IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Passing the private key via a direct command line argument
is just a bad idea because it's highly likely to get logged
or appear in `ps`.
Spotted in review of work for composefs signatures.
- Convert the current enum into a struct, using `OtTristate` and
two member variables (expected signature and digest)
- Factor out a helper function to parse this config
- Clean up the logging by consistently using `composefs:` as a prefix
- Add more assertions to more strictly verify our runtime state
since this is security relevant
There's no additional dependencies, and it's a small amount
of new code.
The riskiest thing is the changes to ostree-prepare-root, but
I believe that things are in a good state now there.
Again, this just enables it at *build time* - it's still
off at runtime by default.
I think this was only ever used in the "static pid1" path which
is now split out into a separate file.
We always expect that e.g. systemd does the switchroot in
the initramfs, so drop this dead code.
Since we now have a generalized more structured way of serializing
state in the initramfs instead of "stamp files", use it for
passing the composefs state.
Particularly for the signature case, having this metadata
acts as a reliable "proof of execution" of the signature verification
code (as opposed to parsing a log file or so).
Besides that, this is also just a stronger check for "we're using
composefs" instead of checking for "overlayfs on /".
Now that we link to libotutil (and glib) we don't need separate
handling for conditionalizing on the presence of systemd.
Further, there's no value in `sd_journal_send(MESSAGE=)` over
just printing to stdout.
As of lately it emits a ton of errors from `grep` about having `*`
at the start of a line, but more generally it's only generally
found papercut-style issues that aren't worth carrying a distinct
checking system for.
If requested, by specifying ot-composefs=signed=/path/to/pub.key then
the commit object is validated against the specified ed25519 public
key, and if valid, the composefs digest from the commit object is used
to ensure we boot the right digest.
This will contain logic shared between ostree-prepare-root
and libostree-1.so. It will just link to libgio.so, so as
to avoid pulling in e.g. libcurl and other things.
In other words, `ostree-prepare-root` will not link to `libostree-1.so`,
but will pull in just what it needs from this library.
There's no reason to have these distinct really. If we're using
libsodium, we want it in the same places we're using openssl.
Prep for further refactoring.
The checksum utils uses the crypto lib, but we're not explicitly linking
to it. I think this is why the CI got this error when using openssl
on debian, during ostree binary linking:
/usr/bin/ld: ./.libs/libotutil.a(libotutil_la-ot-checksum-utils.o): undefined reference to symbol 'EVP_DigestInit_ex@@OPENSSL_3.0.0'
/usr/bin/ld: /lib/x86_64-linux-gnu/libcrypto.so.3: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
This adds some defines for ed25519 key sizes and drops uses
of the libsodium defines for these, as well as replacing sodium_bin2hex
use with ot_bin2hex. Some code that wes optionally built before are now
always built.
The goal for this is to support both libsodium and openssl.
Also fixes return value of _load_pk_from_stream(). It used
to always return FALSE.
- Was using the wrong metadata key
- We were missing setting the canonical commit args which assigns
e.g. owner uid 0, which is important for reproducibility
- Use the new --print-hex to make things easier to read
This reverts commit 4e61e6f7d0
and re-instates the fix for ensuring that we download temporary
files into the repository location.
However in order to ensure we don't re-introduce
https://github.com/ostreedev/ostree/issues/2900
we detect the case where we're writing to a FUSE mount
and keep the prior behavior.
I've verified that this works with flatpak.
Note a downside of this is the change needs to be triplicated
across the 3 http backends.
This then again
Closes: https://github.com/ostreedev/ostree/issues/2571
See https://github.com/ostreedev/ostree/issues/1593
Basically this makes it easier for people packaging, as the trivial-httpd
is only for tests, and this way the binary will live with the tests.
Also at this point nothing should depend on `ostree trivial-httpd`.