IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In the current "ostree native container" flow, we're inserting
a commit object into the repo but with no refs.
We have hacks in a few places to find the commit digest via e.g.
`find repo/objects -name *.commit` but that's a horrible hack.
Add `ostree rev-parse --single` which will print the single commit,
and error out if there is not exactly one commit.
Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
Don't parse `rpm-ostree status` output, it's not meant for that. Use
`--json` output instead.
While we're here, fix an obsolete reference to Ansible.
Related: https://github.com/coreos/rpm-ostree/pull/3938
Specifically, I verified that *before* the previous patch to the
ed25519 C code, the last bit of code would fail with a SIGSEGV when
trying to read the empty signature.
The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
For historical reasons we have a fair bit of distinct sysroot
initialization going on. A lot of code is calling *just* the new
`ensure_writable()` API, which does basically what you'd expect...
except if we're not using a mount namespace.
Which is the case in unit tests and legacy setups.
Change this API to also ensure the sysroot is fully initialized
even in those cases. Specifically we'll have `self->sysroot_fd`.
For now, callers that need `/boot` also need to separately
call `_ensure_boot_fd()`.
This PR is followup from https://github.com/coreos/coreos-assembler/pull/2863
Summary of changes:
- Moved bls-append-except-default parsing logic to reload_sysroot_config()
- Made sure heap allocated memory is being freed
It's falliable, and in one place we were actually ignoring
the error and leaving a `NULL` repo object which is just a trap
for people coming along later since it's rarely nullable.
Quite a while ago we switched to loading the repo at the same time
as the sysroot; convert callers in the library to use this infallible
accessor.
Prep for another patch which will use the repo object.
After landing the new --commit-only functionality, we still noticed
exceedingly long pruning times in large repos. Lets add an optimization
that will only retrieve commit objects when --commit-only flag is used.