Go to file
Colin Walters 827e711eb7 compose: Migrate content of /etc/{passwd,group} to /usr/lib more sanely
I had an epiphany today while working on
https://bugzilla.redhat.com/show_bug.cgi?id=1098304 - I realized that
I can just do an install, and then copy over everything except the
root entries from /etc/passwd into /usr/lib/passwd.

No need for a patched shadow-utils.  No need to modify the
/etc/nsswitch.conf before doing the install root.  It totally works.
I have no idea why I originally overcomplicated this.

The thing that sucks a bit about this code is that I have to drop to
the FILE * APIs so that I can use the glibc APIs for processing
group/shadow.

Also, the way I deduplicated the code paths for processing
passwd/group is crappy, but I think it's better than duplicating them
(as systemd-sysusers does).

The good: We don't need a two-step RPM transaction, we don't need
          a patch for shadow-utils, it's just saner
The bad: Code is not the most beautiful?  Not really bad.
The ugly: I didn't think of this in the first place and spent
          months beating my head against the wall of shadow-utils...
2014-07-10 18:50:54 -04:00
design design/package-layering: New file 2014-06-18 08:48:03 -04:00
doc compose: Add support for "default_target" 2014-06-17 13:49:15 -04:00
man man: A bit more fleshed out explanation of semantics, link to docker(1) 2014-06-17 16:42:30 -04:00
packaging packaging: Enable hawkey and usrbinatomic by default 2014-06-22 18:03:21 -04:00
patches/shadow-utils patches: New directory containing patches for Fedora userspace 2014-01-04 07:42:20 -05:00
scripts scripts/ostree-ls-big-files.js: New script to analyze repo files for size 2014-01-29 17:55:07 -05:00
src compose: Migrate content of /etc/{passwd,group} to /usr/lib more sanely 2014-07-10 18:50:54 -04:00
.gitignore Add basic man page 2014-03-25 09:07:49 -04:00
autogen.sh Use the now external libgsystem 2014-02-07 17:29:40 -05:00
configure.ac Release 2014.103 2014-06-22 18:10:49 -04:00
COPYING COPYING: Update to latest LGPLv2+ 2014-03-10 16:40:16 -04:00
Makefile-decls.am Import some code for using GJS 2014-01-03 17:14:10 -05:00
Makefile-man.am Add basic man page 2014-03-25 09:07:49 -04:00
Makefile-rpm-ostree.am status: New builtin for system administrators to see deployments 2014-06-17 14:47:01 -04:00
Makefile.am core: Remove src/autobuilder 2014-05-03 07:32:28 -04:00
README.md README.md: Note that we work on the client as well 2014-06-20 11:02:24 -04:00
TODO TODO: Update 2014-03-31 16:33:05 -04:00

rpm-ostree

This program serves a dual role; its "tree compose" command is intended for use on build servers, to take RPM packages and commit them to an OSTree repository. On the client side, it acts as a consumer of the libostree shared library, integrating upgrades with RPM.

Major changes since 2014.8

The previous major release of this program contained within it an "autobuilder" codebase which had significant functionality beyond just composing trees, such as creating VM disk images and running smoketests.

Since that time, the other functionality has moved to: https://github.com/cgwalters/rpm-ostree-toolbox

This program now only commits trees to a repository, using "treefiles" which are very simple JSON input data.

Installing and setting up a repository

First, unfortunately you must disable SELinux on the build host in order to support SELinux on the built system. See: https://bugzilla.redhat.com/show_bug.cgi?id=1060423

Second, you must install nss-altfiles on the host system, and edit your /etc/nsswitch.conf to include altfiles, like this:

passwd: files altfiles 
group:  files altfiles

You may or may not be using SSSD (and thus the sss option); if you are then it should look like:

passwd: files altfiles sss
group:  files altfiles sss

For more information, see: http://lists.rpm.org/pipermail/rpm-maint/2014-January/003652.html

There are packages available in the rpm-ostree COPR: http://copr-fe.cloud.fedoraproject.org/coprs/walters/rpm-ostree/

At the moment, all of the tooling except for the patched shadow-utils is in Fedora rawhide.

Once you have that done, choose a build directory. Here we'll use /srv/rpm-ostree.

# cd /srv/rpm-ostree
# mkdir repo
# ostree --repo=repo init --mode=archive-z2

Running rpm-ostree

The core "rpm-ostree tree compose" builtin as input a "treefile". See examples in doc/treefile-examples, as well as doc/treefile.md.

# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo --proxy=http://127.0.0.1:8123 sometreefile.json

All this does is use yum to download RPMs from the referenced repos, and commit the result to the OSTree repository, using the ref named by ref. Note that we've specified a local caching proxy (polipo in this case) - otherwise we you will download the packages for each treecompose.

You can export /srv/rpm-ostree/repo via any static webserver.

The use of --proxy is not mandatory but strongly recommended - with this option you can avoid continually redownloading the packages every compose. I personally use Polipo, but you can of course any HTTP proxy you wish.