Commit Graph

982 Commits

Author SHA1 Message Date
James Antill
504d3885bb db: Fix version output formatting 2015-01-08 00:23:02 -05:00
Colin Walters
61a288fa0d Rework passwd/group migration to deduplicate
Due to an intersection of #79 and #69, we ended up continually
accumulating copies in /usr/lib/{passwd,group}.  The fix here is to
deduplicate when constructing the temporary /etc/passwd that the RPM
install will operate on.

Closes: https://github.com/projectatomic/rpm-ostree/issues/92
2015-01-07 17:52:22 -05:00
Colin Walters
60b279ce48 compose: Move the passwd/group migration code to passwd-util
Pure code motion; no functional changes.  Trying to get all of the
passwd/group code in the same place so I can fix bugs in the
interaction between them more easily.
2015-01-07 17:52:07 -05:00
Colin Walters
a960c6ed9d Merge pull request #91 from cgwalters/hoist-previous-tree-read
compose: Raise up the code to read the previous (OSTree) commit
2015-01-07 17:50:28 -05:00
Colin Walters
3c55021a72 compose: Raise up the code to read the previous (OSTree) commit
I'm planning to replace the caching code with something that inspects
the previous commit rather than a lookaside cache, so raise this code
up to a higher level.
2015-01-07 12:31:10 -05:00
Colin Walters
85414e4119 Merge pull request #89 from cgwalters/metadata-builder
compose: Convert metadata handling into builder
2015-01-07 10:38:32 -05:00
Colin Walters
ccd6bedac4 compose: Convert metadata handling into builder
We're going to start adding our own metadata, so take this initial
step of having the user-specified metadata accumulated into a builder.
2015-01-07 10:35:56 -05:00
Colin Walters
2e5962b6aa Merge pull request #87 from cgwalters/previous-etc-passwd-continued
compose: Fix lookup of previous /etc/passwd
2015-01-07 08:01:34 -05:00
Colin Walters
5345c85642 compose: Fix lookup of previous /etc/passwd
I swear I tested this, but anyways
https://github.com/projectatomic/rpm-ostree/pull/79
wasn't quite right.  We need to look at /usr/etc/{passwd,group}
for previous data.

We happily noticed there was no /etc/passwd in the tree, then
proceeded to do the merge and split again, with the result
of an empty /usr/etc/passwd in the new tree.

That in turn resulted in an empty /etc/passwd in an installed system,
i.e. with no "root" user, with obvious bad consequences, namely in my
case crashing Anaconda.

(Yes, I will write a testsuite for this)
2015-01-06 22:10:56 -05:00
Colin Walters
d6b692660b Merge pull request #86 from cgwalters/cleanup-cleanup-again
Cleanup cleanup again
2015-01-06 15:03:19 -05:00
Colin Walters
aefc0f99f9 Use gs_fd_close instead of internal _cleanup_close_
Another one that's now in libgsystem 2014.3.
2015-01-06 09:29:55 -05:00
Colin Walters
22ac2dfd1f Use gsystem GKeyFile cleanups
This is now in 2014.3.
2015-01-06 09:28:29 -05:00
Colin Walters
8e7c75968d Merge pull request #84 from cgwalters/fd-relative-xattrs
compose: Use *at() relative lookups for xattrs
2015-01-06 09:11:37 -05:00
Colin Walters
4875b1e8f9 compose: Use *at() relative lookups for xattrs
This matches recent work in OSTree to use *at() - it's faster and less
prone to error.  In the case of directories which are mutable by
processes in different security domains, it's more secure too.  (That's
not the case here though).
2015-01-05 08:02:07 -05:00
Colin Walters
55da2db452 Merge pull request #82 from cgwalters/version-bug
postprocess: Don't g_critical if previous commit doesn't have version
2015-01-04 13:00:39 -05:00
Colin Walters
6d9e4e08d7 postprocess: Don't g_critical if previous commit doesn't have version
I sometimes run "rpm-ostree compose tree" directly, mainly so I can
use gdb and/or nonstandard options.  In this case I don't get
version numbers injected.

That happens to trigger a bug in this code.
2015-01-03 22:19:26 -05:00
Colin Walters
526958ac85 Merge pull request #79 from cgwalters/wip/preserve-passwd
compose: Support "preserve-passwd" option (enabled by default)
2014-12-24 12:17:18 -05:00
Colin Walters
f9e9c06648 compose: Support "preserve-passwd" option (enabled by default)
The checking code from #56 landed, and started triggering for me on
the `dockerroot` user. It's nice to know it works. Then the issue
is... "what now"?

It turns out in the case of `dockerroot` it's actually unused, so we
could fix this by deleting it. But in general we need to support
dynamic uids/gids/. And we can't yet take a hard dep on #49.

So this patch changes things so we take a copy of the passwd/group
data from the previous commit.  Any users subsequently added in the
*new* commit will be additive.

Closes: https://github.com/projectatomic/rpm-ostree/issues/78
2014-12-23 16:28:53 -05:00
Colin Walters
fc1a4b05fa tests/jsonutil: New test
Adding some basic coverage of the json parsing.
2014-12-19 10:47:55 -05:00
Colin Walters
fee9f48409 tests: Enable glib-tap.mk
These files were taken from json-glib, around the era of this commit:

https://git.gnome.org/browse/json-glib/tree/build/autotools?id=2779d537492f1902d71cf648631238110b62b311

Unfortunately, this involved hacking it up a bit:
 - I couldn't easily use `nobase` for the data, so I deleted that.
   Test data goes in the installed-tests dir.
 - Delete duplicated predeclared variables; we're using nonrecursive
   make.
 - Ensure we run each test in its own tmpdir
2014-12-19 10:47:55 -05:00
Colin Walters
f93cb5bcc5 buildutil: Import some test helpers from json-glib
Not actually used yet; we'll need to modify these in subsequent
commits, but this is the starting point.  Future commits will
therefore have a useful diff.  Even if admittedly it's unlikely
they'll re-unify in the near future.
2014-12-19 10:47:55 -05:00
Matthew Barnes
31cd8297e7 Merge pull request #77 from mbarnes/pull-progress
Use ostree_repo_pull_default_console_progress_changed()
2014-12-18 23:02:26 -05:00
Matthew Barnes
7b36814441 Use ostree_repo_pull_default_console_progress_changed()
Remove redundant function _rpmostree_pull_progress().

Bumped ostree requirement to 2014.13, but this isn't quite right because
we actually need (unreleased) 2014.14.  Post-release version bumps would
be useful here.
2014-12-18 21:37:22 -05:00
James Antill
855ab9ad01 compose: Add check-passwd/group JSON options, fails compose if uids/gids change
Verify uid/gid on files, directories and symlinks
Just output a msg when user/group is removed with no files

json-parsing: Add functions for strictly dealing with ints
passwd/json: Add simple scripts to convert passwd/group files to json data

docs: Check-passwd/groups and ignore-remove-users/groups JSON config. entries
2014-12-18 16:59:33 -05:00
Colin Walters
58e5089f09 Merge pull request #71 from cgwalters/s-update-upgrade
upgrade: s/update/upgrade/ in text
2014-12-18 14:05:07 -05:00
Ed Santiago
f8badc8c69 status: Show version field if any commits have versions
It is confusing if you pull from an unversioned tree and suddenly
status loses versions.  This comes at a cost of increased horizontal
space.

Closes #73
From #74
2014-12-15 17:54:55 -05:00
Matthew Barnes
2c833a1a72 Merge pull request #72 from mbarnes/fix-db-version 2014-12-11 09:38:41 -05:00
Matthew Barnes
5973ea42d7 Fix error handling in rpmhdrs_rpmdbv()
Letting GErrors pile up is wrong; either exit the function or clear the
GError (perhaps with a console warning).

In this case we tolerate missing database files (because users are free
to delete them), and build the checksum from whatever data is available.
Seems weird, but that's how I'm told it's meant to work.  Bail out on
any other type of error.
2014-12-10 11:09:01 -05:00
Colin Walters
dc2a126acd upgrade: s/update/upgrade/ in text
The command name is upgrade, so use that term consistently.

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1163989
2014-12-05 13:33:37 -05:00
Colin Walters
979e88432a Release 2014.114 2014-12-05 12:00:27 -05:00
Colin Walters
3e84cb249a postprocess: Write preserved groups to *both* /etc/group and /usr/lib/group
Otherwise, upgraded systems which have modified /etc/group (by e.g.
adding a human user), will actually see the group drop out with bad
consequences.

It's harmless to have it in both, /etc will override /usr.

Fixes #67
2014-12-05 11:36:42 -05:00
Colin Walters
1da351d088 db list: Fix command line parsing regression
This broke with https://github.com/projectatomic/rpm-ostree/pull/64 I
believe.

The argument parsing here was rather hairy, and I think this patch
clarifies things, in addition to fixing the bug.
2014-12-03 19:07:44 -05:00
Colin Walters
3a41c65c8a treecompose: Add initramfs-args to treefile
We're building generic initramfs images on the server side, but dracut
has logic to pick up some things from the host, like filesystems.

In the absence of host-specific initramfs images, it needs to be up to
the generating system what kernel modules end up in the initramfs.
Provide a generic option to passthrough dracut arguments.
2014-12-02 17:12:34 -05:00
Matthew Barnes
99f9bc3fc7 Merge pull request #64 from mbarnes/rpm2db 2014-12-01 20:04:38 -05:00
Matthew Barnes
b8c26805d3 Split up rpmostree-builtin-db.c
As a followup to renaming the "rpm" command to "db", split the "db"
subcommands into separate source files in the style of "ostree admin"
and "rpm-ostree compose".

Also create rpmostree-rpm-util.[ch] as a place for common rpm-related
functions needed by the "db" subcommands.

No intentional functional changes here, just a bunch of copy-n-paste
and minor cleanup.
2014-12-01 20:03:12 -05:00
Matthew Barnes
8336e504e1 Rename "rpm" command to "db"
Eliminates some confusion between "rpm-ostree rpm" (or "atomic rpm")
commands versus actual "rpm" commands.

The "rpm" subcommand is retained as a hidden alias for the "db"
subcommand for backward-compatibility.  It is not listed in --help
output.

Fixes #22
2014-12-01 20:03:11 -05:00
Matthew Barnes
0d4146ef31 Merge pull request #61 from mbarnes/parsing
Thanks for the invite!
2014-12-01 10:51:25 -05:00
Matthew Barnes
b827a398a7 RpmOstreeCommand: Remove unused 'flags' member
There are currently no command flags defined, but if we need any they
would likely be passed to the custom GOptionContext parse function as
in OSTree.
2014-12-01 09:25:53 -05:00
Matthew Barnes
ae37329f99 Remove some unnecessary function parameters
Starting with pkg_yumdb_strdup(), the GError parameter is unused and
therefore (arguably) the GCancellable parameter is also not needed.
Remove them both, and clean up other functions that now have unused
parameters as a result.

Note that none of the callers of these functions were checking for
errors anyway.
2014-12-01 09:25:53 -05:00
Matthew Barnes
2d21a9a621 Refactor command-line parsing for "rpm" command.
Similar to the previous commit, but the "rpm" command needed some extra
attention.

I stopped short of splitting the subcommands into separate files (like
for "compose"), but refactored the parsing as though they were separate.
2014-12-01 09:25:53 -05:00
Matthew Barnes
9b413dad5d Refactor command-line parsing.
Refactor command-line parsing to better utilize GOptionContext.  This
eliminates most of the manual parsing and global options are now shown
in the help output.

Some of the changes here are not strictly necessary for rpm-ostree,
but are done for consistency with ostree's command-line parsing.

The "rpm" subcommand needs some extra attention, so that's been split
into a separate commit.
2014-12-01 09:25:53 -05:00
Matthew Barnes
a7b04e2276 Simple help output corrections. 2014-12-01 09:24:21 -05:00
Kenjiro Nakayama
c62ad4d691 Show capability list with --version option 2014-11-26 14:09:15 -05:00
Colin Walters
3ffbaf3031 Release 2014.113 2014-11-25 13:35:44 -05:00
Colin Walters
308c994d82 libcontainer: Fix inverted logic
=/

Originally it was "container_disabled" but the double negatives
started being awkward, I missed converting this negation.

This should really make us work again on RHEL6.
2014-11-24 21:53:25 -05:00
Kenjiro Nakayama
7520570a7a docs: Update sample treefile example and add example repo file 2014-11-24 17:52:58 -05:00
Colin Walters
874c9f9620 Release 2014.112 2014-11-23 21:51:03 -05:00
Colin Walters
4f01e7b63c postprocess: Make use of _prefix_error for format printing
Followup from https://github.com/projectatomic/rpm-ostree/pull/55
2014-11-21 13:18:45 -05:00
Colin Walters
389c36ab7c postprocess: Use run_sync_in_root() for other subprocesses
Let's use these new libcontainer bits instead of invoking chroot().
It's stronger security.
2014-11-21 13:16:49 -05:00
Colin Walters
901917ff85 compose: Introduce a little 'libcontainer', use it for the post script
The current motivation for this is that

https://github.com/fedora-infra/fedmsg-atomic-composer

started using mock --new-chroot (which uses systemd-nspawn) to run
rpm-ostree, which in turn uses systemd-nspawn to run the post script.
Now systemd-nspawn is not really nestable (it wants to link up
journald, resolv.conf handling, etc).

First, dropping nspawn and going to raw containers fixes the nesting
problem.

Second, we don't need all the features of systemd-nspawn.  We are ok
with log messages going to stdout, and we don't use networking, so no
resolv.conf is needed.

Third, this sets a bit of a stage for more sandboxing internally when
run on real systems.  I already have a prototype branch which runs
librepo as an unprivileged user, that could be combined with this for
even stronger security.

Why not use systemd?  Well...I'm still debating that.  But the core
problem is systemd isn't a library in the C sense - to use its
sandboxing features we have to use unit files.  It's harder to have a
daemon that looks like a single service from a management perspective,
but uses sandboxing internally.
2014-11-21 13:16:49 -05:00