2873 Commits

Author SHA1 Message Date
Jonathan Lebon
a40014f5a7 ci: Allow submodule bumps from Dependabot
Tweak the logic in `ci-commitmessage-submodules.sh` to allow Dependabot
bumps.
2020-01-28 13:14:47 -08:00
dependabot-preview[bot]
30c2444f19 build(deps): bump libglnx from 470af87 to 5f3d352
Bumps libglnx from `470af87` to `5f3d352`.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-28 13:14:47 -08:00
Jonathan Lebon
7ad4d58bbc ci: Bump compose tests timeout to 45m
Still trying to find the sweet spot on this. I think it may also depend
on how fast/busy the node we get allocated to is.
2020-01-28 11:13:47 -08:00
Jonathan Lebon
2dadc7b03c rust: cargo update
We haven't done one of these in a while.
2020-01-28 11:13:47 -08:00
Jonathan Lebon
c09f5412a5 libpriv/util: Fix human diff printing for upgrades/downgrades
We were basing whether to print the `Upgraded`/`Downgraded` heading on
the iteration count rather than the actual first iteration where a valid
upgrade/downgrade was found. And because of how we print our diff, this
confusingly can make it look like downgrades are part of the same
upgrade section.

Closes: #1821
2020-01-21 18:36:53 +01:00
Jonathan Lebon
2966afe44e core: Mark all repos as "modular hotfixes"
This is a follow-up hack to #1797 to force libdnf to let us use modular
packages as if they were regular packages until we actually support
modules correctly (#1435).

A repo marked as a modular hotfix means that libdnf doesn't try to
filter out modular RPMs from the repo as it usually does.

Resolves: https://pagure.io/releng/failed-composes/issue/717
2020-01-09 15:31:02 +01:00
Jonathan Lebon
654ab64409 ci: Re-org stages and parallelize tests
Build FCOS and run vmcheck in the same container, since it's only used
for that anyway right now. The main advantage is that we save time
provisioning another container and not having to stash and unstash the
FCOS image.

Also, since the compose tests don't actually need to wait for the FCOS
image, start running them in parallel with the FCOS + vmcheck branch.
2020-01-08 16:42:54 +01:00
Jonathan Lebon
9daea46d66 tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.

I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).

(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)

Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)

However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2020-01-08 16:42:54 +01:00
Jonathan Lebon
462a389b3a tests/compose: Move files around
This is mostly cosmetic, though I want the test layout to mirror what we
do for `vmcheck`.
2020-01-08 16:42:54 +01:00
Jonathan Lebon
c59b9de3d4 ci: Run Rust unit tests
We definitely want this too.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
13f554ea5c ci: Bump MSRV to 1.39.0
This is in el8 now.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
37a6a3ab69 Don't require an OSTree repo for --print-only
This makes it easier to flatten a treefile. To do this, we make having a
workdir optional on the Rust side, and on the C side, just move
`--print-only` handling up front.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
932e8eec2a app/compose: Skip bwrap self-test if --download-only[-rpms]
We don't need any privs for just downloading the RPMs.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
c5058c662a app/tree: Drop "YAML" from error message
This helper is used for both JSON and YAML treefiles now.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
1d8537bb03 app/rojig: Explicitly check a rojig section was provided
Let's make that explicit to make it easier to debug. (This works because
right now, we auto-create the spec file on the Rust side at parse time.)
2019-12-20 21:16:24 +01:00
Jonathan Lebon
c7361af2f6 app: Print help messages on stderr
So that we keep `stdout` clean. This is important for `--print-only`.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
28d3fe428f app/compose: Support multiple --add-metadata-from-json
No reason we can't do this. I initially was going to make use of this
for tests, but ended up not needing it.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
0e84776519 libpriv/rojig: Fix unref'ing using wrong function
We were trying to unref a `GHashTable` using `g_ptr_array_unref`.
Something something... rewrite it in Rust.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
7d36ea7ebc rust: Wrap parent directory handling for Path
The parent of a `Path` of `"foobar"` is actually `""`, because
`parent()` wants to return a slice of its buffer:
https://github.com/rust-lang/rust/issues/36861

Just do a trivial wrapper around it to correctly return `"."` instead.

Hit this when trying to pass a treefile in the working directory.
2019-12-20 21:16:24 +01:00
Jonathan Lebon
82b27de843 Release 2019.7
Not the biggest release, but there are some decent targeted fixes and
enhancements and it's been a while.
2019-12-19 16:22:11 +01:00
Jonathan Lebon
774d0171d5 libdnf: Bump to cc36cb7492275e34c10148176824a35a3a67a461
Let's try to do regular-ish bumps again. Both for fixes and features,
but also so we eat regressions as they come rather than all at once when
we actually need something new there really fast.

Update submodule: libdnf
2019-12-19 15:48:49 +01:00
Colin Walters
4881435663 tests: Misc tweaks
- Have libvm.sh inherit libtest, otherwise we don't have `fatal`
- Add `error: ` prefix to `fatal` messages for clarity
- Add missing plural
2019-12-16 15:17:01 +01:00
Jonathan Lebon
c7a9c3b1dd Rework vmcheck to use kola spawn, move off of PAPR
There's a lot going on here, but essentially:

1. We change the `vmcheck` model so that it always operates on an
   immutable base image. It takes that image and dynamically launches a
   separate VM for each test using `kola spawn`. This means we can drop
   a lot of hacks around re-using the same VMs.
2. Following from 1., `vmoverlay` now takes as input a base image,
   overlays the built rpm-ostree bits, then creates a new base image. Of
   course, we don't have to do this in CI, because we build FCOS with
   the freshly built RPMs (so it uses `SKIP_VMOVERLAY=1`). `vmoverlay`
   then will be more for the developer case where one doesn't want to
   iterate via `cosa build` to test rpm-ostree changes. I say "will"
   because the functionality doesn't exist yet; I'd like to enhance
   `cosa dev-overlay` to do this. (Note `vmsync` should still works just
   as before too.)
3. `vmcheck` can be run without building the tree first, as
   `tests/vmcheck.sh`. The `make vmcheck` target still exists though for
   finger compatibility and better meshing with `vmoverlay` in the
   developer case.

What's really nice about using kola spawn is that it takes care of a lot
of things for us, such as the qemu command, journal and console
gathering, and SSH.

Similarly to the compose testsuites, we're using parallel here to run
multiple vmcheck tests at once. (On developer laptops, we cap
parallelism at `$(nproc) - 1`).
2019-12-13 19:18:30 +01:00
Jonathan Lebon
d2a4372d4d app/override: Don't include rpmostree-ex-builtins.h
Likely leftover from when it was an experimental feature. It's not
anymore.
2019-12-13 19:18:30 +01:00
Jonathan Lebon
571bd3a558 tests: Add hidden testutils subcommand
This is a hack to allow using `inject-pkglist` without having to build
the tree first.

Higher-level, I think we can split this back out again if we have a
`-tests` subpackage where we ship the vmcheck testsuite.
2019-12-13 19:18:30 +01:00
Jonathan Lebon
9d73458f0c ci: Add the built RPMs as cosa overrides
So that the built FCOS has them. This is a prereq for actually testing
what we built in `vmcheck`.
2019-12-13 19:18:30 +01:00
Jonathan Lebon
07dfb8dc3e ci: Archive built RPMs
That way, anyone can easily download the latest built RPMs from master
or a specific PR. This isn't a replacement for automated builds in Koji
though since it's not multi-arch.

Also fetch the tags so that the NEVRA derived from `git describe` is
nicer.
2019-12-13 19:18:30 +01:00
Jonathan Lebon
f673305920 ci: re-use variable for container images
Makes it less repetitive and allows controlling the images from a
central place.
2019-12-13 19:18:30 +01:00
Colin Walters
e726d008fc compose: Add an automatic-version-suffix key
This allows replacing the `.` in automatic version increments
with whatever one wants (as long as it's a single ASCII character)
right now.

The specific motivation here is for at least RHEL CoreOS to use
`version-suffix: "-"` so that its versions can become valid
semantic versions.

Related: https://github.com/coreos/rpm-ostree/issues/1954
2019-12-13 17:11:16 +01:00
Colin Walters
75c676715a daemon: Use MountFlags=slave and opt-in to OSTree read-only /sysroot
This is all we need to tell libostree that we support a read-only
`/sysroot` and `/boot`.

See https://github.com/ostreedev/ostree/issues/1265
PR in https://github.com/ostreedev/ostree/pull/1767
2019-12-13 01:44:56 +01:00
Colin Walters
4e3c41be9f kernel: Append /dev/{u,}random to initrd instead of dracut caps
Rather than giving dracut `cap_mknod` which won't work in
unprivileged scenarios, append a tiny static pre-generated CPIO
blob with `/dev/random` and `/dev/urandom` to the output of
dracut.

This is a hack until dracut does this itself.  But the problem
is patches to dracut will take eleven billion years to ship
in RHCOS.

Closes: https://github.com/coreos/rpm-ostree/issues/1950
2019-12-10 22:11:10 +01:00
Colin Walters
f295f54306 kargs: Support --append and --delete simultaneously
Code I wrote for the machine-config-operator expected it to
work, and I don't see a reason not to support it.

See https://github.com/openshift/machine-config-operator/issues/1265
2019-12-10 20:27:57 +01:00
Jonathan Lebon
3b8a1ec6c4 libpriv/kernel: add cap_mknod to dracut run
A lot of history with this. But essentially, dracut tries to `mknod` a
few character devices like `/dev/random` and `/dev/urandom` and fails.

We originally blocked `cap_mknod` because, well, `%post` scripts don't
really need to do that, and it would get wiped anyway. But there is a
use case for dracut's CPIO: we want `/dev/*random` to be available in
early boot *before* systemd even mounts `devtmpfs` because libgcrypt as
part of its constructor-time selftests in FIPS mode wants to read from
there.

For more fun, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1778940
https://bugzilla.redhat.com/show_bug.cgi?id=1401444
https://bugzilla.redhat.com/show_bug.cgi?id=1380866
2019-12-05 09:43:20 -08:00
Jonathan Lebon
2589cd1f92 rust/lockfile: Add more metadata to generated lockfiles
E.g. the generation timestamp, repos that were enabled, and their
generation timestamps.

This is just generally useful, though I'd like to make use specifically
of the new `metadata.generated` key in FCOS to drive versioning:

https://github.com/coreos/fedora-coreos-releng-automation/pull/50
2019-11-12 16:17:03 +01:00
Jonathan Lebon
fdaf99327c core: Split out function to get enabled rpmmd repos
Prep for next patch.
2019-11-12 16:17:03 +01:00
Jonathan Lebon
fec61ce577 libpriv/kernel: Hack around vmlinuz path in HMAC file
As mentioned in the comment block:

```
If there's an HMAC file, fix the path to the kernel in it to be
relative. Right now, the kernel spec encodes `/boot/vmlinux-$kver`,
which of course not going to work for us. We should work towards making
this change directly into the kernel spec.
```

For background, see this comment and following:
https://github.com/ostreedev/ostree/pull/1962#issuecomment-547488164
2019-10-31 14:55:27 +01:00
Jonathan Lebon
6aa496e312 libpriv/kernel: Use g_build_filename instead of g_strconcat
It's much easier to mess up with the latter than the former when
building filenames. There's a bunch more all over the codebase; just did
this bit to be consistent with the next commit which also uses it.
2019-10-31 14:55:27 +01:00
Colin Walters
122811a1ba tree-wide: [scan-build] Add some not-null assertions
I don't understand why this doesn't happen in more places;
it may have to do with the depth of the call chain?
Anyways, add some more asserts that values aren't NULL.
2019-10-18 18:00:16 +02:00
Colin Walters
e0102550d7 tree-wide: [scan-build] Initialize some variables
These are all false positives, but:

1) We might as well be safe
2) Quieting the scanner is worth it since it does find real bugs
2019-10-18 18:00:16 +02:00
Colin Walters
8e5baf5ca7 Detect whether zchunk (zck) is available at build time
We don't *actually* use this ourself, but librepo does, and libdnf gets confused
if librepo doesn't support it.  This is the case in RHEL8 currently.

Basically what breaks is trying to use the Fedora EPEL repo (has zchunk metadata)
on RHEL CoreOS.  And we have a test in kola that does this today.
2019-10-18 17:13:55 +02:00
Colin Walters
bc36d0a95e HACKING.md: Document libdnf vendoring rationale
Per discussion in https://github.com/coreos/rpm-ostree/pull/1929
2019-10-18 15:27:12 +02:00
Jonathan Lebon
9ff9d43822 core: Filter locked packages by checksums before depsolving
Don't just filter down packages by NEVRA, but also filter out those that
don't match the checksum too. We were enforcing checksum matches already
before this, but only *after* depsolving and simply erroring out if they
didn't match.

However, because of how RPM signing is implemented in Fedora, it is
possible to have the same NEVRA in two different repos, each with two
different hashes. E.g. right now for example, `efivar-libs` wasn't
rebuilt for f31, and so f31 is just shipping the f30 RPM, but signed
with the f31 key. And of course, we also had the f30 version in the
pool.

This patch allows us to transition over to the f31 version with
everything else by not getting thrown off by the f30 version already in
the pool. (Still need to investigate how the pool will deal with this.)
2019-10-16 20:39:11 +02:00
Colin Walters
11ee20c1cd unpacker: Build with older libarchive without zstd
It's not in RHEL8.1, and I'm trying to rebase rpm-ostree.
2019-10-15 18:17:46 +02:00
Jonathan Lebon
450948a9f6 ci/papr: Drop required commit status context
This was useful in combination with Homu since it only had to watch one
context. Since we're not using Homu anymore (and Tide instead looks at
all statuses by default), let's just drop it. This brings down the
number of statuses on PRs by one more (and so one less context to
override when needed).

Relatedly, also just test on `master` now.
2019-10-09 10:22:58 -07:00
Jonathan Lebon
45623a9b54 tests/vmcheck: Fix test-misc-1.sh syntax
The `EOF` needs to be alone on a line to be valid. The way to redirect
the output is unintuitively to do it at the beginning of the line
instead.
2019-10-08 14:10:53 -07:00
Colin Walters
c8113bde32 Add hidden coreos-rootfs seal command
All this does is put the immutable bit on the target directory.
The intention is to replace this bit to start:
8b205bfbb9/src/create_disk.sh (L229)

However, the real goal here is to add code in this file
to handle redeploying the rootfs for Fedora CoreOS which
combines OSTree+Ignition:
https://github.com/coreos/fedora-coreos-tracker/issues/94

Basically doing this in proper Rust is going to be a lot
nicer than shell script in dracut modules.  Among other
details, coreutils `mv` doesn't seem to do the right thing
for SELinux labels when policy isn't loaded.
2019-10-04 08:03:03 -07:00
Jonathan Lebon
68750b6894 ci/papr: Drop f29-codestyle and rust-min-version-check
These are also already covered by the Jenkins pipeline.
2019-10-03 13:39:11 -07:00
Jonathan Lebon
289af613a9 ci/jenkins: don't pass GIT_COMMIT to ci-commitmessage-submodules.sh
Jenkins is tricky: it does an initial checkout, merges the PR head into
the target branch, then creates the pod. Once in the pod, we do a
`checkout scm` which *also* merges the PR head into the target branch.
However, the `change.GIT_COMMIT` variable we get from that is set to the
SHA of the first merge, not the second one. Which... yeah is super
confusing since we explicitly assign `change` from that `checkout scm`
operation. So that's probably a valid bug.

This was then throwing off `ci-commitmessage-submodules.sh` since it
didn't find the merge commit in the graph.

Anyway, not going to spend more time on this. Let's just not pass any
commit at all. The git range `origin/master..HEAD` already does what we
want (go through all the commits in HEAD *not* in master).
2019-10-03 13:39:11 -07:00
Colin Walters
010f269492 ci/papr: Drop cosa build
It's currently covered by the Jenkins job.
2019-10-03 10:32:40 -07:00
Rafael Fonseca
4d7af0b49b rust/utils: move common code to a function
Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>
2019-10-02 13:45:40 -07:00