Commit Graph

1597 Commits

Author SHA1 Message Date
Jeremy Whiting
7f9eefb62d pull: Verify commits with gpg signatures from detached metadata
This uses gpgv for verification against DATADIR/ostree/pubring.gpg by
default.  The keyring can be overridden by specifying OSTREE_GPG_HOME.

Add a unit test for commit signing with gpg key and verifying on pull;
to implement this we ship a test GPG key generated with no password
for Ostree Tester <test@test.com>.

Change all of the existing tests to disable GPG verification.
2013-09-29 14:49:47 -04:00
Colin Walters
b064581577 commit: Store detached metadata in normal form
Otherwise corrupted variants may crash us.
2013-09-29 14:00:53 -04:00
Jeremy Whiting
7d5aa74dae core: Use libgpgme to add GPG signatures to detached metadata for commit object
Add an optional dependency on gpgme to add GPG signatures into the
detached metadata, with the key "ostree.gpgsigs", as an "aay", an
array of signatures (treated as binary data).

The commit command gains a --gpg-sign=<key-id> argument.  Also add an
argument --gpg-homedir to set the GPG homedir where we look for
keyrings.
2013-09-28 16:12:35 -04:00
Colin Walters
0f486105db remote-add: Add --set=KEY=VALUE option
This can be used to add a remote and set e.g. tls-permissive=true, or
gpgverify=false.
2013-09-28 12:00:16 -04:00
Colin Walters
38a5f6e5ed show: Handle keys of any type, and set an error if key doesn't exist
Previously we were just handling strings, and silently doing nothing
if the key didn't exist, which is pretty broken.
2013-09-27 12:57:01 -04:00
Colin Walters
2ef652439d repo-pull: Allocate with g_new0 rather than g_new.
Conflicts:

	src/libostree/ostree-repo-pull.c
2013-09-26 14:38:37 -04:00
Colin Walters
7d72a4b941 pull: Also fetch detached commitmeta files
These will contain GPG signatures and the like in the future, so we
should fetch them now.
2013-09-26 14:36:06 -04:00
Colin Walters
10cf4ccabc repo: When adding detached metadata, ensure the objdir exists
We may be creating the commitmeta file before the commit, so we need
to call mkdir(<first two checksum characters>) here too.
2013-09-26 13:59:08 -04:00
Colin Walters
edcfcd21a3 show: Print an error message if commit doesn't have detached metadata
...instead of segfaulting.
2013-09-26 13:57:59 -04:00
Colin Walters
7959ad9eaf fetcher: Fix previous commit
I was getting hangs in the test suite, and looking at the previous
commit, we were calling the async completion functions out of the
finalizer for the URI, which is weird.  I didn't analyze what's going
wrong, but what we really should be doing is processing our internal
queue after we've downloaded a file, and the request is about to be
finalized.

I suspect doing queue management from the finalizer created a circular
reference type situation.

This patch deduplicates the queue processing bits too.

https://bugzilla.gnome.org/show_bug.cgi?id=708126
2013-09-25 11:59:43 -04:00
Sjoerd Simons
5f310868f7 fetcher: Add a queue to limit requests sent to soup
On a large ostree repository pulling over http slows to a crawl. Pulling
from localhost results in:
 5944 metadata, 63734 content objects fetched; 850509 KiB transferred in
 1106 seconds
In other words about 800KiB/s. Some profiling shows that essentially
all of the CPU goes into libsoup doing its request bookkeeping instead
of into the actual downloading.

Adding a simple queue to limit to number of active request sent into
libsoup makes for a dramatic improvement:
 5944 metadata, 63734 content objects fetched; 850509 KiB transferred
 in 89 seconds
So around 9450 KiB/s.

https://bugzilla.gnome.org/show_bug.cgi?id=708126
2013-09-22 23:40:51 +02:00
Colin Walters
c044cdfb7d tests: Add u-boot
It needs to be installed so it'll be run by the InstalledTests scheme.
2013-09-21 11:06:20 -04:00
Javier Martinez Canillas
4df1d0644f tests: Fix U-Boot test case
commit 08b873457 ("deploy: Remove checksum from generated loader entries")
changed the generated loader entries file names thus making the U-Boot test
case to fail since this test parsed those files.

Fix test-admin-deploy-uboot.sh by looking to the updated files names.

https://bugzilla.gnome.org/show_bug.cgi?id=708511

Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
2013-09-21 11:05:01 -04:00
Colin Walters
5c406132ce libostree: Document and annotate some methods to quash g-ir-scanner warnings
Since warnings are bad.  Introspection is good.
2013-09-20 14:00:31 -04:00
Colin Walters
b4bf5af5fa libostree: Remove private header file from ostree.h
Was breaking pkgsys-ostree.
2013-09-20 13:54:43 -04:00
Colin Walters
0f65d73581 upgrade: Don't segfault if there's no previous deployment
Obviously.
2013-09-20 11:21:08 -04:00
Colin Walters
298625d7f8 deploy: Correctly swap bootloader version with new boot checksums
If we had two deployments with different boot checksums, and were
trying to remove the one that was the same and add a new one (the
normal case), we'd end up assuming due to comparison with 0 that
we only needed to do the fast subbootversion swap.

Fix this by actually putting 1 where we really mean 1.

And update the tests to verify the fix; I have double-verified by
undoing the fix, and noting that the test fails.

https://bugzilla.gnome.org/show_bug.cgi?id=708351
2013-09-20 11:21:08 -04:00
Colin Walters
08b8734576 deploy: Remove checksum from generated loader entries
The actual deployment checksum shouldn't be in there, because we may
just swap bootlinks, rendering the name of the old bootloader entry
file invalid.  Thankfully nothing actually parsed the names of these
files, so let's just use the index.
2013-09-19 22:41:33 -04:00
Colin Walters
d03b8bbad9 deploy: Do a full system sync after writing bootloader config
This is just something I noticed on inspection; we should catch any
changes to /boot in the sync(), even though theoretically gio should
have done fdatasync().
2013-09-19 22:26:43 -04:00
Colin Walters
ae68b8380f deploy: Only query bootloader if we have to make a loader change
This will also help distinguish in the output when we're just swapping
bootlinks versus when we need to change the loader config.
2013-09-19 22:25:12 -04:00
Colin Walters
d1bc9e2acf deploy: Some minor assertion and error message improvements
To help debug https://bugzilla.gnome.org/show_bug.cgi?id=708351

Plus run a status consistently in the tests.
2013-09-19 22:23:19 -04:00
Colin Walters
9b31b526cc libostree: Add API to write metadata as stream
And use it in pull-local.  The goal here is to kill users of
ostree_repo_load_variant(), and move a bit more towards hiding the
variants.
2013-09-18 18:44:57 -04:00
Colin Walters
b4082d5642 test-core.js: Add standard copyright header
Like everything else.
2013-09-18 16:34:57 -04:00
Colin Walters
4c1a69f74e main: Print error: in red bold just for fun
It's easier to see.  Also drop old dead ot_main() function.
2013-09-18 16:34:14 -04:00
Colin Walters
58a8d6d6ef tests: Add a gjs-based test
This covers introspection, and in general is a much better way to get
API coverage tests.
2013-09-18 12:02:12 -04:00
Colin Walters
0818a462c2 sysroot: Look for booted deployment correctly
We need to look at the list we just gathered, not potentially NULL.
2013-09-17 10:53:41 -04:00
Colin Walters
8f1ea1b50a sysroot: Clean up API
Now that we have a real GObject for the sysroot, we have a convenient
place to keep track of 4 pieces of state:

* The current deployment list
* The current bootversion
* The current subbootversion
* The current booted deployment (if any)

Avoid requiring callers to pass all of this around and load it
piecemeal; instead the new thing is ostree_sysroot_load().
2013-09-16 18:32:13 -04:00
Colin Walters
c07c84cb6f libostree: Use ostree_repo_create() rather than spawning subprocess
We have API now, yay!
2013-09-16 08:52:16 -04:00
Colin Walters
b88c4b5c1c doc: Add some more OstreeSysroot docs 2013-09-15 22:44:25 -04:00
Colin Walters
ac0154713d libostree: Make OstreeBootloader private
It was only temporarily public while functionality was being merged
down; that's done now.
2013-09-15 20:26:13 -04:00
Colin Walters
4abaf27e57 admin: Drop two uses of ostree_sysroot_get_path()
Moving towards it being a full library.
2013-09-15 20:21:49 -04:00
Colin Walters
c6292942ff libostree: Nearly complete move of API into OstreeSysroot
Move the deployment code too.
2013-09-15 20:16:20 -04:00
Colin Walters
95f07d486a libostree: Move a lot more sysroot API here
OstreeBootloader is temporarily public API.
2013-09-15 18:08:06 -04:00
Colin Walters
6f929ca5af libostree: Move sysroot initialization API here 2013-09-15 15:16:56 -04:00
Colin Walters
35bab87691 Move Deployment and BootconfigParser into libostree
As part of moving admin functionality there.  While we are doing this,
rename OtConfigParser to OstreeBootConfig parser since it's a better
name.
2013-09-15 15:06:31 -04:00
Colin Walters
af0f888057 libostree: Add new OstreeSysroot class
At the moment, just a container for a path, but we will start moving
admin functionality here.
2013-09-15 14:33:57 -04:00
Javier Martinez Canillas
3715b0cc82 admin: add U-Boot backend test case
OSTree now supports a backend for the U-Boot bootloader,
add a test case for this.

https://bugzilla.gnome.org/show_bug.cgi?id=708069

Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
2013-09-15 12:46:39 -04:00
Javier Martinez Canillas
ae61abb029 tests: allow setup_os_repository to create U-Boot stub config
Currently OSTree supports two bootloader backends: syslinux
and U-Boot; allow to create a stub configuration for both.

https://bugzilla.gnome.org/show_bug.cgi?id=708069

Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
2013-09-15 12:46:39 -04:00
Javier Martinez Canillas
f19ba12360 tests: don't create a syslinux stub unconditionally in libtest
libtest.sh has an setup_os_repository() helper function tha is
used by many tests to setup an OSTree initial repository.

This function creates an syslinux configuration unconditionally
but OSTree supports other bootloader backends besides syslinux.

So, is better to conditionally create a syslinux configuration
only when it is needed.

https://bugzilla.gnome.org/show_bug.cgi?id=708069

Signed-off-by: Javier Martinez Canillas <javier.martinez@collabora.co.uk>
2013-09-15 12:46:39 -04:00
Colin Walters
d302c3d7ff checkout: Fix leak when doing uncompressed cache + copying checkouts
We were reading into "input" twice, leading a fd.  This was
breaking the gnome-continuous integrationtest.
2013-09-13 17:15:30 -04:00
Colin Walters
94e42c521c pull: Drop usage of 2.36 symbol
Really need deprecation warnings while using RHEL6.4...maybe Software
Collections will save me.
2013-09-13 16:45:43 -04:00
Colin Walters
a9e82e71fa Update libgsystem
With tempfile fix.
2013-09-13 16:43:27 -04:00
Colin Walters
2e6b64d21b doc: Add OstreeMutableTree, other minor doc updates 2013-09-12 23:53:13 -04:00
Colin Walters
ce0fbbfdee admin: Silence a gcc warning
It can't happen, but anyways.
2013-09-12 14:34:38 -04:00
Colin Walters
081da0033a COPYING: Now fully LGPLv2+
I ran into Jeremy Katz today, and he gave me permission to relicense
the small bits of switch-root.c to LGPLv2+.  This combined with
permission from Peter Jones allows OSTree to become fully LGPLv2+.

Not a big deal, it's just a lot clearer to only have one license, and
it makes it easier to turn application code into library code.
2013-09-11 19:57:05 -04:00
Colin Walters
6a01ec1032 checkout: Fix previous commit
Don't try to close in cases where we don't have input.
2013-09-11 11:54:53 -04:00
Colin Walters
0238a2c26c checkout: Fix file descriptor leak for copying checkouts
Hardlink checkouts didn't hit this, but we need to close the input
stream.
2013-09-11 10:58:22 -04:00
Colin Walters
c8744beb17 Update libgsystem
And while we're here, also update the TODO slightly.
2013-09-11 08:28:09 -04:00
Colin Walters
27b46cb45c libostree: Fix compiler warning 2013-09-10 12:25:13 -04:00
Colin Walters
4f236ebc1b checkout: Add g_prefix_error() around more failures
So we can debug what's going wrong more easily.
2013-09-10 12:21:04 -04:00