Merge pull request #2926 from cgwalters/otcore-cfs-constants

prepare-root: A few cleanups
This commit is contained in:
Colin Walters 2023-07-13 07:10:59 -04:00 committed by GitHub
commit 6cdc5ce595
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 48 deletions

View File

@ -593,7 +593,6 @@ ostree_repo_commit_add_composefs_metadata (OstreeRepo *self, guint format_versio
/* For now */ /* For now */
g_assert (format_version == 0); g_assert (format_version == 0);
/* Create a composefs image and put in deploy dir as .ostree.cfs */
g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new (); g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new ();
if (!ostree_repo_checkout_composefs (self, target, repo_root, cancellable, error)) if (!ostree_repo_checkout_composefs (self, target, repo_root, cancellable, error))

View File

@ -46,7 +46,7 @@
#include "ostree-sepolicy-private.h" #include "ostree-sepolicy-private.h"
#include "ostree-sysroot-private.h" #include "ostree-sysroot-private.h"
#include "ostree.h" #include "ostree.h"
#include "otutil.h" #include "otcore.h"
#ifdef HAVE_LIBSYSTEMD #ifdef HAVE_LIBSYSTEMD
#define OSTREE_VARRELABEL_ID \ #define OSTREE_VARRELABEL_ID \
@ -662,7 +662,7 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
g_autoptr (GVariant) metadata_composefs = g_variant_lookup_value ( g_autoptr (GVariant) metadata_composefs = g_variant_lookup_value (
metadata, OSTREE_COMPOSEFS_DIGEST_KEY_V0, G_VARIANT_TYPE_BYTESTRING); metadata, OSTREE_COMPOSEFS_DIGEST_KEY_V0, G_VARIANT_TYPE_BYTESTRING);
/* Create a composefs image and put in deploy dir as .ostree.cfs */ /* Create a composefs image and put in deploy dir */
g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new (); g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new ();
g_autoptr (GFile) commit_root = NULL; g_autoptr (GFile) commit_root = NULL;
@ -674,7 +674,7 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
return FALSE; return FALSE;
g_autofree char *composefs_cfs_path g_autofree char *composefs_cfs_path
= g_strdup_printf ("%s/.ostree.cfs", checkout_target_name); = g_strdup_printf ("%s/" OSTREE_COMPOSEFS_NAME, checkout_target_name);
if (!glnx_open_tmpfile_linkable_at (osdeploy_dfd, checkout_target_name, O_WRONLY | O_CLOEXEC, if (!glnx_open_tmpfile_linkable_at (osdeploy_dfd, checkout_target_name, O_WRONLY | O_CLOEXEC,
&tmpf, error)) &tmpf, error))

View File

@ -42,3 +42,6 @@
bool otcore_ed25519_init (void); bool otcore_ed25519_init (void);
gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes *signature, gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes *signature,
bool *out_valid, GError **error); bool *out_valid, GError **error);
// The name of the composefs metadata root
#define OSTREE_COMPOSEFS_NAME ".ostree.cfs"

View File

@ -75,22 +75,8 @@
#include "otcore.h" #include "otcore.h"
/* We can't include both linux/fs.h and sys/mount.h, so define these directly */
#define FS_VERITY_FL 0x00100000 /* Verity protected inode */
#define FS_IOC_GETFLAGS _IOR ('f', 1, long)
// The name of the composefs metadata root
#define OSTREE_COMPOSEFS_NAME ".ostree.cfs"
#if defined(HAVE_LIBSYSTEMD) && !defined(OSTREE_PREPARE_ROOT_STATIC)
#define USE_LIBSYSTEMD
#endif
#ifdef USE_LIBSYSTEMD
#include <systemd/sd-journal.h>
#define OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG \ #define OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG \
SD_ID128_MAKE (71, 70, 33, 6a, 73, ba, 46, 01, ba, d3, 1a, f8, 88, aa, 0d, f7) SD_ID128_MAKE (71, 70, 33, 6a, 73, ba, 46, 01, ba, d3, 1a, f8, 88, aa, 0d, f7)
#endif
// A temporary mount point // A temporary mount point
#define TMP_SYSROOT "/sysroot.tmp" #define TMP_SYSROOT "/sysroot.tmp"
@ -147,15 +133,13 @@ resolve_deploy_path (const char *root_mountpoint)
err (EXIT_FAILURE, "realpath(%s) failed", destpath); err (EXIT_FAILURE, "realpath(%s) failed", destpath);
if (stat (deploy_path, &stbuf) < 0) if (stat (deploy_path, &stbuf) < 0)
err (EXIT_FAILURE, "stat(%s) failed", deploy_path); err (EXIT_FAILURE, "stat(%s) failed", deploy_path);
/* Quiet logs if there's no journal */ /* Quiet logs if there's no journal */
#ifdef USE_LIBSYSTEMD
const char *resolved_path = deploy_path + strlen (root_mountpoint); const char *resolved_path = deploy_path + strlen (root_mountpoint);
sd_journal_send ("MESSAGE=Resolved OSTree target to: %s", deploy_path, ot_journal_send ("MESSAGE=Resolved OSTree target to: %s", deploy_path,
"MESSAGE_ID=" SD_ID128_FORMAT_STR, "MESSAGE_ID=" SD_ID128_FORMAT_STR,
SD_ID128_FORMAT_VAL (OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG), "DEPLOYMENT_PATH=%s", SD_ID128_FORMAT_VAL (OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG), "DEPLOYMENT_PATH=%s",
resolved_path, "DEPLOYMENT_DEVICE=%" PRIu64, (uint64_t)stbuf.st_dev, resolved_path, "DEPLOYMENT_DEVICE=%" PRIu64, (uint64_t)stbuf.st_dev,
"DEPLOYMENT_INODE=%" PRIu64, (uint64_t)stbuf.st_ino, NULL); "DEPLOYMENT_INODE=%" PRIu64, (uint64_t)stbuf.st_ino, NULL);
#endif
return deploy_path; return deploy_path;
} }
@ -251,9 +235,6 @@ main (int argc, char *argv[])
if (argc < 2) if (argc < 2)
err (EXIT_FAILURE, "usage: ostree-prepare-root SYSROOT"); err (EXIT_FAILURE, "usage: ostree-prepare-root SYSROOT");
root_arg = argv[1]; root_arg = argv[1];
#ifdef USE_LIBSYSTEMD
sd_journal_send ("MESSAGE=preparing sysroot at %s", root_arg, NULL);
#endif
struct stat stbuf; struct stat stbuf;
if (stat ("/proc/cmdline", &stbuf) < 0) if (stat ("/proc/cmdline", &stbuf) < 0)
@ -322,11 +303,8 @@ main (int argc, char *argv[])
*/ */
const bool sysroot_readonly = sysroot_is_configured_ro (root_arg); const bool sysroot_readonly = sysroot_is_configured_ro (root_arg);
const bool sysroot_currently_writable = !path_is_on_readonly_fs (root_arg); const bool sysroot_currently_writable = !path_is_on_readonly_fs (root_arg);
#ifdef USE_LIBSYSTEMD g_print ("sysroot.readonly configuration value: %d (fs writable: %d)\n", (int)sysroot_readonly,
sd_journal_send ("MESSAGE=filesystem at %s currently writable: %d", root_arg, (int)sysroot_currently_writable);
(int)sysroot_currently_writable, NULL);
sd_journal_send ("MESSAGE=sysroot.readonly configuration value: %d", (int)sysroot_readonly, NULL);
#endif
/* Work-around for a kernel bug: for some reason the kernel /* Work-around for a kernel bug: for some reason the kernel
* refuses switching root if any file systems are mounted * refuses switching root if any file systems are mounted
@ -383,9 +361,7 @@ main (int argc, char *argv[])
if (!validate_signature (commit_data, signatures, (guchar *)pubkey, pubkey_size)) if (!validate_signature (commit_data, signatures, (guchar *)pubkey, pubkey_size))
errx (EXIT_FAILURE, "No valid signatures found for public key"); errx (EXIT_FAILURE, "No valid signatures found for public key");
#ifdef USE_LIBSYSTEMD g_print ("Validated commit signature using '%s'\n", composefs_pubkey);
sd_journal_send ("MESSAGE=Validated commit signature using '%s'", composefs_pubkey, NULL);
#endif
g_autoptr (GVariant) metadata = g_variant_get_child_value (commit, 0); g_autoptr (GVariant) metadata = g_variant_get_child_value (commit, 0);
g_autoptr (GVariant) cfs_digest_v = g_variant_lookup_value ( g_autoptr (GVariant) cfs_digest_v = g_variant_lookup_value (
@ -410,15 +386,12 @@ main (int argc, char *argv[])
cfs_options.expected_fsverity_digest = composefs_digest; cfs_options.expected_fsverity_digest = composefs_digest;
} }
#ifdef USE_LIBSYSTEMD
if (composefs_mode == OSTREE_COMPOSEFS_MODE_MAYBE) if (composefs_mode == OSTREE_COMPOSEFS_MODE_MAYBE)
sd_journal_send ("MESSAGE=Trying to mount composefs rootfs", NULL); g_print ("Trying to mount composefs rootfs\n");
else if (composefs_digest != NULL) else if (composefs_digest != NULL)
sd_journal_send ("MESSAGE=Mounting composefs rootfs with expected digest '%s'", g_print ("Mounting composefs rootfs with expected digest '%s'\n", composefs_digest);
composefs_digest, NULL);
else else
sd_journal_send ("MESSAGE=Mounting composefs rootfs", NULL); g_print ("Mounting composefs rootfs\n");
#endif
if (lcfs_mount_image (OSTREE_COMPOSEFS_NAME, TMP_SYSROOT, &cfs_options) == 0) if (lcfs_mount_image (OSTREE_COMPOSEFS_NAME, TMP_SYSROOT, &cfs_options) == 0)
{ {
@ -431,16 +404,14 @@ main (int argc, char *argv[])
} }
else else
{ {
#ifdef USE_LIBSYSTEMD
if (errno == ENOVERITY) if (errno == ENOVERITY)
sd_journal_send ("MESSAGE=No verity in composefs image", NULL); g_print ("No verity in composefs image\n");
else if (errno == EWRONGVERITY) else if (errno == EWRONGVERITY)
sd_journal_send ("MESSAGE=Wrong verity digest in composefs image", NULL); g_print ("Wrong verity digest in composefs image\n");
else if (errno == ENOSIGNATURE) else if (errno == ENOSIGNATURE)
sd_journal_send ("MESSAGE=Missing signature in composefs image", NULL); g_print ("Missing signature in composefs image\n");
else else
sd_journal_send ("MESSAGE=Mounting composefs image failed: %s", strerror (errno), NULL); g_print ("Mounting composefs image failed: %s\n", strerror (errno));
#endif
} }
#else #else
err (EXIT_FAILURE, "Composefs not supported"); err (EXIT_FAILURE, "Composefs not supported");
@ -458,9 +429,7 @@ main (int argc, char *argv[])
} }
else else
{ {
#ifdef USE_LIBSYSTEMD g_print ("Mounted composefs\n");
sd_journal_send ("MESSAGE=Mounted composefs", NULL);
#endif
} }
/* This will result in a system with /sysroot read-only. Thus, two additional /* This will result in a system with /sysroot read-only. Thus, two additional