Commit Graph

3525 Commits

Author SHA1 Message Date
Luca BRUNO
c5f2c58f58
rust/treefile: tweak check-passwd/check-groups data
This tweaks the data and types parsed from `check-passwd` and
`check-groups`, so that it can be more easily iterated and
consumed by passwd-handling logic.
2021-03-17 18:25:46 +00:00
Jonathan Lebon
d24f7bbe55
Merge pull request #2670 from cgwalters/release
Release 2021.3
2021-03-17 10:09:09 -04:00
Colin Walters
4b2aa02e50 Release 2021.3 2021-03-17 13:16:06 +00:00
Luca Bruno
b5d6b8266c
Merge pull request #2669 from cgwalters/more-postprocess-rs-2
More postprocess rs 2
2021-03-17 09:01:29 +00:00
Colin Walters
4c5bb4f216 Move units and default-target processing to Rust
More oxidation.
2021-03-16 23:44:55 +00:00
Colin Walters
ef931e20b0 rust/composepost: Cleanup Treefile import
This reads much more cleanly.
2021-03-16 23:28:27 +00:00
Colin Walters
1c5c8fa9c5 postprocess: Remove redundant renames of etc -> usr/etc
Now that we've shrunk this code, two bits that
require renaming `etc` are adjacent and we don't need to rename
it twice.
2021-03-16 23:24:22 +00:00
Colin Walters
9ee27a61ca postprocess: Move rpmdb symlink to Rust
More oxidation.
2021-03-16 23:20:02 +00:00
Timothée Ravier
5d5ccf019f Install a temporary copy of rpm-ostree for unprivileged use
Install a copy of rpm-ostree as rpm-ostree-unpriv to get a `bin_t`
labeled binary as a temporary workaround for:
https://bugzilla.redhat.com/show_bug.cgi?id=1937404

Also modify the rpm-ostree count me service to use that binary.
2021-03-16 19:07:20 -04:00
Timothée Ravier
f7fd114f11 rpm-ostree-countme.timer: Fix AccuracySec and add OnBootSec
* Use OnBootSec=5m to give a chance for the timer to trigger on the
    first week the system is booted up.
  * Use '1s' for AccuracySec as this is accurate enough for this use
    case.
2021-03-16 19:07:20 -04:00
Timothée Ravier
d7851563f1 countme: Refuse to run as root
We do not need root privileges and should only be started via the system
service unit so avoid mistake by verifying that on startup.
2021-03-16 19:07:20 -04:00
Timothée Ravier
3929e38ac0 Remove rpm-ostree sysusers config 2021-03-16 19:07:20 -04:00
Colin Walters
fad4ff66c3 postprocess: Use a single entrypoint to Rust
It's a bit silly to have a two bridged functions here; instead
have just a single one on the C++ side that calls multiple
on the Rust side.

Prep for moving more to Rust.
2021-03-16 22:19:53 +00:00
Jonathan Lebon
eb1069928a
Merge pull request #2667 from cgwalters/progress-cleanup 2021-03-16 16:41:30 -04:00
Colin Walters
6eb3caf9a9 Add Rust progress task wrapper
The manual `std::mem::drop()` bits are ugly; while we can do
function pointers from Rust to C++, let's just add the obvious
high level wrapper in Rust that accepts a `FnOnce()`.

Note in one instance we directly pass a function pointer which
is quite clean.
2021-03-16 14:54:26 +00:00
Colin Walters
531907af90 rust: Rename progress.rs to console_progress.rs
To clarify it's effectively only a backend for our higher
level output abstraction.
2021-03-16 14:50:30 +00:00
Jonathan Lebon
acc3aa1ac7
Merge pull request #2657 from cgwalters/live-tmpfiles
rust: Introduce systemd-run based isolation mod, use in live
2021-03-16 09:13:19 -04:00
Luca Bruno
35c31205a6
Merge pull request #2664 from cgwalters/postprocess-rs-more
Various postprocess oxidation patches
2021-03-16 08:47:11 +00:00
Colin Walters
f90124f363 composepost: Clean up imports
From review comments.
2021-03-15 22:24:23 +00:00
Colin Walters
9126831b8b rust: Introduce systemd-run based isolation mod, use in live
I was thinking about privilege separation today with
systemd units, and that led me to the problem of "lifecycle binding".
We really want e.g. `systemctl stop rpm-ostreed` to kill any
separate systemd units we're managing.

systemd already has a mechanism for this with `BindsTo=`.

And then I realized we weren't doing this for the systemd-tmpfiles
invocations in the `live.rs` code.

Generalize this into a small `isolation` module that fixes this
and several other things at the same time.  I'd like to build
on this to further improve our multi-process isolation story
later.
2021-03-15 21:06:13 +00:00
Luca BRUNO
efb50f5cc1 passwd: minor cleanups
This contains a couple of minor code cleanups, left over from previous
reviews.
2021-03-15 15:32:44 -04:00
Jonathan Lebon
c41adb0ad2
Merge pull request #2648 from cgwalters/deployment-status-cleanup
Move some small daemon layering lookup into Rust
2021-03-15 14:11:56 -04:00
Colin Walters
a0acdb596d Move writing /usr/share/rpm-ostree/treefile.json to Rust
More oxidation.  Also with a quick unit test now.
2021-03-15 13:18:57 +00:00
Colin Walters
9ad499ffd3 Move units/machineid-compat checking to treefile in Rust
More oxidation.
2021-03-15 13:18:57 +00:00
Colin Walters
3e856cb3be postprocess: Move treefile externals sanitycheck to Rust
This code really makes sense as a method on the treefile.

And when that's done, we no longer need to expose
`get_postprocess_script()` via cxx, so we can return a nicely
Rust native `Option<&mut File>`.
2021-03-15 13:18:57 +00:00
Colin Walters
62b47c64c6 postprocess: Move add-files handling to Rust
Port add-files handling to Rust.

Note that there's one very magical line of diff here worth calling out:
We dropped an interface from the cxxrs bridge, because both sides
are now Rust!  The treefile code can directly return an `&mut File` reference
instead of needing to pass the raw fd as `i32`.
2021-03-15 13:18:57 +00:00
Colin Walters
ac92456bdd postprocess: Move script execution to Rust
Continuing oxidation.
2021-03-15 13:18:57 +00:00
Colin Walters
1b3bdc243e Move high level bwrap postprocess interface to C++
A future patch will then expose this interface via cxxrs, allowing
us to port more of the postprocess.cxx code to Rust.
2021-03-15 13:18:57 +00:00
Luca Bruno
da33222b95
Merge pull request #2663 from coreos/dependabot/cargo/curl-0.4.35
build(deps): bump curl from 0.4.34 to 0.4.35
2021-03-15 09:09:25 +00:00
Luca Bruno
5f77492e96
Merge pull request #2662 from coreos/dependabot/cargo/paste-1.0.5
build(deps): bump paste from 1.0.4 to 1.0.5
2021-03-15 09:06:56 +00:00
Luca Bruno
9deeeedc5d
Merge pull request #2660 from cgwalters/postprocess-rs-nsswitch
Oxidize postprocessing `altfiles` addition to `/etc/nsswitch.conf`
2021-03-15 08:32:05 +00:00
dependabot[bot]
8d36bebbfc
build(deps): bump curl from 0.4.34 to 0.4.35
Bumps [curl](https://github.com/alexcrichton/curl-rust) from 0.4.34 to 0.4.35.
- [Release notes](https://github.com/alexcrichton/curl-rust/releases)
- [Commits](https://github.com/alexcrichton/curl-rust/compare/curl-sys-0.4.34...curl-sys-0.4.35)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-15 06:51:50 +00:00
dependabot[bot]
87adbc1627
build(deps): bump paste from 1.0.4 to 1.0.5
Bumps [paste](https://github.com/dtolnay/paste) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/dtolnay/paste/releases)
- [Commits](https://github.com/dtolnay/paste/compare/1.0.4...1.0.5)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-15 06:51:41 +00:00
Colin Walters
c675b385c7 Oxidize postprocessing altfiles addition to /etc/nsswitch.conf
The ugly C code for this turns into shorter Rust with a unit
test, a lot less allocation (notice how we don't malloc `NUL` terminated
strings in so many places).
2021-03-12 23:10:33 +00:00
Colin Walters
aa64df080d daemon: Fix serialization of unlocked state
It turns out there's a naming clash between `to_string()` here in
Rust *and* introspection is incorrectly associating the method
with `ostree::Deployment` because of the naming prefix.
2021-03-12 18:01:47 -05:00
Colin Walters
f6f6ac5ff3 ci: Add composepost-checks.sh, drop a compose test
The compose tests are expensive; each run involves running
all the `%post` scripts and `dracut` etc.  This is definitely
a source of timeouts in CCI.

Remove `test-boot-location-modules.sh` - it's the default
now and is used by FCOS.  Add dedicated script where we can
test all these things by default after a `cosa build`.

This aims to move the compose tests to only cover bits *not*
in cosa like the non-unified-core path.
2021-03-12 15:53:01 -05:00
dependabot[bot]
43e6fe265c build(deps): bump libdnf from 27ac987 to 4f321ce
Bumps [libdnf](https://github.com/rpm-software-management/libdnf) from `27ac987` to `4f321ce`.
- [Release notes](https://github.com/rpm-software-management/libdnf/releases)
- [Commits](27ac9873ea...4f321cedb9)

Signed-off-by: dependabot[bot] <support@github.com>
2021-03-12 15:34:04 -05:00
Jonathan Lebon
46f556f437
Merge pull request #2658 from cgwalters/live-no-restart
live: Don't output "services restart" for pure package additions
2021-03-12 09:47:45 -05:00
Jonathan Lebon
ac1c75ef1b
Merge pull request #2655 from cgwalters/doc-live
docs: Add apply-live
2021-03-12 09:40:26 -05:00
Colin Walters
2187ef0f45 live: Don't output "services restart" for pure package additions
If all we're doing is layering new packages, no need to tell
the admin that things may need restarting.
2021-03-11 22:50:07 +00:00
Colin Walters
445af087d6 tests: Drain vmcheck/test-misc-1 into kola/misc.sh
Where I stalled out before is this file has `pkg-add foo`, but
now that we have the `foo` package pre-built we can move all
this stuff into `misc.sh`.

I dropped the YAML parsing of `--version` because we don't
have python.  This is related to
https://github.com/coreos/coreos-assembler/issues/1645
2021-03-11 16:34:07 -05:00
Colin Walters
4a29454ee6 docs: Add apply-live
Continuing the more docs momentum.
2021-03-11 21:32:54 +00:00
Colin Walters
8ec0a3db12 rust: Support context attribute on CxxResult, use it more
Addresses review comment from
https://github.com/coreos/rpm-ostree/pull/2649#discussion_r591784574
and extends it in a few more random places I found that were
using `with_context()`.
2021-03-11 13:03:41 -05:00
Jonathan Lebon
5f17bc5c87 lockfile: Return LockfileConfig rather than Vec<StringMapping>
I don't like the use of `HY_GLOB` in the lockfile package matching. We
have all the information in the Rust object, so it's silly to condense
that to a single string in a hashmap.

Fix this by returning the `LockfileConfig` object itself and then adding
a function to fetch the list of locked packages. This allows the C++
side to see all the individual fields which makes filtering trivial.

The next step is moving all the code which needs the lockfile to Rust.
Then we can drop the shared `LockedPackage` type.

(I did start on converting `find_locked_packages`, though it requires
adding bindings for all the `HyQuery` stuff, which...  isn't great (and
also runs into the fact that `hy_query_run` needs to return a
GPtrArray). I think instead of a 1:1 mapping, we'll probably want the
libdnf-sys API wrappers to provide some sugar for the common paths.)
2021-03-11 00:01:46 +01:00
Jonathan Lebon
c03f5d50a3 lockfile: Drop ror_ prefix
That's a cbindgen-era thing.
2021-03-11 00:01:46 +01:00
Jonathan Lebon
2fedc3b0ac lockfile: Allow specifying EVR rather than EVRA
In FCOS, we use "override" lockfiles to pin packages to certain
versions. Right now, we have separate overrides for each base arch we
(eventually want to) support. But that makes maintaining the overrides
cumbersome because of all the duplication.

Let's allow lockfiles to specify only the `evr` of a package, which is
just as good for FCOS, and means that we'll only have to maintain a
single override file for all the architectures.
2021-03-11 00:01:46 +01:00
Timothée Ravier
775bdfd770 rust: Relicense some GPL-2.0-or-later to Apache-2.0 OR MIT
Explicit sign-off-by from authors:
Signed-off-by: Timothée Ravier <travier@redhat.com>
2021-03-10 21:55:50 +01:00
Colin Walters
95ff12b913 rust: Add and use fn-error-context
Same motivation as https://github.com/coreos/bootupd/pull/163

Effectively what we're doing here is creating a human-readable subset
of the stack trace. This is nicer than having the calling functions
add with_context() because it's more verbose (gets duplicative at
each call site), easy to forget, etc.
2021-03-10 19:56:48 +01:00
Colin Walters
1dc7503838 ci/prow: Install in target cosa, also install and run our tests
This is a major downside of reworking and generating new CI
flows, it's super easy to lose testing what you intend to.

Also, we clearly need to figure out a flow where this is shared
across repos, since I don't want to copy-paste this into e.g. ostree too.
That's https://github.com/coreos/fedora-coreos-tracker/issues/263
2021-03-10 16:58:49 +01:00
Colin Walters
e02fff3d5a Move some small daemon layering lookup into Rust
Prep for more oxidation work.  One notable improvement here is that about half
of the callers of the mega function `rpmostree_deployment_get_layered_info`
only wanted the base information, not the layered package lists
for example - so we were passing 4 `NULL`s to ignore those.

This Rust API returns a simple shared struct instead for those
cases.  I also changed things so that `base_commit` is always
set, avoiding the callers needing to do that.
2021-03-08 23:01:50 +00:00