Commit Graph

654 Commits

Author SHA1 Message Date
Colin Walters
edeefcff23 tests: Trim out dead code from libtest.sh, rework SRCDIR
The main goal here is to get `assert_jq()` usable in
kola tests.

This was forked from ostree long ago but we aren't
using most of it.  I want to try to move this into kola where
we're just using `tests/common` but this code references
`tests/gpghome` which we weren't using.

Only a few things here reference `SRCDIR` - change those
to fail for now if it's not set, since we're not running
those tests in kola yet.  I will eventually try to
clean that up later.
2020-05-11 18:28:41 +02:00
Colin Walters
81f8931162 tests/runkola: New script
This may become `cosa kola-fast` or something.
2020-04-30 21:50:41 +02:00
Colin Walters
22bf449296 tests: Drain more readonly tests into nondestructive/misc
Part of migrating the test suite to kola.
2020-04-30 21:50:41 +02:00
Colin Walters
a238ca9c76 status: Don't output AutomaticUpdates: disabled by default
Pre-FCOS we made an effort for automatic updates but nowadays
with Fedora CoreOS we generally expect people to be using zincati.

Until we fix the "agent registration" problem:
https://github.com/coreos/rpm-ostree/issues/1747
Let's not confuse people by printing `AutomaticUpdates: disabled`.

Only print if it's set to a value in non-verbose mode.
2020-04-22 16:45:05 +02:00
Jonathan Lebon
3ec5e2878d manifest: Add lockfile-repos field
In Fedora CoreOS, we have a "coreos-pool" repo from which all packages
in lockfiles are tagged for reproducible builds. This repo is shared
across all streams, including those on f31 and f32.

Thus, it makes no sense for composes to ever pick packages unconstrained
from the pool without being guided by a lockfile. Otherwise, one can
easily end up with e.g. f32 packages in an f31 compose.

Add a new `lockfile-repos` for this which is only used for fetching
lockfile packages and nothing else. For example, this will allow
`cosa fetch --update-lockfile` to Just Work as expected by only fetching
new packages from regular yum repos.
2020-04-19 09:17:17 -04:00
Jonathan Lebon
53456730bf compose: Add --ex-lockfile-strict
Today, lockfiles only restrict the NEVRA of specifc package names from
which libsolv can pick. But nothing stops libsolv from picking entirely
different packages which still satisfy the manifest requests.

This was mostly a theoretical issue in Fedora CoreOS, but became reality
with the addition of Fedora 32 packages in the pool. libsolv would
happily try to pick e.g. `libcurl-minimal` from f32 instead of sticking
with the f31 `libcurl` from the lockfiles:

https://github.com/coreos/fedora-coreos-streams/issues/75#issuecomment-610734584

(But more generally, see
https://github.com/coreos/fedora-coreos-tracker/issues/454).

Let's add a `--ex-lockfile-strict` mode, which in CI and production
pipeline build contexts will require that (1) *only* locked packages are
considered by libsolv, and (2) *all* locked packages were marked for
install.

One important thing to note here is that we don't short-circuit libsolv
and manually `hy_goal_install` lockfile packages. We want to make sure
the treefile is still canonical. Strict mode simply ensures that the
result agrees with the lockfile.

That said, even in developer contexts, we don't want the
`libcurl-minimal` issue that happened to be triggered. But we still want
to allow flexibility in adding and removing packages to make hacking
easier. I have some follow-up patches which will enable this.
2020-04-17 15:48:40 -04:00
Colin Walters
e41a8ab26f Add support for wrapping binaries (rpm, dracut, grubby)
We need to be friendlier to people who are transitioning from
"traditional" yum managed systems.  This patchset starts to lay
out the groundwork for supporting "intercepting" binaries that
are in the tree.

For backwards compatibility, this feature is disabled by default,
to enable it, one can add `cliwrap: true` to the manifest.

To start with for example, we wrap `/usr/bin/rpm` and cause it
to drop privileges.  This way it can't corrupt anything; we're
not just relying on the read-only bind mount.  For example nothing
will accidentally get written to `/var/lib/rpm`.

Now a tricky thing with this one is we *do* want it to write if
we're in an unlocked state.

There are various other examples of binaries we want to intercept,
among them:

 - `grubby` -> `rpm-ostree kargs`
 - `dracut` -> `rpm-ostree initramfs`
 - `yum` -> well...we'll talk about that later
2020-04-15 16:22:57 +02:00
Jonathan Lebon
af86fcd649 tests/compose: Go back to freezing FCOS commit
The garbage collection issue should be fixed now, and it's just nicer on
developers' cache to stay on the same commit. And again, it's a nice
sanity-check to know that we're always able to compose an older tree.
That said, we probably should still bump this from time to time.

While we're here, add some comments for making it easier to match `popd`
calls with the original `pushd`.
2020-04-15 15:18:16 +02:00
Jonathan Lebon
bca19d74e8 tests/compose: Don't use lockfiles by default
Otherwise, it muddles testing in `test-lockfile.sh` where we want to be
in full control of all the lockfiles fed to `rpm-ostree compose tree`.
2020-04-15 15:18:16 +02:00
Colin Walters
770856d018 tests: Start converting some bits into kola ext framework
Start the ball rolling on converting some of our tests into
the coreos-assembler/kola framework:
d940420b78/mantle/kola/README-kola-ext.md

The nondestructive ones are easy.
2020-04-09 23:07:45 +02:00
Colin Walters
659fb0b23a importer: Quote filenames with spaces for tmpfiles.d
This way we handle filenames with spaces in `/var` in general,
like `/var/app/foo bar`, but *also* the special `/opt/foo bar`
translation bits.

I saw this bug and thought "oh that'd be easy".  But hoo boy
did it take me down a rat's nest.  The first thing was verifying
that `systemd-tmpfiles` supports any kind of quotation/escaping; it does.
The next thing was figuring out *exactly* what the syntax for that
is and how it works, as it's obviously not widely used.

Writing tests for this ended up being a painful exercise because
of the multiple levels of shell script, e.g. our `build_rpm` shell
script ends up being inlined into RPM specs, which then interprets
again...and not to mention the usual annoying issues with `ssh`
eating quotes.

Anyways, all that and:
Closes: https://github.com/coreos/rpm-ostree/issues/2029
2020-03-23 19:16:36 +01:00
Jonathan Lebon
c6e5e80d94 vmcheck: Work around read-only /sysroot
We need to adapt some of our tests here which assume that `/sysroot` is
writable. However, in FCOS this is no longer the case now that we enable
`sysroot.readonly`.

We only remount rw for the couple of operations that need it so that we
still retain coverage for the ro path everywhere else.
2020-03-19 16:24:04 +01:00
Jonathan Lebon
7745728669 vmcheck: Run vm_kola_spawn separately from if-statement
Classic shell gotcha. We don't want to run `vm_kola_spawn` as part of
the if-statement or otherwise we lose the `set -e` behaviour.
2020-03-19 16:24:04 +01:00
Jonathan Lebon
e9011530e5 initramfs: Use dracut args from commitmeta if available
This is the second half of the previous commit. We check if the
canonical dracut args are available in the commit metadata, and prefer
those over using `--rebuild`. The latter is delegated as a backcompat
fallback.
2020-02-27 21:09:54 +01:00
Colin Walters
21bdb54423 ci: Pull Fedora from api.ci
Currently we pull from quay.io and api.ci, and the Fedora registry
is being very flaky.  I set up a mirror on api.ci for now.
2020-02-27 19:24:31 +01:00
Jonathan Lebon
1cf0d557ae tests/libvm.sh: Bump container run to use f31
It's the latest, and matches the rest of the host we're running on. But
also, pulling f30 is hitting 503s from the Fedora registry:

https://pagure.io/releng/issue/9282
2020-02-27 04:50:59 +01:00
Jonathan Lebon
020752bfe8 tests/compose: Stop freezing on specific FCOS commit
We're hitting issues with packages getting tagged out of the pool:
https://pagure.io/releng/issue/9281

This in turn means we can't reliably recompose older builds right now,
which breaks our CI. For now at least, let's compose from the latest.
(Note we were already also composing the latest FCOS in the vmcheck
branch.)
2020-02-27 04:50:59 +01:00
Jonathan Lebon
1675058768 initramfs: Fix using local /etc when also replacing kernel
Instead of basing our decision to use the local `/etc` on whether we're
using `dracut --rebuild`, base it directly on a boolean parameter.

This is relevant in the client-side when initramfs regeneration is
requested as well as a kernel override. In such cases, we do want to use
the local `/etc`, but we'd skip that path because we didn't also use
`dracut --rebuild`.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1806588
2020-02-27 04:50:59 +01:00
Jonathan Lebon
7501b39cbf spec: Bump libmodulemd version requirement
This matches the latest bump in libdnf:
763ccc3e33
2020-02-25 16:48:15 +01:00
Colin Walters
b797a42f3e core,kernel: Set up /etc/passwd for dracut
This fixes a longstanding spew of error messages from the initramfs
because we don't have nss-altfiles set up there.  Rather than
trying to do it, just do the dance of re-synthesizing `/etc/passwd`
as it traditionally looks around running dracut, the same as we
do for scripts during core layering.

Yes, this is all a mess and hopefully I'll get to sysusers soon...
2020-02-13 23:26:04 +01:00
Colin Walters
5a0d3356ef treefile: Add exclude-packages
In FCOS we have a kola test that basically does `rpm -q python`.
It's...a bit silly to spawn a whole VM for this.  Ensuring that
some specific packages don't get included has come up in a few
cases.

I think FCOS/RHCOS at least will want to blacklist `dnf` for example.
And as noted above, FCOS could blacklist `python`.

One major benefit of doing this inside rpm-ostree is that one
gets the full "libsolv error message experience" when dependency
resolution fails, e.g. blacklisting `glibc` I get:

```
 Problem 79: conflicting requests
  - package coreos-installer-systemd-0.1.2-1.fc31.x86_64 requires coreos-installer = 0.1.2-1.fc31, but none of the providers can be installed
  - package coreos-installer-0.1.2-1.fc31.x86_64 requires rtld(GNU_HASH), but none of the providers can be installed
  - package glibc-2.30-10.fc31.x86_64 is filtered out by exclude filtering
  - package glibc-2.30-7.fc31.x86_64 is filtered out by exclude filtering
  - package glibc-2.30-8.fc31.x86_64 is filtered out by exclude filtering
  - package glibc-2.30-5.fc31.i686 is filtered out by exclude filtering
  - package glibc-2.30-5.fc31.x86_64 is filtered out by exclude filtering
  - package glibc-2.30-10.fc31.i686 is filtered out by exclude filtering
```
2020-02-05 21:02:06 +01:00
Colin Walters
c039b72ebd importer: Use /run instead of /var/run
Translate RPM paths under `/var/run` to `/run` automatically; this
quiets down systemd.  Since we end up running `systemd-tmpfiles`
a few times in FCOS reducing spew here is particularly valuable.

The bug is really in the packages here but...we don't have an
agile process for fixing them.

Note that for this fix to take effect, if you have a `cache/pkgcache-repo`
you'll need to remove it.
2020-02-03 07:50:10 -08:00
Jonathan Lebon
c09f5412a5 libpriv/util: Fix human diff printing for upgrades/downgrades
We were basing whether to print the `Upgraded`/`Downgraded` heading on
the iteration count rather than the actual first iteration where a valid
upgrade/downgrade was found. And because of how we print our diff, this
confusingly can make it look like downgrades are part of the same
upgrade section.

Closes: #1821
2020-01-21 18:36:53 +01:00
Jonathan Lebon
2966afe44e core: Mark all repos as "modular hotfixes"
This is a follow-up hack to #1797 to force libdnf to let us use modular
packages as if they were regular packages until we actually support
modules correctly (#1435).

A repo marked as a modular hotfix means that libdnf doesn't try to
filter out modular RPMs from the repo as it usually does.

Resolves: https://pagure.io/releng/failed-composes/issue/717
2020-01-09 15:31:02 +01:00
Jonathan Lebon
9daea46d66 tests/compose: Target FCOS 31, move off of PAPR
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.

I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).

(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)

Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)

However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
2020-01-08 16:42:54 +01:00
Jonathan Lebon
462a389b3a tests/compose: Move files around
This is mostly cosmetic, though I want the test layout to mirror what we
do for `vmcheck`.
2020-01-08 16:42:54 +01:00
Colin Walters
4881435663 tests: Misc tweaks
- Have libvm.sh inherit libtest, otherwise we don't have `fatal`
- Add `error: ` prefix to `fatal` messages for clarity
- Add missing plural
2019-12-16 15:17:01 +01:00
Jonathan Lebon
c7a9c3b1dd Rework vmcheck to use kola spawn, move off of PAPR
There's a lot going on here, but essentially:

1. We change the `vmcheck` model so that it always operates on an
   immutable base image. It takes that image and dynamically launches a
   separate VM for each test using `kola spawn`. This means we can drop
   a lot of hacks around re-using the same VMs.
2. Following from 1., `vmoverlay` now takes as input a base image,
   overlays the built rpm-ostree bits, then creates a new base image. Of
   course, we don't have to do this in CI, because we build FCOS with
   the freshly built RPMs (so it uses `SKIP_VMOVERLAY=1`). `vmoverlay`
   then will be more for the developer case where one doesn't want to
   iterate via `cosa build` to test rpm-ostree changes. I say "will"
   because the functionality doesn't exist yet; I'd like to enhance
   `cosa dev-overlay` to do this. (Note `vmsync` should still works just
   as before too.)
3. `vmcheck` can be run without building the tree first, as
   `tests/vmcheck.sh`. The `make vmcheck` target still exists though for
   finger compatibility and better meshing with `vmoverlay` in the
   developer case.

What's really nice about using kola spawn is that it takes care of a lot
of things for us, such as the qemu command, journal and console
gathering, and SSH.

Similarly to the compose testsuites, we're using parallel here to run
multiple vmcheck tests at once. (On developer laptops, we cap
parallelism at `$(nproc) - 1`).
2019-12-13 19:18:30 +01:00
Jonathan Lebon
571bd3a558 tests: Add hidden testutils subcommand
This is a hack to allow using `inject-pkglist` without having to build
the tree first.

Higher-level, I think we can split this back out again if we have a
`-tests` subpackage where we ship the vmcheck testsuite.
2019-12-13 19:18:30 +01:00
Colin Walters
e726d008fc compose: Add an automatic-version-suffix key
This allows replacing the `.` in automatic version increments
with whatever one wants (as long as it's a single ASCII character)
right now.

The specific motivation here is for at least RHEL CoreOS to use
`version-suffix: "-"` so that its versions can become valid
semantic versions.

Related: https://github.com/coreos/rpm-ostree/issues/1954
2019-12-13 17:11:16 +01:00
Colin Walters
75c676715a daemon: Use MountFlags=slave and opt-in to OSTree read-only /sysroot
This is all we need to tell libostree that we support a read-only
`/sysroot` and `/boot`.

See https://github.com/ostreedev/ostree/issues/1265
PR in https://github.com/ostreedev/ostree/pull/1767
2019-12-13 01:44:56 +01:00
Colin Walters
f295f54306 kargs: Support --append and --delete simultaneously
Code I wrote for the machine-config-operator expected it to
work, and I don't see a reason not to support it.

See https://github.com/openshift/machine-config-operator/issues/1265
2019-12-10 20:27:57 +01:00
Jonathan Lebon
2589cd1f92 rust/lockfile: Add more metadata to generated lockfiles
E.g. the generation timestamp, repos that were enabled, and their
generation timestamps.

This is just generally useful, though I'd like to make use specifically
of the new `metadata.generated` key in FCOS to drive versioning:

https://github.com/coreos/fedora-coreos-releng-automation/pull/50
2019-11-12 16:17:03 +01:00
Jonathan Lebon
45623a9b54 tests/vmcheck: Fix test-misc-1.sh syntax
The `EOF` needs to be alone on a line to be valid. The way to redirect
the output is unintuitively to do it at the beginning of the line
instead.
2019-10-08 14:10:53 -07:00
Colin Walters
c8113bde32 Add hidden coreos-rootfs seal command
All this does is put the immutable bit on the target directory.
The intention is to replace this bit to start:
8b205bfbb9/src/create_disk.sh (L229)

However, the real goal here is to add code in this file
to handle redeploying the rootfs for Fedora CoreOS which
combines OSTree+Ignition:
https://github.com/coreos/fedora-coreos-tracker/issues/94

Basically doing this in proper Rust is going to be a lot
nicer than shell script in dracut modules.  Among other
details, coreutils `mv` doesn't seem to do the right thing
for SELinux labels when policy isn't loaded.
2019-10-04 08:03:03 -07:00
Jonathan Lebon
10755592ea Add new ex history command
This is the rpm-ostree equivalent of `dnf history`. As opposed to the
history of the refspec (i.e. `ostree log`), this shows the history of
the system, i.e. the refspecs the host deployed, checksums, versions,
layered packages, etc... The amount of details remembered is similar to
what shows up in `status`.

There's definitely some further enhancements possible (e.g. printing
package diffs, displaying rollbacks), though this seems in good enough
shape as a first cut.

Closes: #1489

Closes: #1813
Approved by: cgwalters
2019-09-24 14:17:12 +00:00
Jonathan Lebon
9e2ceca06f app/deploy: Gate 77 exit behind --unchanged-exit-77
This has a bit of history, but essentially in 1c01141e, we made both
`upgrade` and `deploy` automatically exit 77 if there were no changes.
Then in c3f1e7c8, we only changed `upgrade` so that it became gated
behind `--upgrade-unchanged-exit-77`.

I think we should carry this forward into `deploy` as well. The way I
look at this is: the default UX shouldn't require users to care about
special exit codes. That's something scripts care about. In its vanilla
form, either a command should error out or succeed.

This patch tries to add some consistency by introducing a new
`--unchanged-exit-77` in both `deploy` and `upgrade` (where it just
replaces the previous switch). The naming here matches what `install`
has too.

So... this does break backwards compatibility for any scripts which
relied on that behaviour. Though the only app I know today which wants
deploy semantics and doesn't use the D-Bus API is Zincati, which
actually hit this issue. There's also RHCOS, though the `pivot` there
uses `rebase`, not `deploy`. So overall, I think this is worth breaking
now while we're still in a transitionary period in the downstreams?

Closes: #1906
Approved by: cgwalters
2019-09-24 08:07:04 +00:00
Jonathan Lebon
40f6b4bdc9 vmcheck: Adapt test-override-kernel.sh
This is one of the tests right now that assumes it's running on f29.
We might be sort of in this awkward dual path for a while where we want
tests to run on both f29 (i.e. FAH) and f30 (i.e. FCOS).

Closes: #1900
Approved by: cgwalters
2019-09-09 23:50:32 +00:00
Rafael Fonseca
cac5aa413d app,daemon: Use public libostree's kargs API
This deduplicates the code between the two repositories.

Closes: #1862

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>
2019-08-21 16:47:52 -04:00
Jonathan Lebon
313b3e655d app/deploy: Add --disallow-downgrade switch
In FCOS, we want to make sure that Zincati is always deploying a newer
tree to prevent downgrade attacks in certain threat models.

For completeness, also add the option to `rebase`.
2019-08-21 16:43:37 -04:00
Timothée Ravier
241c9f508f postprocess: Quote OSTREE_VERSION value
Use g_shell_quote to quote the value set for OSTREE_VERSION in
/etc/os-release as this is an arbitrary string set at compose time that
may contain whitespace or other special characters.

This edge case was found in [0] as the compose are built with the
following command:

  $ rpm-ostree compose tree \
      --repo="repo" \
      --cachedir="cache" \
      --add-metadata-string="version=Kinoite 30.23" \
      "fedora-kinoite.yaml"

[0] https://discussion.fedoraproject.org/t/kinoite-a-kde-and-now-xfce-version-of-fedora-silverblue/147/95

Signed-off-by: Timothée Ravier <tim@siosm.fr>

Closes: #1873
Approved by: jlebon
2019-07-25 07:44:43 +00:00
Jonathan Lebon
1577754176 compose: Add --parent option
This may seem like a backflip on #1829, but there's a common theme here:
in a promotion workflow, the parent (or lack of parent) of a commit is
an important parameter, so we need full flexibility in configuring it.

But again, like #1829, we still want e.g. change detection, versioning,
and various optimizations to happen on whatever the latest commit on
that ref is in the build repo.

Closes: #1871
Approved by: cgwalters
2019-07-19 13:20:42 +00:00
Colin Walters
00bd491fe2 treefile: Support multiple includes
I'm working on having Silverblue inherit from Fedora CoreOS.  But
conceptually it also inherits from (parts of) Workstation.
It is just easier if we support multiple inheritance, then I don't
need to think too hard about how to make it a single inheritance chain.

Closes: #1870
Approved by: jlebon
2019-07-18 22:40:59 +00:00
Jonathan Lebon
68432e461c lockfile: Allow omitting the digest
When manually writing lockfile overrides (see previous commit), it's
sometimes easier to not have to specify the SHA256 of the package. For
example, in FCOS, all packages on development and production streams
will be sourced uniquely from coreos-pool, so there's no question of
where the package will come from. It's of course also easier in the
context of local development.

Another motivation for this though is a subtle interaction between
Fedora infra and the way we'd like to implement lockfile management: we
want the override process to be PR-based, with a privileged bot in the
backend tagging new overrides into the pool as necessary on merge.
However, packages built in Koji are initially unsigned, and so we can't
actually *know* what the SHA256 of the package will be until it's signed
and tagged into the pool by the bot.

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
b670ab37c2 lockfile: Switch packages JSON spec to an object
There are two reasons for this:
1. I'd like to add overrides semantics to lockfiles, and keying by the
   package name only makes this much easier.
2. I'd like to make the digest optional, and keeping it as a tuple makes
   this awkward.

A map seems natural too since it makes it more clear that we don't
expect multiple specifications for the same package name.

Another tiny advantage is that it's easier to process with e.g. `jq`.

Closes: #1867
Approved by: cgwalters
2019-07-18 18:54:27 +00:00
Jonathan Lebon
ebb03ee730 tests/compose: Fix unified rev-parse test
We were hitting the classic "negative test passes for the wrong reason".
It was failing not because it didn't have a parent, but because we
didn't pass `--repo`. Fix this and also explicitly check for the error
message we expect.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Jonathan Lebon
fc49fb0089 treefile: Add new add-commit-metadata key
Add support for a new `add-commit-metadata` key in the treefile so that
we can directly specify commit metadata we want to inject from there.

This will be useful in Fedora CoreOS, where we'll have separate
treefiles for each streams, each with stream-specific metadata values
required.

Closes: #1865
Approved by: cgwalters
2019-07-09 20:28:18 +00:00
Rafael Fonseca
d0f90ca4dd app/status: Group EVRs for RemovedBasePackages if possible
The same way we abbreviate ReplacedBasePackages when there are matching
EVR diffs, let's do something similar for RemovedBasePackages for
matching EVRs.

Solves #1784

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1852
Approved by: jlebon
2019-06-18 14:34:13 +00:00
Jonathan Lebon
035ac2eaa6 tests/vmcheck: Fully drop python 3 requirement
Drop the use of Ansible everywhere. In the few cases where we really
Python, just spawn a container instead.

This is required to be able to hack on Fedora CoreOS.

Closes: #1850
Approved by: jlebon
2019-06-10 15:36:06 +00:00
Colin Walters
5f6578ef3c compose: Add ostree-layers and ostree-override-layers
The use case for `ostree-layers` is to support injecting non-RPM
content in a more flexible way than can be done with `add-files`,
and also without dropping all the way to split composes.

This starts with support on the `compose tree` side but down the
line I'd like to make it more convenient to do *client* side too.

For `ostree-override-layers` this is mainly a development thing
for tools like coreos-assembler.  Rather than building an RPM
we just `make install DESTDIR` then commit and add to
`ostree-override-layers`.

Closes: #1830
Approved by: jlebon
2019-06-07 17:42:32 +00:00
Jonathan Lebon
c1cc0827a3 core: Strengthen how we enforce lockfiles
One problem with how we use lockfiles right now is that we don't enforce
them for dependencies. That is, if `foo` requires `bar`, but only `foo`
is in the manifest, then while `foo` will be locked, `bar` will never
be checked against the lockfile because it was never explicitly
requested.

Higher-level though, I don't like how indirect the locking here feels.
See some comments about that in:

https://github.com/projectatomic/rpm-ostree/pull/1745#discussion_r288772527
https://github.com/projectatomic/rpm-ostree/pull/1745#discussion_r289419017

Essentially, the manifest is an input file of patterns, and all we
really know from the lockfile output is that the set of packages in
there satisfies this input in some way. But:

1. there are multiple ways to satisfy the same input (hence why hints
   like `SOLVER_FAVOR` exist)
2. the solution is dependent on how the solver is implemented (i.e.
   different libsolv versions might yield different solutions)
3. the solution is dependent on flags fed to the solver (i.e. different
   libdnf versions might yield different solutions)

So any attempt at cross-checking between the input file and the lockfile
is going to be very hard. Using a stricter mode as I suggested in #1745
of only allowing pure pkgnames or NEVRAs would help, but it wouldn't
address the dependency issue. (Though I'm still thinking about possibly
doing this anyway.)

The solution I propose here is instead to take the nuclear approach: we
completely exclude from the sack all packages of the same name as
packages in our lockfiles, but which do not match the NEVRA. Therefore,
any possible solution has to also satisfy our lockfile (or error out).

Closes: #1849
Approved by: cgwalters
2019-06-06 14:06:07 +00:00
Rafael Fonseca
79dfcea42f compose: Add --ex-lockfile and --ex-write-lockfile-to
Fixes #1670

This patch introduces a new `compose tree
--ex-write-lockfile-to=manifest.lock` argument and a new `compose tree
--ex-lockfile=manifest.lock` to read it back for subsequent invocations.

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1745
Approved by: jlebon
2019-06-04 15:14:47 +00:00
Jonathan Lebon
68c416fa9c app/deploy: Add --lock-finalization switch
Of course, update agents driving rpm-ostree know exactly to which commit
they want the system to upgrade, so `upgrade --lock-finalization` is not
helpful. Teach `deploy` the `--lock-finalization` switch too.

Closes: #1846
Approved by: lucab
2019-05-27 17:18:36 +00:00
Jonathan Lebon
12fbe89aba app/db-diff: Add --format=json output
Add a new "json" output format. The "diff" format is also a mostly
machine-compatible one. But JSON is much more ubiquitous and easier to
consume.

Closes: #1844
Approved by: cgwalters
2019-05-23 20:24:11 +00:00
Jonathan Lebon
461a4f792d libpriv/kargs: Tweak delete restrictions
1. Allow deleting keys without values (e.g. `nosmt`) if such a key
   variant exists (i.e. this won't work if there are only e.g.
   `nosmt=foo` and `nosmt=bar` variants).
2. Allow deleting duplicate `keys[=val]` kargs.

Closes: #1834

Closes: #1835
Approved by: cgwalters
2019-05-17 13:44:06 +00:00
Jonathan Lebon
4d845952c8 tests/compose: Add RPMOSTREE_TMPDIR_LOCATION
This allows one to run the tests from a container using overlay +
SELinux protection by running the actual compose into a non-overlay
bind-mount. Otherwise, we'll hit `ENOTSUP` when trying to set labels on
various checkouts.

Closes: #1829
Approved by: cgwalters
2019-05-09 02:10:27 +00:00
Jonathan Lebon
c035c2b574 compose: Add --no-parent option
There are cases where we do want all the things that specifying a ref
provides (e.g. change detection, version incrementing, SELinux labeling
optimizations, and of course writing the ref) but we *don't* want the
new commit to have a parent. Add a new `--no-parent` option to
accommodate this.

This will be used by coreos-assembler. See discussions at
https://github.com/coreos/coreos-assembler/issues/159.

Closes: #1829
Approved by: cgwalters
2019-05-09 02:10:27 +00:00
Jonathan Lebon
44594ca4d2 tests/compose: Fix subtest scoping
We had a subtest that wasn't actually part of the `basic_test()` and so
was being executed when the file gets sourced instead of the function
being explicitly called.

Closes: #1829
Approved by: cgwalters
2019-05-09 02:10:27 +00:00
Jonathan Lebon
4c99cc765f Copy used command-line and set as transaction title
In the app, rebuild the exact command-line that the client used and pass
that to the daemon to be used as the transaction title. Especially in
transactions like `UpdateDeployment()`, we can avoid reverse-engineering
what the original command used was.

This will be used by the upcoming history feature to record the
command-line used in the journal.

Closes: #1824
Approved by: rfairley
2019-05-08 21:09:08 +00:00
Jonathan Lebon
d113b6a913 app/status: Make --json output pretty JSON
Yes, it's mostly for machines, but in practice it's super useful for
humans to look at esp. when debugging.

Closes: #1828
Approved by: cgwalters
2019-05-08 19:02:32 +00:00
Jonathan Lebon
206ae24d4e tests: Bump to Python 3 only
This bumps the requirement on the controlling host to Python 3 only.
It also bumps the requirement on the target host to Python 3 as well
since FCOS doesn't ship Python 2 right now.

Though we'll need to eventually drop all Python usage anyway, but at
least let's get tests passing on FCOS first. (See related previous
patch).

Closes: #1828
Approved by: cgwalters
2019-05-08 19:02:32 +00:00
Jonathan Lebon
9f618d0acc vmcheck/overlay: Drop dependency on host Python
Also switch to using `jq` on the controlling host instead of Python.

This is also prep for switching CI to FCOS which is likely to not ship
Python at all. There are still spots a bit everywhere where we currently
assume Python on the target host. We'll have to address those soon.

Closes: #1828
Approved by: cgwalters
2019-05-08 19:02:32 +00:00
Robert Fairley
c89f81c138 libvm: Use shared memory for SSH control socket instead of /var/tmp
In Fedora 29, and Fedora 30 Silverblue, I have come across the
following error when executing `make vmsync` from my build container
(also on Fedora 29 and Fedora 30 images respectively):

```
...
Failed to connect to new control master
...
Control socket connect(/var/tmp/ssh-vmcheck-1556768111752693879.sock): Connection refused
Failed to connect to new control master
...
```

Previously this worked with Fedora 28 as the host.

After changing the socket to be in /dev/shm, the SSH connection to
the `vmcheck` VM is successful and the sources sync over.

The cause of this seems to be a problem with overlayfs and unix
sockets: https://github.com/moby/moby/issues/12080

Since overlayfs is the default graph driver in Fedora now, work
around this by switching the socket to be in /dev/shm.

Closes: #1827
Approved by: jlebon
2019-05-02 20:43:28 +00:00
Jonathan Lebon
83a267409d Add new D-Bus APIs for deployment finalization
Teach `UpdateDeployment` to make use of libostree's staging lock and
then add a `FinalizeDeployment` API to perform the final unlock &
reboot.

I also added a hidden CLI to make testing this easier, but also because
it's likely the FCOS-agent-yet-to-be-named will just end up using the
CLI to keep it simple.

Closes: #1748

Closes: #1814
Approved by: lucab
2019-04-30 08:36:28 +00:00
Jonathan Lebon
0da9f9972b tests/vmcheck: Adapt to kernel v5.0
Closes: #1810
Approved by: jlebon
2019-04-05 19:28:39 +00:00
Alexander Larsson
d5b907741a Test that /opt layering works
Closes: #1795
Approved by: jlebon
2019-03-26 13:22:32 +00:00
Colin Walters
0975a42125 compose: Add --download-only-rpms
Prep for making `--unified-core` the only path.  It turns
out our compose testsuite has a lot of hardcoded ideas about
how the two paths work.  The rojig tests in particular need
cached RPMs, so we can't just rely on caching the pkgcache repo.

Add a `--download-only-rpms` that always returns RPMs, and doesn't
import into the pkgcache repo.

Closes: #1798
Approved by: jlebon
2019-03-25 14:33:17 +00:00
Jonathan Lebon
02b25c616d libpriv/kargs: Strengthen and simplify new kargs APIs
Note this patch only touches the *new* APIs that aren't part of
libostree.

Now that we can use `g_ptr_array_find_with_equal_func`, we can drop our
custom `_ostree_ptr_array_find`.

Also strengthen our handling of values everywhere to handle the `NULL`
case and properly support `KEYWORD` args. I ended up getting rid of
`_ostree_kernel_arg_query_status` in the process since it made that
assumption a lot and overall added more complexity than necessary.

Closes: #1796
Approved by: cgwalters
2019-03-23 18:48:05 +00:00
Jonathan Lebon
96130810a5 tests/test-kargs: Check for no error first
When we expect a test to not fail, let's `g_assert_no_error` first so
that if it fails, we get an exact printout of what error we encountered
when we expected none.

Closes: #1796
Approved by: cgwalters
2019-03-23 18:48:05 +00:00
Jonathan Lebon
b324ee4807 app/status: Always print pending deployment diff
Right now we only print a diff of the pending deployment if we have a
cached update (which only happens if user just did an `upgrade`
operation). But really, we can just always print this for the pending
deployment regardless of whether there's a cached update calculated.

This is prep for changing chained operations to only show the diff
between the previous pending deployment to the new pending deployment.
With this patch, the full diff from booted to pending will always be
available through `status` (and `db diff` too though it's not as nice).

Closes: #1760
Approved by: cgwalters
2019-03-20 12:42:16 +00:00
Jonathan Lebon
ad1451fac2 Rebase to latest libdnf
This brings us back in sync with the latest libdnf git master. This
required a bunch of work both on the libdnf and rpm-ostree side to get
working. See e.g.
https://github.com/rpm-software-management/libdnf/issues/645.

A few things to adapt to:

- soname bump to `libdnf.so.2`
- `DnfAdvisory` is no longer a `GObject` (annoyingly it's not replaced
  by something we can keep a ref on, so this requires some hacks to
  steal from the `GPtrArray` -- could enhance libdnf for this later)
- disable SWDB history writing
- use new reldep public API
- update for latest `hy_subject_get_best_selector()` API

This now unlocks the possibility to add support for modules. (One can
see hints of this in the diff by the fact that `libdnf` links to
`libmodulemd1`.)

Update submodule: libdnf

Closes: #1404
Approved by: cgwalters
2019-03-19 14:29:15 +00:00
Jonathan Lebon
44110377c6 vmcheck/test-rojig-client.sh: Don't check full rojig NEVRA
Let's make this test work across major version rebases of the FAHC
treecompose job by not hardcoding a specific `%{dist}` here. It's strong
enough to check that the `deploy` operation has the expected previous
version.

I did bump the FAHC buildroot so that next version of the rojig RPM will
be f29, but I don't want to wait until the job has composed at least two
of them.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
078268d4d3 libpriv: Add more error-prefixing in sanity checks
Currently tracing through an error around that area, and this would've
helped.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
da3b33ee7b ci: Fix ex-container LOGDIR
Let's output to `ex-container-logs`, which matches the directory we
currently have specified in `artifacts:` so that we actually get test
logs uploaded.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
45b6186be0 tests/check: Tweak /usr/bin/sh path
Looks like the auto-requires got updated in f29 or something.

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
4ae3b174f5 ci: Bump to f29
Better late than never!

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
3a616bd318 daemon/deployment-utils: Specify array element type
Otherwise, glib will complain if the array is empty since it can't infer
the type of the item.

While we're here, just `git grep` all instances of
`G_VARIANT_TYPE_ARRAY` and make sure they use a fully-specified format.
I added a test to sanity check that glib is happy to synthesize empty
`GVariant` arrays from `g_variant_builder()` if the format string is
specified.

Closes: #1783
Approved by: cgwalters
2019-03-13 02:46:09 +00:00
Colin Walters
adff1e98b6 compose: Add boot-location: modules
And this (for now at least) completes the epic journey of the
"where's the kernel"?  With this it's found solely in
`/usr/lib/modules/$kver`.

There are a few reasons to do this; most prominent is that
it avoids duplicating the content as the locations may have
different SELinux labels.

Closes: #1773
Approved by: jlebon
2019-03-08 22:49:40 +00:00
Colin Walters
f37426f1ad compose: Remove support for boot-location: both
I'd like to add a new `boot-location: modules`.  In prep
for that, let's remove the legacy `both` which drops into
`/boot`.

The libostree support for handling `/usr/lib/ostree-boot` has
existed for over 4 years:

```
commit 37a059925f6b96d30190b65bee6bdde0ae1c6915
Commit:     Colin Walters <walters@verbum.org>
CommitDate: Sun Nov 30 23:14:05 2014 -0500

    deploy: Ensure that we can deploy using only /usr/lib/ostree-boot

```

I think we assume now that no one is now making *new* treecomposes and needs
a newer rpm-ostree and that they expect people to be able to use as an
upgrade target from a libostree that predates that.

Closes: #1773
Approved by: jlebon
2019-03-08 22:49:40 +00:00
Colin Walters
5c69bcb4fe compose: Make initramfs.img world-readable
There's nothing secret there, it's server side generated.
Ref: https://github.com/coreos/coreos-assembler/pull/372#issuecomment-467620937

Closes: #1767
Approved by: jlebon
2019-02-27 14:33:05 +00:00
Jonathan Lebon
2be532c9e9 rust/treefile: Add basearch key
Add a `basearch` key to the manifest. This can be used at compose time
to assert the architecture the compose is running on. Though my
motivation is for the common case where it gets omitted from the input
manifest and gets automatically added by rpm-ostree into
`/usr/share/rpm-ostree/treefile.json` for introspection on the client.

(The crucial part here is that the treefile created by rpm-ostree
remains deserializable into a `TreeComposeConfig`).

Closes: https://github.com/coreos/fedora-coreos-tracker/issues/154

Closes: #1766
Approved by: cgwalters
2019-02-27 01:05:43 +00:00
Jonathan Lebon
75f415f09f tests/libtest.sh: Lift assert_jq from libvm.sh
We already had this logic, but it was in `libvm.sh`. Prep for using it
elsewhere.

Closes: #1766
Approved by: cgwalters
2019-02-27 01:05:43 +00:00
Colin Walters
e7f87b03ef tests: Don't make system user with differently-named group
Sysusers doesn't really support this, and no RPMs do it.

Closes: #1763
Approved by: jlebon
2019-02-25 14:21:28 +00:00
Jonathan Lebon
0e5044ca92 postprocess: Add /home -> /var/home SELinux substitution
Manually patch `file_contexts.subs_dist` so that `/home` is equivalent
to `/var/home`. This is required now that the generated homedirs rules
use `/var/home`. Otherwise, `matchpathcon` for example will return wrong
results.

This patch also includes the *removal* of `/var/home -> /home` so that
we're not dependent on this selinux-policy patch making it at the same
time as downstream:

https://src.fedoraproject.org/rpms/selinux-policy/pull-request/14

(See the conversation there for more information.)

Closes: #1754
Approved by: cgwalters
2019-02-14 17:24:09 +00:00
Jonathan Lebon
677c083f24 libpriv: Rebuild policy during postprocessing
It's possible for some postprocessing scripts to affect the final
SELinux policy. This is the case for the new `/etc/default/useradd` edit
we now do (#1726), but it could've been the case beforehand too with
user scripts modifying e.g. booleans (though ideally all these
modifications would be part of RPMs).

Do a final `semodule -nB` during postprocessing so that the final policy
we commit is "up to date". Otherwise, users may only see changes take
effect if they layer packages that trigger a rebuild.

The motivation for this is specifically for `/etc/default/useradd`.
There is magic in `selinux-policy` that parses the file and generates
templated rules from the value of `HOME`.

For more info, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1669982
https://src.fedoraproject.org/rpms/selinux-policy/pull-request/14

Closes: #1754
Approved by: cgwalters
2019-02-14 17:24:09 +00:00
Jonathan Lebon
58a79056a8 libpriv/scripts: Add /run/ostree-booted for scriptlets
RPM-OSTree has been pretty good so far at consuming the exact same RPMs
used for traditional OSes without modifications. This is important,
because shielding RPMs from the OSTree abstraction means we remain
compatible with a large portion of the ecosystem.

However, there are some apps that definitely require rethinking their
approach. The example right now is akmods, which has a patch proposed to
build kmods at `%post` time on OSTree systems instead of from the
daemon.[1]

In such situations, scriptlets need something to key off of for the
OSTree-specific approach. The `/run/ostree-booted` file is the de facto
API to determine if we're running on an OSTree system or not. This patch
simply extends this API so that scriptlets can naturally make use of
them.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1667014

Closes: #1750
Approved by: cgwalters
2019-02-12 14:24:48 +00:00
Colin Walters
9ca74d0c31 compose: Fix install --unified-core
There's lots of gyrations here for unified-core vs not; it's
been broken in the case of `--unified-core` for a while I think.
In that case our workdir is tmpdir, so rename that directory.

Closes: #1743
Approved by: jlebon
2019-02-05 22:26:11 +00:00
Jonathan Lebon
7cceb35219 app/rebase: Support local repo remotes
Teach rpm-ostree to interpret rebases where the remote component is a
path to a local repo, e.g.:

    rpm-ostree rebase /mnt/ostree/repo:my/target/ref

Essentially, the local remote in this case is considered "ephemeral".
It's kind of the equivalent of, on traditional systems:

    dnf install --repofrompath repo,/path/to/repodata ...

The use case for this is in OpenShift v4, in which upgrades are done
from containers containing the OSTree commit. There, we want to point
RPM-OSTree directly at the repo in the mounted container and rebase to
the checksum.

For now, the option is marked experimental. One major reason for this is
that the way we pass the repo differs on RHEL7 vs other platforms. (See
comment block in `rpmostree-dbus-helpers.c` for details).

Related: https://github.com/openshift/machine-config-operator/issues/314

Co-authored-by: Colin Walters <walters@verbum.org>

Closes: #1732
Approved by: cgwalters
2019-02-05 18:03:02 +00:00
rfairley
a20d10e3d5 libpriv/util: Add date field in auto-versioning
This adds an optional date field to the prefix
passed by automatic_version_prefix. An example of specifying
the field is as follows:

10.<date:%Y>

And the fields progress like:

10.2018.0
10.2018.1
10.2018.2
10.2019.0

The date format creates a new "current date" string using
valid date directives passed into g_date_time_format().

If there is a problem reading the given date format,
an error is given and the next version is returned as NULL.

If no <date:...> tag is detected in the auto version prefix,
the same behavior as before (appending .1 and incrementing) occurs.

This may be helpful to avoid writing glue code to auto-update
the version if a date string in the commit version is desired.
Otherwise, --add-metadata-string=version= is an alternative for
complete customization.

Fixes: #1712

Closes: #1721
Approved by: jlebon
2019-01-14 18:49:41 +00:00
Colin Walters
56e6ddb8e5 compose: Change /etc/default/useradd to use HOME=/var/home
For a long time I've resisted encoding "policy" into rpm-ostree
as much as possible.  Doing so makes it more distribution specific
for example.  That said, for `/var/home` there argument for doing
this in rpm-ostree is that we already make that symlink in our
hardcoded rootfs.  So we might as well do the other fixups for it.

https://github.com/coreos/fedora-coreos-config/pull/18
https://pagure.io/workstation-ostree-config/pull-request/121
https://discussion.fedoraproject.org/t/adapting-user-home-in-etc-passwd/487/6
https://github.com/justjanne/powerline-go/issues/94

Closes: #1726
Approved by: jlebon
2019-01-07 15:35:37 +00:00
Jonathan Lebon
88c2700cdd daemon/deploy: Fix free() of override replace pkgs
We were using `g_strfreev()` to free the string array, but the strings
themselves were owned by the `modifiers` GVariantDict. Fix this and make
the comments about it more explicit. On my computer (and at least
Dusty's), this was only actually tripping up libc when passing more than
just one package on the CLI.

Closes: #1707

Closes: #1709
Approved by: cgwalters
2018-12-10 20:49:52 +00:00
Jonathan Lebon
a1014aee2f daemon: Perform kargs in cache-only mode
Users don't expect the tree to get updated here.

Closes: #1705

Closes: #1708
Approved by: cgwalters
2018-12-10 18:54:46 +00:00
Jonathan Lebon
b104a289f7 daemon/kargs: Fix handling of staged deployments
When handling `GetDeploymentBootConfig()`, we would trip an assertion
when trying to read the full bootconfig from a staged deployment, which
of course doesn't have a full bootconfig yet. Rework this to add a new
`staged` key to the returned dict, in which case only `options` is
included. (Which is all `rpm-ostree kargs` needs anyway).

Closes: #1708
Approved by: cgwalters
2018-12-10 18:54:46 +00:00
Jonathan Lebon
544d79fd3f compose: Fix EBADF in unified core mode without cachedir
If no cache dir is given in the workdir, we would alias the cache dir fd
to the workdir fd. But of course, this meant that we'd try to close the
same fd twice when freeing the compose context. Instead, let's just copy
the fd as is also done in the non-unified path.

Closes: #1697

Closes: #1698
Approved by: lucab
2018-12-06 13:44:19 +00:00
Jonathan Lebon
bdf3cda8db Print CVEs fixed in available updates
One question I often have when looking at the output of `status -a`:

```
AvailableUpdate:
        Version: 29.20181202.0 (2018-12-02T08:37:50Z)
         Commit: dece5737a087d5c6038efdb86cb4512f867082ccfc6eb0fa97b2734c1f6d99c3
   GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
  SecAdvisories: FEDORA-2018-042156f164  Unknown    net-snmp-libs-1:5.8-3.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-4.19.5-300.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-core-4.19.5-300.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-modules-4.19.5-300.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-modules-extra-4.19.5-300.fc29.x86_64
                 FEDORA-2018-f467c36c2b  Moderate   git-core-2.19.2-1.fc29.x86_64
           Diff: 67 upgraded, 1 removed, 16 added
```

is "How serious and relevant are these advisories to me? How soon should
I reboot?". For the packages that I'm most familiar with, e.g. `kernel`
and `git-core`, I usually look up the advisory and check why it was
marked as a security update, mentioned CVEs, and how those affect me.

The updateinfo metadata includes a wealth of information that could be
useful here. In Fedora, CVEs treated by the security response team
result in RHBZs, which end up attached to the advisories and thus make
it into that metadata.

This patch tries to reduce friction in answering some of those questions
above by checking for those CVEs and printing a short description in the
output of `status -a`. Example:

```
AvailableUpdate:
        Version: 29.20181202.0 (2018-12-02T08:37:50Z)
         Commit: dece5737a087d5c6038efdb86cb4512f867082ccfc6eb0fa97b2734c1f6d99c3
   GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
  SecAdvisories: FEDORA-2018-042156f164  Unknown    net-snmp-libs-1:5.8-3.fc29.x86_64
                   CVE-2018-18065 CVE-2018-18066 net-snmp: various flaws [fedora-all]
                   https://bugzilla.redhat.com/show_bug.cgi?id=1637573
                 FEDORA-2018-87ba0312c2  Moderate   kernel-4.19.5-300.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-core-4.19.5-300.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-modules-4.19.5-300.fc29.x86_64
                 FEDORA-2018-87ba0312c2  Moderate   kernel-modules-extra-4.19.5-300.fc29.x86_64
                   CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes
                   https://bugzilla.redhat.com/show_bug.cgi?id=1649017
                   CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c
                   https://bugzilla.redhat.com/show_bug.cgi?id=1652656
                 FEDORA-2018-f467c36c2b  Moderate   git-core-2.19.2-1.fc29.x86_64
                   CVE-2018-19486 git: Improper handling of PATH allows for commands to executed from current directory
                   https://bugzilla.redhat.com/show_bug.cgi?id=1653143
           Diff: 67 upgraded, 1 removed, 16 added
```

Including the CVE name and RHBZ link also makes it easier to look for
more details if desired.

Closes: #1695
Approved by: rfairley
2018-12-05 18:56:49 +00:00
Jonathan Lebon
51d48db235 tests/utils/updateinfo: Rename function
Use a better function name for the shallow copy we do in
`copy_update_no_cols()`. Also add a better comment.

Closes: #1695
Approved by: rfairley
2018-12-05 18:56:49 +00:00
Jonathan Lebon
e7d256b4c8 tests/utils/updateinfo: Assuage flake8
Closes: #1695
Approved by: rfairley
2018-12-05 18:56:49 +00:00
Jonathan Lebon
140704c105 daemon/transaction-types: Fix dnf cache override
Minor regression from #1587. There were places that were still doing
`dnf_context_set_cache_age()` manually, but those calls didn't exactly
have the intended effect since the core now handled caching itself.

The actual result was that the metadata was still being updated, but not
during the `dnf_repo_check` pass that the core does, but rather the
`Importing rpm-md` pass it does right after. So then, we were
incorrectly printing `(cached)` even though we'd update it afterwards.

Switch to the new way of doing things.

Closes: #1686
Approved by: cgwalters
2018-11-26 23:39:44 +00:00
Jonathan Lebon
ed2fefad85 Move reset out of experimental
This is relatively uncontroversial functionality that has already proved
useful when helping folks debug their stuff. Let's promote it to the
stable interface.

Closes: #1682
Approved by: rfairley
2018-11-22 20:47:50 +00:00
Jonathan Lebon
17359bc0cc core: Tweak "Importing" messages
To make it more obvious what the difference between "Importing metadata"
and "Importing" is, add "rpm-md" to the first and "packages" to the
second.

Closes: #1681
Approved by: cgwalters
2018-11-21 13:54:35 +00:00