keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,204 Commits 1 Branch 0 Tags 12 MiB
cba87eaf87
Commit Graph

5 Commits

Author SHA1 Message Date
Jonathan Lebon
821d2e1a46 tests/compose: Check filecaps of arping instead of ping 
In f32, ping is no longer privileged since it ships with the sysctl for
`ping_group_range` which allows unpriv pings. Check the file caps of
arping instead, which does still use them.
 2020-10-14 03:44:19 +02:00
Colin Walters
456a3ec7c2 compose: Add rpmdb option, default to bdb 
The design of https://fedoraproject.org/wiki/Changes/Sqlite_Rpmdb
is problematic for us for multiple reasons.  The first big reason
is that rpm-ostree is designed for "cross" builds and e.g. today
we use a Fedora-derived container to build RHEL CoreOS images.

However the default database lives inside the `rpm` package which
means that if we e.g. upgrade the coreos-assembler container to F33
it will suddenly try to use sqlite for RHCOS which is obviously broken.

Related to this, rebases from f32 to f33 w/layered packages
are broken: https://bugzilla.redhat.com/show_bug.cgi?id=1876194#c3

With this we can configure things to continue to use bdb for f33
for ostree-based systems, so that by enforcing an upgrade order
f32 → f33 [bdb] → f34 [sqlite] ... the intermediate f33 w/bdb
still understands sqlite and hence rebases will work.
 2020-09-11 10:06:28 -04:00
Colin Walters
d29627ca6e postprocess: Add a symlink /usr/lib/sysimage/rpm to the rpmdb 
Following on to:

- http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html
- https://github.com/coreos/rpm-ostree/pull/1142/
- https://github.com/openSUSE/libsolv/pull/386

Write a symlink in `/usr/lib/sysimage/rpm` pointing to our current
`/usr/share/rpm` - this way clients can start looking for it there,
and then at some point we'll flip the symlink around and
have `/usr/share/rpm` pointing to the new location.

(Doing a hard swap now has upgrade implications)
 2020-07-08 03:30:15 +02:00
Jonathan Lebon
9daea46d66 tests/compose: Target FCOS 31, move off of PAPR 
Again, a lot going on here, but essentially, we adapt the compose tests
to run either privileged or fully unprivileged via supermin, just like
cosa.

I actually got more than halfway through this initially using `cosa
build` directly for testing. But in the end, we simply need more
flexibility than that. We want to be able to manipulate exactly how
rpm-ostree is called, and cosa is very opinionated about this (and may
also change from under us in the future).

(Another big difference for example is that cosa doesn't care about
non-unified mode, whereas we *need* to have coverage for this until we
fully kill it.)

Really, the most important bit we want from there is the
unprivileged-via-supermin bits. So we copy and adapt that here. One
obvious improvement then is sharing this code more easily (e.g. a
`cosa runasroot` or something?)

However, we still use the FCOS manifest (frozen at a specific tag). It's
a realistic example, and because of the lockfiles and pool, we get good
reproducibility.
 2020-01-08 16:42:54 +01:00
Jonathan Lebon
462a389b3a tests/compose: Move files around 
This is mostly cosmetic, though I want the test layout to mirror what we
do for `vmcheck`.
 2020-01-08 16:42:54 +01:00