IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Move basically everything except early option
processing into a helper function.
Also update a few other misc bits above that to new style.
Closes: #904
Approved by: jlebon
Down the line when we have a unified core, this will be totally unnecessary.
Even without that, it's not worth the maintenance pain for us. Anyone who wants
this can easily on their own mount a tmpfs and point us at it with --workdir.
Prep for further code cleanup.
Closes: #904
Approved by: jlebon
The rebase command syntax has confused people a lot. Let's follow
git here and add a `-b/--branch` option and encourage people to use
that. The case of switching remotes is `-m/--remote`; it's definitely
unfortunate that `-r` is already taken for `--reboot`.
One thing I'm a little bit unhappy about is how we're doing logic
on the client side here. Changing the DBus API for this would
also be awkward though.
Closes: https://github.com/projectatomic/rpm-ostree/issues/886Closes: #890
Approved by: jlebon
The script delay is annoying; some of them take over half a second here. This
helps with debugging. Another enhancement we could make after this is aborting
scripts that appear to be hung after e.g. 30 seconds, and logging that.
Closes: #905
Approved by: jlebon
The new API to find pending and rollback deployments do so relative to
the booted deployment. This caused an interesting behaviour: the first
time a user uses "rpm-ostree rollback", it would (as expected) move the
previous deployment first. but the second call to "rpm-ostree rollback"
would fail since there were now no more rollback deployments.
We fine tune the logic here to allow this, as well as the more general
case of putting the booted deployment back on top.
This fixes a subtle regression from b7cf58e
(https://github.com/projectatomic/rpm-ostree/pull/767).
Closes: https://github.com/projectatomic/rpm-ostree/issues/906Closes: #907
Approved by: cgwalters
Now that the query_deployment() function was upstreamed in ostree (see
https://github.com/ostreedev/ostree/pull/897), let's just use it from
there and drop our copy here.
Closes: #907
Approved by: cgwalters
Prep for more code cleanup here and porting to new style. We
had a mix of owner pointers. Fix this by consistently having
the `self` struct own the data.
Closes: #903
Approved by: jlebon
Some of the scripts can be expensive (`shared-mime-info` for example), and we
appear to be hanging for at least a few seconds even on fast hardware. I'd like
to have a lot more logging here...potentially something like showing
individual package names live in the terminal, but this is a start.
Closes: #902
Approved by: jlebon
When commit metadata contains ostree.endoflife attribute,
its information will be added to the deployment Variant,
which will later be shown as a red & bold message when
'rpm-ostree status' command is called.
A test is added for future regression
Closes: #889
Approved by: cgwalters
File triggers are a post-RHEL7 thing; more information at
http://rpm.org/user_doc/file_triggers.html
There are two notable users I've been testing this with;
`glib2` and `vagrant`. The `vagrant` one is more immediately urgent,
since it makes `vagrant-libvirt` work, which I currently rely on
for my workstation dev.
I've tested things successfully with `vagrant`, and I did verify that we run the
`glib2` ones when doing `rpm-ostree ex container`.
Long term, more transaction file triggers are likely to live in
"base" packages like `glib2`. We don't implement those yet, but
extending this to do that shouldn't be too hard.
There was *significant* what I'd call reverse engineering of the
implementation in librpm. The file triggers code there is spread out
and abstracted in a few different places in the code. I found
trying to understand what header values were involved to be quite
tricky.
There are some corner cases like multiple patterns that I *think*
this does correctly, but could use more validation. The main
question I had was - is it required that the patterns for e.g.
`%transfiletriggerin` and `%transfiletriggerun` be identical?
Closes: https://github.com/projectatomic/rpm-ostree/issues/648Closes: #869
Approved by: jlebon
Follow-up tweak to #894. Make the client smarter so we only register
when we know we can. We could be more sophisticated here and e.g.
introduce the concept of "read-only" clients in the daemon to only allow
access to non-mutating methods, though let's delay that discussion at
least until the daemon learns to auto-exit.
Closes: #898Closes: #900
Approved by: cgwalters
This is a followup to https://github.com/projectatomic/rpm-ostree/pull/888
but more comprehensive; in the layering case, the sanitycheck runs
after all the `%posttrans` scripts, so we'll get a consistent error message
for the `rm -rf /` test.
We also do the sanitycheck for the "pure ostree" case, as well as cases
where we didn't actually layer packages (including `ex override remove` as
well as simply regenerating an initrd).
There's obviously a lot more we could do in a sanitycheck; as I say in the
comment it's tempting to consider trying to boot systemd (in a fully volatile
config), but for now let's do this. In the end of course the admin has rollback
too.
Closes: #892
Approved by: jlebon
Spawn pkttyagent when trying to call a method that may require
authentication to give users a chance to provide auth right from the
terminal.
Since we're now relying on polkit for authorizing most of the OS
interface methods, let's drop the root check on those.
Closes: #894
Approved by: cgwalters
Drop the root check for RegisterClient() so that any UID can use it to
then safely invoke methods. UIDs which already have an active session do
not need to authenticate for RegisterClient().
In order to implement this, we move the polkit authority setup into the
RpmostreedSysroot object and enable polkit on the interface.
Closes: #894
Approved by: cgwalters
The version checking function in particular is really useful for people doing
`from gi.repository import RpmOstree`, which we'd like at least some things like
Anaconda and Pungi to do.
Closes: #891
Approved by: jlebon
For https://pagure.io/atomic-wg/issue/299 we need to make it
more convenient to substitute the architecture in an installation
context. I plan to use this API inside `rpmostreepayload` in Anaconda,
so we can substitute the same value of `${basearch}` we use in treefiles
since https://github.com/projectatomic/rpm-ostree/pull/305
Now, you might wonder - why do we need an API wrapping libdnf? It's because
libdnf is not API stable yet. We're just exposing a tiny subset. In theory we
could use the Python dnf bindings in Anaconda, but things get slightly weird if
rpmostreepayload depends on dnf. Perhaps we'll do that down the road, but for
now this a small API surface to maintain (forever).
This change reworks the internal `varsubst` bits to take a pure `DnfContext`,
since we don't want to spin up a whole `RpmOstreeContext` just to do some
string substitutions.
Closes: #877
Approved by: jlebon
Closes: https://github.com/projectatomic/rpm-ostree/issues/546
Previously, we'd open up the host's rpmdb for both `compose tree`
and `ex container`. In the first case, because we require root, we'd
succeed. For `ex container`, we'd spew an error.
Fixing this was trickier than I thought. First because there was
*also* a libdnf bug here: https://github.com/rpm-software-management/libdnf/pull/307
Second, there's a compatibility hazard here for anyone using `.repo` files that
reference `$releasever`. This actually happened to me with `ex container` as I'd
just done a `ln -s /etc/yum.repos.d/fedora.repo rpmmd.repos.d`. I fixed
that first by doing a `sed -i -e 's,$releasever,26,' rpmmd.repos.d/*.repo`.
As far as I can see today, none of Fedora Atomic or CentOS AH rely on this. But
in order to enhance compatibility, let's add a "releasever" option. This makes
it easier again to reuse stock `.repo` files if we wanted to do so.
(Also, I realized we can just use `/usr/share/empty` as *the* canonical immutable
empty directory)
Closes: #875
Approved by: jlebon
This is required for glibc-all-langpacks at least:
https://bugzilla.redhat.com/show_bug.cgi?id=1367585
Otherwise, its usage is...extraordinarily rare. In fact looking at a snapshot of
`rpm-specs-20170518.tar.xz` from Fedora, the only other use is in
`postfix.spec`, and it appears bogus (the value is already expanded at build
time).
But the glibc case is special, as the value of `install_langs` is indeed
potentially dynamic per system.
Closes: #873
Approved by: jlebon
No functional changes; the main thing is to change the "ignore" case to an early
return, and also introduce a "medium level" function that does argument parsing.
Prep for file trigger work.
Closes: #873
Approved by: jlebon
This was a transient hack that I don't think we need any longer.
Since then we've now committed to e.g. ignoring `%pretrans` etc.,
and we also have the hardcoded blacklist.
It never really worked in a complete sense since one would have to re-specify
the ignore on every operation, which was not sustainable.
Closes: #873
Approved by: jlebon
We don't care about repos enabled only for METADATA. This works around
an interesting libdnf behaviour in which all repos in redhat.repo are
enabled for metadata, even if disabled.
Downstream RHBZ: #1468302Closes: #863
Approved by: cgwalters
Add experimental support for replacing packages from the base layer with
local RPMs. This is useful for example, to cherry pick a fixed package,
or to roll back to a previous package version. Like with pkg removals,
only files in /usr are actually replaced.
This patch also contains a few usability improvements as well, e.g.
showing the full NEVRA of removed packages rather than just their names,
and support for resetting overrides using either the pkgname or NEVRA.
Closes: #852
Approved by: cgwalters
This function was already mostly in the new style. Just moving the
declarations closer to where they are used. No functional changes. The
logic will be tweaked in an upcoming commit.
Closes: #859
Approved by: cgwalters
Seen in the wild with `vagrant`'s use of `%post -p /usr/bin/ruby`. This was a
very easy fix, and actually makes the code a little bit nicer, as we no longer
need to explicitly make the script executable, since we now pass it as
`argv[1]`, the same way librpm does. That in turn would make it possible to fix
the TODO and use `bwrap --file`, but that can come later.
Closes: https://github.com/projectatomic/rpm-ostree/issues/856Closes: #858
Approved by: jlebon
I initially planned to use the metadata tmp dir for another reason than
just in finalize_overlays(), but I will not anymore. Regardless, this
seems like a nice patch which also allows us to complete the style
conversion in this file.
Closes: #847
Approved by: cgwalters
It seems silly that to find out more detailed information about the
NEVRA of a cached pkg, we have to resort to write out the header to
disk, then reading it back in with librpm in order to tease out the info
we want. Let's just encode that information directly in the commit
metadata and provide a helper to fetch it.
Closes: #847
Approved by: cgwalters
This is an extension to the previous change to distingush between
"caller" and "client". Now for clients we log the uid (both
in the message and structured).
This is a natural followon from the polkit work, since now different
uids can invoke us.
Closes: #838
Approved by: jlebon
A "caller" is a bus address that hasn't called `RegisterClient`.
Prep for things like unifying the bus name tracking between the transaction and
the daemon; right now it's a bit silly that the txn code also monitors the
caller's bus name. So down the line we could change that code to call into the
daemon and use its tracking for registered clients.
Closes: #837
Approved by: jlebon
The property of removal overrides dropping out if the package was
removed from the base layer felt a bit too magical and hacky. We really
should remember that wish and re-apply it if the pkg comes back. This is
similar to package layering: requests can become inactive (seems like a
better word than "dormant") if the package is already part of the base
layer, but they don't really go away.
This patch reworks the logic so that removal overrides work the same
way. In the status output, we now have both "RemovedBasePackages" and
"InactiveBaseRemovals" (which is only printed in verbose mode),
similarly to how we have "LayeredPackages" and "InactiveRequests". And
similarly, we also print out in the upgrader during a transaction all
the inactive base removals.
Another cool thing is that we now allow any pattern to be specified at
the CLI. E.g. `ex override remove /usr/bin/strace` will resolve to
strace.
Closes: #836
Approved by: cgwalters
In the JSON output, the "requested-packages" holds *all* the requests
for package layering, whereas the "packages" key holds only those
requests which actually caused a package to be layered.
When outputting RequestedPackages, we try to be nice and print only the
"dormant" packages, i.e. those requests which did not require any
packages to be layered since the base layer already fulfilled them. This
is the subset of "requested-packages" not also in "packages". But then,
we could call this subset something much more appropriate than
"RequestedPackages" when outputting.
This patch renames it to "InactiveRequests" to reflect the "dormant"
aspect of them. We also make it only be output in verbose mode, since
it's not as interesting as what was *actually* layered when trying to
understand what the host is currently running. But we do adapt the
upgrader so that it prints out inactive requests during transactions.
Closes: #836
Approved by: cgwalters
Example of what the new macros look like when applied on a whole
codebase. It definitely feels much nicer to work with!
Update submodule: libglnx
Requires: https://github.com/GNOME/libglnx/pull/55Closes: #834
Approved by: cgwalters
This allows non-root users access to the rpm-ostree daemon, which is
a pre-requirement for gnome-software rpm-ostree support.
Closes: #745Closes: #825
Approved by: cgwalters
In the error path when trying to remove a base package, we would try to
print a DnfPackage as char*, which of course didn't result in any
coherent output.
Closes: #833
Approved by: cgwalters
We shouldn't just check that the "targeted" dir exists, but rather that
the actual directory where the modules are stored exists. This fixes a
regression on RHEL in which the new selinux-policy-targeted lists some
%ghost files under /var/lib/selinux and as a result think that the
policy is in /var.
Closes: #831
Approved by: cgwalters
This is just a cosmetic patch that ensures we use the same names for the
same things everywhere to make it easier to follow along.
Closes: #829
Approved by: cgwalters
Minor prep for replace overrides.
Let rpmostree_sort_pkgs_strv work on an existing fd list rather than
creating its own, since it may be called multiple times on different
pkgs arrays.
Factor out the logic that calls to sort and inserts the values in the
final modifiers variant dict to prepare for being able to do this
operation multiple times.
Closes: #829
Approved by: cgwalters
Only add information to it re. installing/uninstall/local installs after
we check that the corresponding arrays are not `NULL`.
Closes: #826Closes: #827
Approved by: cgwalters
This is to assuage my pet peeve of bad grammar output. It's of course
English-centric, and would require some tweaking if/when we support
internalionalization systems like gettext. Though I don't think it
makes it more difficult to do so in the future.
Closes: #824
Approved by: cgwalters
Starting from v4.12, rpmteFI has been deprecated in favour of
rpmteFiles. Make use of it if we can, otherwise fall back to the older
API.
Closes: #824
Approved by: cgwalters
This is part of the saga of permissions and checkouts that
came about thinking about flatpak, but suid and world-writable dirs
are also an issue for us.
There's no reason to make suid binaries accessible temporarily
to users while we're computing a new root. Similarly, we don't
want anyone to actually *write* to our temporary `/tmp`. The
simple fix is to make an intermediate dir that's `0700`.
See: https://github.com/ostreedev/ostree/pull/909
See: https://github.com/flatpak/flatpak/pull/843Closes: #821
Approved by: jlebon
This is one more step towards making rpm-ostree more powerful in its
quest to be the ultimate *hybrid* image/package system. Package layering
allows us to add packages on top of the base package set received from
the content provider. However, we're not able to remove or replace
packages in the base set itself.
This patch introduces a new `override` command, which is for now nested
under the experimental `ex` command. The `override` command will allow
users to modify the base package set itself. The first implemented
subcommands are `remove` and `reset`.
A stub has been provided for the more useful `replace` subcommand,
though much of the needed logic for that operation are implemented in
this patch as part of the `remove` subcommand.
Part of: https://github.com/projectatomic/rpm-ostree/issues/485Closes: #797
Approved by: cgwalters
1. There's no point in passing a GCancellable in those cases. All the
manipulations should be short-lived.
2. Rename delete_packages to remove_packages, since "remove" is the
proper antonym of "add".
Closes: #819
Approved by: cgwalters
There's a lot that could be done to improve this; we're not setting a title for
`rollback` etc. But I think in practice right now the "deploy" path (which
includes upgrade/install) etc. is most important.
Re-synthesizing a human readable string here is definitely a bit fragile and
going to be a maintenance pain. One thing I debated is having the client send
its commandline as a string. But that would only work for `/usr/bin/rpm-ostree`,
not e.g. Cockpit.
Anyways for now, this is useful and we can always improve it later.
Closes: https://github.com/projectatomic/rpm-ostree/issues/454Closes: #814
Approved by: jlebon
There's a subtle but classic issue in this code: calling `continue`
really just continued the inner loop, whereas we meant continuing the
outer loop.
Fix this by making the prefix lookup check a proper predicate function.
Place that function somewhere public, because we'll make use of it in
base overrides as well.
Closes: #807
Approved by: cgwalters
At this point, there are many helper functions that really should just
be made upgrader-aware to make it easier to follow. For example, now
both find_missing_pkgs_in_rpmdb() and generate_treespec() are passed the
Upgrader object directly, allowing us to avoid having to thread through
multiple arguments everywhere. Another example is that the Upgrader now
carries the list of final packages that need to be overlaid rather than
passing it around.
We also rename the functions to better reflect what they actually do.
Closes: #804
Approved by: cgwalters
Since we now use a predictable directory for the rootfs checkout and
assembly operation, there's no need for a tmprootfs variable anymore.
Closes: #804
Approved by: cgwalters
It's less cumbersome to check for this in the origin. Factor it out
there so that it's easier to modify it in the future.
Closes: #804
Approved by: cgwalters
In all cases, we always do download_metadata() followed by prepare().
Let's just make life easier for callers by inlining this in prepare(),
much like what libdnf does. The function is still public in case some
use case calls for making them separate.
Closes: #805
Approved by: cgwalters
There's not much use in having RpmOstreeInstall be separate now that
it's completely private. Let's just make it part of the main context
object rather than making callers allocate space for it and pass it to
the various context methods.
We also rename `prepare_install` to `prepare` since it will (soon) do
more than just installs (and sometimes only pure uninstalls).
Closes: #805
Approved by: cgwalters
We had a lot of duplicate code that handled subcommand handling. Though
now that we have proper structs to represent commands and command
invocations, we can easily unify these.
Closes: #803
Approved by: cgwalters
Part of: https://github.com/projectatomic/rpm-ostree/issues/774
Basically, for `rpm-ostree status` to accurately help people
understand whether or not their system is up to date, we need
to be showing repository timestamps.
Ideally, we'd change the libdnf API to support what we're doing
here better. But, this works for now.
Closes: #791
Approved by: jlebon
This is prep for a rework of rpm-md downloads (visualizing state better + prep
for parallelization). libdnf defaults to a week which is just too long
(particularly for async security updates).
See also the linked https://github.com/rpm-software-management/libdnf/issues/291Closes: #791
Approved by: jlebon
And tweak the comment; I'm not blindly adding everything from
e.g. a Fedora compose here, since while in practice we omit them,
the ugliness serves as a reminder to fix the packages.
(For example, pam should use tmpfiles.d snippets for `/var/log/tallylog`,
or %ghost it)
Closes: #795
Approved by: jlebon
We need to add an `__attribute((used))` to the autocleanup variable in order to
pacify its set-but-unused, so make a macro to simplify callers. This is a bit
like systemd's `PRESERVE_ERRNO` cleanup.
Closes: #794
Approved by: jlebon
This way we only have one directory to `rm_rf` at cleanup time.
A next steps might be teaching libdnf to use this. Futher, we could
consider inheriting a tmpdir from the transaction.
Closes: #792
Approved by: jlebon
In various places we thread down the tmpdir dfd. But since its lifecycle is
bound to the context, we might as well pass the context itself. This just ends
up being cleaner, and is also prep for changing how we do the tmpdir.
Closes: #792
Approved by: jlebon
Allows us to convert the metadata download func to new code style, and is
generally in line with our cleanup-focused philosophy on code, life,
and the meaning of the universe.
Closes: #789
Approved by: jlebon
