Commit Graph

308 Commits

Author SHA1 Message Date
Matthew Leeds
5682f4cc04 main: Fix subcommand usage output
This commit sets prgname correctly so that the "ostree subcommand
--help" output prints the subcommand rather than just "ostree".

This was removed in commit f0519e541f because it tripped the thread
sanitizer, but it's being added back conditionally so most users who
don't compile with -fsanitize=adress see proper help output.

Closes: #1054
Approved by: cgwalters
2017-08-05 00:55:36 +00:00
Colin Walters
79a88ac249 build-sys: Post-release version bump
Closes: #1029
Approved by: jlebon
2017-07-26 21:04:08 +00:00
Colin Walters
fa3e07e5d7 Release 2017.9
Closes: #1029
Approved by: jlebon
2017-07-26 21:04:08 +00:00
Colin Walters
8456fd5057 build: Turn off default warnings if we find -Werror specified
Our CI runs use `-Werror`; there's no point to our default warning set kicking
in, it just bloats the command line output.

Closes: #1023
Approved by: jlebon
2017-07-21 20:45:47 +00:00
Colin Walters
28ec43c41a build-sys: Post-release version bump
Closes: #994
Approved by: jlebon
2017-07-06 14:45:02 +00:00
Colin Walters
5a5e465492 Release 2017.8
Closes: #994
Approved by: jlebon
2017-07-06 14:45:02 +00:00
Philip Withnall
e3d4eeacbc lib/repo-finder: Add Avahi based OstreeRepoFinder implementation
This is a more complex implementation of OstreeRepoFinder which resolves
ref names to remote URIs by looking for refs advertised by peers on the
local network using DNS-SD records and mDNS (Avahi). The idea is to
allow OS and app updates to be propagated over local networks, without
the internet.

It requires an OSTree server and code to generate the DNS-SD adverts in
order to be fully functional — support for this will be added
separately.

Unit tests are included.

Includes fixes by Krzesimir Nowak <krzesimir@kinvolk.io>.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #924
Approved by: cgwalters
2017-06-26 15:56:07 +00:00
Philip Withnall
fd50c97322 build: Add ‘devel’ or ‘release’ to OSTREE_FEATURES for test-symbols.sh
test-symbols.sh was looking for the DevelBuild string, which is actually
part of the output from `ostree --version`, not $OSTREE_FEATURES.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #948
Approved by: cgwalters
2017-06-20 21:52:22 +00:00
Colin Walters
b69c6ba992 build-sys: Post-release version bump
Closes: #944
Approved by: jlebon
2017-06-19 15:51:27 +00:00
Colin Walters
2a082b20b8 main: DevelBuild=yes to ostree --version for devel builds
And use it in `test-symbols.sh`, to fix the `distcheck` case;
the previous change stopped distributing `libostree-devel.sym`
in release builds.

Closes: #944
Approved by: jlebon
2017-06-19 15:51:27 +00:00
Colin Walters
6729b7c264 Release 2017.7
Closes: #942
Approved by: jlebon
2017-06-19 14:54:59 +00:00
Colin Walters
a45dc0fd0b build-sys: Add "release build" flag, use for symbol versioning
I was trying to do a release and move the symbols from `-devel.sym` into
`-release.sym`, but it turns out that at least GNU binutils `ld` treats an empty
version script as a syntax error.  Fix this by adding a "release build"
flag, and only include `-devel` in non-release builds.

This would also make it easier to inject that flag into our `.pc` and
`ostree-version.h` and `ostree --version` metadata, but I didn't do that yet.

EDIT: Turns out a simpler fix is just to add an empty section. However I kept
this commit since it's a useful sanity check for whether we should include
`-devel.sym` in builds, and we may want to inject the metadata later.

Closes: #942
Approved by: jlebon
2017-06-19 14:54:59 +00:00
Colin Walters
2bab43fb22 lib: Split symbol versioning into -released and -devel
So far a lot of submitted PR have added symbols into the first
section.  Split the file into `-released` and `-devel` to make
this more obvious.

To further enforce things, we hardcode a checksum of the `-released`
file in `test-symbols.sh`.  Only release commits should update that
checksum.

Did you notice I like checksums?

Closes: #931
Approved by: pwithnall
2017-06-16 09:31:16 +00:00
Colin Walters
584735b1c9 build-sys: post-release version bump
Per request by flatpak.

Closes: #928
Approved by: alexlarsson
2017-06-14 14:51:25 +00:00
Colin Walters
e18cacb06e Don't install trivial-httpd man page if not enabled
I just noticed this scroll by in a file listing.

Closes: #905
Approved by: jlebon
2017-06-02 19:36:56 +00:00
Colin Walters
88792f0f22 Release 2017.6
There's already a lot queued.  In particular this brings some API
additions that rpm-ostree depends on.

Closes: #865
Approved by: jlebon
2017-05-17 21:08:37 +00:00
Colin Walters
30705889cb Switch to using a systemd generator for /var
If one wants to set up a mount for `/var` in `/etc/fstab`, it
won't be mounted since `ostree-prepare-root` set up a bind mount for
`/var` to `/sysroot/ostree/$stateroot/var`, and systemd will take
the already extant mount over what's in `/etc/fstab`.

There are a few options to fix this, but what I settled on is parsing
`/etc/fstab` in a generator (exactly like `systemd-fstab-generator` does),
except here we look for an explicit mount for `/var`, and if one *isn't* found,
synthesize the default ostree mount to the stateroot. Another nice property is
that if an admin creates a `var.mount` unit in `/etc` for example, that will
also override our mount.

Note that today ostree doesn't hard depend on systemd, so this behavior only
kicks in if we're built with systemd *and* libmount support (for parsing
`/etc/fstab`).  I didn't really test that case though.

Initially I started writing this as a "pure libc" program, but at one point
decided to use `libostree.so` to find the booted deployment. That didn't work
out because `/boot` wasn't necessarily mounted and hence we couldn't find the
bootloader config. A leftover artifact from this is that the generator code
calls into libostree via the "cmd private" infrastructure. But it's an easy way
to share code, and doesn't hurt.

Closes: #859
Approved by: jlebon
2017-05-16 16:13:05 +00:00
Philip Withnall
c9244b1bb2 build: Add --enable-experimental-api configure option for unstable APIs
There are currently no unstable APIs, but some will be added in
following commits. They will be built and exposed in the libostree
global symbol list iff configured with --enable-experimental-api.

Distributions should not package OSTree with --enable-experimental-api.
This is designed for previewing new APIs on controlled platforms; any of
the APIs hidden behind this option may be changed or removed at any
point.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #832
Approved by: cgwalters
2017-05-08 18:48:07 +00:00
Colin Walters
c7efe01520 Add --enable-installed-tests=exclusive, fix installed case
The major reason to do this is that running tests *both* installed
and uninstalled in our CI is a mostly pointless waste of time.
Particularly given we have a few expensive tests.

We *do* have tests that only run uninstalled (since they require
the source code) like `test-symbols.sh`.

Hence, add `--enable-installed-tests=exclusive` to mean *only* do installed for
most tests.

We'll still have uninstalled coverage via the Travis/Debian configs, and we
could perhaps do another build with a subset of uninstalled tests, but I'm not
really concerned about it.

I'd like to do a renewed push for the InstalledTests model since
I feel it's just fundamentally better.  (`g-d-t-r` kind of sucks,
but then so does the automake runner).

Also while we're here - fix the CI to use the correct context,
which started this mess.

Closes: #837
Approved by: dbnicholson
2017-05-08 18:34:10 +00:00
Colin Walters
f6f967f8d9 Bump release for 2017.5
This commit won't actually *be* 2017.5 since due to the way our infrastructure
works, we still want to increment git master to 2017.5.

See https://github.com/ostreedev/ostree/pull/800

Closes: #800
Approved by: jlebon
2017-04-18 18:21:13 +00:00
Colin Walters
8742287b11 Release 2017.4
Closes: #786
Approved by: jlebon
2017-04-12 18:41:22 +00:00
Colin Walters
562cb55f51 ci: Enable -Werror=unused-result with -Wp,-D_FORTIFY_SOURCE=2
(Also rename the other CI contexts to be more consistent)

We pass this right now. I just noticed an instance of this in bwrap, and I think
we should be trying to match the RPM build baseline.

Closes: #765
Approved by: jlebon
2017-03-28 18:56:18 +00:00
Colin Walters
94c47cde6a build: Various fixes for openssl build
This actually worked before because `pkg-config --cflags openssl`
is empty, and the linker was satisfying `-lssl -lcrypto` from our
indirect dependencies.

Also, in fact we *currently* just want `pkg-config libcrypto` i.e.
`-lcrypto`, since we aren't actually using openssl to speak TLS.

This doesn't actually matter on Fedora at least since they're both in the
`openssl-libs` package, but they are separate for a reason.

Closes: #749
Approved by: jlebon
2017-03-21 21:16:04 +00:00
Colin Walters
df5cbc9be9 core: Support building with OpenSSL for checksums
Add an OpenSSL backend to the checksum input stream, which is where we do a lot
of checksumming (object commit, static deltas).

The raw OpenSSL performance is
[approximately double](https://gist.github.com/cgwalters/169349fd1c06fd4fb4d3a7ce33303222) on
my laptop; not only does OpenSSL have e.g. hand-tuned x86_64 assembly, the
current implementation uses the
[Intel SHA extensions](https://en.wikipedia.org/wiki/Intel_SHA_extensions).

Another reason to do this is I was idly thinking about adding
[Curve25519](https://en.wikipedia.org/wiki/Curve25519) signatures (like e.g.
Alpine does) instead of/in addition to GPG.  The rationale for that is
that GPG is pretty heavyweight, both in code footprint and the simple
fact that EC keys are way smaller.

I didn't benchmark ostree with this; we have bigger performance problems
really like the fact we just malloc way too much.  But, it's a step
in the right direction I think in combination with the libcurl work
where we're linking to openssl anyways.

Closes: #738
Approved by: jlebon
2017-03-20 18:32:40 +00:00
Colin Walters
b825aac0ea Disable "ostree trivial-httpd" by default now
This goes farther along the path of deprecating it; consumers should
have been ported at this point.  Though probably a lot of people
may still use `rpm-ostree-toolbox`.

Closes: #723
Approved by: jlebon
2017-03-13 14:07:18 +00:00
Georges Basile Stavracas Neto
fda4a47cae libostree: add versioning macros
OSTree currently provides no way to inspect the versioning
information at run time, being only available at compile
time through pkg-config.

This is a problem for e.g. Flatpak, that needs to check
whether the 'update-frequency' option is available. Checking
at compile time isn't great since it's not looking for new
symbols, but only if an optional feature is present.

This commit, then, adds a new header that is generated
at compile time, exposing OSTree's versioning information.

Closes: #728
Approved by: cgwalters
2017-03-11 15:38:56 +00:00
Colin Walters
e02e900206 Release 2017.3
It's been almost a month, I think the current git is working well and
not too risky.  We have some new API additions which I think the
various consumers of them are going to want.

Closes: #726
Approved by: jlebon
2017-03-09 18:58:48 +00:00
Colin Walters
3219a5d0ee Allow and start using C99 declaration-after-statement
I've seen code in a few places that I think on balance is definitely better this
way.  Some of our functions have huge variable declaration sections.
This change includes one small example where we could start using declarations
after statements.

A concern I had was - how does this interact with `__attribute__((cleanup))` and
early returns? I tested it, and AFAICS the behavior is what you'd expect - the
cleanup function isn't called if its variable isn't reachable.

Closes: #718
Approved by: jlebon
2017-03-06 18:33:50 +00:00
Philip Withnall
f667a82fc1 build: Fix disabling --enable-man if xsltproc is not available
If --enable-man=maybe (the default), and xsltproc is not available, the
configuration code would check for it, correctly set enable_man=no, then
incorrectly overwrite that with enable_man=yes, which would result in
later trying to execute $(XSLTPROC) when it’s empty.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #720
Approved by: cgwalters
2017-03-06 13:48:17 +00:00
Colin Walters
cee57a0268 deploy/libmount: Fix build with old util-linux 2.23 (CentOS7)
https://github.com/ostreedev/ostree/pull/705 broke the build
on CentOS 7 which only has util-linux 2.23.

When I was thinking about this, I realized that there must really be a way to
make this safe even for older versions. Looking at that version of util-linux,
all we need to do is invert the order of frees so we `mnt_free_table()` *before*
`mnt_free_cache()`, like util-linux does:

https://github.com/karelzak/util-linux/blob/stable/v2.23/sys-utils/eject.c#L1131

We still use the `_unref()` versions if available.  I also fixed
the ordering there too for double plus redundant safety.

Closes: #712
Approved by: jlebon
2017-02-24 17:24:15 +00:00
Colin Walters
09b392675a main: Make ostree --version output YAML (and add gitrev)
I learned today that `docker version` does this and I really like
the idea.  While we have the patient open, also add the gitrev
with code taken from https://github.com/projectatomic/rpm-ostree/pull/584

Closes: #691
Approved by: giuseppe
2017-02-22 18:57:18 +00:00
Colin Walters
3ec509c89b build: Add --with-smack, use it to reset contexts for writing objects
At some point we'll want to follow what systemd is doing and add
better support for smack, along the lines of `OstreeSePolicy`.  However,
short term this patch fixes AGL which uses Smack.

See: https://jira.automotivelinux.org/browse/SPEC-386
See: https://github.com/ostreedev/ostree/pull/698

Closes: #698
Approved by: OYTIS
2017-02-22 14:37:19 +00:00
Colin Walters
da21d7350e Release 2017.2
We should get a release out to try to keep with at least a once-a-month cadence.
This one has some exciting stuff like libcurl and Rust, and various bugfixes.
Also importantly I want to cut this *before* we land some other bigger stuff, so
rpm-ostree can start using the reload_config API etc.

Closes: #685
Approved by: jlebon
2017-02-14 16:21:57 +00:00
Colin Walters
361aa449fb libcurl backend
For rpm-ostree, we already link to libcurl indirectly via librepo, and
only having one HTTP library in process makes sense.

Further, libcurl is (I think) more popular in the embedded space.  It
also supports HTTP/2.0 today, which is a *very* nice to have for OSTree.

This seems to be working fairly well for me in my local testing, but it's
obviously brand new nontrivial code, so it's going to need some soak time.

The ugliest part of this is having to vendor in the soup-url code. With
Oxidation we could follow the path of Firefox and use the
[Servo URL parser](https://github.com/servo/rust-url).  Having to redo
cookie parsing also sucked, and that would also be a good oxidation target.

But that's for the future.

Closes: #641
Approved by: jlebon
2017-02-09 16:37:45 +00:00
Colin Walters
d894f609db oxidation: Add implementation of bupsplit in Rust
This is an initial drop of "oxidation", or adding implementation
of components in Rust.  The bupsplit code is a good target - no
dependencies, just computation.

Translation into Rust had a few twists -

 - The C code relies a lot on overflowing unsigned ints, and
   also on the C promotion rules for e.g. `uint8_t -> int32_t`
 - There were some odd loops that I introduced bugs in while
   translating...in particular, the function always returns `len`,
   but I mistakenly translated to `len+1`, resulting in an OOB
   read on the C side, which was hard to debug.

On the plus side, an off-by-one array indexing in the Rust code paniced nicely.

In practice, we'll need a lot more build infrastructure to make this work, such
as using `cargo vendor` when producing build artifacts for example. Also, Cargo
is yet another thing we need to cache.

Where do we go with this? Well, I think we should merge this, it's not a lot of
code. We can just have it be an alternative CI target. Should we do a lot more
right now? Probably not immediately, but I find the medium/long term prospects
pretty exciting!

Closes: #656
Approved by: jlebon
2017-02-03 14:29:00 +00:00
Colin Walters
7803fe1d60 Rename to libOSTree
There are many motivating factors. The biggest is simply that at a practical
level, the command line is not sufficient to build a real system. The docs say
that it's a demo for the library. Let's make that more obvious, so people don't
try to use `ostree admin upgrade` for their real systems, and also don't use
e.g. `ostree commit` on the command line outside of test suites/quick hacking.

This change will also help clarify the role of rpm-ostree, which we will likely
be renamed to "nts". Then use of the term "ostree" will become much clearer. And
similarly for other people writing upgraders, they can say they use libostree.

I didn't try to change all of the docs and code at once, because it's going to
lead to conflicts.

The next big steps are:

  - Rename the github repo (github will inject a redirect)
  - Look at supporting a build where we don't do `ostree admin`, or at least
    it's only built for tests. We may want to split it off as a separate binary
    or so? That way people with their own upgraders don't need to ship it.

Closes: #659
Approved by: jlebon
2017-02-02 17:47:43 +00:00
Colin Walters
6517a8a27a Release 2017.1
Just bugfixes, but it's time to ship them.

Closes: #653
Approved by: jlebon
2017-01-23 20:37:28 +00:00
Colin Walters
c9d565a5a9 Release 2016.15
Closes: #632
Approved by: jlebon
2016-12-12 17:19:01 +00:00
Colin Walters
47b4dd1b38 Skip gjs-based tests if ASAN is enabled
Unfortunately, introspection uses dlopen(), which doesn't quite
work when the DSO is compiled with ASAN but the outer executable
isn't.

Trying to inject LD_PRELOAD=libasan means the outer executable has to
be leak free...which, yeah, I'm not going to get into running ASAN
today on gjs or pygobject.

So, let's skip those tests - ideally, we still run them in some other
context without the sanitizers.  The coverage we have from them is
middling anyways.

Closes: #622
Approved by: jlebon
2016-12-09 18:05:53 +00:00
Colin Walters
ef438c8d60 build: Error if glib isn't found
This is a bit extracted from my work on ASAN.

Closes: #625
Approved by: jlebon
2016-12-09 16:35:52 +00:00
Colin Walters
a2d627352d build: Add more default errors
Newer gcc has `-Wincompatible-pointer-types`, hooray!
Add a few others that we pass today.

Closes: #618
Approved by: jlebon
2016-12-07 16:44:15 +00:00
Colin Walters
7584dc0f25 Release 2016.14
Closes: #593
Approved by: jlebon
2016-11-23 16:20:49 +00:00
Colin Walters
36c8946870 Release 2016.13
Closes: #570
Approved by: jlebon
2016-11-10 17:24:39 +00:00
Colin Walters
d3f14f02e3 Release 2016.12
Closes: #540
Approved by: cgwalters
2016-10-21 19:24:31 +00:00
Colin Walters
a0e1344cf8 Release 2016.11
Closes: #524
Approved by: cgwalters
2016-10-07 19:21:41 +00:00
Colin Walters
54621d9e53 libglnx: Update to latest
This pulls in a new compilation flag for wrpseudo compatibility.  Also
note we need to add some includes since glnx-libcontainer went away,
and with it some includes for `sys/mount.h` etc.

Closes: #522
Approved by: cgwalters
2016-10-06 11:54:39 +00:00
Colin Walters
36e8ba124e Release 2016.10
Closes: #502
Approved by: cgwalters
2016-09-09 00:28:02 +00:00
Colin Walters
dd71999dc9 Release 2016.9
Closes: #481
Approved by: jlebon
2016-08-31 16:36:19 +00:00
William Manley
42dab85728 ostree-prepare-root: Allow building statically with musl
If the `--with-static-compiler=musl-gcc` configure flag is given.

ostree-prepare-root can be used as init in a system without a populated
/lib.  To support this use case we need to link statically as we will be
unable to locate libc.so at run time if it's not installed in /lib.

We support building ostree-prepare-root with a different compiler to the
rest of ostree so we can use musl rather than glibc.  This reduces the size
of the executable significantly: from ~700K -> ~30K.  We have to use
`_SCRIPTS` here to get autotools to install this as an executable but
without generating rules to make it itself which we have specified
manually.

See https://lists.gnu.org/archive/html/help-gnu-utils/2007-01/msg00007.html
for advice on using autotools in this manner.

Closes: #477
Approved by: cgwalters
2016-08-30 20:50:33 +00:00
Colin Walters
07ec35ef03 libostree.sym: Add 2016.9 section
We should remember to do this in the commit updating configure.ac.

Closes: #453
Approved by: jlebon
2016-08-09 20:00:24 +00:00
Colin Walters
73eabca5e8 Release 2016.8
It's time for a new release, there's enough queued and it's
been ~a month.

Closes: #452
Approved by: jlebon
2016-08-09 19:12:25 +00:00
Colin Walters
a29bb0ab6b Final excision of libgsystem dependency
Lots and lots of preparation led to this moment - when nothing
apparent changes for users!  Woo!

But seriously, having the extra dependency is a minor annoyance, and
in the big picture I think the libgsystem idea was wrong - we need to
land things in GLib, and use git submodules for API-unstable or
Linux-specific sharing.  For a lot of OSTree, the libgsystem `GFile*`
orientation was also wrong, we really want fd-relative.

Closes: #444
Approved by: jlebon
2016-08-09 15:36:09 +00:00
Colin Walters
e7b3cf9850 build: Make -Werror=int-conversion fatal
This should hopefully avoid me accidentally passing NULL for an `int`
file descriptor in the future.

Closes: #431
Approved by: giuseppe
2016-08-08 11:13:06 +00:00
Colin Walters
76d6afa707 build: Import attributes.m4, detect CFLAGS at build time
I want to add `-Werror=int-conversion`, but it's only available in
newer GCC versions.  So let's start autodetecting available compiler
flags.

Closes: #431
Approved by: giuseppe
2016-08-08 11:13:06 +00:00
Colin Walters
1ce633f158 Update libglnx for O_TMPFILE build time option
See: https://github.com/ostreedev/ostree/issues/421

Closes: #426
Approved by: gatispaeglis
2016-08-04 13:30:55 +00:00
Colin Walters
6d310db1e7 libglnx porting: Migrate to new tempfile code
In general this is even cleaner now, though it was better after I
extracted a helper function for the "write tempfile with contents"
bits that were shared between metadata and regular file codepaths.

Closes: #369
Approved by: jlebon
2016-07-29 19:02:41 +00:00
Colin Walters
c31cf75552 Release 2016.7
Closes: #386
Approved by: jlebon
2016-07-08 19:40:55 +00:00
Mathnerd314
55f5f73d80 configure: Turn on -Wempty-body
I spent half an hour debugging an extra semicolon,
and this C "feature" is not used at all in ostree

Closes: #359
Approved by: cgwalters
2016-06-22 16:10:01 +00:00
Colin Walters
9e2763106b lib: Use sd_journal directly (optionally)
This was the last caller of libgsystem that isn't
`gs_file_get_path_cached()`.  I think the use case ostree has where
the same code can be called via command line and via a shared library
*and* via a daemon is rather unusual, so let's just copy the code for
logging from libgsystem into here.

For example rpm-ostree hard depends on a daemon mode, so it'll just
use `sd_journal` directly.

Closes: #341
Approved by: jlebon
2016-06-21 18:24:17 +00:00
Colin Walters
6c7e191147 Release 2016.6 2016-06-20 11:51:32 -04:00
Jonathan Lebon
b4c49f5acf configure.ac: properly check for bison
The AC_PROG_YACC already does the checking for us, so we don't need to
use AC_CHECK_PROGS (which wasn't working anyway because autoconf didn't
run the check thinking it was cached already from the earlier
AC_PROC_YACC, so we didn't get the default ":" value)

Closes: #325
Approved by: cgwalters
2016-06-07 19:47:58 +00:00
Krzesimir Nowak
24e3ccb780 build: Remind about bumping related versions
Closes: #295
Approved by: cgwalters
2016-05-17 21:13:20 +00:00
Colin Walters
831e9dcdea build: Introduce --with-dracut=yesbutnoconf
It's actually just easier for build systems (e.g. rpm-ostree)
using dracut to use `--add ostree` rather than indirecting
through the conf file.

This makes it easier for yum-managed systems to install ostree without
side effects.

Closes: #279
Approved by: gatispaeglis
2016-05-01 10:25:19 +00:00
Gatis Paeglis
ad0de186bb Fix --enable_rofiles_fuse=no build
Closes: #276
Approved by: cgwalters
2016-04-25 12:40:58 +00:00
Colin Walters
bfa23bdc1f Release 2016.5
Closes: #261
Approved by: cgwalters
2016-04-15 15:09:31 +00:00
Gatis Paeglis
80c68ba7f0 Fix AS_HELP_STRING for builtin grub2 mkconfig
Closes: #253
Approved by: giuseppe
2016-04-12 11:22:50 +00:00
Colin Walters
e9640ca4d9 build: Find grub2-mkconfig a bit more automagically
If one happens to not have grub2 installed, the previous commit
would cause us to fall back to `grub-mkconfig` with bad results.

We should likely just do dynamic detection and avoid pain, but
there's no harm in also allowing this to be statically determined.

The automagic here is that if `/etc/os-release` says `ID_LIKE=fedora`,
we know to use `grub2-mkconfig`.  But distro scripts should set this
in the build configurations using `--with-grub2-mkconfig=`.

Closes: #240
Approved by: jlebon
2016-04-06 21:16:11 +00:00
Gatis Paeglis
4e81548447 Introducing ostree-grub-generator
ostree-grub-generator can be used to customize
the generated grub.cfg file. Compile time
decision ostree-grub-generator vs grub2-mkconfig
can be overwritten with the OSTREE_GRUB2_EXEC
envvar - useful for auto tests and OS installers.

Why this alternative approach:

1) The current approach is less flexible than using a
   custom 'ostree-grub-generator' script. Each system can
   adjust this script for its needs, instead of using the
   hardcoded values from ostree-bootloader-grub2.c.

2) Too much overhead on embedded to generate grub.cfg
   via /etc/grub.d/ configuration files. It is still
   possible to do so, even with this patch applied.
   No need to install grub2 package on a target device.

3) The grub2-mkconfig code path has other issues:
   https://bugzilla.gnome.org/show_bug.cgi?id=761180

Task: https://bugzilla.gnome.org/show_bug.cgi?id=762220

Closes: #228
Approved by: cgwalters
2016-04-04 14:19:35 +00:00
Colin Walters
80698543c2 Release 2016.4 2016-03-23 15:45:59 -04:00
Colin Walters
8894bb3949 deploy: Handle a read-only /boot
I'd like to encourage people to make OSTree-managed systems more
strictly read-only in multiple places.  Ideally everywhere is
read-only normally besides `/var/`, `/tmp/`, and `/run`.

`/boot` is a good example of something to make readonly.  Particularly
now that there's work on the `admin unlock` verb, we need to protect
the system better against things like `rpm -Uvh kernel.rpm` because
the RPM-packaged kernel won't understand how to do OSTree right.

In order to make this work of course, we *do* need to remount `/boot`
as writable when we're doing an upgrade that changes the kernel
configuration.  So the strategy is to detect whether it's read-only,
and if so, temporarily mount read-write, then remount read-only when
the upgrade is done.

We can generalize this in the future to also do `/etc` (and possibly
`/sysroot/ostree/` although that gets tricky).

One detail: In order to detect "is this path a mountpoint" is
nontrivial - I looked at copying the systemd code, but the right place
is to use `libmount` anyways.
2016-03-21 12:49:05 -04:00
Colin Walters
d25212f04a tests: Port to glib-tap.mk, make make check run all of the tests
OSTree's code for testing predates the `glib-tap.mk` making its
way into GLib.  Let's switch to it, as it provides a number
of advantages.

By far the biggest advantage is that `make check` can start to run
most of the tests *in addition* to having them work installed.

This commit keeps the installed tests working, but `make check` turns
out to be really broken because...our TAP usage has bitrotted to say
the least.  Fix that all up.

Do some hacks so that the tests work uninstalled as well - in
particular, `glib-tap.mk` and the bits encoded into
`g_test_build_filename()` assume *recursive* Automake (blah).  Work
around that by creating a symlink when installed to loop back.
2016-03-03 08:50:19 -05:00
Colin Walters
3d7098bc5e Release 2016.3 2016-02-26 11:58:05 -05:00
Colin Walters
f4d494a0a4 Release 2016.2 2016-02-22 18:08:01 -05:00
Alexander Larsson
9f9d713a56 build: Use threadsafe GPGME
https://bugzilla.gnome.org/show_bug.cgi?id=761863
2016-02-22 18:07:30 -05:00
Colin Walters
e9ccdd2d00 Import rofiles-fuse
While it's not strictly tied to OSTree, let's move
https://github.com/cgwalters/rofiles-fuse in here because:

 - It's *very* useful in concert with OSTree
 - It's tiny
 - We can reuse OSTree's test, documentation, etc. infrastructure

One thing to consider also is that at some point we could experiment
with writing a FUSE filesystem for OSTree.  This could internalize a
better equivalent of `--link-checkout-speedup`, but on the other hand,
the cost of walking filesystem trees for these types of operations is
really quite small.

But if we did decide to do more FUSE things in OSTree, this is a step
towards that too.
2016-02-10 13:11:25 +01:00
Colin Walters
8702ec7b3e build: Remove --disable-static-deltas option
I'm confident now we can declare them stable.
2016-02-08 14:46:13 +01:00
Colin Walters
c74ea8b075 build: Add --disable-man
Gnome Continuous doesn't have docbook, so copy what we do for glib.
2016-01-28 15:22:10 -05:00
Colin Walters
32c360b5a0 build: Rename doc/ -> apidoc/
This is preparation for introducing a `mkdocs` manual under `doc/`
which should be significantly more useful for the world at large than
the minimal manual that exists there now.
2016-01-28 09:31:34 -05:00
Colin Walters
313b4720e8 build: Move man pages into man/
This is preparation for having 3 separate doc build systems (whee):

 - xsltproc for the man pages
 - gtk-doc for the API docs
 - mkdocs for a real manual
2016-01-28 09:31:34 -05:00
Colin Walters
587fc5a5a1 Release 2016.1 2016-01-12 08:55:06 -05:00
Matthew Barnes
af30fc764a fetcher: Add "config-flags" construct-only property
A lot of effort here just to avoid touching SoupSession directly in
ostree_fetcher_new().  The reason will become apparent in subsequent
commits.

Note this introduces generated enum/flags GTypes using glib-mkenums.
I could have just made the property type as plain integer, but doing
properties right will henceforth be easier now that the automake-fu
is established.
2015-12-14 09:41:29 -05:00
Colin Walters
73d77a2193 build: Also add a configure check for YACC/bison
So we error out more nicely if not found.
2015-12-07 10:39:37 -05:00
Giuseppe Scrivano
335ea3f339 parse-datetime: use the module from gnulib
Use the parse-datetime module from gnulib, and adapt it to not require
other modules as portability is not really an issue for us.

DATE can be specified in different formats, such as: "-1 week", "last
monday", "1 week ago".

Include the generated .c file in the repository so to not add another
dependency to Bison.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-12-04 11:10:46 -05:00
Colin Walters
6335dadb49 Release 2015.11 2015-12-04 09:53:03 -05:00
Colin Walters
bb14a336c2 Release 2015.9 2015-09-23 12:10:22 -04:00
Colin Walters
5a4b87b168 Release 2015.8 2015-08-26 16:54:20 -04:00
Jeremy Cline
f0a02fbf20 build: Make gtk-doc optional
This is similar to what's done in glib.
2015-06-29 16:08:51 -04:00
Colin Walters
44e7e59d27 Release 2015.7 2015-06-02 12:59:48 -04:00
Colin Walters
178d8ff194 Release 2015.6 2015-04-17 14:16:08 -04:00
Colin Walters
bc5c9fca26 Release 2015.5 2015-04-07 16:18:45 -04:00
Daniel Svensson
534c4c20c3 build: Use glibc's xattr support instead of requiring libattr
Fixes the build on Debian, and is one library less.

Closes: #78
2015-04-01 06:35:53 -04:00
Colin Walters
f89032f581 Release 2015.4 2015-03-25 12:50:50 -04:00
Colin Walters
c732178a43 build: Use both pkg-config and AM_PATH_GPGME
Apparently OpenEmbeddeded only supports pkg-config (and includes
gpgme.pc in its content), and Fedora only has the latter.  So do both.
2015-03-11 16:22:52 -04:00
Matthew Barnes
187e8d632e configure.ac: Make gpgme a hard dependency
In anticipation of API enhancements for GPG signature verification, which
would otherwise require a non-functional stub version were GPGME excluded.

GPGME is a pretty lightweight dependency, and the motivation to exclude
it is not clear.
2015-03-11 12:03:33 -04:00
Matthew Barnes
85933c7cca configure.ac: Bump GLib requirement to 2.40
Mainly for GVariantDict, useful for metadata.
2015-03-02 15:06:46 -05:00
Matthew Barnes
12c8ef1425 Add explicit zlib dependency
Needed for CRC32 computations.
2015-02-23 14:48:52 -05:00
Giuseppe Scrivano
a7b362998d configure.ac: Enable option subdir-objects for automake
It silences an automake warning and keep the rootdir cleaner.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-02-02 17:15:35 +01:00
Giuseppe Scrivano
53122dd2f9 tests: Move test-varint and test-rollsum under "make check"
"make check" tests are always enabled and they do not require to be
installed.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-02-02 17:14:52 +01:00
Giuseppe Scrivano
e36d3bb25e syntax-check: quote the first argument to AC_DEFINE
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2015-01-30 15:27:36 +01:00
Colin Walters
94e2ac0253 Release 2015.3 2015-01-23 14:54:38 -05:00
Colin Walters
8f4999c854 build: Add --disable-static-deltas
Since they're unstable, we want to allow organizations shipping ostree
now to be future proof against any changes.
2015-01-22 21:21:34 -05:00
Colin Walters
865fab7653 Release 2015.2 2015-01-12 12:43:03 -05:00
Colin Walters
a9532bc34f Release 2015.1 2015-01-08 13:00:43 -05:00
Colin Walters
911eafd0d8 Bump libgsystem dependency 2015-01-08 13:00:27 -05:00
Colin Walters
1e8e070102 Port to libgsystem errno API, hard depend on 2014.3
This is long overdue to make it to libgsystem.  Update our dependency.
2015-01-04 21:17:11 -05:00
Colin Walters
fd07a6a862 Release 2014.13 2014-12-17 11:35:52 -05:00
Colin Walters
f8a3d82da8 Release 2014.12 2014-11-26 11:56:10 -05:00
Colin Walters
a4d82ab6b4 Release 2014.11 2014-10-30 14:16:03 -04:00
Colin Walters
edc3b9a56e Release 2014.10 2014-10-29 14:05:59 -04:00
Colin Walters
159c7537c9 Release 2014.9 2014-10-24 13:33:49 -04:00
Colin Walters
49540f076f Release 2014.8 2014-10-16 16:54:55 -04:00
Colin Walters
d546abfa2a libostree: Add initial GRUB2 support
In this approach, we drop a /etc/grub.d/15_ostree file which is a
hybrid of shell/C that picks up bits from the GRUB2 library (e.g. the
block device script generation), and then calls into libostree's
GRUB2 code which knows about the BLS entries.

This is admittedly ugly.  There exists another approach for GRUB2 to
learn the BLS specification.  However, the spec has a few issues:

https://www.redhat.com/archives/anaconda-devel-list/2014-July/msg00002.html

This approach also gives a bit more control to the admin via the
naming of the 15_ostree symlink; they can easily disable it:

Or reorder the ostree entries ahead of 10_linux:

Also, this approach doesn't require patches for grub2, which is an
issue with the pressure to backport (rpm-)OSTree to EL7.
2014-10-16 14:15:00 -04:00
Colin Walters
5451a4e309 Release 2014.7 2014-10-03 19:10:13 -04:00
Colin Walters
b18e19f9e4 Release 2014.6 2014-09-08 13:43:12 -04:00
Vincent Batts
8ed3883a21 build: We also work OK with LZMA 5.0
This is the version that's in Slackware at the moment at least.
2014-09-08 11:54:45 -04:00
Colin Walters
3571418557 Bump GIO dependency to 2.38 for GTask
I'd like to use GTask, so bump the dependency.

https://bugzilla.gnome.org/show_bug.cgi?id=729585
2014-08-27 17:39:15 -04:00
Colin Walters
e8f508ac6b Add --enable-libsoup-client-certs
The goal of this is to hard-fail if the API isn't present in the
buildroot, as some downstreams may explicitly require it.
2014-06-26 08:03:33 -04:00
Colin Walters
a5b2a233e8 Release 2014.5 2014-06-09 18:39:14 -04:00
Colin Walters
b4d21e9406 deploy: Set the immutable bit on the deployment root
This prevents people from creating new directories there and expecting
them to be persisted.  The OSTree model has all local state to be in
/etc and /var.

This introduces a compile-time dependency on libe2fsprogs.

We're only doing this for the root directory at the moment.

https://bugzilla.gnome.org/show_bug.cgi?id=728006
2014-06-03 13:41:48 -04:00
Colin Walters
25ad4a9f65 pull: Add tls-client-cert-{path,key} (if we have new enough libsoup)
This is an actually working version of client-side certificates.
Depends on:
See: https://bugzilla.gnome.org/show_bug.cgi?id=334021

We detect whether libsoup is new enough for this.

https://bugzilla.gnome.org/show_bug.cgi?id=729356
2014-05-01 17:13:13 -04:00
Colin Walters
006e8f0073 deltas: Link to liblzma, add internal API to use it
For future static deltas work, we'll be linking to liblzma.  Since
it's fairly widespread, let's just make it a hard dependency.
2014-04-29 10:59:57 -04:00
Colin Walters
32663a5a50 build: Remove --enable-embedded-dependencies
This is going to bitrot too much; we'll figure out a better way to do
this when someone if a RHEL6 port ever happens.  Probably Software
Collections.
2014-04-22 09:08:35 -04:00
Colin Walters
7cb7d8f741 Release 2014.4 2014-04-13 10:50:27 -07:00
Colin Walters
1bdabda5f3 Use external libgsystem 2014.2
It's been split off for a while, let's kill the code duplication.

Among other things, this fixes the systemd detection for the journal
logging.
2014-04-04 16:52:37 -04:00
Colin Walters
6c463f0b20 Release 2014.3 2014-03-21 14:54:03 -04:00
Colin Walters
ba4f7ac7be Remove custom SELinux policy
This was a temporary hack until the requisite bits landed upstream in
the Fedora SELinux policy.
2014-03-15 13:16:14 -04:00
Colin Walters
cca4cf3e62 build: Add --enable-selinux-custom-policy
Don't use this.

It's just for me, and only temporarily until this stuff all lands in
the Fedora (and ideally upstream) selinux-policy.
2014-03-01 15:10:40 -05:00
Colin Walters
5bda4b4347 Release 2014.2 2014-03-01 13:55:55 -05:00
Colin Walters
cc49096044 Add internal SELinux policy overrides
In the future, this will likely include an ostree_t domain.  For now,
this is just a few additional allow rules.
2014-02-19 08:40:19 -05:00
Colin Walters
8c2a3efadb build: Drop SELinux required version a bit earlier
Apparently EPEL7 only has 2.1.13, but we should be fine with that.
2014-02-02 11:53:22 -05:00
Colin Walters
2313bdcb62 Add SELinux support
The trees as shipped come with /usr/etc, which should just be labeled
as usr_t.  When we do a deployment, we need to relabel the copies of
the files we're making in /etc.

SELinux support is compile and runtime optional.
2014-01-31 08:10:55 -05:00
Colin Walters
c7bcfc1c61 build: Look for /usr/bin/gpgv2 vs /usr/bin/gpgv
For some reason, RHEL has gpgv, but Fedora doesn't.  We need to detect
which to use, since presumably Debian only has gpgv.
2014-01-30 19:32:59 -05:00
Colin Walters
a5ff7eaf37 Release 2014.1 2014-01-24 04:26:43 +00:00
Daniel Narvaez
ccb10d592d Add support for mkinitcpio
https://bugzilla.gnome.org/show_bug.cgi?id=710682
2013-10-24 14:27:49 -04:00
Colin Walters
b35d1499b8 Release 2013.7 2013-10-15 16:44:35 -04:00
Colin Walters
2b37abf7b6 build: Also make gjs-based tests conditional on introspection support
Since they use imports.gi.OSTree.
2013-10-11 12:04:24 -04:00
Jeremy Whiting
7d5aa74dae core: Use libgpgme to add GPG signatures to detached metadata for commit object
Add an optional dependency on gpgme to add GPG signatures into the
detached metadata, with the key "ostree.gpgsigs", as an "aay", an
array of signatures (treated as binary data).

The commit command gains a --gpg-sign=<key-id> argument.  Also add an
argument --gpg-homedir to set the GPG homedir where we look for
keyrings.
2013-09-28 16:12:35 -04:00
Colin Walters
58a8d6d6ef tests: Add a gjs-based test
This covers introspection, and in general is a much better way to get
API coverage tests.
2013-09-18 12:02:12 -04:00
Colin Walters
23e2593b6d repo: Use non-deprecated API with sufficiently new libarchive
Based on a patch Tobias Hunger <tobias.hunger@gmail.com>
2013-08-30 14:34:32 -04:00
Colin Walters
0590684e03 Release 2013.6 2013-08-25 23:34:51 -04:00
Colin Walters
5f90502482 Release 2013.5 2013-08-17 17:05:17 -04:00
Colin Walters
12ccbffad7 build: Fix and prettify build option output
The documentation one was broken by the gtk-doc changes, and let's
align things.
2013-08-17 15:21:31 -04:00
Colin Walters
9c79b352a1 build: Fix the build without documentation
Just key everything of gtk-doc.
2013-08-16 23:14:30 -04:00
Colin Walters
17560a57bf Add gtk-doc support
Yes, it's really me.  Colin Walters.  Writing documentation.  You
don't need to do a DNA test.
2013-08-16 22:56:12 -04:00
Colin Walters
5a4b7d708f configure: Use AS_IF() consistently
See https://bugzilla.gnome.org/show_bug.cgi?id=681413
2013-08-15 18:33:19 -04:00
Sjoerd Simons
a00eb681a0 Install systemd units in the right location
Debian uses /lib/systemd/system for system unit files, while i'm
putting ostree under the /usr prefix which means the hardcoded path
fails. Leave it to configure to work out the right location for systemd
units (method copied from pollkit).

Furthermore instead of installing the unit in local-fs.target.wants by
hand add a [Install] section so systemctl enable does the right thing

https://bugzilla.gnome.org/show_bug.cgi?id=705864
2013-08-15 18:28:04 -04:00
Colin Walters
a5d43bb959 Install a shared library
This required a fair bit of surgery because previously ostree.h
included otutil.h, but that's supposed to be a private library.
2013-07-26 19:25:07 -04:00
Colin Walters
7f4ba736ea Release 2013.4 2013-07-16 20:41:47 -04:00
Colin Walters
124416d832 Use AC_USE_SYSTEM_EXTENSIONS instead of #define _GNU_SOURCE
It's less copy/paste, works everywhere, etc.

Also fix some missing #include "config.h".
2013-07-10 13:25:35 -04:00
Colin Walters
305cd02e0c Drop obsolete GRUB2 and kernel update hooks
We only support syslinux at the moment; grub2 should learn to parse
the bootloader spec.
2013-07-07 21:56:54 -04:00