Commit Graph

153 Commits

Author SHA1 Message Date
Colin Walters
f4e56b910f admin-deploy: Add --stateroot as alias for --os
To further help deprecate the confusing "osname" terminology.
2023-08-17 16:49:09 -04:00
Colin Walters
9d5ccfefff Add ostree admin stateroot-init as alias for os-init
To further help deprecate the confusing "osname" terminology.
2023-08-17 16:46:02 -04:00
Colin Walters
e88ec69eef repo: Bump lock timeout to 5 minutes
And update the doc text to talk about having a timeout at all
by default being a mistake.

Timeouts are really best handled at a higher level; if two processes
are contending for the ostree lock and one is actually frozen,
resolving this is something an admin may want to handle and introspect/debug
instead of having the waiter error out.

Most people using ostree are doing it in a way in which they have
higher level timeouts (e.g. on a container pod).
2023-08-17 08:28:16 -04:00
Alexander Larsson
81fa214155 Read composefs configuration from initrd instead of commandline
This drops the `ot-composefs` kernel commandline in favour
of a `[composefs]` section in the `prepare-rootfs.conf` file.

You can set `composefs.enabled` to `signed`, `yes`, `no` or `maybe`,
with `maybe` being the default.

You can also set `composefs.keypath` (or rely on the default
`/etc/ostree/initramfs-root-binding.key`) to point to ed25519 public
keys, one of which which the commit must be signed with, or boot
fails.

The ostree dracut module adds `/etc/ostree/initramfs-root-binding.key`
to the initrd if it exists.

NOTE: This drop the option to define a digest in the commandline.
However, that was currently unused
(i.e. ComposefsConfig.expected_digest was never read).

Additionally it very hard to actually store the composefs digest in
the initrd, as the initrd is typically part of the commit and thus the
composefs. It may be possible to handle this, but lets add it back
when we know exactly how that will work.
2023-08-14 12:27:47 +02:00
Eric Curtin
2cc6b53199
Merge pull request #2966 from cgwalters/ostree-admin-edit
Add `admin set-default`
2023-08-08 14:24:35 +01:00
Colin Walters
60b4655677 More fully drop trivial-httpd entrypoint
It's just part of the tests and we should no longer
support `ostree trivial-httpd`.

This is a followup cleanup to previous work.
2023-08-03 15:10:11 -04:00
Colin Walters
3cd3251aa1 Add admin set-default
A core underlying primitive in the C library is the ability
to arbitrarily reorder bootloader entries.

Let's expose the basic functionality here with the ability to pick
an arbitrarily deployment for the next boot.

Closes: https://github.com/ostreedev/ostree/issues/2965
2023-08-03 15:09:57 -04:00
Colin Walters
22b8e4f953 prepare-root: Introduce ostree/prepare-root.conf
Using the repository configuration for configuration of this
program was always a bit hacky.

But actually with composefs, we really must validate
the target root *before* we parse anything in it.

Let's add a config file for `ostree-prepare-root` that can live
in the initramfs, which will already have been verified.

In the future we'll also add configuration for composefs here.

We expect OS builders to drop this in `/usr/lib/ostree/prepare-root.conf`,
but system local configuration can live in `/etc`.
2023-07-25 09:15:09 -04:00
Eric Curtin
27a9fe30b3
Merge pull request #2936 from cgwalters/sign-from-file
commit: Add `--sign-from-file`
2023-07-16 22:22:20 +01:00
Colin Walters
82d934916b commit: Add --sign-from-file
Passing the private key via a direct command line argument
is just a bad idea because it's highly likely to get logged
or appear in `ps`.
Spotted in review of work for composefs signatures.
2023-07-15 09:50:40 -04:00
Colin Walters
1e4cb30c68 man: Add ostree-prepare-root
Add an overdue man page that describes this.  Prep for also
documenting composefs things here.
2023-07-13 17:24:52 -04:00
Colin Walters
91c6b1a6d2 composefs: Add some basic docs
Let's describe the state of things at a high level, independent
of the tracking issue which has a lot more detail (and hence noise).

This document keeps things at a high level and describes how to
enable things today.
2023-06-14 16:41:48 -04:00
Joseph Marrero Corchado
4f0c13fb8b
Merge pull request #2705 from cgwalters/always-boot
Add `sysroot.bootprefix` option
2023-03-17 11:09:19 -04:00
Dan Nicholson
86701f0f84 bin/show: Add options to list metadata keys
While `--print-metadata-key` is very useful, it's not that helpful if
you don't know what the keys are.
2023-02-07 22:59:30 -07:00
Dan Nicholson
008c5a9540 bin/remote-refs: Add option to print revisions
The only other way to get the remote ref revision from the CLI is to
scrape the output of `ostree remote summary` or pull the commit. The
revision is already there in the summary's ref map, so might as well add
an option to show it.
2023-02-07 22:59:30 -07:00
Dan Nicholson
90dd45fb27 bin/refs: Add option to print revisions
Allow printing the revision along with the ref. This is very convenient
for looping over the refs in a shell as well as for quickly seeing which
refs are pointed to the same commit.
2023-02-07 22:59:30 -07:00
Dan Nicholson
2b8707b010 bin: Cleanup documentation of --cache-dir option
In all cases documentation was missing from the manual and the bash
completion was incorrectly assigning it as a boolean option.
2023-02-07 22:59:20 -07:00
Miguel Angel Ajo
e234b630f8 Support overlayfs whiteouts on checkout
Introduces an intermediate format for overlayfs storage, where
.wh-ostree. prefixed files will be converted into char 0:0
whiteout devices used by overlayfs to mark deletions across layers.

The CI scripts now uses a volume for the scratch directories
previously in /var/tmp otherwise we cannot create whiteout
devices into an overlayfs mounted filesystem.

Related-Issue: #2712
2022-09-28 12:26:31 +02:00
Colin Walters
10e465c3c4 Add sysroot.bootprefix option
This is a follow up to
0ced9fde76
"sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot"

What we should have done at the time is changed our bootloader entries
to be prefixed with `/boot`.  This means that the GRUB2 BLS support
will Just Work.

For now, I'm making this option default to off out of a lot of
conservatism.  I think in the future we should flip this on by default.
2022-08-31 16:30:31 -04:00
Colin Walters
ad0354ac36 cli/rev-parse: Add --single option
In the current "ostree native container" flow, we're inserting
a commit object into the repo but with no refs.

We have hacks in a few places to find the commit digest via e.g.
`find repo/objects -name *.commit` but that's a horrible hack.
Add `ostree rev-parse --single` which will print the single commit,
and error out if there is not exactly one commit.

Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
2022-08-18 11:08:17 -04:00
Luca Bruno
7aa17acd8d
Merge pull request #2613 from GuiltyDoggy/man-update
man: Fix ostree-admin-instutil subcommands
2022-05-30 17:35:05 +00:00
Yosuke Matsumura
87afaced37 man: Fix ostree-admin-instutil subcommands
<term><cmdsynopsis> is not valid, causing the command to not be rendered
correctly.

Create one <variablelist> per <cmdsynopsis>. Inelegant but maintains
desired formatting.

Closes #2581
2022-05-19 18:48:17 -05:00
Saqib Ali
248b2936ac man/ostree.repo-config.xml: add docs for bls-append-except-default key
Relevant: https://github.com/coreos/fedora-coreos-tracker/issues/134
2022-05-19 09:59:50 -04:00
Dan Nicholson
8032e89d33 man: Create an HTML index
This provides something that can serve at the root of the HTML man pages
tree.
2022-04-08 19:25:32 -06:00
Dan Nicholson
d5061dcf82 man: Use custom XSL stylesheet for HTML output
This allows using a template stolen from systemd to turn references into
links.
2022-04-08 19:25:32 -06:00
Dan Nicholson
f396873d36 man: Remove unnecessary nbsp's from ostree man page
I really don't know what these were for. In both man and HTML output
with a recent version of the Docbook XSL, the command synopses are
already indented. I don't see any reason why they'd need to be manually
indented more.
2022-04-08 19:25:32 -06:00
Saqib Ali
ce44b1907e man/prune, bash: Add --commit-only flag for ostree prune
Update the man page and the auto-complete script
to include the --commit-only flag
2022-02-25 18:32:25 -05:00
Colin Walters
e6a734ab25
Merge pull request #2541 from melix99/find-remotes-fix-typo
man: Fix typo in ostree-find-remotes
2022-02-13 10:54:30 -05:00
Marco Melorio
6264c6deca
man: Fix typo in ostree-find-remotes 2022-02-12 19:00:28 +01:00
Marco Melorio
99e01c8b7b
man: Fix typo in ostree-admin-switch 2022-02-12 18:48:35 +01:00
Dan Nicholson
6fbf759279 lib/repo: Add commit version metadata to summary metadata
The commit metadata `version` key is well established but getting it for
a remote commit is cumbersome since the commit object needs to be
fetched and loaded. Including it in the summary additional metadata
allows a much more convenient view of what each of the remote refs
represents.
2022-02-04 14:28:11 -07:00
Joseph Marrero
581a58067b Update FSF license notices to use URL instead of address 2021-12-07 08:34:25 -05:00
Colin Walters
ce36e05d38
Merge pull request #2434 from cgwalters/custom-remote
Add support for "custom remotes"
2021-09-08 09:27:26 -04:00
Colin Walters
511c7a13ee Add support for "custom remotes"
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/

Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`.  (At least, not until we merge ostree-rs-ext into ostree, but
 even then I think the principle stands)
2021-09-08 07:42:25 -04:00
Colin Walters
8821ec6e56 upgrade: Stabilize deployment staging
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.

Also, `ostree admin upgrade --stage` (should) become idempotent.

Closes: https://github.com/ostreedev/ostree/issues/2389
2021-09-07 16:12:43 -04:00
Dan Nicholson
58a683f8f0 bin/remote: Rename list-gpg-keys to gpg-list-keys
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.

Changes were done with:

```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
  dst=${src/list-gpg-keys/gpg-list-keys}
  git mv "$src" "$dst"
done
```
2021-08-23 15:30:31 -06:00
Colin Walters
98f3fe3d8e
Merge pull request #2401 from dbnicholson/gpg-key-info
Remote GPG key info
2021-08-20 15:11:11 -04:00
Dan Nicholson
74fb0c5f78 bin/remote: Add list-gpg-keys subcommand
This provides a wrapper for the `ostree_repo_remote_get_gpg_keys`
function to show the GPG keys associated with a remote. This is
particularly useful for validating that GPG key updates have been
applied. Tests are added, which checks the
`ostree_repo_remote_get_gpg_keys` API by extension.
2021-07-15 15:50:04 -06:00
Benjamin Gilbert
5b5d3b12fb man: improve statoverride description
A statoverride file written in the obvious way will produce incorrect
results for two independent reasons.  Document them.
2021-07-14 16:34:35 -04:00
Timothée Ravier
02527f115e *: rename master to main in tests & examples 2021-05-07 16:55:03 +02:00
Colin Walters
857587615d Add an API+CLI to inject metadata for bootable OSTree commits
I was doing some rpm-ostree work and I wanted to compare two
OSTree commits to see if the kernel has changed.  I think
this should be a lot more natural.

Add `ostree commit --bootable` which calls into a new generic
library API `ostree_commit_metadata_for_bootable()` that
discovers the kernel version and injects it as an `ostree.linux`
metadata key.  And for extra clarity, add an `ostree.bootable`
key.

It's interesting because the "core" OSTree layer is all about
generic files, but this is adding special APIs around bootable
OSTree commits (as opposed to e.g. flatpak as well as
things like rpm-ostree's pkgcache refs).

Eventually, I'd like to ensure everyone is using this and
hard require this metadata key for the `ostree admin deploy`
flow - mainly to prevent accidents.
2021-03-12 19:01:42 +00:00
Phaedrus Leeds
d3e40ca7f6 man: Add missing repo mode in config docs 2021-03-08 13:18:31 -08:00
Dan Nicholson
4db2ba0eb1 pull: Allow disabling commit binding verification
In some cases such as backups or mirroring you may want to pull commits
from one repo to another even if there commits that have incorrect
bindings. Fixing the commits in the source repository to have correct
bindings may not be feasible, so provide a pull option to disable
verification.

For Endless we have several repositories that predate collection IDs and
ref bindings. Later these repositories gained collection IDs to support
the features they provide and ref bindings as the ostree tooling was
upgraded. These repositories contain released commits that were valid to
the clients they were targeting at the time. Correcting the bindings is
not really an option as it would mean invalidating the repository
history.
2020-12-17 14:07:08 -07:00
William Manley
31acd2ef99 Add support for explicitly requesting any specific bootloader type
...with the `sysroot.bootloader` configuration option.  This can be useful
when converting a system to use `ostree` which doesn't currently have a
bootloader configuration that `ostree` can automatically detect, and is
also useful in combination with the `--sysroot` option when provisioning a
rootfs for systems other than the one you're running `ostree admin deploy`
on.
2020-10-26 23:51:11 +00:00
Alexander Larsson
024ef1d756 deltas: Add and document no-deltas-in-summary config option
By default this is FALSE to keep existing clients working.
2020-10-23 12:30:08 +02:00
OpenShift Merge Robot
9f98aa9223
Merge pull request #2198 from cgwalters/no-hardlink-zerosize
checkout: Don't hardlink zero sized files
2020-10-05 22:06:38 +02:00
Colin Walters
558720e7aa checkout: Don't hardlink zero sized files
Alternative to https://github.com/ostreedev/ostree/pull/2197

Python's (usually) zero-sized `__init__.py` files can provoke
us hitting the hardlink limits on some filesystems (`EMLINK`).
At least one Fedora rpm-ostree user hit this.

The benefits of hardlinking here are quite marginal; lots
of hardlinks can behave suboptimally in particular filesystems
like BTRFS too.

This builds on prior code which made this an option, introduced
in 673cacd633
Now we just do it uncondtionally.

Also this provoked a different bug in a very obscure user mode checkout
case; when the "real" permissions were different from the "physical"
permissions, we would still hardlink.  Fix the test case for this.
2020-10-01 16:47:07 -04:00
Frédéric Danis
2e97f5659f bin/static-delta: Add signature parameters to apply-offline
This allows to check the delta signature before applying it.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
512db0435c bin/static-delta: Add command to verify delta signature
Add new "static-delta verify" sub-command.
This supports multiple keys to verify the static-delta file.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
92efbc00d8 bin/static-delta: Add support to sign superblock
Add signing ability to "static-delta generate" builtin.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00