IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
In #3205, we introduced a check to skip re-generating the GRUB config if
we detect that static configs are in used by looking at bootupd's state.
Unfortunately this check is incomplete and does not account for present
but null entries in the JSON state file.
A proper fix would be to parse the JSON but this requires a larger code
change.
Fixes: https://github.com/ostreedev/ostree/issues/3295
Fixes: https://github.com/ostreedev/ostree/pull/3205
I was trying to check something with `-fsanitize=address`
and it warned about this memory leak. It's...subtle, basically
we were leaking when the same commit was added to the hash table.
But unfortunately fixing that then complicates ownership
over the return value; what we really want to use here is
`g_hash_table_steal_all_keys` but RHEL 9.4 is still rocking
`glib2-2.68.4` so we can't use it.
(Rust would mean we wouldn't have leaked anything here in the
first place...)
Signed-off-by: Colin Walters <walters@verbum.org>
Back in 2b8d586c5, /sysroot was changed to be a private mount so that
submounts of /var do not propagate back to the stateroot /var. That's
laudible, but it makes /sysroot different than every other shared mount
in the root namespace. In particular, it means that submounts of
/sysroot do not propagate into separate mount namespaces.
Rather than make /sysroot private, make /var a slave+shared mount so
that it receives mount events from /sysroot but not vice versa. That
achieves the same effect of preventing /var submount events from
propagating back to /sysroot while allowing /sysroot mount events to
propagate forward like every other system mount. See
mount_namespaces(7)[1] and the linux shared subtrees[2] documentation
for details on slave+shared mount propagation.
When /var is mounted in the initramfs, this is accomplished with
mount(2) syscalls. When /var is mounted after switching to the real
root, the mount propagation flags are applied as options in the
generated var.mount unit. This depends on a mount(8) feature that has
been present since util-linux 2.23. That's available in RHEL 7 and every
non-EOL Debian and Ubuntu release. Applying the propagation from
var.mount fixes a small race, too. Previously, if a /var submount was
added before /sysroot was made private, it would have propagated back
into /sysroot. That was possible since ostree-remount.service orders
itself after var.mount but not before any /var submounts.
1. https://man7.org/linux/man-pages/man7/mount_namespaces.7.html
2. https://docs.kernel.org/filesystems/sharedsubtree.htmlFixes: #2086
xref https://github.com/coreos/rpm-ostree/issues/5071
Hiding errors by default is painful. At least as of
recently in Fedora it looks like the command is nice
and quiet by default, I only see
```
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
done
```
Signed-off-by: Colin Walters <walters@verbum.org>
This is another warning from recently changed code from Coverity:
```
1. Defect type: OVERRUN
16. libostree-2024.7/src/libostree/ostree-repo-commit.c:823:7: overrun-buffer-arg: Overrunning array "target_checksum" of 65 bytes by passing it to a function which accesses it at byte offset 258 using argument "size" (which evaluates to 259). [Note: The source code implementation of the function has been overridden by a builtin model.]
```
I think this can only happen if the repository is corrupt; the
data shouldn't be that long. But fix this by passing the max
length we expect; this will ignore the rest currently.
Signed-off-by: Colin Walters <walters@verbum.org>
Similar to d528083cae - I don't
believe we actually had a leak here because `dirname` always
returns the same start pointer, but this makes Coverity
happy.
Signed-off-by: Colin Walters <walters@verbum.org>
As the build system has required GLib 2.44 since commit
eb09207e1a, the manual expansion of
G_DECLARE_INTERFACE and G_DECLARE_FINAL_TYPE is no longer necessary.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Coverity points out that ""/sysroot.tmp/etc"" could be a copy-paste
error. This is mistake from coverity, but to supress the warning,
we create a global var, tmp_sysroot_etc, which replaces all
instances of TMP_SYSROOT "/etc".
Coverity points out that we have a memory leak from
`g_strdup(dir_or_file_path)`. Make the duplication of the string a
temporary variable that is freed using `g_autofree`.
Coverity points out that we have a memory leak from `g_strdup(name)`.
`insert_child_mtree()` takes a const char * and duplicates it.
`name` can be passed directly to `insert_child_mtree()`.
Ignore ENOENT error in selinux_restorecon to avoid failures when
temporary files created by systemd-sysusers in /etc are missing during
relabeling. This prevents errors such as:
"Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory"
and allows the process to continue.
Co-Authored-By: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
In the ostree-ext codebase the test fixture was generating xattrs
without the trailing NUL byte. This caused confusing errors
later. Change the dirmeta validator to catch this.
The way GVariant represents bytestrings, the trailing NUL is there
on wire/disk so it can be there in memory too, but `g_variant_get_bytestring()`
will just return an empty `""` string if actually the value
has a missing NUL.
Signed-off-by: Colin Walters <walters@verbum.org>
Mainly we can now drop the TODO for mounting `/` readonly - that's
handled by composefs. Add a few other comments, typo fixes
while we're here.
Signed-off-by: Colin Walters <walters@verbum.org>
We were missing the simple, obvious API and CLI to go
from ostree commit -> composefs.
Internally, we had `ostree_repo_checkout_composefs`
with the right "shape" mostly, except it had more code
in the deploy path to turn that into a composefs.
Add a straightforward public API that does what
the deploy code did before, and then the old
API becomes an explicitly internal helper with an `_`
prefix.
Goals:
- Lead towards a composefs-oriented future
- This makes the composefs logic more testable directly
Signed-off-by: Colin Walters <walters@verbum.org>
If supported_out is passed to _ostree_ensure_fsverity and we
successfully exit early, for example because the file is a symlink, then
*supported_out is not initialized.
This is problematic in the case of ostree_sysroot_update_post_copy(),
because it passes in an uninitialized supported, and on successfull
return of _ostree_ensure_fsverity() it assumes that it is iniialized.
In case supported happened to be initialized to non-zero it will take
this branch:
if (!supported)
break; /* If not supported, skip rest */
Which means *all* further objects will not get fs-verity enabled.
Previously we were running clang-format across multiple operating
system versions and hence clang versions, and it turns out
clang has changed the preferred formatting multiple times.
We could *probably* dig in and try to pin things more strongly
but eh...for now let's arbitrarily just use whatever's in
the default GH Action ubuntu-latest runner as that should
be equally painful for everyone.
Signed-off-by: Colin Walters <walters@verbum.org>
HTTP servers derive Last-Modified from the modification time of the
file. When used in combination with a Cache-Control max-age value,
having the modification times match means that caches will consider them
expired at the same time. This helps make it more likely that clients
won't receive a cached summary and fresh signature or vice versa.
This makes more sense to do now that the summary and signature are
created in a temporary directory and renamed into place. In the old days
where they were created directly in the repo root, it would be strange
to change the summary mtime when it wasn't actually modified.
otcore_get_ostree_target() should set is_aboot for android boot
systems, but currently it only does this on A/B boot systems, not
single-boot-partition systems. Fix this by setting it in the second
case.
We want to start switching things so that the toplevel `/ostree`
repository is mode 0700, to close off unprivileged code
from being able to access it. Previous deployment roots
may have setuid binaries, etc. The `/var/lib/containers/storage`
directory is mode 0700 for this reason I believe.
Closes: https://github.com/ostreedev/ostree/issues/3211
I want to add another variant here, and `--modern` is now old. Let's
acknowledge that we may want to make even more changes in the
future. So `--modern == --epoch=1` but I will add `--epoch=2` after
this.
If fs_verity_wanted == _OSTREE_FEATURE_YES we should fail if
!suported, but we were checking !supported where supported is a
pointer, not a boolean. This caused us to miss errors when the kernel
didn't support fs-verity that lead to lots of debugging.
This is stronger than the default (`replace`) because it tells systemd
to *stop everything* and go to `emergency.target`. In other codebases,
this has definitely helped me with the problem of "systemd keeps going
even after a failure".
Likely addresses #3219.
See also e.g. 3d2e165f97.
This can return NULL if there's no real policy.
Now obviously we need to update the Rust bindings too but...
I am having trouble doing that, we're pretty out of date with
upstream.
When we added the retry logic, the intention here was definitely
to do it not just for network errors but also e.g. HTTP 500s and
the like.
xref https://pagure.io/releng/issue/11439
where we rather painfully debugged that this was missing.
The combination of the "honor whiteout" and "union" flags
are intended to basically be "merge trees like overlayfs does".
But we were missing this case in order to support e.g. replacing
a symlink with a directory.
This fixes a bug in the (early) deployment pruning function which before
tried to access the boot directory without opening it first.
Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
According to Jonathan's suggestion, should fix the code from
ostree repo.
With this patch:
- kargs input like "init_on_alloc=1 init_on_free=1", will be
parsed as 2 seperated args `init_on_alloc=1` and `init_on_free=1`,
instead of whole;
- According to https://www.kernel.org/doc/html/v4.14/admin-guide/kernel-parameters.html,
need to keep spaces in double-quotes, like `param="spaces in here"`
will be parsed as whole instead of 3.
Fixes https://github.com/coreos/rpm-ostree/issues/4821
I think it's about time we flipped this on by default;
like the bootprefix I was a bit too chicken. We still have
a `bootloader-naming-1` that can be flipped on in case of
some regression.
Closes: https://github.com/ostreedev/ostree/issues/2961
