2407 Commits

Author SHA1 Message Date
Simon McVittie
3e3755c497 various tests: skip if temp directory lacks xattr support
Some autobuilder environments place the entire build chroot on tmpfs, so
even /var/tmp might not have this.

Signed-off-by: Simon McVittie <smcv@debian.org>

Closes: #232
Approved by: cgwalters
2016-03-31 14:22:06 +00:00
Simon McVittie
c276025466 test-xattrs: use TAP syntax to skip test
Signed-off-by: Simon McVittie <smcv@debian.org>

Closes: #232
Approved by: cgwalters
2016-03-31 14:22:06 +00:00
Colin Walters
39777ded54 docs/CONTRIBUTING.md: Update for github move, Homu etc.
Closes: #230
Approved by: jlebon
2016-03-30 16:17:21 +00:00
Jonathan Lebon
9260d3dba1 commit: support editor for orphan commits
This is a follow up to #227 to allow ostree to open the editor also for
orphan commits when no subject or body is given on the cmdline.

Closes: #229
Approved by: cgwalters
2016-03-30 12:19:06 +00:00
Colin Walters
23d26d5f65 commit: Support writing orphans
The API supports this, and it's not hard for us to do in the command
line as well.  One possible use case is separating "content
generation" in a separate server.

Related: https://github.com/ostreedev/ostree/pull/223

Closes: #227
Approved by: jlebon
2016-03-30 03:10:50 +00:00
Colin Walters
c6b4ecd474 commit: Support generating commits with no parent, or a custom one
When I'm doing local development builds, it's quite common for me not
to want to accumulate history.  There are also use cases for this on
build servers as well.

In particular, using this, one could write a build system that didn't
necessarily need to have access to (a copy of) the OSTree repository.
Instead, the build system would determine the last commit ID on the
branch, and pass that to a worker node, then sync the generated
content back.

The API supported generating custom commits that don't necessarily
reference the previous commit on the same branch, let's just expose
this in the command line for convenience.

I plan to also support this rpm-ostree.

Closes: #223
Approved by: jlebon
2016-03-29 14:31:29 +00:00
Colin Walters
a50df5daf7 docs: Add a section on repository management
Just keeping my promise to write more documentation.  There could be a
lot more to write here, but I'm trying to get a start done.

Closes: #222
Approved by: jlebon
2016-03-29 14:10:24 +00:00
Simon McVittie
45a6c109d9 packaging: fix bashism in dist-snapshot target
On Debian and its derivatives, /bin/sh is a lightweight POSIX shell
(currently dash) which does not support the bash {foo,bar} syntax.

Signed-off-by: Simon McVittie <smcv@debian.org>

Closes: #226
Approved by: cgwalters
2016-03-28 11:50:11 +00:00
Dan Nicholson
b1e1e51660 main: Set log handler for OSTree domain
Now that OSTree is used as G_LOG_DOMAIN, set the main handler to match
so the appropriate messages are filtered. It would probably be more
appropriate to spell out "OSTree" in the code, but since G_LOG_DOMAIN is
being defined globally in the project, might as well reuse it here.

https://bugzilla.gnome.org/show_bug.cgi?id=764237

Closes: #225
Approved by: cgwalters
2016-03-26 18:22:59 +00:00
Dan Nicholson
e9c58fe706 build: Set G_LOG_DOMAIN to OSTree
This will allow ostree programs to filter log messages specifically for
OSTree instead of using the NULL domain for ostree debugging.

https://bugzilla.gnome.org/show_bug.cgi?id=764237

Closes: #225
Approved by: cgwalters
2016-03-26 18:22:59 +00:00
Dan Nicholson
750e2cbf33 core: Add debug messages for traversing
If you have a repo where a needed object has been inadvertantly removed,
all you'll get is a "No such metadata object" error with no clue about
where it was referenced from.

Add some debug messages to provide clues about which objects are being
traversed and found.

https://bugzilla.gnome.org/show_bug.cgi?id=764006

Closes: #224
Approved by: cgwalters
2016-03-26 13:50:16 +00:00
Dan Nicholson
31240982e7 core: Add verbose messages for pruning
When prune fails, it can be really difficult to figure out why. This at
least lets you know which objects are being considered.

https://bugzilla.gnome.org/show_bug.cgi?id=764006

Closes: #224
Approved by: cgwalters
2016-03-26 13:50:16 +00:00
Jonathan Lebon
b7a04d51f8 OstreeSePolicy: add ostree_sepolicy_get_csum()
This can be used as a fingerprint to determine whether two
OstreeSePolicy objects are equivalent.

Also add documentation for ostree_sepolicy_get_name().

Closes: #219
Approved by: cgwalters
2016-03-25 15:28:29 +00:00
Alexander Larsson
456f515522 Add --untrusted option to pull and pull-local
https://bugzilla.gnome.org/show_bug.cgi?id=764125

Closes: #221
Approved by: cgwalters
2016-03-25 12:56:55 +00:00
Alexander Larsson
ed1e0c6d04 pull: Add OSTREE_REPO_PULL_FLAGS_UNTRUSTED flag
If this is set we verify all objects we pull, even for local remotes,
and we avoid hard-linking into local source repos.

https://bugzilla.gnome.org/show_bug.cgi?id=764125

Closes: #221
Approved by: cgwalters
2016-03-25 12:56:55 +00:00
Colin Walters
f84c198006 tests: Add a test-abi
This would have caught a potential ABI regression in
https://bugzilla.gnome.org/show_bug.cgi?id=764056
(If we ran this test while building `--without-libarchive`)

Pull request: #218
Approved by: jlebon
2016-03-24 16:23:12 +00:00
Jonathan Lebon
309fe446c6 Merge pull request #220 from cgwalters/travis-stub
Add a stub .travis.yml
2016-03-24 11:49:41 -04:00
Colin Walters
9c195707c6 Add a stub .travis.yml
This is at the moment just so that we can use Homu.  In the future I'd
like to make travis just one of multiple PR testers we use.
2016-03-24 11:46:26 -04:00
Colin Walters
80698543c2 Release 2016.4 v2016.4 2016-03-23 15:45:59 -04:00
Dan Nicholson
7524e904b9 traverse: Require variant when traversing dirtree
The dirtree object is required for traversing, so don't use the
load_variant_if_exists() function. This will return a
G_IO_ERROR_NOT_FOUND to the caller rather than trying to ref a NULL
variant in ostree_repo_commit_traverse_iter_init_dirtree() if the object
is missing.

https://bugzilla.gnome.org/show_bug.cgi?id=764091
2016-03-23 15:36:04 -04:00
Colin Walters
7232b2940b tests: Add a commitpartial + prune test
Followup for previous commit.
2016-03-23 15:34:17 -04:00
Dan Nicholson
2ae7f619b2 prune: Don't fail on partial commits
If a commit only pull has been done, then the commit object exists in
the object store in addition to the commitpartial file. Traversing this
partial commit will likely fail, but that's expected. If traverse
returns a G_IO_ERROR_NOT_FOUND in this case, continue with pruning.

https://bugzilla.gnome.org/show_bug.cgi?id=764091
2016-03-23 15:34:17 -04:00
Alexander Larsson
ddf0a02f88 pull local: Don't import objects we already have
In particular, I noticed this because the pull failed when trying to
pull from a shallow repo which only had the new objects that was
needed.

https://bugzilla.gnome.org/show_bug.cgi?id=764059
2016-03-23 14:58:08 -04:00
Stef Walter
2454957e8d Fix building without libarchive
Although libarchive is an optional build option, the build
fails without it.

https://bugzilla.gnome.org/show_bug.cgi?id=764056
2016-03-23 13:55:34 -04:00
Colin Walters
09238da065 admin: Add an unlock command, and libostree API
I'm trying to improve the developer experience on OSTree-managed
systems, and I had an epiphany the other day - there's no reason we
have to be absolutely against mutating the current rootfs live.  The
key should be making it easy to rollback/reset to a known good state.

I see this command as useful for two related but distinct workflows:

 - `ostree admin unlock` will assume you're doing "development".  The
   semantics hare are that we mount an overlayfs on `/usr`, but the
   overlay data is in `/var/tmp`, and is thus discarded on reboot.
 - `ostree admin unlock --hotfix` first clones your current deployment,
   then creates an overlayfs over `/usr` persistent
   to this deployment.  Persistent in that now the initramfs switchroot
   tool knows how to mount it as well.  In this model, if you want
   to discard the hotfix, at the moment you roll back/reboot into
   the clone.

Note originally, I tried using `rofiles-fuse` over `/usr` for this,
but then everything immediately explodes because the default (at least
CentOS 7) SELinux policy denies tons of things (including `sshd_t`
access to `fusefs_t`).  Sigh.

So the switch to `overlayfs` came after experimentation.  It still
seems to have some issues...specifically `unix_chkpwd` is broken,
possibly because it's setuid?  Basically I can't ssh in anymore.

But I *can* `rpm -Uvh strace.rpm` which is handy.

NOTE: I haven't tested the hotfix path fully yet, specifically
the initramfs bits.
2016-03-23 11:09:09 -04:00
Colin Walters
0b1d301d81 libglnx porting: Use glnx_opendirat()
This unfortunately adds *more* `gs_file_get_path_cached()`, but we'll
fix that all in one go.
2016-03-23 10:26:01 -04:00
Colin Walters
18530894c7 libglnx porting: Use glnx_shutil_rm_rf_at()
In some cases (such as `ostree-sysroot-cleanup.c`), the surrounding
code would be substantially cleaner if it was also ported to
fd-relative, but I'm going to do that in a separate patch.

That way these patches are easier to review for mechanical
correctness.  I used an Emacs keyboard macro as the poor man's
[Coccinelle](http://coccinelle.lip6.fr/).
2016-03-23 10:26:01 -04:00
Colin Walters
d456fe5adb libglnx porting: Use glnx_set_error_from_errno
⚠️ There is a notable spiked pit trap here around
`posix_fallocate()` and `errno`.  This has bit other projects,
see e.g.
7bb87460e6

Otherwise the port was straightforward.
2016-03-23 10:26:01 -04:00
Colin Walters
614483ecd1 Use GSubprocess instead of GSSubprocess (libgsystem removal)
Since we hard-depend on GLib 2.40, we can start using GSubprocess.
This is part of dropping our dependency on libgsystem, which is
deprecated in favor of libglnx (as well as migrating things to GLib).
2016-03-23 10:26:01 -04:00
Colin Walters
afb6105a51 admin-switch: Add missing reboot argument
Spotted by jlebon in https://github.com/GNOME/ostree/pull/211
2016-03-23 09:42:17 -04:00
Simon McVittie
3f6f2e2a2f test-libarchive: fix underlinking
Signed-off-by: Simon McVittie <smcv@debian.org>
2016-03-21 13:03:06 -04:00
Simon McVittie
0a7e128782 Skip test_libarchive_ignore_device_file if we cannot write xattrs
The test tries to get a filesystem that supports xattrs by writing
to /var/tmp, but in some automated build environments the entire
build chroot is on a tmpfs.

Signed-off-by: Simon McVittie <smcv@debian.org>
2016-03-21 13:02:49 -04:00
Simon McVittie
35f412c86a tests/admin-test.sh: add #!/bin/sh
This is executable and appears to be intended to be executed directly,
so it should have a #! line.
2016-03-21 13:02:25 -04:00
Colin Walters
63e1c86dcd mkdocs: Fix the site name 2016-03-21 12:53:40 -04:00
Colin Walters
8894bb3949 deploy: Handle a read-only /boot
I'd like to encourage people to make OSTree-managed systems more
strictly read-only in multiple places.  Ideally everywhere is
read-only normally besides `/var/`, `/tmp/`, and `/run`.

`/boot` is a good example of something to make readonly.  Particularly
now that there's work on the `admin unlock` verb, we need to protect
the system better against things like `rpm -Uvh kernel.rpm` because
the RPM-packaged kernel won't understand how to do OSTree right.

In order to make this work of course, we *do* need to remount `/boot`
as writable when we're doing an upgrade that changes the kernel
configuration.  So the strategy is to detect whether it's read-only,
and if so, temporarily mount read-write, then remount read-only when
the upgrade is done.

We can generalize this in the future to also do `/etc` (and possibly
`/sysroot/ostree/` although that gets tricky).

One detail: In order to detect "is this path a mountpoint" is
nontrivial - I looked at copying the systemd code, but the right place
is to use `libmount` anyways.
2016-03-21 12:49:05 -04:00
Colin Walters
b842429bf2 manual: Migrate related projects wiki page into manual
This content currently lives here:
<https://wiki.gnome.org/Projects/OSTree/RelatedProjects>.  Moving it
into the manual in Markdown:

 - Makes it look better
 - It's more useful alongside the rest of the docs
 - Is much less crummy in general than the GNOME wiki
2016-03-18 13:11:54 -04:00
Alexander Larsson
cb60de0f95 Don't fail "ostree remote refs" if writing the summary cache is not permitted
It used to be allowed to run something like "ostree remote refs" on
a read-only (e.g. system) repo. However, the summary cache caused that to
break. This commit just makes it not save the cache if we get some kind
of permission error when writing it. It'll still work, even without the
cache.

https://bugzilla.gnome.org/show_bug.cgi?id=763855
2016-03-18 17:33:39 +01:00
Colin Walters
c58ad36840 libglnx porting: gs_transfer_out_value -> g_steal_pointer
It's a bit more verbose but...eh.
2016-03-18 12:08:19 -04:00
Colin Walters
b67f5364ac libglnx porting: xattr calls
These are straightforward as the libgsystem versions were already just
equivalent shims.
2016-03-18 12:08:19 -04:00
Colin Walters
684029daa3 libglnx porting: gs_free -> g_autofree
There were surprisingly few uses left.
2016-03-18 12:08:19 -04:00
Colin Walters
ac4c298061 libglnx porting: gs_fd_close -> glnx_fd_close
I'd like to eventually kill libgsystem.
2016-03-18 12:08:19 -04:00
Colin Walters
a02b425fc2 tests: Strengthen test tmpdir sanity check, be compat with ginsttest saving
GNOME Continuous uses ginstest-runner --report-directory, which causes
the tests to save their tmpdirs persistently.  This also means the
result directories didn't match the `/(var/)?tmp` regexp, which broke
the ostree tests in GContinuous.

Fix this by simply asserting that the tmpdir either has `.tmpdir` or
nothing.
2016-03-18 08:45:25 -04:00
Colin Walters
8057254b0b contrib/golang: Initial golang bindings
We were considering using this for Docker integration, but we may end
up going a different architectural path.  Anyways, it doesn't hurt to
have the bindings in here - they can do a few things.

I decided to fork some of the core code from
https://github.com/dradtke/gotk3 because...well, what we really need a
GIR-based core generator but I didn't want to start on the fully
correct thing until we knew we wanted it, and this was a quick hack.

Also, let's make a `contrib/` directory for things like this.
2016-03-17 09:02:24 -04:00
Colin Walters
f51d651b10 docs: Add a section on writing buildsystems
And add a test that is a demo buildsystem.
2016-03-16 17:15:58 -04:00
Micah Abbott
0b068c668a docs: Cleanup Markdown
I was going through the new version of the docs and noticed a few
problems.  Mostly URLs that aren't linked, extra whitespace, and a few
mis-spellings.

I ran the files through `aspell check` and made some manual changes
myself.

These changes were tested locally with `mkdocs serve`
2016-03-16 15:02:18 -04:00
Alexander Larsson
89624ee57d rofiles-fuse: Fix permission comparison
We want to allow write if the devinode is in the set,
not the other way around.

https://bugzilla.gnome.org/show_bug.cgi?id=763676
2016-03-16 16:30:53 +01:00
Alexander Larsson
9b919c8dd2 repo: Fix the skip-summary-if-summary.sig-is-same cache
This code was always downloading the summary even for a cache hit due
to a missing else.
2016-03-15 12:04:43 +01:00
Giuseppe Scrivano
2bb25a05b0 tests: add test for summary file caching
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2016-03-15 09:48:47 +01:00
Giuseppe Scrivano
cff4e48d02 prune: delete all cached summaries files
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2016-03-15 09:48:47 +01:00
Giuseppe Scrivano
2bf84d7e5d repo: use the skip summary download optimization for repo_remote_fetch_summary
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2016-03-15 09:48:47 +01:00