Commit Graph

4837 Commits

Author SHA1 Message Date
OpenShift Merge Robot
0638d1ea86
Merge pull request #2057 from cgwalters/test-sizes-error
tests/pull-sizes: Disable xattrs everywhere
2020-04-06 22:33:43 +02:00
OpenShift Merge Robot
1b0eec02d4
Merge pull request #2059 from cgwalters/commit-from-base-tree
commit: Add --base argument
2020-04-06 22:18:49 +02:00
OpenShift Merge Robot
eefb5241c8
Merge pull request #2055 from cgwalters/gtkdoc-warnings
lib: Squash two gtk-doc warnings
2020-04-06 21:54:13 +02:00
Colin Walters
329a82c57e commit: Add --base argument
I was trying to followup the `--selinux-policy-from-base` work
to add a `cosa build --fast=overlay` for coreos-assembler,
but hit on the fact that using e.g. `--owner-uid` disables
commit optimizations.

A while ago, https://github.com/ostreedev/ostree/pull/1643 landed
which optimized this for the case where no modifications are provided.
But, we really need the SELinux policy bits, and it's super convenient
to run `ostree commit` as non-root.

It's fairly surprising actually that it's taken us so long to
iterate on a good interface for this "commit changes on top of a base"
model.  In practice, many nontrivial cases really end up needing
to do a (hardlink) checkout, and that case is optimized.

But for this coreos-assembler work I want to directly overlay onto
a commit object another commit object.

That previous PR above added exactly the API we need, so let's
expose it in the CLI.

What you can see happening in the test is that we provide
`--owner-uid 42`, but that only applies to directories/files
that were added in the commit.

And now that I look at this, I think what we really want here
is to avoid changing directories that exist in the base, but
eh; in practice the main use here is for `--owner-uid 0` while
committing as non-root; and that works fine with this since
the baseline uid will be zero as well.
2020-04-06 19:28:51 +00:00
Javier Martinez Canillas
768eee87f6
grub2: Don't add menu entries if GRUB supports parsing BLS snippets
This is another attempt to avoid having duplicated menu entries caused by
GRUB having support to parse BLS snippets and the 15_ostree script adding
menu entries as well.

The previous attempt was in commit 985a141002 ("grub2: Exit gracefully if
the configuration has BLS enabled") but that lead to users not having menu
entries at all, due having an old GRUB version that was not able to parse
the BLS snippets.

This happened because the GRUB bootloader is never updated in the ESP as
a part of the OSTree upgrade transaction.

The logic is similar to the previous commit, the 15_ostree script exits if
able to determine that the bootloader can parse the BLS snippets directly.

But this time it will not only check that a BLS configuration was enabled,
but also that a /boot/grub2/.grub2-blscfg-supported file exists. This file
has to be created by a component outside of OSTree that also takes care of
updating GRUB to a version that has proper BLS support.
2020-04-06 20:44:19 +02:00
Colin Walters
47539874b8 pull: Update key loading function to match error style
This code wasn't written with idiomatic GError usage; it's not standard
to construct an error up front and continually append to its
message.  The exit from a function is usually `return TRUE`,
with error conditions before that.

Updating it to match style reveals what I think is a bug;
we were silently ignoring failure to parse key files.
2020-04-05 18:49:25 +00:00
Colin Walters
6d89b969ed tests/pull-sizes: Disable xattrs everywhere
I am getting SELinux xattrs committed in local development (inside
https://github.com/cgwalters/coretoolbox ), which
throws off the hardcoded sizes in this test.
2020-04-05 18:38:26 +00:00
OpenShift Merge Robot
a16fe86b36
Merge pull request #1878 from d4s/wip/d4s/no_gpg
Alternative signing system
2020-04-04 19:46:12 +02:00
Colin Walters
c4d519733d lib: Squash two gtk-doc warnings
Just noticed these while doing a build.
2020-04-04 17:05:56 +00:00
OpenShift Merge Robot
08ebf5ae5a
Merge pull request #2051 from fkrull/repo_finder_avahi
lib: fix typo in function docs
2020-04-02 00:34:59 +02:00
Felix Krull
7091e1b5ca lib: fix typo in function docs 2020-04-01 23:06:19 +02:00
OpenShift Merge Robot
62632511f1
Merge pull request #2049 from cgwalters/sysroot-refactor
sysroot: Reorganize sysroot load code a bit
2020-04-01 15:18:06 +02:00
Colin Walters
40a60f1e83 sysroot: Reorganize sysroot load code a bit
No functional changes; prep for a future patch
which will load the "live" deployment rather than
reading the bootloader configs.
2020-03-31 21:42:21 +00:00
OpenShift Merge Robot
5b4c97511f
Merge pull request #1973 from mwleeds/avoid-extraneous-summary-copy
Don't copy summary for collection-ref mirror subset pulls
2020-03-29 01:04:57 +01:00
OpenShift Merge Robot
1003a2dbde
Merge pull request #2045 from cgwalters/sysroot-load-err
lib: Add error prefixing for sysroot load and repo open
2020-03-28 18:44:49 +01:00
Matthew Leeds
164b2aa35b Don't copy summary for collection-ref mirror subset pulls
When we're only pulling a subset of the refs available in the remote, it
doesn't make sense to copy the remote's summary (which may not be valid
for the local repo). This makes the check here match the one done
several lines above when we decide whether to error out if there's no
remote summary available.

This extends the fix in https://github.com/ostreedev/ostree/pull/935 for
the case of collection-refs.

Also, add a unit test for this issue, based on the existing one in
pull-test.sh.
2020-03-28 10:35:19 -07:00
Matthew Leeds
cd37293b5a find-remotes: Add a --mirror option
This will be useful in the unit test added by the next commit. It just
passes OSTREE_REPO_PULL_FLAGS_MIRROR to the call to
ostree_repo_pull_from_remotes_async().
2020-03-28 10:35:19 -07:00
Colin Walters
9cb148c9b9 lib: Add error prefixing for sysroot load and repo open
Noticed this while writing tests for a core `ostree_sysroot_load()`
entrypoint.  And decided to do the same for `ostree_repo_open()`,
and while there also noted we had a duplicate error prefixing
for the open (more recently `glnx_opendirat()` automatically
prefixes with the path).
2020-03-28 14:08:51 +00:00
Denis Pynkin
e2c601687b ostree-repo: improve error handling
Correctly return "error" from `ostree_repo_sign_commit()`
in case if GPG is not enabled.

Use glnx_* functions in signature related pull code for clear
error handling if GPG isn't enabled.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
cce3864160 sign-pull: improve error handling
Use glnx_* functions in signature related pull code for clear
error handling.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
584ad40549 lib/sign: return false for non-implemented functions
Do not mask implementation anymore since we have a working
engines integrated with pulling mechanism.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
5a39281fbe tests/sign: check pull failure with invalid remote options
Pull should to fail if no known signature available in remote's
configuration or well-known places.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
e16faa58f4 lib/sign: convert ostree_sign_summary to new style
The "new style" code generally avoids `goto err` because it conflicts
with `__attribute__((cleanup))`.  This fixes a compiler warning.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
1e3bdef285 sign-dummy: optimize ostree_sign_dummy_data_verify
Return TRUE as soon as any signature verified.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
aaf73f6afc sign-ed25519: Convert functions to new style
The "new style" code generally avoids `goto err` because it conflicts
with `__attribute__((cleanup))`.  This fixes a compiler warning.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
09d5b475af tests/sign: added check with file and single key on pull
Additional test of signatures check behavior during the pull
with keys file containing wrong signatures and correct verification
key. Both are set as a part of remote's configuration.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Colin Walters
9d02199675 signing: Remove g_debug(__FUNCTION__)
This type of thing is better done via `gdb` and/or userspace
tracing (systemtap/bpftrace etc.)
2020-03-25 15:23:55 +03:00
Colin Walters
e2bd2abc67 sign-dummy: Convert to current code style
This keeps the code style consistent.
2020-03-25 15:23:55 +03:00
Colin Walters
2a0edccbd3 sign-ed25519: Convert some functions to new style
The "new style" code generally avoids `goto err` because it conflicts
with `__attribute__((cleanup))`.  This fixes a compiler warning.
2020-03-25 15:23:55 +03:00
Colin Walters
fbc5927d7e build-sys: Print libsodium status at end of configure
Like we do with other features.
2020-03-25 15:23:55 +03:00
Denis Pynkin
59b9e64b72 lib/repo-pull: return errors from signature engines
Improve error handling for signatures checks -- passthrough real
reasons from signature engines instead of using common messages.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
194ab368f2 lib/repo-pull: return error from signing engine
Return the collected errors from signing engines in case if verification
failed for the commit.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
dd27461e22 lib/sign: better error handling of ed25519 initialization
Add more precise error handling for ed25519 initialization.
Check the initialization status at the beginning of every public
function provided by ed25519 engine.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
b4050b4a34 lib/sign: make ed25519 engine non-public
Remove unneeded public declaration for ed25519 signing engine.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
4d0e3a66c5 lib/sign: make dummy engine non-public
Remove unneeded public declaration for dummy signing engine.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
8b3b35a04a bin/pull-local: add --sign-verify-summary
Add option for enabling summary file verification while pulling from local.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
b97ab81bab lib/repo-pull: add signature check while fetching summary
Check the signature of downloaded summary file.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
c69dce3c31 lib/repo-pull: set default for sign-verify-summary
Use FALSE as default for summary verification while pulling from remote.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
df36984684 lib/repo-pull: change sign supporting functions
Change the API of supporting functions `_load_public_keys()` and
`_ostree_repo_sign_verify()` -- pass repo object and remote name
instead of OtPullData object. This allows to use these functions
not only in pull-related places.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
809176b1ff gpg: do not fail GPG-related configuration get for remote
We don't need anymore stubs for verification options for remotes
in case if ostree built without GPG support.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
65c16a8318 man: add signature options for ostree summary
Add a description of new options `--sign-type` and `--sign` for
`ostree summary` command.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
1de2efa2ed tests/sign: new test for summary file verification
Add test for signature verification of summary file during the pull.
Adopted version of GPG tests from `test-pull-summary-sigs.sh`.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
40b80344f8 lib/repo-pull: verify signature on summary pull
Add signature verification on summary file pulling.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
137306f6f3 bin/summary: add signing with alternative mechanism
Allow to sign the summary file with alternative signing mechanism.
Added new options:
- --sign-type -- select the engine (defaults to ed25519)
- --sign -- secret key to use for signing

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
0bdcf14d56 lib/sign: new function for summary file signing
Add function `ostree_sign_summary()` allowing to sign the summary file.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
acace9b95a tests/sign: allow to start pull test without libsodium
Allow to run the pulling test if there is no ed25519 support.
Test the signed pull only with dummy engine. Fixed tests names.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
5cd822ae05 lib/sign: fix the false failure while loading keys
Usage of 'g_warning()' inside keys loading funcrion lead to false
failure: the key loading attempt for the wrong engine breaks the
pulling process instead of trying to use this key with correct engine.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
5dca74fab7 tests/sign: add verification key for pulling with dummy
After splitting out the common key to secret/public inside the dummy engine we
need to pass the the public key for remote with dummy engine usage.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
3063a0a838 lib/sign: use separate public and secret keys for 'dummy'
The initial implementation with single key for secret and public parts
doesn't allow to test pulling with several signing engines used.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
485ff7335f lib/sign: allow to build with glib version less than 2.44
Ubuntu 14.04 uses glib-2.40 which have no some shiny macroses
for interface declaration.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00