827e711eb7
I had an epiphany today while working on https://bugzilla.redhat.com/show_bug.cgi?id=1098304 - I realized that I can just do an install, and then copy over everything except the root entries from /etc/passwd into /usr/lib/passwd. No need for a patched shadow-utils. No need to modify the /etc/nsswitch.conf before doing the install root. It totally works. I have no idea why I originally overcomplicated this. The thing that sucks a bit about this code is that I have to drop to the FILE * APIs so that I can use the glibc APIs for processing group/shadow. Also, the way I deduplicated the code paths for processing passwd/group is crappy, but I think it's better than duplicating them (as systemd-sysusers does). The good: We don't need a two-step RPM transaction, we don't need a patch for shadow-utils, it's just saner The bad: Code is not the most beautiful? Not really bad. The ugly: I didn't think of this in the first place and spent months beating my head against the wall of shadow-utils... |
||
---|---|---|
design | ||
doc | ||
man | ||
packaging | ||
patches/shadow-utils | ||
scripts | ||
src | ||
.gitignore | ||
autogen.sh | ||
configure.ac | ||
COPYING | ||
Makefile-decls.am | ||
Makefile-man.am | ||
Makefile-rpm-ostree.am | ||
Makefile.am | ||
README.md | ||
TODO |
rpm-ostree
This program serves a dual role; its "tree compose" command is
intended for use on build servers, to take RPM packages and commit
them to an OSTree
repository. On the client side, it acts as a consumer of the
libostree
shared library, integrating upgrades with RPM.
Major changes since 2014.8
The previous major release of this program contained within it an "autobuilder" codebase which had significant functionality beyond just composing trees, such as creating VM disk images and running smoketests.
Since that time, the other functionality has moved to: https://github.com/cgwalters/rpm-ostree-toolbox
This program now only commits trees to a repository, using "treefiles" which are very simple JSON input data.
Installing and setting up a repository
First, unfortunately you must disable SELinux on the build host in order to support SELinux on the built system. See: https://bugzilla.redhat.com/show_bug.cgi?id=1060423
Second, you must install nss-altfiles
on the host system, and
edit your /etc/nsswitch.conf to include altfiles
, like this:
passwd: files altfiles
group: files altfiles
You may or may not be using SSSD (and thus the sss
option); if you
are then it should look like:
passwd: files altfiles sss
group: files altfiles sss
For more information, see: http://lists.rpm.org/pipermail/rpm-maint/2014-January/003652.html
There are packages available in the rpm-ostree COPR: http://copr-fe.cloud.fedoraproject.org/coprs/walters/rpm-ostree/
At the moment, all of the tooling except for the patched
shadow-utils
is in Fedora rawhide.
Once you have that done, choose a build directory. Here we'll use /srv/rpm-ostree.
# cd /srv/rpm-ostree
# mkdir repo
# ostree --repo=repo init --mode=archive-z2
Running rpm-ostree
The core "rpm-ostree tree compose" builtin as input a "treefile". See
examples in doc/treefile-examples
, as well as doc/treefile.md
.
# rpm-ostree compose tree --repo=/srv/rpm-ostree/repo --proxy=http://127.0.0.1:8123 sometreefile.json
All this does is use yum to download RPMs from the referenced repos,
and commit the result to the OSTree repository, using the ref named by
ref
. Note that we've specified a local caching proxy (polipo
in
this case) - otherwise we you will download the packages for each
treecompose.
You can export /srv/rpm-ostree/repo
via any static webserver.
The use of --proxy
is not mandatory but strongly recommended - with
this option you can avoid continually redownloading the packages every
compose. I personally use
Polipo,
but you can of course any HTTP proxy you wish.