Commit Graph

3553 Commits

Author SHA1 Message Date
dependabot[bot]
c566e51c4a build(deps): bump cxx from 1.0.32 to 1.0.33
Bumps [cxx](https://github.com/dtolnay/cxx) from 1.0.32 to 1.0.33.
- [Release notes](https://github.com/dtolnay/cxx/releases)
- [Commits](https://github.com/dtolnay/cxx/compare/1.0.32...1.0.33)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-22 15:12:01 -04:00
Timothée Ravier
f186840309 docs: Update instructions to disable countme
Focus on the timer disabling and add a note for the existing libdnf
issue until it is resolved:
https://github.com/rpm-software-management/libdnf/issues/1174
2021-03-22 14:08:23 -04:00
dependabot[bot]
03ab3712ff build(deps): bump system-deps from 3.0.0 to 3.1.0
Bumps [system-deps](https://github.com/gdesmott/system-deps) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/gdesmott/system-deps/releases)
- [Commits](https://github.com/gdesmott/system-deps/compare/v3.0.0...v3.1.0)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-22 14:06:13 -04:00
dependabot[bot]
e15dba0fd8 build(deps): bump cxx-build from 1.0.32 to 1.0.33
Bumps [cxx-build](https://github.com/dtolnay/cxx) from 1.0.32 to 1.0.33.
- [Release notes](https://github.com/dtolnay/cxx/releases)
- [Commits](https://github.com/dtolnay/cxx/compare/1.0.32...1.0.33)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-22 12:58:12 -04:00
Jonathan Lebon
5d5f1d498d lockfile: Make packages optional
Now that `source-packages` is supported, we should allow a lockfile to
not specify a `packages` field at all. So make it optional.

We still require at least one of the two fields to be specified.
2021-03-22 12:57:49 -04:00
Jonathan Lebon
7979e250ee lockfile: Allow locking by source RPM EVR
Right now if we want to lock e.g. systemd, we need to specify every
subpackage of systemd that we use. This is a lot of duplication because
in the majority of cases, what we really mean is "lock at this build of
systemd".

Since RPMs bake in the source RPM they were built from, we can use this
to lock packages more succinctly. See the testcase and #2676 for
examples of how this looks.

Closes: https://github.com/coreos/rpm-ostree/issues/2676
2021-03-22 12:57:49 -04:00
Jonathan Lebon
c55037c3fd
Merge pull request #2683 from coreos/dependabot/cargo/libc-0.2.90
build(deps): bump libc from 0.2.88 to 0.2.90
2021-03-22 12:55:42 -04:00
Jonathan Lebon
4a9dc21d0e
Merge pull request #2679 from cgwalters/more-ostree-sys 2021-03-22 12:18:01 -04:00
Jonathan Lebon
9dee0962a1
Merge pull request #2685 from cgwalters/bwrap-rs-prep
kernel: Avoid using bwrap child setup
2021-03-22 12:15:31 -04:00
Jonathan Lebon
515ef9acf8
Merge pull request #2686 from cgwalters/more-postprocess-rs-4
postprocess: Migrate `mutate-os-release` to Rust
2021-03-22 12:09:32 -04:00
dependabot[bot]
d17893187c
build(deps): bump libc from 0.2.88 to 0.2.90
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.88 to 0.2.90.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.88...0.2.90)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-22 15:42:04 +00:00
Jonathan Lebon
3f0cde9f65
Merge pull request #2687 from cgwalters/bump-openat
Cargo.lock: Bump openat
2021-03-22 11:40:50 -04:00
Colin Walters
25159e1658 Cargo.lock: Bump openat
To pull in https://github.com/tailhook/openat/pull/36
so we can update libc.
2021-03-22 13:44:27 +00:00
Colin Walters
61e7d6a37f postprocess: Migrate mutate-os-release to Rust
Required binding a bit more of the bwrap bits.
2021-03-22 13:06:46 +00:00
Luca BRUNO
6905254344 passwd: optimize validation logic
This improves users/groups validation logic by avoiding spurious
allocations, and by optimizing lookups through an hashset.
2021-03-22 09:02:01 -04:00
Luca BRUNO
42d86d6895 libpriv/passwd: move pre-commit validation hooks to Rust
This moves the users/groups validation logic to Rust, taking care of
all the treefile check-passwd/check-groups knobs.
As all the passwd-handling logic has been ported to Rust, it also
drops the stale C source/headers/imports.
2021-03-22 09:02:01 -04:00
Colin Walters
ae881b991b kernel: Avoid using bwrap child setup
Prep for porting rpmostree-bwrap.cxx to Rust; cxx-rs doesn't
expose passing a function pointer from C++ to Rust.  There's
a simpler API for this anyways.
2021-03-22 13:00:27 +00:00
Colin Walters
8d30a82e0c rust/ostree-host: Add README.md and license files
In preparation for splitting to a new repo.
2021-03-19 18:13:35 +00:00
Colin Walters
41357a730a rust/ostree-host: Add SysrootExt trait
This currently just adds a reimplementation of a new API that's
already in C upstream, but the plan is to add more Rust-only APIs in
the future here.
2021-03-19 18:13:11 +00:00
Colin Walters
da9b64cd44 rust: Factor out an ostree-host crate
In preparation for publishing this to crates.io and moving
into e.g. github.com/ostreedev/ostree-host-rs

So that ostree upstream can move forward with more Rust on the
"top level".
2021-03-19 13:44:01 -04:00
Jonathan Lebon
6844adff23
Merge pull request #2674 from cgwalters/more-postprocess-rs-3 2021-03-18 14:58:59 -04:00
Colin Walters
ae3c1bc9a7 compose: Move remove-files code to Rust
More oxidation.
2021-03-18 18:05:34 +00:00
Colin Walters
7f9129d67d compose: Move mutate-os-release string code to Rust
More classic C string manipulation which is much nicer in Rust
2021-03-18 18:05:34 +00:00
Colin Walters
5dafd7f75d treefile: Add an allow(dead_code)
I assume this will be used soon.
2021-03-17 21:21:09 +00:00
dependabot[bot]
4a19f03eba build(deps): bump libdnf from 4f321ce to 5d45a79
Bumps [libdnf](https://github.com/rpm-software-management/libdnf) from `4f321ce` to `5d45a79`.
- [Release notes](https://github.com/rpm-software-management/libdnf/releases)
- [Commits](4f321cedb9...5d45a795b3)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-17 16:54:48 -04:00
Colin Walters
02f15aac82 ci: Add a Github Action for Rust lints
I'd like to move `cargo fmt` checking out of Jenkins; among
other things, GH actions are *much* faster and nicer for this.
This leaves Jenkins to be more heavyweight testing.
2021-03-17 16:42:28 -04:00
Colin Walters
27aa81beaf rust: Fix minor clippy warnings 2021-03-17 16:42:28 -04:00
Luca Bruno
0827b41ebf
Merge pull request #2673 from lucab/ups/treefile-ids
treefile: tweak check-passwd/check-groups data
2021-03-17 19:33:36 +00:00
Luca BRUNO
c5f2c58f58
rust/treefile: tweak check-passwd/check-groups data
This tweaks the data and types parsed from `check-passwd` and
`check-groups`, so that it can be more easily iterated and
consumed by passwd-handling logic.
2021-03-17 18:25:46 +00:00
Jonathan Lebon
d24f7bbe55
Merge pull request #2670 from cgwalters/release
Release 2021.3
2021-03-17 10:09:09 -04:00
Colin Walters
4b2aa02e50 Release 2021.3 2021-03-17 13:16:06 +00:00
Luca Bruno
b5d6b8266c
Merge pull request #2669 from cgwalters/more-postprocess-rs-2
More postprocess rs 2
2021-03-17 09:01:29 +00:00
Colin Walters
4c5bb4f216 Move units and default-target processing to Rust
More oxidation.
2021-03-16 23:44:55 +00:00
Colin Walters
ef931e20b0 rust/composepost: Cleanup Treefile import
This reads much more cleanly.
2021-03-16 23:28:27 +00:00
Colin Walters
1c5c8fa9c5 postprocess: Remove redundant renames of etc -> usr/etc
Now that we've shrunk this code, two bits that
require renaming `etc` are adjacent and we don't need to rename
it twice.
2021-03-16 23:24:22 +00:00
Colin Walters
9ee27a61ca postprocess: Move rpmdb symlink to Rust
More oxidation.
2021-03-16 23:20:02 +00:00
Timothée Ravier
5d5ccf019f Install a temporary copy of rpm-ostree for unprivileged use
Install a copy of rpm-ostree as rpm-ostree-unpriv to get a `bin_t`
labeled binary as a temporary workaround for:
https://bugzilla.redhat.com/show_bug.cgi?id=1937404

Also modify the rpm-ostree count me service to use that binary.
2021-03-16 19:07:20 -04:00
Timothée Ravier
f7fd114f11 rpm-ostree-countme.timer: Fix AccuracySec and add OnBootSec
* Use OnBootSec=5m to give a chance for the timer to trigger on the
    first week the system is booted up.
  * Use '1s' for AccuracySec as this is accurate enough for this use
    case.
2021-03-16 19:07:20 -04:00
Timothée Ravier
d7851563f1 countme: Refuse to run as root
We do not need root privileges and should only be started via the system
service unit so avoid mistake by verifying that on startup.
2021-03-16 19:07:20 -04:00
Timothée Ravier
3929e38ac0 Remove rpm-ostree sysusers config 2021-03-16 19:07:20 -04:00
Colin Walters
fad4ff66c3 postprocess: Use a single entrypoint to Rust
It's a bit silly to have a two bridged functions here; instead
have just a single one on the C++ side that calls multiple
on the Rust side.

Prep for moving more to Rust.
2021-03-16 22:19:53 +00:00
Jonathan Lebon
eb1069928a
Merge pull request #2667 from cgwalters/progress-cleanup 2021-03-16 16:41:30 -04:00
Colin Walters
6eb3caf9a9 Add Rust progress task wrapper
The manual `std::mem::drop()` bits are ugly; while we can do
function pointers from Rust to C++, let's just add the obvious
high level wrapper in Rust that accepts a `FnOnce()`.

Note in one instance we directly pass a function pointer which
is quite clean.
2021-03-16 14:54:26 +00:00
Colin Walters
531907af90 rust: Rename progress.rs to console_progress.rs
To clarify it's effectively only a backend for our higher
level output abstraction.
2021-03-16 14:50:30 +00:00
Jonathan Lebon
acc3aa1ac7
Merge pull request #2657 from cgwalters/live-tmpfiles
rust: Introduce systemd-run based isolation mod, use in live
2021-03-16 09:13:19 -04:00
Luca Bruno
35c31205a6
Merge pull request #2664 from cgwalters/postprocess-rs-more
Various postprocess oxidation patches
2021-03-16 08:47:11 +00:00
Colin Walters
f90124f363 composepost: Clean up imports
From review comments.
2021-03-15 22:24:23 +00:00
Colin Walters
9126831b8b rust: Introduce systemd-run based isolation mod, use in live
I was thinking about privilege separation today with
systemd units, and that led me to the problem of "lifecycle binding".
We really want e.g. `systemctl stop rpm-ostreed` to kill any
separate systemd units we're managing.

systemd already has a mechanism for this with `BindsTo=`.

And then I realized we weren't doing this for the systemd-tmpfiles
invocations in the `live.rs` code.

Generalize this into a small `isolation` module that fixes this
and several other things at the same time.  I'd like to build
on this to further improve our multi-process isolation story
later.
2021-03-15 21:06:13 +00:00
Luca BRUNO
efb50f5cc1 passwd: minor cleanups
This contains a couple of minor code cleanups, left over from previous
reviews.
2021-03-15 15:32:44 -04:00
Jonathan Lebon
c41adb0ad2
Merge pull request #2648 from cgwalters/deployment-status-cleanup
Move some small daemon layering lookup into Rust
2021-03-15 14:11:56 -04:00