bomb
out when doing the actual transaction with a useless error
message.
So let's be up front about this.
This change causes the subcommands to be sorted alphabetically when
'rpm-ostree' is invoked without an argument or with '--help'. This
matches the behavior of the 'ostree' command.
This API was added to libhif a while ago. I'm adding this now because
libhif was changed recently to write the dnf copy of the yumdb, and we
didn't have code to remove it explicitly.
It's better not to write it in the first place.
We noticed that tree composes failed with a missing `atomic` package,
when really what happend is Fedora 22 was released and the repo
metadata moved from `development/` to `released/`.
See https://github.com/hughsie/libhif/pull/47
- Can also give you a file descriptor
- Takes a constant string as input, returning a mutated string as a
separate variable which means that one can check whether the variable
is `NULL` to know whether or not one needs to `rm -rf` it on error
paths.
The refsack code was using the latter, and it stood out. Now that
we're making use of explicit export markers, there's no need to uglify
internal APIs with a leading `_`.
While `rpm-util.c` may not best describe this, it's where most
of this code is ending up. Let's further centralize things.
We more consistently return an `RpmOstreeRefSack` instead of a
`HySack`, where the former supports refcounting and knows how to clean
up its temporary directory if it was allocated from a commit.
And now, finally the actual goal is achieved. \o/
Only one code path dealing with extracting the rpm database from an
OSTree commit.
An astute reader would notice that the `root` member of the struct was
actually only necessary as of a few commits ago. But said astute
reader would also realize it's kind of late in the evening and not
worth rebasing it to where it would properly go.
hawkey and libsolv are both patched to look in `usr/share/rpm` if the
db can't be found in `/var/lib/rpm`. However, librpm itself isn't.
One *can* override it with a macro...which is process global. Yuck.
Needs fixing.
Anyways, we can just make a symlink. That's a lot easier than writing
a patch for librpm and waiting a billion years to be able to use it
everywhere we care about.
This will help unify the librpm tempdir code with the hawkey tempdir
code.
As far as I can tell, this is basically a way to specify the temporary
directory. That significantly complicates the code as it now
needs to keep track of whether or not it owns the temporary directory.
This hinders unifying this code with the hawkey query path.
Because of this, and since I'm not aware of a use case for specifying
this tempdir, let's remove it.
It was only used to access the yumdb, which we don't use because:
- It badly exacerbates the OSTree one-HTTP-request-per-object issue
- We're assembling multiple repos on the server side, so things like
who took the action aren't relevant.
But the reason I did this patch at the moment is because I want to
unify the code that's creating tempdirs from commits so we can feed
real files to librpm.
For a future patch, I want to add an API to get an rpmts for a commit,
instead of a hawkey Sack, because libsolv doesn't expose some
optimized queries that we can get by just going directly to librpm,
such as package file owners.
We had `src/lib` having its own little private library; I wanted to
use some of it inside `src/libpriv`, so let's consistently have all
private utility code in `src/libpriv`.
Closes: https://github.com/projectatomic/rpm-ostree/pull/147
Equivalent to hy_package_cmp(), but works for comparing packages from
different memory pools.
This a stop gap measure in light of
https://github.com/rpm-software-management/hawkey/pull/90
If and when that pull request gets merged, then this function could at
some later point simply call hy_package_cmp().
This is a step forward to deduplicating; the client tooling now calls
into the public API for diffs, rather than using the older internal
function.
Note: this patch also links the client against the public library.
This is a *third* implementation of rpm database diffs in the code,
but it is now a public introspectable shared library API.
Further commits will change the command line tools to use this, and
then after that we'll further deduplicate the `db diff` from this
code.
On the plus side, we share some code between the library and the
binary now. On the downside, because `librpmostreepriv.la` is a
noinst library, its code text is duplicated between the shared library
and binary, at least until we either:
- Have the binary solely use the public shared library (like ostree does)
- Install `librpmostreepriv.so` to e.g. `/usr/lib64/rpm-ostree/librpmostreepriv.so`
without the headers being public
We presently have 3 internal code paths that are doing rpmdb
inspection. This conversion to fd-relative for one of them is a
generic cleanup preparatory to de-duplicating.
Note this bumps libglnx to include
381ca54ee3
The file is automatically populated by systemd when it is empty.
Apparently it doesn't work when the file is missing (as of
systemd-219-9.fc22).
https://bugzilla.redhat.com/show_bug.cgi?id=1198700
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In pretty mode (--pretty), print signatures for each listed deployment.
Otherwise, just print signatures for the booted deployment at the end to
preserve the tabular formatting of the deployment list.
The `QueryResult` class ended up being too awkward; having NEVRA
strings meant for example that clients would have to parse them. It
would be harder to present something like the current `rpm-ostree
upgrade` package diff output.
Now...I debated quite a while before doing this patch. The thing
that's really awful about creating this library is there are *SO MANY*
layers. rpm-ostree → libhif → hawkey → libsolv → librpm. It's enough
to make one question whether one is actually accomplishing anything or
just contributing to a collective insanity...
Let's pretend for now it's the former.
Closes: https://github.com/projectatomic/rpm-ostree/pull/136
This will help build release engineering and other types of tools;
for example, rather than parsing the output of `db diff`, one
should be able to call an API.
Initially, this adds the generic infrastructure for a public shared
library, with a new function call to do the equivalent of `rpm -qa` on
a particular OSTree commit.
Closes: https://github.com/projectatomic/rpm-ostree/issues/117
Closes: https://github.com/projectatomic/rpm-ostree/pull/124
It breaks at least `/etc/resolv.conf` inside Docker. The right thing
here is to run all things involving networking (librepo) as an
unprivileged process with different constraints than the rpm installs.
We currently have an internal-only library, but the sources for it are
in the same dir as the app. For future work on a public shared
library, we'll need a clearer source structure.
Start by just renaming the app files into `src/app/`, and the internal
private library into `src/libpriv/`, with the appropriate
`Makefile.am` changes.
Closes: https://github.com/projectatomic/rpm-ostree/pull/123
The high level goal is to deprecate libgsystem. I was trying to share
code between ostree/rpm-ostree, but it was too painful to commit to
forver frozen ABI for new utility APIs.
The git submodule approach will much more easily allow breaking
API/ABI, and iterate on APIs until they either land in GLib or not.
Note that libglnx will not use GFile*, so a full port to it will
involve also not using that. Thus, it will be necessarily
incremental; in the meantime we'll link to both libgsystem and
libglnx.
This is a convenient way for external tools to integrate rpm-ostree
better into automation. With the caching, it's now cheaper to
just rerun rpm-ostree if you know an input yum repository changed,
or just on a timer.
Then one can use this flag to determine whether or not to launch any
further processes after rpm-ostree, such as disk image generation,
test suites, etc.
With yum, we would have had to make a custom Python app to cleanly
separate the fetch metadata/depsolve phases from installation.
Now that libhif/hawkey gives us that, make use of it by exiting after
depsolve if the previous compose has the same package set, and the
treefile is the same. This saves a fairly substantial amount of time
and I/O, and makes it much more palatable to simply run the compose
tool on demand in response to say repo regeneration notifications.
A further important note; --cachedir is no longer used; we store the
inputhash in the OSTree commit metadata itself.
There are a lot of advantages to this. See the linked issue
for more details, but briefly:
- Lays the groundwork for package layering
- Better caching (exit compose after depsolve if no changes)
- Better error handling
- Potential for unprivileged package downloads
- Potential to better containerize installs
TODO:
- langs handling
- progress output
Closes: https://github.com/projectatomic/rpm-ostree/issues/53
