901917ff85
The current motivation for this is that https://github.com/fedora-infra/fedmsg-atomic-composer started using mock --new-chroot (which uses systemd-nspawn) to run rpm-ostree, which in turn uses systemd-nspawn to run the post script. Now systemd-nspawn is not really nestable (it wants to link up journald, resolv.conf handling, etc). First, dropping nspawn and going to raw containers fixes the nesting problem. Second, we don't need all the features of systemd-nspawn. We are ok with log messages going to stdout, and we don't use networking, so no resolv.conf is needed. Third, this sets a bit of a stage for more sandboxing internally when run on real systems. I already have a prototype branch which runs librepo as an unprivileged user, that could be combined with this for even stronger security. Why not use systemd? Well...I'm still debating that. But the core problem is systemd isn't a library in the C sense - to use its sandboxing features we have to use unit files. It's harder to have a daemon that looks like a single service from a management perspective, but uses sandboxing internally.
78 lines
2.5 KiB
Plaintext
78 lines
2.5 KiB
Plaintext
# Copyright (C) 2013 Colin Walters <walters@verbum.org>
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library; if not, write to the
|
|
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
# Boston, MA 02111-1307, USA.
|
|
|
|
bin_PROGRAMS += rpm-ostree
|
|
|
|
noinst_LTLIBRARIES += librpmostree.la
|
|
|
|
librpmostree_la_SOURCES = \
|
|
src/rpmostree-postprocess.c \
|
|
src/rpmostree-postprocess.h \
|
|
src/rpmostree-pull-progress.c \
|
|
src/rpmostree-pull-progress.h \
|
|
src/rpmostree-json-parsing.c \
|
|
src/rpmostree-json-parsing.h \
|
|
src/rpmostree-util.c \
|
|
src/rpmostree-util.h \
|
|
src/rpmostree-libcontainer.c \
|
|
src/rpmostree-libcontainer.h \
|
|
src/hif-utils.c \
|
|
src/hif-utils.h \
|
|
src/rpmostree-cleanup.h \
|
|
src/rpmostree-treepkgdiff.c \
|
|
src/rpmostree-treepkgdiff.h \
|
|
src/rpmostree-builtin-rpm.h \
|
|
$(NULL)
|
|
if BUILDOPT_PATCHED_HAWKEY_AND_LIBSOLV
|
|
librpmostree_la_SOURCES += \
|
|
src/rpmostree-treepkgdiff.c \
|
|
src/rpmostree-treepkgdiff.h \
|
|
$(NULL)
|
|
endif
|
|
librpmostree_la_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/src -DPKGLIBDIR=\"$(pkglibdir)\" $(PKGDEP_RPMOSTREE_CFLAGS)
|
|
librpmostree_la_LIBADD = $(AM_LDFLAGS) $(PKGDEP_RPMOSTREE_LIBS) $(CAP_LIBS)
|
|
|
|
rpm_ostree_SOURCES = src/main.c \
|
|
src/rpmostree-builtins.h \
|
|
src/rpmostree-builtin-upgrade.c \
|
|
src/rpmostree-builtin-rollback.c \
|
|
src/rpmostree-builtin-rebase.c \
|
|
src/rpmostree-builtin-status.c \
|
|
src/rpmostree-builtin-rpm.c \
|
|
$(NULL)
|
|
|
|
if BUILDOPT_COMPOSE_TOOLING
|
|
rpm_ostree_SOURCES += \
|
|
src/rpmostree-compose-builtin-tree.c \
|
|
src/rpmostree-compose-builtin-sign.c \
|
|
src/rpmostree-builtin-compose.c \
|
|
$(NULL)
|
|
endif
|
|
|
|
rpm_ostree_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/src -DPKGLIBDIR=\"$(pkglibdir)\" $(PKGDEP_RPMOSTREE_CFLAGS)
|
|
rpm_ostree_LDADD = $(AM_LDFLAGS) $(PKGDEP_RPMOSTREE_LIBS) librpmostree.la
|
|
|
|
privdatadir=$(pkglibdir)
|
|
privdata_DATA = src/tmpfiles-ostree-integration.conf
|
|
|
|
if BUILDOPT_USRBINATOMIC
|
|
INSTALL_DATA_HOOKS += install-usrbinatomic-hook
|
|
install-usrbinatomic-hook:
|
|
ln -sf rpm-ostree $(DESTDIR)$(bindir)/atomic
|
|
ln -sf rpm-ostree.1.gz $(DESTDIR)$(mandir)/man1/atomic.1.gz
|
|
endif
|