keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
433 Commits 1 Branch 0 Tags 12 MiB
C++ 58.8%
Rust 18.6%
Shell 13.6%
C 6.6%
M4 0.8%
Other 1.6%
901917ff85
Go to file
Colin Walters 901917ff85 compose: Introduce a little 'libcontainer', use it for the post script 
The current motivation for this is that

https://github.com/fedora-infra/fedmsg-atomic-composer

started using mock --new-chroot (which uses systemd-nspawn) to run
rpm-ostree, which in turn uses systemd-nspawn to run the post script.
Now systemd-nspawn is not really nestable (it wants to link up
journald, resolv.conf handling, etc).

First, dropping nspawn and going to raw containers fixes the nesting
problem.

Second, we don't need all the features of systemd-nspawn.  We are ok
with log messages going to stdout, and we don't use networking, so no
resolv.conf is needed.

Third, this sets a bit of a stage for more sandboxing internally when
run on real systems.  I already have a prototype branch which runs
librepo as an unprivileged user, that could be combined with this for
even stronger security.

Why not use systemd?  Well...I'm still debating that.  But the core
problem is systemd isn't a library in the C sense - to use its
sandboxing features we have to use unit files.  It's harder to have a
daemon that looks like a single service from a management perspective,
but uses sandboxing internally.
2014-11-21 13:16:49 -05:00
design design/package-layering: New file 2014-06-18 08:48:03 -04:00
doc doc/treefile.md: The repos are not pulled from the system /etc/yum.repos.d 2014-11-17 12:11:42 -07:00
man docs: Fix a typo 2014-10-08 23:01:53 -04:00
packaging packaging: Update BRs 2014-11-14 18:07:47 -05:00
scripts scripts/ostree-ls-big-files.js: New script to analyze repo files for size 2014-01-29 17:55:07 -05:00
src compose: Introduce a little 'libcontainer', use it for the post script 2014-11-21 13:16:49 -05:00
tests Check rpm-ostree status output 2014-10-28 13:30:08 -04:00
.gitignore Add basic man page 2014-03-25 09:07:49 -04:00
autogen.sh Use the now external libgsystem 2014-02-07 17:29:40 -05:00
configure.ac Release 2014.111 2014-11-17 16:22:50 -05:00
COPYING COPYING: Update to latest LGPLv2+ 2014-03-10 16:40:16 -04:00
Makefile-decls.am Import some code for using GJS 2014-01-03 17:14:10 -05:00
Makefile-man.am Add basic man page 2014-03-25 09:07:49 -04:00
Makefile-rpm-ostree.am compose: Introduce a little 'libcontainer', use it for the post script 2014-11-21 13:16:49 -05:00
Makefile-tests.am Import some basic testing infrastructure from OSTree 2014-09-29 16:25:36 -04:00
Makefile.am Import some basic testing infrastructure from OSTree 2014-09-29 16:25:36 -04:00
README.md doc: More updates, note atomic status, flesh out tradeoffs 2014-11-01 10:33:39 -04:00
TODO TODO: Update 2014-03-31 16:33:05 -04:00

README.md

rpm-ostree, aka /usr/bin/atomic

An system to compose RPMs on a server side into an OSTree repository, and a client side tool to perform updates.

The project aims to bring together a hybrid of image-like upgrade features (reliable replication, atomicity), with package-like flexibility (seeing package sets inside trees, layering, partial live updates).

rpm-ostree is in beta!

While many of the underlying technologies here are stable, if you are considering using this in your organization, you should perform a careful evaluation of the whole stack. Software updates are obviously critical, and touch on many areas of concern.

Contents