Commit Graph

4837 Commits

Author SHA1 Message Date
Frédéric Danis
512db0435c bin/static-delta: Add command to verify delta signature
Add new "static-delta verify" sub-command.
This supports multiple keys to verify the static-delta file.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
02a19b2c96 lib/deltas: Add signature check API for static-delta superblock
This retrieves the signatures and pass the static delta block as an array
of bytes to ostree_sign_data_verify().

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
92efbc00d8 bin/static-delta: Add support to sign superblock
Add signing ability to "static-delta generate" builtin.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
46667567c5 lib/deltas: Add inline signature for static-delta superblock
While the commits contained in the single static-delta file are signed so
we can check them and operate on trusted data, the superblock isn't signed
in any way, so it end up operating on untrusted data to:
 1. actually find where the trusted data is, and
 2. check whether the update is fit for the current device by looking at
    the collection id stored in the metadata

This commit generates signatures of all static data, and concatenate them
to the existing static delta format, i.e. as a GVariant layout `a{sv}ay`
where
 - a{sv}: signatures
 - ay: existing delta variant

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
OpenShift Merge Robot
9c040c1a73
Merge pull request #2196 from cgwalters/commit-shadowing-fix
commit: Tighten scope of two variables
2020-09-13 13:00:16 -04:00
Colin Walters
779a901780 commit: Tighten scope of two variables
Prep for adding `-Wshadow` fixes.
2020-09-13 14:58:24 +00:00
OpenShift Merge Robot
71acef2d33
Merge pull request #2193 from alexlarsson/preparatory-cleanup
Preparatory cleanup for summary work
2020-09-11 11:07:00 -04:00
Alexander Larsson
b7d1a9746b Update the symbols files to match that we're now on 2020.6 2020-09-11 12:35:32 +02:00
Alexander Larsson
da853a1783 ostree-repo-pull.c: Extract mirrorlist generation to helper
This code was duplicated in 3 places, so move it to a single place
to clean things up.
2020-09-11 12:03:29 +02:00
Alexander Larsson
155b215cd8 Minor cleanup of _ostree_repo_remote_new_fetcher()
Instead of open coding the extra_headers and append_user_agent
setting everywhere we do this in the constructor.
2020-09-11 12:03:28 +02:00
Alexander Larsson
3957bff0cb Inline repo_remote_fetch_summary
This was only used in one place, and (especially with the simplification
with GMainContextPopDefault) and the one caller doesn't really do
much more than call the helper. Additionally, what little it does (saving
the result in the cache) is inherently tied to how the helper work,
and will become even more so when we support summary indexes.

This is a preparatory cleanup for supporting summary indexes. It
doesn't change any behaviour and passes make check on its own.
2020-09-11 12:03:28 +02:00
Alexander Larsson
4b9e712e82 repo_remote_fetch_summary: Use GMainContextPopDefault
This allows us to drop the "goto out" use and clean up this function.
2020-09-11 12:03:28 +02:00
Alexander Larsson
c7df4317bd Add g_autoptr helper for pushing a thread default main context
This happens in a bunch of places, and currently each time it does
we have to use "goto out" style cleanups, which just isn't looking
very nice.
2020-09-11 12:03:28 +02:00
Alexander Larsson
f74bc8dd3d fetch_summary_with_options: drop unnecessary "goto out" use 2020-09-11 12:03:28 +02:00
Alexander Larsson
1f1ef4c989 Break out the signature verification code into a helper function
This changes nothing in the behaviour, but we want to later re-use
this when we also verify the summary index.
2020-09-11 12:03:28 +02:00
Alexander Larsson
598adc457f deltas: Break out _ostree_repo_static_delta_superblock_digest() helper
This loads and makes a digest for a delta superblock. The previous
code was used when generating the deltas section in the summary
file. This changes nothing, but is in preparation for using similar
formats in a separate delta index file.
2020-09-11 12:03:28 +02:00
Alexander Larsson
32014d99e6 Add and use ot_checksum_bytes helper
This removes some duplicated code (and will be use even more later).
2020-09-11 12:00:05 +02:00
Alexander Larsson
dddb449d2c pull: Actually mmap summary files
The change in cbf1aca1d5 actually
only mmaps the signature file, not the summary. This change makes
use mmap both, as well as extract the cache loading into a helper
function that we will later use in more places.
2020-09-11 12:00:02 +02:00
Alexander Larsson
85accb84e8 pull: Break out _ostree_repo_save_cache_summary_file() helper
This is a minor cleanup as its just called twice from
_ostree_repo_cache_summary(). However, later code will need it in more
places.
2020-09-11 11:53:38 +02:00
Alexander Larsson
bb2649a8c0 Fix leak when signing
_ostree_detached_metadata_append_gpg_sig() was returning a floating
ref, but all users were using g_autoptr. Fix it by adding a ref-sink.
2020-09-11 11:45:33 +02:00
Alexander Larsson
74bae256fe list-deltas: Don't break on non-subdir entries
ostree_repo_list_static_delta_names() tried to validate that
any second-level directory element was a directory, but there was
a cut-and-paste issue, and it used `dent->d_type` instead
of `sub_dent->d_type`.

This fixes the code, but all old ostree versions will break if
there are non-directories in a subdirectory of the deltas directory
in the repo, so be wary.
2020-09-11 11:45:24 +02:00
OpenShift Merge Robot
69282a3dd3
Merge pull request #2192 from cgwalters/error-prefixing
deploy: Add some error prefixing around xattr setting
2020-09-09 09:25:12 -04:00
Colin Walters
a1bd29f245 deploy: Add some error prefixing around xattr setting
Looking at
https://github.com/coreos/coreos-assembler/issues/1703
a user is getting a bare:
`error: fsetxattr: Permission denied`

I don't think it's these code paths since a deploy
isn't happening but on inspection I noticed we didn't
have error prefixing here.
2020-09-09 12:34:44 +00:00
OpenShift Merge Robot
3bac819a5d
Merge pull request #2190 from cgwalters/ci-drop-var-test
ci: Drop var mount test
2020-09-07 19:26:02 -04:00
Colin Walters
be0f9e77e5 ci: Drop var mount test
Merged in https://github.com/coreos/fedora-coreos-config/pull/586
2020-09-03 22:14:02 +00:00
OpenShift Merge Robot
4d0f426e23
Merge pull request #2189 from cgwalters/release
Release 2020.6
2020-09-03 14:41:11 -04:00
Colin Walters
4d6e8f2b99 Post-release version bump 2020-09-03 18:00:27 +00:00
Colin Walters
5d2183f63e Release 2020.6
Let's get the /var mount fix out at least.
2020-09-03 18:00:03 +00:00
OpenShift Merge Robot
75376bae4c
Merge pull request #2186 from jlebon/pr/etc-rw
Fix read-only /etc when using sysroot=readonly and a separate /var mount
2020-08-28 14:52:24 -04:00
Jonathan Lebon
8408f8913b ci: Temporarily import kola test from jlebon's FCOS fork
That test will not make it into the fedora-coreos-config repo until the
libostree fix gets percolated down. PR is:

https://github.com/coreos/fedora-coreos-config/pull/586

But we want to make sure that the fix does work and that we don't
regress on it. So manually fetch it for now.
2020-08-28 14:16:46 -04:00
Jonathan Lebon
a7a751b69f ostree-remount: Remount /etc rw if needed
When we remount `/sysroot` as read-only, we also make `/etc` read-only.
This is usually OK because we then remount `/var` read-write, which also
flips `/etc` back to read-write... unless `/var` is a separate
filesystem and not a bind-mount to the stateroot `/var`.

Fix this by just remounting `/etc` read-write in the read-only sysroot
case.

Eventually, I think we should rework this to set everything up the way
we want from the initramfs (#2115). This would also eliminate the window
during which `/etc` is read-only while `ostree-remount` runs.
2020-08-28 14:16:46 -04:00
Jonathan Lebon
b3c7b059ea ostree-prepare-root: Fix /etc bind mount
We were bind-mounting the initramfs' `/etc` (to itself) instead of the
target deployment `/etc` (to itself). Since we're already `chdir`'ed
into it, we can just drop the leading slash.
2020-08-28 14:16:29 -04:00
OpenShift Merge Robot
22b3883aa4
Merge pull request #2184 from fkrull/docs-tags-fixes
Add some missing GI tags
2020-08-26 17:45:28 -04:00
Felix Krull
f4d0b17080 lib: mark out parameters as out parameters 2020-08-26 22:32:47 +02:00
Felix Krull
d5b8929017 lib: add some missing version tags 2020-08-26 22:32:47 +02:00
OpenShift Merge Robot
657b6a882d
Merge pull request #2183 from cgwalters/sh-inline-crates
tests/inst: Update to published sh-inline crate
2020-08-26 15:04:24 -04:00
Colin Walters
ef55c2c981 tests/inst: Update to published sh-inline crate
And I made a few more API tweaks, such as supporting `Path`
objects directly and also not needing e.g. `commit = commit`, see

- cfa7c71126
- 679bce4cc7
2020-08-26 17:00:19 +00:00
OpenShift Merge Robot
27413afbff
Merge pull request #2181 from cgwalters/port-sh-inline
tests/inst: Port to new sh-inline repo
2020-08-26 11:01:52 -04:00
OpenShift Merge Robot
af881d7476
Merge pull request #2182 from mbilker/arch-linux
Fix mkinitcpio with newer systemd versions
2020-08-26 08:42:37 -04:00
Matt Bilker
dac2ad288f Fix mkinitcpio with newer systemd versions
- Fixes systemd failing to determine if `/sysroot` is valid because of
  `/etc/os-release` not being available yet.

- Related: #1759
2020-08-25 18:12:55 -04:00
Colin Walters
33e2d34ea5 tests/inst: Port to new sh-inline repo
I cleaned up my fork of commandspec (see git log) and am
planning to publish to crates.  Port to the new API in prep
for that.
2020-08-25 22:06:13 +00:00
OpenShift Merge Robot
a85fb4fea1
Merge pull request #2180 from jlebon/pr/devel-build
configure.ac: Set is_release_build=no
2020-08-24 15:05:20 -04:00
Jonathan Lebon
0a6a41a63d configure.ac: Set is_release_build=no
We missed this during the post-release version bump.
2020-08-24 14:17:35 -04:00
OpenShift Merge Robot
2596a718ce
Merge pull request #2179 from cgwalters/ioctl-fix
linuxfsutil: Pass int to ioctl, not long
2020-08-21 20:13:51 -04:00
OpenShift Merge Robot
9850ec9cc6
Merge pull request #2178 from cgwalters/ioctl-test
tests: Check the immutable bit
2020-08-21 14:40:21 -04:00
Colin Walters
06ed04a816 linuxfsutil: Pass int to ioctl, not long
Otherwise it will fail on big-endian architectures like s390x.
Ref https://bugzilla.redhat.com/show_bug.cgi?id=1867601
2020-08-21 17:41:32 +00:00
Colin Walters
cc1b70d921 tests: Check the immutable bit
See https://bugzilla.redhat.com/show_bug.cgi?id=1867601

We really want an upstream test for this, even if (to my knowledge)
nothing is running ostree's upstream CI on !x86_64.
2020-08-21 17:39:39 +00:00
OpenShift Merge Robot
41b455b1b0
Merge pull request #2177 from smcv/systemd-no-syslog
boot: Replace deprecated StandardOutput=syslog with journal, etc.
2020-08-21 14:57:29 +02:00
Simon McVittie
d3fadf14b7 boot: Replace deprecated StandardOutput=syslog with journal, etc.
systemd deprecated this in v246.

Resolves: #2169
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-08-21 09:58:05 +01:00
OpenShift Merge Robot
c61ff03304
Merge pull request #2175 from cgwalters/coverity-2020.5
Two small Coverity fixes
2020-08-19 16:46:49 +02:00