From 1b7b4fbd2bbd9010b0e3e1ad4f6f391f9f0f22fd Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 11 Jul 2023 17:50:43 -0400 Subject: [PATCH 1/3] Add an internal constant for the composefs image name Just a minor cleanup. --- src/libostree/ostree-repo-composefs.c | 1 - src/libostree/ostree-sysroot-deploy.c | 6 +++--- src/libotcore/otcore.h | 3 +++ src/switchroot/ostree-prepare-root.c | 3 --- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/libostree/ostree-repo-composefs.c b/src/libostree/ostree-repo-composefs.c index c6ce5787..97eb4465 100644 --- a/src/libostree/ostree-repo-composefs.c +++ b/src/libostree/ostree-repo-composefs.c @@ -593,7 +593,6 @@ ostree_repo_commit_add_composefs_metadata (OstreeRepo *self, guint format_versio /* For now */ g_assert (format_version == 0); - /* Create a composefs image and put in deploy dir as .ostree.cfs */ g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new (); if (!ostree_repo_checkout_composefs (self, target, repo_root, cancellable, error)) diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c index 2454a587..5628f268 100644 --- a/src/libostree/ostree-sysroot-deploy.c +++ b/src/libostree/ostree-sysroot-deploy.c @@ -46,7 +46,7 @@ #include "ostree-sepolicy-private.h" #include "ostree-sysroot-private.h" #include "ostree.h" -#include "otutil.h" +#include "otcore.h" #ifdef HAVE_LIBSYSTEMD #define OSTREE_VARRELABEL_ID \ @@ -662,7 +662,7 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy g_autoptr (GVariant) metadata_composefs = g_variant_lookup_value ( metadata, OSTREE_COMPOSEFS_DIGEST_KEY_V0, G_VARIANT_TYPE_BYTESTRING); - /* Create a composefs image and put in deploy dir as .ostree.cfs */ + /* Create a composefs image and put in deploy dir */ g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new (); g_autoptr (GFile) commit_root = NULL; @@ -674,7 +674,7 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy return FALSE; g_autofree char *composefs_cfs_path - = g_strdup_printf ("%s/.ostree.cfs", checkout_target_name); + = g_strdup_printf ("%s/" OSTREE_COMPOSEFS_NAME, checkout_target_name); if (!glnx_open_tmpfile_linkable_at (osdeploy_dfd, checkout_target_name, O_WRONLY | O_CLOEXEC, &tmpf, error)) diff --git a/src/libotcore/otcore.h b/src/libotcore/otcore.h index fdbca493..a335fa3d 100644 --- a/src/libotcore/otcore.h +++ b/src/libotcore/otcore.h @@ -42,3 +42,6 @@ bool otcore_ed25519_init (void); gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes *signature, bool *out_valid, GError **error); + +// The name of the composefs metadata root +#define OSTREE_COMPOSEFS_NAME ".ostree.cfs" diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index ea07331b..ea04ab07 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -79,9 +79,6 @@ #define FS_VERITY_FL 0x00100000 /* Verity protected inode */ #define FS_IOC_GETFLAGS _IOR ('f', 1, long) -// The name of the composefs metadata root -#define OSTREE_COMPOSEFS_NAME ".ostree.cfs" - #if defined(HAVE_LIBSYSTEMD) && !defined(OSTREE_PREPARE_ROOT_STATIC) #define USE_LIBSYSTEMD #endif From 2b738a995d00761caf3cfcbd2651bdf415aa56ca Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 11 Jul 2023 18:00:03 -0400 Subject: [PATCH 2/3] prepare-root: Use otutil and g_print Now that we link to libotutil (and glib) we don't need separate handling for conditionalizing on the presence of systemd. Further, there's no value in `sd_journal_send(MESSAGE=)` over just printing to stdout. --- src/switchroot/ostree-prepare-root.c | 50 ++++++++-------------------- 1 file changed, 13 insertions(+), 37 deletions(-) diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index ea04ab07..a7dcc9de 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -79,15 +79,8 @@ #define FS_VERITY_FL 0x00100000 /* Verity protected inode */ #define FS_IOC_GETFLAGS _IOR ('f', 1, long) -#if defined(HAVE_LIBSYSTEMD) && !defined(OSTREE_PREPARE_ROOT_STATIC) -#define USE_LIBSYSTEMD -#endif - -#ifdef USE_LIBSYSTEMD -#include #define OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG \ SD_ID128_MAKE (71, 70, 33, 6a, 73, ba, 46, 01, ba, d3, 1a, f8, 88, aa, 0d, f7) -#endif // A temporary mount point #define TMP_SYSROOT "/sysroot.tmp" @@ -144,15 +137,13 @@ resolve_deploy_path (const char *root_mountpoint) err (EXIT_FAILURE, "realpath(%s) failed", destpath); if (stat (deploy_path, &stbuf) < 0) err (EXIT_FAILURE, "stat(%s) failed", deploy_path); - /* Quiet logs if there's no journal */ -#ifdef USE_LIBSYSTEMD + /* Quiet logs if there's no journal */ const char *resolved_path = deploy_path + strlen (root_mountpoint); - sd_journal_send ("MESSAGE=Resolved OSTree target to: %s", deploy_path, + ot_journal_send ("MESSAGE=Resolved OSTree target to: %s", deploy_path, "MESSAGE_ID=" SD_ID128_FORMAT_STR, SD_ID128_FORMAT_VAL (OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG), "DEPLOYMENT_PATH=%s", resolved_path, "DEPLOYMENT_DEVICE=%" PRIu64, (uint64_t)stbuf.st_dev, "DEPLOYMENT_INODE=%" PRIu64, (uint64_t)stbuf.st_ino, NULL); -#endif return deploy_path; } @@ -248,9 +239,6 @@ main (int argc, char *argv[]) if (argc < 2) err (EXIT_FAILURE, "usage: ostree-prepare-root SYSROOT"); root_arg = argv[1]; -#ifdef USE_LIBSYSTEMD - sd_journal_send ("MESSAGE=preparing sysroot at %s", root_arg, NULL); -#endif struct stat stbuf; if (stat ("/proc/cmdline", &stbuf) < 0) @@ -319,11 +307,8 @@ main (int argc, char *argv[]) */ const bool sysroot_readonly = sysroot_is_configured_ro (root_arg); const bool sysroot_currently_writable = !path_is_on_readonly_fs (root_arg); -#ifdef USE_LIBSYSTEMD - sd_journal_send ("MESSAGE=filesystem at %s currently writable: %d", root_arg, - (int)sysroot_currently_writable, NULL); - sd_journal_send ("MESSAGE=sysroot.readonly configuration value: %d", (int)sysroot_readonly, NULL); -#endif + g_print ("sysroot.readonly configuration value: %d (fs writable: %d)\n", (int)sysroot_readonly, + (int)sysroot_currently_writable); /* Work-around for a kernel bug: for some reason the kernel * refuses switching root if any file systems are mounted @@ -380,9 +365,7 @@ main (int argc, char *argv[]) if (!validate_signature (commit_data, signatures, (guchar *)pubkey, pubkey_size)) errx (EXIT_FAILURE, "No valid signatures found for public key"); -#ifdef USE_LIBSYSTEMD - sd_journal_send ("MESSAGE=Validated commit signature using '%s'", composefs_pubkey, NULL); -#endif + g_print ("Validated commit signature using '%s'\n", composefs_pubkey); g_autoptr (GVariant) metadata = g_variant_get_child_value (commit, 0); g_autoptr (GVariant) cfs_digest_v = g_variant_lookup_value ( @@ -407,15 +390,12 @@ main (int argc, char *argv[]) cfs_options.expected_fsverity_digest = composefs_digest; } -#ifdef USE_LIBSYSTEMD if (composefs_mode == OSTREE_COMPOSEFS_MODE_MAYBE) - sd_journal_send ("MESSAGE=Trying to mount composefs rootfs", NULL); + g_print ("Trying to mount composefs rootfs\n"); else if (composefs_digest != NULL) - sd_journal_send ("MESSAGE=Mounting composefs rootfs with expected digest '%s'", - composefs_digest, NULL); + g_print ("Mounting composefs rootfs with expected digest '%s'\n", composefs_digest); else - sd_journal_send ("MESSAGE=Mounting composefs rootfs", NULL); -#endif + g_print ("Mounting composefs rootfs\n"); if (lcfs_mount_image (OSTREE_COMPOSEFS_NAME, TMP_SYSROOT, &cfs_options) == 0) { @@ -428,16 +408,14 @@ main (int argc, char *argv[]) } else { -#ifdef USE_LIBSYSTEMD if (errno == ENOVERITY) - sd_journal_send ("MESSAGE=No verity in composefs image", NULL); + g_print ("No verity in composefs image\n"); else if (errno == EWRONGVERITY) - sd_journal_send ("MESSAGE=Wrong verity digest in composefs image", NULL); + g_print ("Wrong verity digest in composefs image\n"); else if (errno == ENOSIGNATURE) - sd_journal_send ("MESSAGE=Missing signature in composefs image", NULL); + g_print ("Missing signature in composefs image\n"); else - sd_journal_send ("MESSAGE=Mounting composefs image failed: %s", strerror (errno), NULL); -#endif + g_print ("Mounting composefs image failed: %s\n", strerror (errno)); } #else err (EXIT_FAILURE, "Composefs not supported"); @@ -455,9 +433,7 @@ main (int argc, char *argv[]) } else { -#ifdef USE_LIBSYSTEMD - sd_journal_send ("MESSAGE=Mounted composefs", NULL); -#endif + g_print ("Mounted composefs\n"); } /* This will result in a system with /sysroot read-only. Thus, two additional From 18cc447230c2ed43d0834d771b03a8d41300c920 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 11 Jul 2023 18:02:51 -0400 Subject: [PATCH 3/3] prepare-root: Drop unused verity flag querying This logic got pushed down into libcomposefs. --- src/switchroot/ostree-prepare-root.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index a7dcc9de..7419a24c 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -75,10 +75,6 @@ #include "otcore.h" -/* We can't include both linux/fs.h and sys/mount.h, so define these directly */ -#define FS_VERITY_FL 0x00100000 /* Verity protected inode */ -#define FS_IOC_GETFLAGS _IOR ('f', 1, long) - #define OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG \ SD_ID128_MAKE (71, 70, 33, 6a, 73, ba, 46, 01, ba, d3, 1a, f8, 88, aa, 0d, f7)