Commit Graph

6775 Commits

Author SHA1 Message Date
Colin Walters
28cc761806 sysroot: Stabilize deployment finalization, add API and CLI
It's about time we do this; deployment finalization locking
is a useful feature.  An absolutely key thing here is that
we've slowly been moving towards the deployments as the primary
"source of truth".

Specifically in bootc for example, we will GC container images
not referenced by a deployment.

This is then neecessary to support a "pull but don't apply automatically" model.

This stabilizes the existing `ostree admin deploy --lock-finalization`
CLI, and adds a new `ostree admin unlock-finalization`.

We still check the old lock file path, but there's a new boolean
value as part of the staged deployment data which is intended
to be the source of truth in the future.  At some point then we
can drop the rpm-ostree lockfile handling.

Closes: https://github.com/ostreedev/ostree/issues/3025
2023-11-27 10:59:56 -05:00
Colin Walters
1ca4f02a69 status: Add error prefix for gpg verification
It's helpful to see which deployment has an error.
2023-11-27 10:59:56 -05:00
Colin Walters
b6f435fe11 tests: Turn off gpg verification for dev builds
Right now `ostree admin status` errors out in this case, but
`rpm-ostree status` doesn't.  The former behavior is probably
more of a bug, work around it for now.
2023-11-27 10:59:56 -05:00
Colin Walters
ff7e7f4767
Merge pull request #3099 from markmc/man-sysroot-readonly
man: improve sysroot.readonly docs
2023-11-27 08:39:35 -05:00
Mark McLoughlin
2cfa8aba72
man: improve sysroot.readonly docs
The explanation of sysroot.readonly is a little confusing - we say
that "everything else is mounted read-only" but it's perhaps clearer
to say /sysroot is mounted read-only.

Also note that read-only is the default with composefs.

Finally, document the option in ostree.repo-config even though it is
now considered legacy - as of commit 22b8e4f9 (#2930) - it is still
commonly seen in repo configs, so users will look to understand
what it means.
2023-11-24 14:27:11 +00:00
Jonathan Lebon
cd1728a4bf
Merge pull request #3098 from jlebon/pr/abort-concurrent 2023-11-21 17:18:17 -05:00
Jonathan Lebon
8002983d45 ci: cancel previous build on PR update
This is an easy way to save CI resources; when a PR is updated, abort
any previous build for that PR to focus on testing the latest push.
2023-11-21 15:33:20 -05:00
Colin Walters
de22914e23
Merge pull request #3097 from cgwalters/symbol-cleanups
Symbol cleanups
2023-11-21 08:34:32 -05:00
Colin Walters
315cbdd38e lib: Don't hardcode year in sample symver section
The 2021 was misleading.
2023-11-20 09:47:40 -05:00
Colin Walters
76e4833de3 devel: Fix symbol versioning number
The .11 was wrong.
2023-11-20 09:45:39 -05:00
Colin Walters
82392e3f17
Merge pull request #3095 from alexlarsson/fix-post-copy-symlinks
Fix admin post-copy handling of symlinks
2023-11-14 17:40:08 -05:00
Alexander Larsson
acb8860088 Fix admin post-copy handling of symlinks
The code to enable fs-verity on an object file was failing with ENOENT
for symlink objects.
2023-11-14 22:36:58 +01:00
Colin Walters
508443f7f4
Merge pull request #3094 from alexlarsson/admin-deploy-post-copy
Add `ostree admin post-copy` command
2023-11-14 09:01:41 -05:00
Alexander Larsson
accb1f0602 Add ostree admin post-copy command
This command will apply fs-verity on all objects that need it and
needs to be called when an ostree deployment has been copied on a
file-by-file basis, which would loose information such as fs-verity.

This is needed by osbuild which works by creating the final image in a
rootfs, and then separately copying that rootfs file-by-file to a
loopback mounted filesystem image.
2023-11-14 10:15:19 +01:00
Eric Curtin
29973774ea
Merge pull request #3091 from cgwalters/fix-soup3
build-sys: Enable libsoup3 by default if installed
2023-11-10 16:39:13 +00:00
Colin Walters
bc62fd5196 unlock: Don't pass options again to overlayfs
There seems to be a tricky regression here with the util-linux
support for the new mount API, plus overlays support for it.

```
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2108]: + unshare -m -- /bin/sh -c 'mount -o remount,rw /usr && echo hello from transient unlock >/usr/share/writable-usr-test'
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]: mount: /usr: mount point not mounted or bad option.
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]:        dmesg(1) may have more information after failed mount system call.
```

OK this seems related to the new mount API support in util-linux and overlayfs.  From a strace:

```
2095  open_tree(AT_FDCWD, "/usr", OPEN_TREE_CLOEXEC) = 3
2095  mount_setattr(-1, NULL, 0, NULL, 0) = -1 EINVAL (Invalid argument)
...
2095  fspick(3, "", FSPICK_NO_AUTOMOUNT|FSPICK_EMPTY_PATH) = 4
2095  fsconfig(4, FSCONFIG_SET_FLAG, "seclabel", NULL, 0) = 0
2095  fsconfig(4, FSCONFIG_SET_STRING, "lowerdir", "usr", 0) = -1 EINVAL (Invalid argument)
```

I think the core problem here is it's trying to reconfigure the mount with existing options,
but in the new mount namespace we can't see the lowerdir.

Here we really really just want to remount writable.  Telling
util-linux to not pass existing options fixes it.
2023-11-09 20:53:52 -05:00
Colin Walters
331bc17e12
Merge pull request #3093 from cgwalters/rust-alias-stateroot
rust: Add a `stateroot()` alias in the Rust bindings
2023-11-09 15:21:47 -05:00
Colin Walters
c668a8c531 tests: Work around systemd regression for boot id parsing
cc https://github.com/systemd/systemd/issues/29275
2023-11-09 15:10:33 -05:00
Colin Walters
3535b58f7a rust: Add a stateroot() alias in the Rust bindings
Easy to do here, super annoying in C.
2023-11-09 15:02:27 -05:00
Colin Walters
ce2a33e813 build-sys: Enable libsoup3 by default if installed
In f39 we switched to libsoup3 by default; this ensures our CI
picks that up automatically so we still have ostree-trivial-httpd.
2023-11-09 09:28:57 -05:00
Colin Walters
2c774deb06
Merge pull request #3089 from cgwalters/fix-undeploy-parsing
undeploy: Parse integer more properly
2023-11-08 19:59:31 -05:00
Colin Walters
c3cf5b237d undeploy: Parse integer more properly
`atoi` doesn't offer any error checking.

Closes: https://github.com/ostreedev/ostree/issues/3088
2023-11-08 16:15:01 -05:00
Colin Walters
e4b82c4a58
Merge pull request #3080 from nikita-dubrovskii/s390x_secure_boot
lib/bootloader-zipl: Check for Secure Boot before zipl
2023-11-07 16:42:07 -05:00
Nikita Dubrovskii
c3a9a64205 lib/bootloader-zipl: Check for Secure Boot before zipl 2023-11-06 14:35:47 +01:00
Jonathan Lebon
67ccf6e0a1
Merge pull request #3085 from cgwalters/s390x-units 2023-10-24 16:40:12 -04:00
Colin Walters
75c7e51a8b bootloader/zipl: No-op if run as non-root
Closes: https://github.com/ostreedev/ostree/issues/3084

Not the most elegant fix but should get the job done.
2023-10-24 10:40:51 -04:00
Colin Walters
cfb63b8942
Merge pull request #3083 from cgwalters/release
Release 2023.7
2023-10-20 10:56:55 -04:00
Colin Walters
36d96931dd configure: post-release version bump 2023-10-20 09:36:20 -04:00
Colin Walters
a87e90691e Release 2023.7 2023-10-20 09:36:20 -04:00
Colin Walters
98f1501cf5
Merge pull request #3081 from jlebon/pr/log-selinux-refresh
lib/deploy: Log SELinux policy refresh
2023-10-20 09:36:10 -04:00
Jonathan Lebon
bdac515ab5 lib/deploy: Log SELinux policy refresh
I have a suspicion that the `semodule -N --refresh` we do here is
involved in https://github.com/coreos/fedora-coreos-tracker/issues/1597.
Let's log when we execute it and include its time.

While we're here, also log the time it takes to `syncfs()` and the
fsfreeze/thaw cycling. It's logged in a structured journal entry, but
that's less accessible than just having it in the journal message field.
2023-10-19 11:41:10 -04:00
Colin Walters
4085eee9ed
Merge pull request #2843 from jmarrero/retry
ostree-fetcher-curl: handle non 404 errors as G_IO_ERROR_TIMED_OUT
2023-10-18 09:07:46 -04:00
Joseph Marrero
4fb6e6f5a9 ostree-repo-pull: add options to configure retry behavior
This introduces the "retry-all-network-errors" option which
is enabled by default. This is a behavior change as now
ostree will retry on requests that fail except when
they fail with NOT_FOUND. It also introduces the options
"low-speed-limit-bytes" and "low-speed-time-seconds these"
map to CURL options only at the moment. Which have defaults
set following librepo:
7c9af219ab/librepo/handle.h (L90)
7c9af219ab/librepo/handle.h (L96)
Currently these changes only apply when using libcurl.
Finally this change adds a final option that affects all
backends to control the max amount of connections of the
fetcher "max-outstanding-fetcher-requests".
2023-10-17 21:00:37 -04:00
Colin Walters
b9e73a3813
Merge pull request #3078 from HuijingHei/karg-delete-array
karg-delete: support multiple times
2023-10-17 09:44:24 -04:00
HuijingHei
6716086250 doc: add ostree admin deploy option --karg-delete 2023-10-17 20:23:07 +08:00
HuijingHei
003cb99c32 karg-delete: support multiple times
Fix https://github.com/ostreedev/ostree/pull/2612#issuecomment-1764412141
2023-10-17 20:22:08 +08:00
Colin Walters
d788c5b5c9
Merge pull request #3075 from cgwalters/reenable-composefs
tests: Use ext4, re-enable composefs test
2023-10-16 10:24:10 -04:00
Joseph Marrero Corchado
5d92407ba9
Merge pull request #3077 from cgwalters/debug-finalization-lock
deploy: Remove lock when re-staging
2023-10-13 16:05:44 -04:00
Colin Walters
ac69c70750 deploy: Remove lock when re-staging
This closes the biggest foot-gun when doing e.g.
`rpm-ostree rebase` when zincati is running on a FCOS system.

Previously if zincati happened to have staged + locked a deployment,
we'd keep around the lock which is definitely not what is desired.
2023-10-13 13:45:04 -04:00
Colin Walters
833251cb0d tests: Use ext4, re-enable composefs test
Until the XFS fsverity stuff lands.
2023-10-13 12:00:05 -04:00
Joseph Marrero Corchado
824ac1af0f
Merge pull request #3074 from cgwalters/more-errcontext-composefs
composefs: Add more error prefixing
2023-10-12 14:52:36 -04:00
Joseph Marrero Corchado
e75c5c6e41
Merge pull request #3073 from cgwalters/context-no-stateroot
deploy: Improve error message for nonexistent stateroot
2023-10-12 14:49:28 -04:00
Colin Walters
4a3e43c751 composefs: Add more error prefixing
To help debug https://github.com/coreos/rpm-ostree/issues/4649
2023-10-12 13:30:38 -04:00
Colin Walters
265b7f9ecc deploy: Improve error message for nonexistent stateroot
Came up on an internal chat; previously we were only erroring
out when trying to do the SELinux labeling for `/var` which
was really misleading.

Add some other error prefixing while we have the patient open.
2023-10-12 13:22:35 -04:00
Colin Walters
3894fe2ad6
Merge pull request #3062 from alexlarsson/transient-etc
Support transient /etc
2023-10-12 12:21:27 -04:00
Alexander Larsson
f617a341f3 Support transient /etc
If the `prepare-root.conf` file contains:
```
[etc]
transient=yes
```

Then during prepare-root, an overlayfs is mounted as /etc, with the
upper dir being in /run. If composefs is used, the lower dir is
`usr/etc` from the composefs image , or it is the deployed
`$deploydir/usr/etc`.

Note that for this to work with selinux, the commit must have been
built with OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC. Otherwise
the lowerdir (/usr/etc) will have the wrong selinux contexts for the
final location of the mount (/etc).

We also set the transient-etc key in the ostree-booted file, pointing it
to the directory that is used for the overlayfs.

There are some additional work happening in ostree-remount, mostly
related to selinux (as this needs to happen post selinux policy
load):

 * Recent versions of selinux-poliy have issues with the overlayfs
   mount being kernel_t, and that is not allowed to manage files as
   needed. This is fixed in
   https://github.com/fedora-selinux/selinux-policy/pull/1893

 * Any /etc files created in the initramfs will not be labeled,
   because the selinux policy has not been loaded. In addition, the
   upper dir is on a tmpfs, and any manually set xattr-based selinux
   labels on those are reset during policy load. To work around this
   ostree-remount will relabel all files on /etc that have
   corresponding files in overlayfs upper dir.

 * During early boot, systemd mounts /run/machine-id on top of
   /etc/machine-id (as /etc is readonly). Later during boot, when etc
   is readwrite, systemd-machine-id-commit.service will remove the
   mount and update the real file under it with the right content. To
   ensure that this keeps working, we need to ensure that when we
   relabel /etc/machine-id we relabel the real (covered) file, not the
   temporary bind-mount.

 * ostree-remount no longer needs to remount /etc read-only in the
   transient-etc case.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2023-10-12 17:03:22 +02:00
Colin Walters
cd0fc9f4f8
Merge pull request #3072 from alexlarsson/fix-whiteout-test
tests: Fix whiteout test
2023-10-12 10:25:40 -04:00
Colin Walters
334f53d7e3
Merge pull request #3063 from cgwalters/label-usretc-as-etc
repo: Add an option to label /usr/etc as /etc
2023-10-12 07:57:05 -04:00
Alexander Larsson
397a11762e tests: Fix whiteout test
This test was always skipped, because the check:

 if touch overlay/baz/.wh.cow &&
    touch overlay/.wh.deeper &&
    touch overlay/baz/another/.wh..wh..opq; then

always fails due to the missing overlay/baz/another directory.
Fix by creating the directory.
2023-10-12 10:18:36 +02:00
Colin Walters
81c08746c6 repo: Add an option to label /usr/etc as /etc
This will be very useful for enabling a "transient /etc" option
because we won't have to do hacks relabling in the initramfs, or
forcing it on just for composefs.
2023-10-11 13:25:08 -04:00