IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It's slightly prettier, but this is just laying some
groundwork/precedent for importing more systemd code and using it for
our formatting.
Closes: #295
Approved by: jlebon
Since we now run everything uninstalled, we can't expect the tmpfiles
conf file to be installed. We add an env var that will allow us to tell
rpm-ostree to look elsewhere. This is then used in test-compose.sh.
Closes: #304
Approved by: cgwalters
GPG signing an RPM doesn't change its NEVRA, and we need to support
detecting the case when RPMs change from unsigned to signed (or vice
versa).
It's also quite common for local developers to rev RPMs without
bumping the release or whatever, so this will fix that too.
Closes: #291Closes: #296
Approved by: jlebon
I wanted to avoid yet another copy of the "generate tempfile name"
code, so moved it to libglnx:
https://github.com/GNOME/libglnx/pull/14
This also closes the TODO about deduping the "break one hardlink" code
with the "break all links in one dir" code. The core observation here
is that it's simpler to copy to a tempfile and rename over the
existing, rather than rename, create, unlink.
Closes: #293
Approved by: jlebon
This patch prepares RpmOstreeContext for supporting package layering. A
relabel operation is added as well to support relabeling imported
packages if the sepolicy of the rootfs we're overlaying onto is
different from during import.
Closes: #289
Approved by: cgwalters
- Delete unpack_to_dfd path
- Get rid of copynpaste stuff and use the newly reworked ostree
libarchive API which now supports the callbacks we need
Closes: #289
Approved by: cgwalters
This patch fixes up errors in the parent commit which added pkg-add.
Some of them are due to the rebase on top of the unprivileged
infrastructure.
- fix compile errors (due to libhif changes after rebase)
- delete duplicate prototype for rpmostree_sysroot_upgrader_deploy
- include allow-older in flags type
- fix change_upgrader_refspec to use g_strdup() (this was causing the
wrong old refspec to be registered)
- in builtin-status.c, check for NULL before joining the packages array
- sysroot-upgrader: fix gtype function names
- roc_context_prepare_for_root(): delete unused param
- assemble_commit(): delete unused param
- RpmOstreeSysrootUpgraderFlags: fix docs
- Fix sysroot property name and add reboot opt
Closes: #289
Approved by: cgwalters
This builds upon the earlier prototype in
https://github.com/cgwalters/atomic-pkglayer
The `.origin` file says for a replicated installation:
[origin]
refspec=local:rhel-atomic-host/7/x86_64/standard
If you then run `rpm-ostree pkg-add strace`, it will result in a new tree with:
[origin]
baserefspec=local:rhel-atomic-host/7/x86_64/standard
[packages]
requested=strace;
Work still remaining here is to teach `rpm-ostree status` and
`rpm-ostree upgrade` about this.
Closes: #289
Approved by: cgwalters
This works around a potential issue with libsolv if we go down the
rpmostree_get_pkglist_for_root() path. Though rpm has been using the
/usr/share/rpm location (since the RpmOstreeContext set the _dbpath
macro), the /var/lib/rpm directory will still exist, but be empty.
libsolv gets confused because it sees the /var/lib/rpm dir and doesn't
even try the /usr/share/rpm location, and eventually dies when it tries
to load the data.
So we set the symlink now. This is also what we do on boot anyway for
compatibility reasons using tmpfiles.
This also means we don't have to do the /var/lib/rpm --> /usr/share/rpm
transition during the rootfs postprocess (but we still have to clean up
db and lock files).
Also get rid of the unused pkglist variable.
NB: I used the GFile & gs APIs to mesh with the surrounding code.
Closes: #290
Approved by: cgwalters
I'm trying to debug why I'm getting an older version of `docker`,
and it's useful to see the repository name we're getting something
from. Yum does this by default.
(Though we should probably consider column formatted output too
on a tty)
Closes: #282
Approved by: jlebon
Right now the `ostree.rpm` package always configures dracut to inject
the ostree setup via a conf file. But it's actually simpler and
cleaner to just have callers specify it explicitly.
https://bugzilla.redhat.com/show_bug.cgi?id=1331369Closes: #276
Approved by: jlebon
This comes from the tradition of yum repo files. It's significantly
easier for rpm-ostree users building multiple architectures if some
core templating for the treefiles is built in.
Otherwise, everyone needs to learn about a new wrapper tool for
rpm-ostree, and said tool would need to re-do the same "basearch"
evaluation that is already occuring inside libhif.
This commit also paves the way for introducing `${releasever}`
substitution.
NOTE: This depends on pending changes to libhif git.
Closes: #274
Approved by: jlebon
A future commit is going to change our parsing of the "ref" member in
treefiles, so ensure we only load it once early on in compose-tree.
We already looked up the previous commit there, so just pass it down
rather than reloading the ref.
Closes: #274
Approved by: jlebon
This will allow to copy arbitrary files into the rootfs, specifying something like:
"add-files": [["service.template", "/exports/service.template"],
["config.json.template", "/exports/config.json.template"]]
It is quite useful when building a container image.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #253
Approved by: cgwalters
Because `hif_source_get_location()` is actually a reference to the
upstream repo, we shouldn't create a cache directory there.
This is just a two line fix, but I changed some things so that we keep
track of the number of local packages, in order to make the "Need to
download" print accurate.
We still need to add them (confusingly) to the `packages_to_download`
because that's also used for the container path which imports them.
Closes: #255Closes: #256
Approved by: jlebon
The fact that we didn't notice this is a testament to the state of
testing =(
I think I want to change the container build path to also only
grab /usr and /etc rather than having the paths be different,
but for now - the quick fix.
Pull request: #243
Approved by: jlebon
I was tracking another regression where we seem to have lost
`/usr/etc` contents which manifested as `Labeling with... (null)`
which was clearly wrong.
Now this change actually impacts the test suite - we now (again IMO
correctly) error out if `selinux: true`. The `no-selinux-tag` test
no longer makes sense, so delete it.
We do need more "real" tests that use selinux on and off.
Pull request: #243
Approved by: jlebon
The new context methods recently added for unprivileged infrastructure
would set the ostreerepo member when calling new_unprivileged(). Since
here we will be using the sysroot repo, we need the ability to set the
repo. Just add a new set function for now, maybe move it into
new_system() later.
Also, make sure we dereference the repo on finalize.
Pull request: #240
Approved by: cgwalters
There will be cases where we don't actually want to tag a ref on the
final assembled commit. This will be true for package layering.
Pull request: #240
Approved by: cgwalters
We allow the "repos" key to be missing, which just means that we let
libhif do its job, i.e. automatically use the repos in repodir that are
enabled.
We still do a check in rpmostree_context_setup() to make sure that at
least one repo is functional.
Pull request: #240
Approved by: cgwalters
Right now we're doing the /etc -> /usr/etc inside the RPM import, but
we might as well do the /usr/local bits in both. Also, use
/usr/share/rpm by default for treecompose too so that is unified.
Other things like systemd unit files and kernel handling are only
going to be used for host side composes.
I debated config file formats a lot. JSON is fairly awkward for
humans to write, and really painful to parse from C. YAML is nice,
but also painful from C.
Both are fairly overpowered for what we really need. Keyfiles
(desktop spec, `GKeyFile`) have a lot of limitations, but at least
it's used by systemd and `.desktop` files, and we already have a
parser.
We still parse the JSON treefiles, but internally convert them to
`GKeyFile` (which is in turn converted to `GVariant` for a canonical
form).
This is just a tech demo. Example usage:
```
mkdir -p ~/.cache/rpmostree-containers
cd ~/.cache/rpmostree-containers
rpm-ostree container init
cp /etc/yum.repos.d/CentOS-Core.repo rpmmd.repos.d
rpm-ostree container assemble bash
rpm-ostree container assemble httpd
```
This is in preparation for `rpm-ostree container`, which handles
unpacking RPMs as non-root.
At the moment, I'm copying code in from both ostree's libarchive bits
(fixable...may need to export some utility functions) and some
functions from libhif (harder, see:
http://lists.rpm.org/pipermail/rpm-ecosystem/2016-January/000297.html )
There's lots more cleanup to do here, but I don't want to block on the
resolution of the libhif changes.
This is part of taking over from librpm. The most important high
level goal is fully unprivilged operation.
Right now we're basically starting to do what
http://libguestfs.org/supermin.1.html does, except in C, and
faster.
There's no reason that `compose tree` should require privileges.
However right now, things like `%post` scripts will want to run in the
target root - so we'd have to require `linux-user-chroot`.
Regardless of unprivileged operation though, another major thing we
can do is use our control over the unpacking process to do a lot more
sophisticated caching. We can build up a precise mapping of (rpm
ENVR, file path, selinux label) -> object and avoid rechecksumming
each time.
And even for files that aren't known, we can parallelize commit with
unpacking, etc. (Ok assuming treecompose-post won't mutate anything).
As we start to do more package things, extract common helper functions
around HifContext * that by default operates on the system root.
Some of these bits should go in libhif, but the immediate plan is to
iterate here, then push downwards later.
Besides porting GFile -> fd, I specifically want it to operate in an
append mode for package layering. Then given an existing tree, we
ensure we're not deleting the underlying tree's autovar files.
This should help to generate the same initrd when the files didn't
change.
Newer versions of gzip (or pigz when available) can generate rsync
friendly files and if present, Dracut already takes advantage of it.
Also use --reproducible, to instruct Dracut to generate CPIO
reproducible files. It is required a version of GNU CPIO that
has support for it.
Check that Dracut has --reproducible in its --help output before
setting it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
- Can also give you a file descriptor
- Takes a constant string as input, returning a mutated string as a
separate variable which means that one can check whether the variable
is `NULL` to know whether or not one needs to `rm -rf` it on error
paths.
The refsack code was using the latter, and it stood out. Now that
we're making use of explicit export markers, there's no need to uglify
internal APIs with a leading `_`.
While `rpm-util.c` may not best describe this, it's where most
of this code is ending up. Let's further centralize things.
We more consistently return an `RpmOstreeRefSack` instead of a
`HySack`, where the former supports refcounting and knows how to clean
up its temporary directory if it was allocated from a commit.
And now, finally the actual goal is achieved. \o/
Only one code path dealing with extracting the rpm database from an
OSTree commit.
An astute reader would notice that the `root` member of the struct was
actually only necessary as of a few commits ago. But said astute
reader would also realize it's kind of late in the evening and not
worth rebasing it to where it would properly go.
hawkey and libsolv are both patched to look in `usr/share/rpm` if the
db can't be found in `/var/lib/rpm`. However, librpm itself isn't.
One *can* override it with a macro...which is process global. Yuck.
Needs fixing.
Anyways, we can just make a symlink. That's a lot easier than writing
a patch for librpm and waiting a billion years to be able to use it
everywhere we care about.
This will help unify the librpm tempdir code with the hawkey tempdir
code.
As far as I can tell, this is basically a way to specify the temporary
directory. That significantly complicates the code as it now
needs to keep track of whether or not it owns the temporary directory.
This hinders unifying this code with the hawkey query path.
Because of this, and since I'm not aware of a use case for specifying
this tempdir, let's remove it.
It was only used to access the yumdb, which we don't use because:
- It badly exacerbates the OSTree one-HTTP-request-per-object issue
- We're assembling multiple repos on the server side, so things like
who took the action aren't relevant.
But the reason I did this patch at the moment is because I want to
unify the code that's creating tempdirs from commits so we can feed
real files to librpm.
For a future patch, I want to add an API to get an rpmts for a commit,
instead of a hawkey Sack, because libsolv doesn't expose some
optimized queries that we can get by just going directly to librpm,
such as package file owners.
We had `src/lib` having its own little private library; I wanted to
use some of it inside `src/libpriv`, so let's consistently have all
private utility code in `src/libpriv`.
Closes: https://github.com/projectatomic/rpm-ostree/pull/147
This is a step forward to deduplicating; the client tooling now calls
into the public API for diffs, rather than using the older internal
function.
Note: this patch also links the client against the public library.
On the plus side, we share some code between the library and the
binary now. On the downside, because `librpmostreepriv.la` is a
noinst library, its code text is duplicated between the shared library
and binary, at least until we either:
- Have the binary solely use the public shared library (like ostree does)
- Install `librpmostreepriv.so` to e.g. `/usr/lib64/rpm-ostree/librpmostreepriv.so`
without the headers being public
We presently have 3 internal code paths that are doing rpmdb
inspection. This conversion to fd-relative for one of them is a
generic cleanup preparatory to de-duplicating.
Note this bumps libglnx to include
381ca54ee3
The file is automatically populated by systemd when it is empty.
Apparently it doesn't work when the file is missing (as of
systemd-219-9.fc22).
https://bugzilla.redhat.com/show_bug.cgi?id=1198700
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
We currently have an internal-only library, but the sources for it are
in the same dir as the app. For future work on a public shared
library, we'll need a clearer source structure.
Start by just renaming the app files into `src/app/`, and the internal
private library into `src/libpriv/`, with the appropriate
`Makefile.am` changes.
Closes: https://github.com/projectatomic/rpm-ostree/pull/123
