IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
On Fedora 25, systemd adds a sysuser config file for multiple users. It
also explicitly creates those same users in its %pre, except for one:
systemd-coredump. This means that the tree's /usr/lib/passwd doesn't
contain systemd-coredump. Of course, on first boot, it gets created and
added to /etc/passwd.
During package layering, we map /usr/lib/passwd to the container's
/etc/passwd. If the %pre calls useradd/groupadd without passing an
explicit uid/gid, it's possible that the allocated id is already in use
by an entry in the deployment's /etc/{passwd,group} (such as
systemd-coredump, but the same holds for any manually-added entry).
We resolve this by taking the switcheroo a step further: we map
/usr/lib/passwd to /usr/etc/passwd, and then also map /etc/passwd to
/usr/lib/passwd. That way, useradd in %pre will account for already
allocated local uids and react accordingly.
Closes: #561
Approved by: cgwalters
In the future we may add more commands that take as input commit
IDs. However, we really want to distinguish between server and
client generated commits, as some of these operations won't
make sense for derived commits.
This changes the API to have callers say which type of commit
they're generating, which also fixes a FIXME, and helps get us
a bit closer to the "unified core".
Closes: #520
Approved by: jlebon
Currently, we do the final commit into the pkgcache repo, then
pull it to the base. The problem with this is that, combined
with the fact that we're not presently pruning the pkgcache repo,
we leak space.
In preparation for a cleaner fix for this, rework things so that the
core infra can know about *both* a base repo and a pkgcache repo. If
they're separate (as is the case for rpm-ostree-on-host), whenever we
are doing layering, explicitly pull just the `.file` objects that are
referenced into the parent repo. We do the final commit in the base
repo.
Closes: #437
Approved by: jlebon
In order to make many things work, we need to run scripts. Short version:
For now, we:
- Run `%posttrans`
- Treat most `%post` as the same as `%posttrans`
- Ignore `%preun` and such since we never uninstall
Most importantly though, we start to build up an "override" list
for script handling. Currently it's just a blacklist of scripts
we don't need.
Significant work here would be needed to run Lua scripts, so far I've
been able to just skip them.
Closes: #338
Approved by: jlebon
I was in the process of trying to support `%post` scripts, and I
wanted to use `rpm-ostree container` for convenient and safe testing.
However the recent package layering changes broke it to error out
on perms like `filesystem`'s `root:mail` on `/var/mail`.
I decided to introduce a new `rpmostree_context_new_compose` which had
the current behavior, switch `compose tree` to use it, and then change
`_new_unprivileged` to *really* be unprivileged. Specifically we
ignore file ownership (and fix dir owners) because we assume we'll be
operating with `bare-user` repos.
Closes: #327
Approved by: jlebon
Right now, while one can `pkg-add strace`, there are a lot of
packages with `%post`. Since some current developers want
to use package layering as it is today, let's add the concept.
Even after we have a whitelist of scripts and have cleaned up Fedora
to use them, we'll still have potential issues with 3rd party RPMs
etc. for a long time, so allow people this out to stumble forward for
those and potentially run them by hand if necessary.
Closes: #311
Approved by: jlebon
This patch prepares RpmOstreeContext for supporting package layering. A
relabel operation is added as well to support relabeling imported
packages if the sepolicy of the rootfs we're overlaying onto is
different from during import.
Closes: #289
Approved by: cgwalters
This patch fixes up errors in the parent commit which added pkg-add.
Some of them are due to the rebase on top of the unprivileged
infrastructure.
- fix compile errors (due to libhif changes after rebase)
- delete duplicate prototype for rpmostree_sysroot_upgrader_deploy
- include allow-older in flags type
- fix change_upgrader_refspec to use g_strdup() (this was causing the
wrong old refspec to be registered)
- in builtin-status.c, check for NULL before joining the packages array
- sysroot-upgrader: fix gtype function names
- roc_context_prepare_for_root(): delete unused param
- assemble_commit(): delete unused param
- RpmOstreeSysrootUpgraderFlags: fix docs
- Fix sysroot property name and add reboot opt
Closes: #289
Approved by: cgwalters
This comes from the tradition of yum repo files. It's significantly
easier for rpm-ostree users building multiple architectures if some
core templating for the treefiles is built in.
Otherwise, everyone needs to learn about a new wrapper tool for
rpm-ostree, and said tool would need to re-do the same "basearch"
evaluation that is already occuring inside libhif.
This commit also paves the way for introducing `${releasever}`
substitution.
NOTE: This depends on pending changes to libhif git.
Closes: #274
Approved by: jlebon
The new context methods recently added for unprivileged infrastructure
would set the ostreerepo member when calling new_unprivileged(). Since
here we will be using the sysroot repo, we need the ability to set the
repo. Just add a new set function for now, maybe move it into
new_system() later.
Also, make sure we dereference the repo on finalize.
Pull request: #240
Approved by: cgwalters
There will be cases where we don't actually want to tag a ref on the
final assembled commit. This will be true for package layering.
Pull request: #240
Approved by: cgwalters
I debated config file formats a lot. JSON is fairly awkward for
humans to write, and really painful to parse from C. YAML is nice,
but also painful from C.
Both are fairly overpowered for what we really need. Keyfiles
(desktop spec, `GKeyFile`) have a lot of limitations, but at least
it's used by systemd and `.desktop` files, and we already have a
parser.
We still parse the JSON treefiles, but internally convert them to
`GKeyFile` (which is in turn converted to `GVariant` for a canonical
form).
