2011-11-02 23:45:32 +04:00
# Makefile for C source code
#
# Copyright (C) 2011 Colin Walters <walters@verbum.org>
#
2018-01-30 22:26:26 +03:00
# SPDX-License-Identifier: LGPL-2.0+
#
2011-11-10 22:17:04 +04:00
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
2011-11-02 23:45:32 +04:00
#
2011-11-10 22:17:04 +04:00
# This library is distributed in the hope that it will be useful,
2011-11-02 23:45:32 +04:00
# but WITHOUT ANY WARRANTY; without even the implied warranty of
2011-11-10 22:17:04 +04:00
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
2011-11-02 23:45:32 +04:00
#
2011-11-10 22:17:04 +04:00
# You should have received a copy of the GNU Lesser General Public
2021-12-07 04:20:55 +03:00
# License along with this library. If not, see <https://www.gnu.org/licenses/>.
2011-11-02 23:45:32 +04:00
bin_PROGRAMS += ostree
2011-11-15 00:39:38 +04:00
ostree_SOURCES = src/ostree/main.c \
2012-09-09 02:46:50 +04:00
src/ostree/ot-builtin-admin.c \
2012-12-20 02:52:46 +04:00
src/ostree/ot-builtins.h \
2012-03-05 20:32:48 +04:00
src/ostree/ot-builtin-cat.c \
2012-04-17 05:21:50 +04:00
src/ostree/ot-builtin-config.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-checkout.c \
2011-11-18 16:29:13 +04:00
src/ostree/ot-builtin-checksum.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-commit.c \
Make P2P API public (no longer experimental)
Currently the API that allows P2P operations (e.g. pulling an ostree ref
from a LAN or USB source) is hidden behind the configure flag
--enable-experimental-api. This commit makes the API public and makes
that flag essentially a no-op (leaving it in place in case we want to
use it again in the future). The P2P API has been tested over the last
several months and proven to work.
This means that since we're no longer using the "experimental" feature
flag, P2P builds of Flatpak will fail when using versions of OSTree from
this commit onwards, until Flatpak is patched in the near future. If you
want to build Flatpak < 0.11.8 with P2P enabled and link against OSTree
2018.6, you'll have to patch Flatpak. However, since Flatpak won't yet
have a hard dependency on OSTree 2018.6, it needs a new way to determine
if the P2P API in OSTree is available, so this commit adds a "p2p"
feature flag. This way the feature set is more semantically correct than
if we had continued to use the "experimental" feature flag.
In addition to making the P2P API public, this commit makes the P2P unit
tests run by default, removes the f27-experimental CI instance that's no
longer needed, changes a few man pages to reflect the changes, and
updates the bash completion script to accept the new commands and
options.
Closes: #1596
Approved by: cgwalters
2018-05-23 01:55:14 +03:00
src/ostree/ot-builtin-create-usb.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-diff.c \
2016-01-28 22:41:27 +03:00
src/ostree/ot-builtin-export.c \
Make P2P API public (no longer experimental)
Currently the API that allows P2P operations (e.g. pulling an ostree ref
from a LAN or USB source) is hidden behind the configure flag
--enable-experimental-api. This commit makes the API public and makes
that flag essentially a no-op (leaving it in place in case we want to
use it again in the future). The P2P API has been tested over the last
several months and proven to work.
This means that since we're no longer using the "experimental" feature
flag, P2P builds of Flatpak will fail when using versions of OSTree from
this commit onwards, until Flatpak is patched in the near future. If you
want to build Flatpak < 0.11.8 with P2P enabled and link against OSTree
2018.6, you'll have to patch Flatpak. However, since Flatpak won't yet
have a hard dependency on OSTree 2018.6, it needs a new way to determine
if the P2P API in OSTree is available, so this commit adds a "p2p"
feature flag. This way the feature set is more semantically correct than
if we had continued to use the "experimental" feature flag.
In addition to making the P2P API public, this commit makes the P2P unit
tests run by default, removes the f27-experimental CI instance that's no
longer needed, changes a few man pages to reflect the changes, and
updates the bash completion script to accept the new commands and
options.
Closes: #1596
Approved by: cgwalters
2018-05-23 01:55:14 +03:00
src/ostree/ot-builtin-find-remotes.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-fsck.c \
src/ostree/ot-builtin-init.c \
2012-05-02 01:43:26 +04:00
src/ostree/ot-builtin-pull-local.c \
2013-08-14 13:47:30 +04:00
src/ostree/ot-builtin-log.c \
2011-11-28 05:10:48 +04:00
src/ostree/ot-builtin-ls.c \
2012-02-24 19:23:35 +04:00
src/ostree/ot-builtin-prune.c \
2013-06-29 22:51:08 +04:00
src/ostree/ot-builtin-refs.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-remote.c \
2013-08-14 14:42:13 +04:00
src/ostree/ot-builtin-reset.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-rev-parse.c \
2019-07-31 01:13:48 +03:00
src/ostree/ot-builtin-sign.c \
2014-08-01 02:50:19 +04:00
src/ostree/ot-builtin-summary.c \
2011-11-15 00:39:38 +04:00
src/ostree/ot-builtin-show.c \
2013-08-15 17:17:37 +04:00
src/ostree/ot-builtin-static-delta.c \
2011-11-30 18:21:14 +04:00
src/ostree/ot-main.h \
src/ostree/ot-main.c \
2013-08-14 13:25:32 +04:00
src/ostree/ot-dump.h \
src/ostree/ot-dump.c \
2013-08-29 19:23:20 +04:00
src/ostree/ot-editor.c \
src/ostree/ot-editor.h \
2015-11-06 11:50:17 +03:00
src/ostree/parse-datetime.h \
2018-04-26 20:29:49 +03:00
$(NULL)
nodist_ostree_SOURCES = \
2015-11-06 11:50:17 +03:00
src/ostree/parse-datetime.c \
2011-11-02 23:45:32 +04:00
$(NULL)
2011-11-15 00:08:09 +04:00
2019-05-19 16:47:45 +03:00
if USE_GPGME
ostree_SOURCES += \
src/ostree/ot-builtin-gpg-sign.c \
$(NULL)
endif
2012-09-09 02:46:50 +04:00
# Admin subcommand
ostree_SOURCES += \
2012-12-10 02:01:51 +04:00
src/ostree/ot-admin-builtin-init-fs.c \
2012-09-09 02:46:50 +04:00
src/ostree/ot-admin-builtin-diff.c \
src/ostree/ot-admin-builtin-deploy.c \
2018-02-22 23:27:59 +03:00
src/ostree/ot-admin-builtin-finalize-staged.c \
2023-11-09 01:19:19 +03:00
src/ostree/ot-admin-builtin-lock-finalization.c \
Add an `ostree-boot-complete.service` to propagate staging failures
Quite a while ago we added staged deployments, which solved
a bunch of issues around the `/etc` merge. However...a persistent
problem since then is that any failures in that process that
happened in the *previous* boot are not very visible.
We ship custom code in `rpm-ostree status` to query the previous
journal. But that has a few problems - one is that on systems
that have been up a while, that failure message may even get
rotated out. And second, some systems may not even have a persistent
journal at all.
A general thing we do in e.g. Fedora CoreOS testing is to check
for systemd unit failures. We do that both in our automated tests,
and we even ship code that displays them on ssh logins. And beyond
that obviously a lot of other projects do the same; it's easy via
`systemctl --failed`.
So to make failures more visible, change our `ostree-finalize-staged.service`
to have an internal wrapper around the process that "catches" any
errors, and copies the error message into a file in `/boot/ostree`.
Then, a new `ostree-boot-complete.service` looks for this file on
startup and re-emits the error message, and fails.
It also deletes the file. The rationale is to avoid *continually*
warning. For example we need to handle the case when an upgrade
process creates a new staged deployment. Now, we could change the
ostree core code to delete the warning file when that happens instead,
but this is trying to be a conservative change.
This should make failures here much more visible as is.
2022-04-23 01:46:28 +03:00
src/ostree/ot-admin-builtin-boot-complete.c \
2013-07-23 17:19:24 +04:00
src/ostree/ot-admin-builtin-undeploy.c \
2023-08-02 18:25:58 +03:00
src/ostree/ot-admin-builtin-set-default.c \
2014-03-17 20:28:36 +04:00
src/ostree/ot-admin-builtin-instutil.c \
2022-06-02 10:30:20 +03:00
src/ostree/ot-admin-builtin-kargs.c \
2013-07-16 00:13:12 +04:00
src/ostree/ot-admin-builtin-cleanup.c \
2012-12-20 02:52:46 +04:00
src/ostree/ot-admin-builtin-os-init.c \
2015-01-16 21:07:26 +03:00
src/ostree/ot-admin-builtin-set-origin.c \
2013-06-29 19:45:53 +04:00
src/ostree/ot-admin-builtin-status.c \
2014-01-19 02:42:24 +04:00
src/ostree/ot-admin-builtin-switch.c \
2018-02-23 20:46:32 +03:00
src/ostree/ot-admin-builtin-pin.c \
2023-11-13 19:33:57 +03:00
src/ostree/ot-admin-builtin-post-copy.c \
2012-12-20 02:52:46 +04:00
src/ostree/ot-admin-builtin-upgrade.c \
admin: Add an `unlock` command, and libostree API
I'm trying to improve the developer experience on OSTree-managed
systems, and I had an epiphany the other day - there's no reason we
have to be absolutely against mutating the current rootfs live. The
key should be making it easy to rollback/reset to a known good state.
I see this command as useful for two related but distinct workflows:
- `ostree admin unlock` will assume you're doing "development". The
semantics hare are that we mount an overlayfs on `/usr`, but the
overlay data is in `/var/tmp`, and is thus discarded on reboot.
- `ostree admin unlock --hotfix` first clones your current deployment,
then creates an overlayfs over `/usr` persistent
to this deployment. Persistent in that now the initramfs switchroot
tool knows how to mount it as well. In this model, if you want
to discard the hotfix, at the moment you roll back/reboot into
the clone.
Note originally, I tried using `rofiles-fuse` over `/usr` for this,
but then everything immediately explodes because the default (at least
CentOS 7) SELinux policy denies tons of things (including `sshd_t`
access to `fusefs_t`). Sigh.
So the switch to `overlayfs` came after experimentation. It still
seems to have some issues...specifically `unix_chkpwd` is broken,
possibly because it's setuid? Basically I can't ssh in anymore.
But I *can* `rpm -Uvh strace.rpm` which is handy.
NOTE: I haven't tested the hotfix path fully yet, specifically
the initramfs bits.
2016-03-18 22:32:58 +03:00
src/ostree/ot-admin-builtin-unlock.c \
Add concept of state overlays
In the OSTree model, executables go in `/usr`, state in `/var` and
configuration in `/etc`. Software that lives in `/opt` however messes
this up because it often mixes code *and* state, making it harder to
manage.
More generally, it's sometimes useful to have the OSTree commit contain
code under a certain path, but still allow that path to be writable by
software and the sysadmin at runtime (`/usr/local` is another instance).
Add the concept of state overlays. A state overlay is an overlayfs
mount whose upper directory, which contains unmanaged state, is carried
forward on top of a lower directory, containing OSTree-managed files.
In the example of `/usr/local`, OSTree commits can ship content there,
all while allowing users to e.g. add scripts in `/usr/local/bin` when
booted into that commit.
Some reconciliation logic is executed whenever the base is updated so
that newer files in the base are never shadowed by a copied up version
in the upper directory. This matches RPM semantics when upgrading
packages whose files may have been modified.
For ease of integration, this is exposed as a systemd template unit which
any downstream distro/user can enable. The instance name is the mountpath
in escaped systemd path notation (e.g.
`ostree-state-overlay@usr-local.service`).
See discussions in https://github.com/ostreedev/ostree/issues/3113 for
more details.
2023-12-15 00:46:14 +03:00
src/ostree/ot-admin-builtin-state-overlay.c \
2012-09-26 03:13:05 +04:00
src/ostree/ot-admin-builtins.h \
2014-03-17 20:28:36 +04:00
src/ostree/ot-admin-instutil-builtin-selinux-ensure-labeled.c \
2014-03-18 03:24:56 +04:00
src/ostree/ot-admin-instutil-builtin-set-kargs.c \
2014-10-11 16:59:06 +04:00
src/ostree/ot-admin-instutil-builtin-grub2-generate.c \
2014-03-17 20:28:36 +04:00
src/ostree/ot-admin-instutil-builtins.h \
2012-09-09 02:46:50 +04:00
src/ostree/ot-admin-functions.h \
src/ostree/ot-admin-functions.c \
2022-06-02 10:30:20 +03:00
src/ostree/ot-admin-kargs-builtins.h \
src/ostree/ot-admin-kargs-builtin-edit-in-place.c \
2012-09-09 02:46:50 +04:00
$(NULL)
2015-04-29 18:09:40 +03:00
# Remote subcommand
ostree_SOURCES += \
src/ostree/ot-remote-builtins.h \
src/ostree/ot-remote-builtin-add.c \
src/ostree/ot-remote-builtin-delete.c \
src/ostree/ot-remote-builtin-list.c \
src/ostree/ot-remote-builtin-show-url.c \
2015-12-17 02:55:28 +03:00
src/ostree/ot-remote-builtin-refs.c \
src/ostree/ot-remote-builtin-summary.c \
2015-04-29 18:09:40 +03:00
$(NULL)
2019-05-19 16:47:45 +03:00
if USE_GPGME
ostree_SOURCES += \
src/ostree/ot-remote-builtin-gpg-import.c \
2021-08-23 20:09:24 +03:00
src/ostree/ot-remote-builtin-gpg-list-keys.c \
2019-05-19 16:47:45 +03:00
$(NULL)
endif
2016-12-08 05:02:30 +03:00
if USE_CURL_OR_SOUP
ostree_SOURCES += src/ostree/ot-remote-builtin-add-cookie.c \
src/ostree/ot-remote-builtin-delete-cookie.c \
src/ostree/ot-remote-builtin-list-cookies.c \
src/ostree/ot-remote-cookie-util.h \
src/ostree/ot-remote-cookie-util.c \
$(NULL)
2016-12-08 05:16:52 +03:00
endif
2015-12-07 18:33:23 +03:00
src/ostree/parse-datetime.c: src/ostree/parse-datetime.y Makefile
2019-11-26 11:20:30 +03:00
mkdir -p src/ostree/
2015-12-07 18:33:23 +03:00
$(AM_V_GEN) $(YACC) $< -o $@
2015-11-25 12:37:21 +03:00
2016-01-29 13:02:17 +03:00
EXTRA_DIST += src/ostree/parse-datetime.y
CLEANFILES += src/ostree/parse-datetime.c
2015-11-25 12:37:21 +03:00
2016-12-29 23:57:53 +03:00
ostree_bin_shared_cflags = $(AM_CFLAGS) -I$(srcdir)/src/libotutil -I$(srcdir)/src/libostree \
2017-03-10 20:33:52 +03:00
-I$(builddir)/src/libostree -I$(srcdir)/src/ostree -I$(srcdir)/libglnx $(OT_INTERNAL_GIO_UNIX_CFLAGS) \
2016-12-30 22:18:34 +03:00
-DPKGLIBEXECDIR=\"$(pkglibexecdir)\"
2016-12-29 23:57:53 +03:00
ostree_bin_shared_ldadd = $(AM_LDFLAGS) libglnx.la libotutil.la libostree-1.la \
$(OT_INTERNAL_GIO_UNIX_LIBS)
ostree_CFLAGS = $(ostree_bin_shared_cflags)
2019-05-28 21:02:54 +03:00
ostree_LDADD = $(ostree_bin_shared_ldadd) libbsdiff.la $(LIBSYSTEMD_LIBS)
2011-11-30 18:21:14 +04:00
2016-12-08 05:02:30 +03:00
if USE_CURL_OR_SOUP
ostree_SOURCES += src/ostree/ot-builtin-pull.c
endif
2016-12-30 22:18:34 +03:00
2022-02-17 22:12:18 +03:00
if USE_LIBSOUP_OR_LIBSOUP3
2016-12-08 05:02:30 +03:00
if !USE_CURL
# This is necessary for the cookie jar bits
ostree_CFLAGS += $(OT_INTERNAL_SOUP_CFLAGS)
ostree_LDADD += $(OT_INTERNAL_SOUP_LIBS)
endif
2011-11-15 00:08:09 +04:00
endif
2016-02-22 17:02:47 +03:00
if USE_LIBARCHIVE
ostree_CFLAGS += $(OT_DEP_LIBARCHIVE_CFLAGS)
ostree_LDADD += $(OT_DEP_LIBARCHIVE_LIBS)
endif