Commit Graph

11 Commits

Author SHA1 Message Date
Jonathan Lebon
f089b8de1f libpriv/postprocess: also delete semanage lock files
We don't need those in the tree, so let's nuke them. This also fixes
subtle compatibility issues between hardlinks and lock files (see #999).

Closes: #1002
Approved by: cgwalters
2017-09-21 15:28:55 +00:00
Colin Walters
f113fc5e27 Rework treecompose kernel processing
Prep for changing `boot_location: new` to use `/usr/lib/ostree-boot`
and `/usr/lib/modules`.  Rework our kernel postprocessing
so that we unify the `boot_location` handling with initramfs generation.

Instead of doing the initramfs first in postprocessing, we do it nearly last,
after e.g. `etc` is renamed to `usr/etc`. This has some consequences, such as
the fact that `run_bwrap_mutably()` is now called in both situations. In
general, our handling of `etc` is inconsistent, although understandably so.

As part of this, I finally got around to implementing the bit from
https://github.com/systemd/systemd/pull/4174 however suboptimal it is; need the
unified core so we can cleanly ignore the posttrans like we do others.  We
intentionally keep the file around in the generated tree so that installing a
kernel RPM per client doesn't try to do any of this either.

This all gets folded together so that the logic for handling the bootloader gets
simpler - in the Fedora case, we now know to find kernels in `/usr/lib/modules`
and can ignore `/boot`.

Closes: #959
Approved by: jlebon
2017-09-12 14:26:44 +00:00
Colin Walters
213a656ddf postprocess: Unlink our treecompose-post out of the final /bin
Another variant of <https://github.com/projectatomic/rpm-ostree/pull/822> 😭

Closes: #964
Approved by: jlebon
2017-08-31 03:06:11 +00:00
Jonathan Lebon
cf19d83502 ci: unite testsuites and run vmcheck on centos
We can be a bit less wasteful here by merging the check and vmcheck
suites into a single suite. The check suite today takes a negligible
amount of time to run, so we're not gaining much by parallelizing them.
It's more of a sanity check at this point before we start vmcheck.

Also start running vmcheck on CentOS 7. We adapt the ci scripts to
accomodate both Fedora and CentOS target machines.

This commit also switches to Fedora 26 as the primary test base.

Closes: #871
Approved by: cgwalters
2017-07-18 13:58:38 +00:00
Colin Walters
d2bd8500da compose: Add tmp-is-dir option to make /tmp a directory
There are a few reasons to do this. First, systemd changed to refuse mounts on
symlinks, and hence if one *wants* "/tmp-on-tmpfs", one would need to write a
different `sysroot-tmp.mount` unit.

Second, the original rationale for having this symlink was that if you had
multiple ostree stateroots ("osnames"), it's nicer if they had the same `/tmp`
to avoid duplication. But in practice today that's already an issue due to
`/var/tmp`, and further the multiple-stateroot case is pretty unusual. And that
case is *further* broken by SELinux (if one wanted to have e.g. an Ubuntu and
Fedora) stateroots.  So let's fully decouple this and make `/tmp` a plain
old directory by default, so systemd's `tmp.mount` can become useful.

Now, things get interesting for the case where someone wants a physical `/tmp`
that *does* persist across reboots. Right now, if one just did a `systemctl mask
tmp.mount` as we do in Fedora Atomic Host's cloud images, you'd get a semantic
where `/tmp` stays per-deployment, which is weird.  Our recommendation for
that should likely be to set up a bind mount for `/tmp` → `/var/tmp`.

For now, this stays an option to ensure compatibility; if FAH Cloud images
want to stay with "physical /tmp", then we'd have to change the kickstart.

Closes: https://github.com/projectatomic/rpm-ostree/issues/669

Closes: #778
Approved by: jlebon
2017-05-24 17:49:36 +00:00
Colin Walters
69d8bfa042 compose-tests: Consolidate some misc options into test-misc-tweaks.sh
I was about to add another one of these but it feels like a bit
overkill to run through a recompose for trivial tweaks like turning off docs.

We can do a compose with multiple options at once and test the result as a unit,
at least for the smaller/less invasive options.

This change is prep for adding a switch to do `/tmp` as a regular dir.

Closes: #777
Approved by: jlebon
2017-05-18 13:43:15 +00:00
Colin Walters
a05e256177 compose: Delete /usr/etc/passwd- (and the other variants)
There's no point to shipping these backup files in the base tree. We already had
code to delete them for the package layering case where they caused active harm.
At the point we added that code we really should have *also* changed treecompose
to delete them. Better late than never.

The reason I'm doing this now is because having them in the base tree causes `ex
livefs` to spuriously think that layering a package that *doesn't* change `/etc`
as if it does, because the layering code deletes the backup files.

Closes: #693
Approved by: jlebon
2017-03-20 16:35:17 +00:00
Colin Walters
24faf942df compose: Add --add-metadata-from-json
I'd like to embed structured metadata about the originating git
repository.  See [this example](https://pagure.io/fedora-atomic-host-continuous/c/142b12020d7efe18b56d039304efea102a210790?branch=master).  However, I think what we really
want here is a *single* value which has subkeys.

One thing in the back of my mind too is...we could use this to
enhance our "change detection".  Right now we checksum the sack,
treefile, and treecompose-post.  But down the line, I'd
like to support more sophisticated postprocessing, where the
script might reference external files or the like.

In that case, we could stop checksumming the post script, and rely on whether or
not the git repo changed. (This would conversely mean we would do a build even
if e.g. the repo's `README.md` changed, but we can address that with a
post-assemble content check).

Anyways though, for now, this gets us the ability to more easily drop more
structured metadata in the commit, whether it's input git repos, tests that
passed, etc.

Note a trap that bit me here: since the metadata we write here is *host* endian,
but `ostree show --raw` byteswaps (it needs to since the core ostree variant
is always big endian), we get inverted numbers if the host is little.

I think we should probably canonicalize our metadata to big endian; this should
be pretty backwards compatible since I doubt anyone has been adding raw numbers
so far.

Closes: #676
Approved by: jlebon
2017-03-14 18:17:07 +00:00
Jonathan Lebon
4f0be52dca compose-tests: add more mutate-os-release cases
Check that the logic added in the previous commit is respected.

Closes: #603
Approved by: cgwalters
2017-02-01 22:25:54 +00:00
Jonathan Lebon
68acb1d2be compose-tests: add more tests
Add a few more tests to exercise some of the treefile options. We do
need to also expand test-basic.sh itself to sanity-check the structure
of a normal ostree compose. That's up next on the list.

Closes: #548
Approved by: cgwalters
2016-12-09 16:18:11 +00:00
Colin Walters
b81c0cdfda tests: Add ./tests/compose
Our current compose tests only use a synthetic `empty.rpm`, but
this really limits usefulness.

Let's make a test suite that requires an internet connection and
downloads Fedora RPMs and does "real" tree composes.

See the updated `tests/README.md` for more information.

This is still a WIP.

Closes: #531
Approved by: jlebon
2016-12-06 19:05:05 +00:00