mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-12 13:18:27 +03:00
Merge pull request #2926 from cgwalters/otcore-cfs-constants
prepare-root: A few cleanups
This commit is contained in:
commit
6cdc5ce595
@ -593,7 +593,6 @@ ostree_repo_commit_add_composefs_metadata (OstreeRepo *self, guint format_versio
|
||||
/* For now */
|
||||
g_assert (format_version == 0);
|
||||
|
||||
/* Create a composefs image and put in deploy dir as .ostree.cfs */
|
||||
g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new ();
|
||||
|
||||
if (!ostree_repo_checkout_composefs (self, target, repo_root, cancellable, error))
|
||||
|
@ -46,7 +46,7 @@
|
||||
#include "ostree-sepolicy-private.h"
|
||||
#include "ostree-sysroot-private.h"
|
||||
#include "ostree.h"
|
||||
#include "otutil.h"
|
||||
#include "otcore.h"
|
||||
|
||||
#ifdef HAVE_LIBSYSTEMD
|
||||
#define OSTREE_VARRELABEL_ID \
|
||||
@ -662,7 +662,7 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
|
||||
g_autoptr (GVariant) metadata_composefs = g_variant_lookup_value (
|
||||
metadata, OSTREE_COMPOSEFS_DIGEST_KEY_V0, G_VARIANT_TYPE_BYTESTRING);
|
||||
|
||||
/* Create a composefs image and put in deploy dir as .ostree.cfs */
|
||||
/* Create a composefs image and put in deploy dir */
|
||||
g_autoptr (OstreeComposefsTarget) target = ostree_composefs_target_new ();
|
||||
|
||||
g_autoptr (GFile) commit_root = NULL;
|
||||
@ -674,7 +674,7 @@ checkout_deployment_tree (OstreeSysroot *sysroot, OstreeRepo *repo, OstreeDeploy
|
||||
return FALSE;
|
||||
|
||||
g_autofree char *composefs_cfs_path
|
||||
= g_strdup_printf ("%s/.ostree.cfs", checkout_target_name);
|
||||
= g_strdup_printf ("%s/" OSTREE_COMPOSEFS_NAME, checkout_target_name);
|
||||
|
||||
if (!glnx_open_tmpfile_linkable_at (osdeploy_dfd, checkout_target_name, O_WRONLY | O_CLOEXEC,
|
||||
&tmpf, error))
|
||||
|
@ -42,3 +42,6 @@
|
||||
bool otcore_ed25519_init (void);
|
||||
gboolean otcore_validate_ed25519_signature (GBytes *data, GBytes *pubkey, GBytes *signature,
|
||||
bool *out_valid, GError **error);
|
||||
|
||||
// The name of the composefs metadata root
|
||||
#define OSTREE_COMPOSEFS_NAME ".ostree.cfs"
|
||||
|
@ -75,22 +75,8 @@
|
||||
|
||||
#include "otcore.h"
|
||||
|
||||
/* We can't include both linux/fs.h and sys/mount.h, so define these directly */
|
||||
#define FS_VERITY_FL 0x00100000 /* Verity protected inode */
|
||||
#define FS_IOC_GETFLAGS _IOR ('f', 1, long)
|
||||
|
||||
// The name of the composefs metadata root
|
||||
#define OSTREE_COMPOSEFS_NAME ".ostree.cfs"
|
||||
|
||||
#if defined(HAVE_LIBSYSTEMD) && !defined(OSTREE_PREPARE_ROOT_STATIC)
|
||||
#define USE_LIBSYSTEMD
|
||||
#endif
|
||||
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
#include <systemd/sd-journal.h>
|
||||
#define OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG \
|
||||
SD_ID128_MAKE (71, 70, 33, 6a, 73, ba, 46, 01, ba, d3, 1a, f8, 88, aa, 0d, f7)
|
||||
#endif
|
||||
|
||||
// A temporary mount point
|
||||
#define TMP_SYSROOT "/sysroot.tmp"
|
||||
@ -148,14 +134,12 @@ resolve_deploy_path (const char *root_mountpoint)
|
||||
if (stat (deploy_path, &stbuf) < 0)
|
||||
err (EXIT_FAILURE, "stat(%s) failed", deploy_path);
|
||||
/* Quiet logs if there's no journal */
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
const char *resolved_path = deploy_path + strlen (root_mountpoint);
|
||||
sd_journal_send ("MESSAGE=Resolved OSTree target to: %s", deploy_path,
|
||||
ot_journal_send ("MESSAGE=Resolved OSTree target to: %s", deploy_path,
|
||||
"MESSAGE_ID=" SD_ID128_FORMAT_STR,
|
||||
SD_ID128_FORMAT_VAL (OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG), "DEPLOYMENT_PATH=%s",
|
||||
resolved_path, "DEPLOYMENT_DEVICE=%" PRIu64, (uint64_t)stbuf.st_dev,
|
||||
"DEPLOYMENT_INODE=%" PRIu64, (uint64_t)stbuf.st_ino, NULL);
|
||||
#endif
|
||||
return deploy_path;
|
||||
}
|
||||
|
||||
@ -251,9 +235,6 @@ main (int argc, char *argv[])
|
||||
if (argc < 2)
|
||||
err (EXIT_FAILURE, "usage: ostree-prepare-root SYSROOT");
|
||||
root_arg = argv[1];
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
sd_journal_send ("MESSAGE=preparing sysroot at %s", root_arg, NULL);
|
||||
#endif
|
||||
|
||||
struct stat stbuf;
|
||||
if (stat ("/proc/cmdline", &stbuf) < 0)
|
||||
@ -322,11 +303,8 @@ main (int argc, char *argv[])
|
||||
*/
|
||||
const bool sysroot_readonly = sysroot_is_configured_ro (root_arg);
|
||||
const bool sysroot_currently_writable = !path_is_on_readonly_fs (root_arg);
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
sd_journal_send ("MESSAGE=filesystem at %s currently writable: %d", root_arg,
|
||||
(int)sysroot_currently_writable, NULL);
|
||||
sd_journal_send ("MESSAGE=sysroot.readonly configuration value: %d", (int)sysroot_readonly, NULL);
|
||||
#endif
|
||||
g_print ("sysroot.readonly configuration value: %d (fs writable: %d)\n", (int)sysroot_readonly,
|
||||
(int)sysroot_currently_writable);
|
||||
|
||||
/* Work-around for a kernel bug: for some reason the kernel
|
||||
* refuses switching root if any file systems are mounted
|
||||
@ -383,9 +361,7 @@ main (int argc, char *argv[])
|
||||
if (!validate_signature (commit_data, signatures, (guchar *)pubkey, pubkey_size))
|
||||
errx (EXIT_FAILURE, "No valid signatures found for public key");
|
||||
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
sd_journal_send ("MESSAGE=Validated commit signature using '%s'", composefs_pubkey, NULL);
|
||||
#endif
|
||||
g_print ("Validated commit signature using '%s'\n", composefs_pubkey);
|
||||
|
||||
g_autoptr (GVariant) metadata = g_variant_get_child_value (commit, 0);
|
||||
g_autoptr (GVariant) cfs_digest_v = g_variant_lookup_value (
|
||||
@ -410,15 +386,12 @@ main (int argc, char *argv[])
|
||||
cfs_options.expected_fsverity_digest = composefs_digest;
|
||||
}
|
||||
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
if (composefs_mode == OSTREE_COMPOSEFS_MODE_MAYBE)
|
||||
sd_journal_send ("MESSAGE=Trying to mount composefs rootfs", NULL);
|
||||
g_print ("Trying to mount composefs rootfs\n");
|
||||
else if (composefs_digest != NULL)
|
||||
sd_journal_send ("MESSAGE=Mounting composefs rootfs with expected digest '%s'",
|
||||
composefs_digest, NULL);
|
||||
g_print ("Mounting composefs rootfs with expected digest '%s'\n", composefs_digest);
|
||||
else
|
||||
sd_journal_send ("MESSAGE=Mounting composefs rootfs", NULL);
|
||||
#endif
|
||||
g_print ("Mounting composefs rootfs\n");
|
||||
|
||||
if (lcfs_mount_image (OSTREE_COMPOSEFS_NAME, TMP_SYSROOT, &cfs_options) == 0)
|
||||
{
|
||||
@ -431,16 +404,14 @@ main (int argc, char *argv[])
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
if (errno == ENOVERITY)
|
||||
sd_journal_send ("MESSAGE=No verity in composefs image", NULL);
|
||||
g_print ("No verity in composefs image\n");
|
||||
else if (errno == EWRONGVERITY)
|
||||
sd_journal_send ("MESSAGE=Wrong verity digest in composefs image", NULL);
|
||||
g_print ("Wrong verity digest in composefs image\n");
|
||||
else if (errno == ENOSIGNATURE)
|
||||
sd_journal_send ("MESSAGE=Missing signature in composefs image", NULL);
|
||||
g_print ("Missing signature in composefs image\n");
|
||||
else
|
||||
sd_journal_send ("MESSAGE=Mounting composefs image failed: %s", strerror (errno), NULL);
|
||||
#endif
|
||||
g_print ("Mounting composefs image failed: %s\n", strerror (errno));
|
||||
}
|
||||
#else
|
||||
err (EXIT_FAILURE, "Composefs not supported");
|
||||
@ -458,9 +429,7 @@ main (int argc, char *argv[])
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef USE_LIBSYSTEMD
|
||||
sd_journal_send ("MESSAGE=Mounted composefs", NULL);
|
||||
#endif
|
||||
g_print ("Mounted composefs\n");
|
||||
}
|
||||
|
||||
/* This will result in a system with /sysroot read-only. Thus, two additional
|
||||
|
Loading…
Reference in New Issue
Block a user