Commit Graph

4837 Commits

Author SHA1 Message Date
OpenShift Merge Robot
654983ee31
Merge pull request #2089 from dbnicholson/flags-enums-as-bitfields
lib: Coerce flags enums to GIR bitfields
2020-05-01 22:29:37 +02:00
OpenShift Merge Robot
e6bc24804c
Merge pull request #2087 from cgwalters/test-staged-deploy-cleanup
tests/staged-deploy: Cleanup initial state
2020-05-01 22:10:53 +02:00
Dan Nicholson
dc69f56de6 lib: Coerce flags enums to GIR bitfields
The GI scanner decides if an `enum` is really a `bitfield` if it finds
any values that have left shifts. With an `enumeration`, the
introspecting language may error or convert to a different type if the
user tries to combine values. Change all Flags `enum`s to use
left-shifted values so that they're represented as `bitfield`s in the
GIR.

The primary bug here is that you can't combine `REFS_ONLY` and
`NO_PRUNE` when calling `OSTree.Repo.prune()` from an introspected
language.

This is an IABI break since the typelib will change from `enumeration`
to `bitfield`. `OstreeRepoImportFlags` is internal but the change is
included here to prepare for a subsequent name that would require bit
shifting to operate correctly as a flag.
2020-04-30 15:13:31 -06:00
Colin Walters
37e1921b51 tests/staged-deploy: Cleanup initial state
I'm using [cosa build-fast](https://github.com/coreos/coreos-assembler/pull/1371)
and this test doesn't like starting out with two deployments.  Clean
things up to one at the start just to simplify things.
2020-04-29 01:47:14 +00:00
OpenShift Merge Robot
240f6d3ac6
Merge pull request #2084 from d4s/wip/d4s/expose_signapi_metadata
signapi: expose metadata format and key
2020-04-29 03:19:11 +02:00
Denis Pynkin
ee5d0f350f signapi: expose metadata format and key
Explicitly expose functions for querying the metadata format
and key name used by OstreeSign object:
 - ostree_sign_metadata_format
 - ostree_sign_metadata_key

This allows to use the same metadata format and key name
by 3-rd party applications using signapi.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-24 16:34:50 +00:00
OpenShift Merge Robot
a05c99d933
Merge pull request #2083 from agners/doc-updates
Doc updates
2020-04-24 14:07:52 +02:00
Stefan Agner
ce5dfadbd7 docs: extend repository types
Clarify where metadata are stored exactly in the `bare-user` case.
Make the first sentence of `bare-user` and `bare-user-only` paragraph
symetric to make it easier to jump to the right paragraph for readers
in a hury. Stree out that `bare-user-only` may loose metadata.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
2020-04-24 13:12:47 +02:00
Stefan Agner
b43c0be347 docs: extend object type documentation
Extend the object type documentation with file endings used for the
individual type. Also clarify in which situation content type objects
are used and why they do not match the SHA256 hash today.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
2020-04-24 13:05:15 +02:00
Stefan Agner
b7662aaf33 docs: clarify archive repo type
Today `archive-z2` is still used as the default string to indicate
a `archive` type repository. Make clear that this is the way it is
intended. Otherwise users might think they use an no longer supported
OSTree repository since the mode string is still `archive-z2`.

Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
2020-04-24 13:04:18 +02:00
OpenShift Merge Robot
66527efcb8
Merge pull request #2082 from cgwalters/finalize-sandbox
finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
2020-04-22 18:51:15 +02:00
OpenShift Merge Robot
8996ead2ea
Merge pull request #2081 from cgwalters/deploy-etc
deploy: Add --no-merge
2020-04-22 16:34:57 +02:00
Colin Walters
47a3096ab8 finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
Same motivation as
https://github.com/coreos/rpm-ostree/pull/2060

I tried `InaccessiblePaths=/var` first and was very sad to find
out we have one tiny exception that breaks it.  Otherwise it'd
be so elegant.  Maybe in the future we split out that one thing
to a separate `ostree-finalized-stage-var.service` that's just
`ExecStart=/bin/rm -vf /var/.updated` and is otherwise
`ProtectSystem=strict` etc.
2020-04-22 14:28:33 +00:00
Colin Walters
368574b657 deploy: Add --no-merge
All of the underlying libostree APIs have supported passing `NULL`
for a merge deployment for...a long time.  But we never plumbed
it up into the CLI.

Add a `--no-merge` option to aid people who want to do a "factory reset":
https://github.com/ostreedev/ostree/issues/1793
2020-04-22 14:09:54 +00:00
OpenShift Merge Robot
391ad0ec21
Merge pull request #2079 from cgwalters/pull-split-sign-verify
lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
2020-04-18 13:57:08 -04:00
Colin Walters
1b8fed247c lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
`ostree-repo-pull.c` is huge; separate some of the GPG/signing
verification functions into their own file so they're more easily seen.
2020-04-18 13:35:36 +00:00
Colin Walters
12984ddef2 lib: Move pull struct definition into repo-pull-private.h
Prep for further splitting up `ostree-repo-pull.c`.
2020-04-18 13:34:57 +00:00
OpenShift Merge Robot
7d51cee0a8
Merge pull request #2077 from jlebon/pr/transaction-cleanup
lib/commit: Check that dirent is a directory before cleaning
2020-04-17 15:15:12 -04:00
Jonathan Lebon
8ece36c28a lib/commit: Check that dirent is a directory before cleaning
I've only noticed this by inspection. But I think it's possible for
`cleanup_txn_dir` to get called with the `staging-...-lock` file since
it matches the prefix.

Make the checking here stronger by verifying that it's a directory. If
it's not a directory (lockfile), then follow the default pruning expiry
logic so that we still cleanup stray lockfiles eventually.
2020-04-17 14:29:13 -04:00
Jonathan Lebon
df065ad766 lib: Rename function for staging dir check
Rename the function to more accurately reflect what it does, which is to
check whether the filename has the `staging-` prefix.
2020-04-17 14:28:20 -04:00
Jonathan Lebon
bb8fd5a2c4 lib/commit: Add more error prefixing
We think we're hitting an error in that function in the Fedora infra.
Add some more error prefixing to help debugging.
2020-04-17 14:27:16 -04:00
OpenShift Merge Robot
95be6676c0
Merge pull request #2076 from d4s/wip/d4s/rename_with-libsodium_opt
sign: rename option for enabling ed25519
2020-04-17 13:30:36 -04:00
Denis Pynkin
6aeca233f6 sign: rename option for enabling ed25519
Use option `--with-ed25519-libsodium` instead of
`--with-libsodium` to enable ed25519 signature engine.

This allows to use later different implementations of ed25519
signing/verification. For instance, based on openssl.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-17 19:26:52 +03:00
OpenShift Merge Robot
351bc56f16
Merge pull request #2073 from cgwalters/pull-private-cleanup
lib: Move internal binding verification API to repo.c
2020-04-17 11:49:59 -04:00
OpenShift Merge Robot
9c59092fd7
Merge pull request #2075 from d4s/wip/d4s/test_system-wide_sign_conf
tests/signed-commit: fix the test of well-known places
2020-04-17 10:53:37 -04:00
Denis Pynkin
40a2fb3b07 tests/signed-commit: fix the test of well-known places
Commit e474033e removed the redirection of incorrect public keys
aimed to generate a lot of files without correct public signature.

Fix the test by returning back the creation of files containing
incorrect public keys for ed25519.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-17 16:46:49 +03:00
Colin Walters
b7f48a74c0 lib: Move internal binding verification API to repo.c
`ostree-repo-pull.c` is rather monstrous; I plan to split it
up a bit.  There's actually already a `pull-private.h` but
that's just for the binding verification API.  I think that one
isn't really pull specific.  Let's move it into the "catchall"
`repo.c`.
2020-04-17 01:16:51 +00:00
OpenShift Merge Robot
388c3033bc
Merge pull request #2070 from cgwalters/travis-libsodium
travis: Add some libsodium coverage
2020-04-16 15:08:44 -07:00
Denis Pynkin
a17cdec936 Add the same config options for distcheck
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-16 17:34:09 -04:00
Denis Pynkin
0807f100e2 Fix the lost line separator
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-16 17:34:09 -04:00
Denis Pynkin
735b03dbf9 Add ci_pkgs to travis-install.sh
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-16 17:34:09 -04:00
OpenShift Merge Robot
5092a8feac
Merge pull request #2072 from cgwalters/feature-ed25519
Use `sign-ed25519` for the feature name
2020-04-16 13:29:36 -07:00
Colin Walters
e63647c6d0 travis: Add some libsodium coverage
As far as I can tell we're not gating on this right now.  From
a quick glance, it looks like Debian stable has `libsodium-dev`
but only Ubuntu eoan does which we're not testing right now.
2020-04-16 17:19:51 +00:00
Colin Walters
d1e5ed379e Use sign-ed25519 for the feature name
`libsodium` is an implementation detail.  In particular, I'd like
to consider using OpenSSL for ed25519 (if libsodium isn't configured
and openssl is).

So switch the name of the exposed feature and adjust the tests.
2020-04-16 16:43:43 +00:00
OpenShift Merge Robot
eae41ea203
Merge pull request #2071 from cgwalters/ci-min-check
ci: Build minimal without libsodium too
2020-04-16 08:47:45 -07:00
Colin Walters
a6efae909f ci: Build minimal without libsodium too
The goal is to test "no options" build - and eventually tests.
(We're not actually including libsodium in the cosa buildroot right
 now, but we may in the future)
2020-04-16 14:15:28 +00:00
OpenShift Merge Robot
9e30b0f8f5
Merge pull request #2063 from cgwalters/sig-cleanups-2
pull: Cleanup signature verification functions
2020-04-16 01:38:12 -07:00
Colin Walters
8e7aea4473 Change signature opts to include type, cleanup error handling
Previously we would pass the `verification-key` and `verification-file`
to all backends, ignoring errors from loading keys until we
found one that worked.

Instead, change the options to be `verification-<engine>-key`
and `verification-<engine>-file`, and then
rework this to use standard error handling; barf explicitly if
we can't load the public keys for example.  Preserve
the semantics of accepting the first valid signature.  The
first signature error is captured, the others are currently
compressed into a `(and %d more)` prefix.

And now that I look at this more closely there's a lot of
duplication between the two code paths in pull.c for verifying;
will dedup this next.
2020-04-15 22:07:11 +00:00
OpenShift Merge Robot
fd55deb0f7
Merge pull request #2068 from cgwalters/pull-cosmetic-renames
lib/pull: Two cosmetic internal function renames
2020-04-15 10:30:18 -07:00
Colin Walters
e035230c6b lib/pull: Two cosmetic internal function renames
I'm mainly doing this to sanity check the CI state right now.

However, I also want to more cleanly/clearly distinguish
the "sign" code from the "gpg" code.

Rename one function to include `gpg`.

For the other...I think what it's really doing is using the remote
config, so change it to include `remote` in its name.
2020-04-15 17:06:14 +00:00
OpenShift Merge Robot
2b739ce431
Merge pull request #2069 from jlebon/pr/tweak-ci
ci: Adapt to use new fcosKola semantics
2020-04-15 19:01:40 +02:00
Jonathan Lebon
452840f283 ci: Adapt to use new fcosKola semantics
This was changed recently and broke us since we do explicitly call
`fcosKola` instead of implicitly via `fcosBuild`. Adapt to the new
semantics.
2020-04-15 12:37:54 -04:00
Denis Pynkin
73d527dee3
Merge pull request #2064 from cgwalters/dummy-only-when-testing
Only enable "dummy" signature type with opt-in env variable
2020-04-15 12:28:52 +03:00
Colin Walters
b6040143e5 Only enable "dummy" signature type with opt-in env variable
I don't want to even have to think about people using
this in production.
2020-04-14 22:18:13 +00:00
OpenShift Merge Robot
8baee5cd04
Merge pull request #2058 from cgwalters/signing-cleanups
pull: Update key loading function to match error style
2020-04-07 20:49:04 +02:00
OpenShift Merge Robot
e88835e29d
Merge pull request #2061 from cgwalters/add-d4s
OWNERS: add d4s to reviewers
2020-04-07 19:45:17 +02:00
OpenShift Merge Robot
dd44f6f941
Merge pull request #2060 from d4s/ostree_repo_pull_with_options-gpg_check
lib/repo-pull: fix GPG check while pulling remote
2020-04-07 16:04:22 +02:00
OpenShift Merge Robot
4a57204c60
Merge pull request #2044 from martinezjavier/duplicated-entries
grub2: Don't add menu entries if GRUB supports parsing BLS snippets
2020-04-07 15:54:08 +02:00
Colin Walters
248596465c OWNERS: add d4s to reviewers
He did a lot of work on signing and will continue that.
2020-04-07 13:07:55 +00:00
Denis Pynkin
ef1aeb7458 lib/repo-pull: fix GPG check while pulling remote
If GPG support is disabled in a build time we should to check if any of
options "gpg_verify" or "gpg_verify_summary" is set to TRUE instead
of checking if they are passed via options while pulling from remote.

Fixed the failure with assertion of `ostree find-remotes --pull --mirror`
calling (`tests/test-pull-collections.sh`) if libostree has been compiled
without GPG support.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-07 01:11:29 +03:00