IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I have a suspicion that the `semodule -N --refresh` we do here is
involved in https://github.com/coreos/fedora-coreos-tracker/issues/1597.
Let's log when we execute it and include its time.
While we're here, also log the time it takes to `syncfs()` and the
fsfreeze/thaw cycling. It's logged in a structured journal entry, but
that's less accessible than just having it in the journal message field.
This introduces the "retry-all-network-errors" option which
is enabled by default. This is a behavior change as now
ostree will retry on requests that fail except when
they fail with NOT_FOUND. It also introduces the options
"low-speed-limit-bytes" and "low-speed-time-seconds these"
map to CURL options only at the moment. Which have defaults
set following librepo:
7c9af219ab/librepo/handle.h (L90)7c9af219ab/librepo/handle.h (L96)
Currently these changes only apply when using libcurl.
Finally this change adds a final option that affects all
backends to control the max amount of connections of the
fetcher "max-outstanding-fetcher-requests".
This closes the biggest foot-gun when doing e.g.
`rpm-ostree rebase` when zincati is running on a FCOS system.
Previously if zincati happened to have staged + locked a deployment,
we'd keep around the lock which is definitely not what is desired.
Came up on an internal chat; previously we were only erroring
out when trying to do the SELinux labeling for `/var` which
was really misleading.
Add some other error prefixing while we have the patient open.
If the `prepare-root.conf` file contains:
```
[etc]
transient=yes
```
Then during prepare-root, an overlayfs is mounted as /etc, with the
upper dir being in /run. If composefs is used, the lower dir is
`usr/etc` from the composefs image , or it is the deployed
`$deploydir/usr/etc`.
Note that for this to work with selinux, the commit must have been
built with OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC. Otherwise
the lowerdir (/usr/etc) will have the wrong selinux contexts for the
final location of the mount (/etc).
We also set the transient-etc key in the ostree-booted file, pointing it
to the directory that is used for the overlayfs.
There are some additional work happening in ostree-remount, mostly
related to selinux (as this needs to happen post selinux policy
load):
* Recent versions of selinux-poliy have issues with the overlayfs
mount being kernel_t, and that is not allowed to manage files as
needed. This is fixed in
https://github.com/fedora-selinux/selinux-policy/pull/1893
* Any /etc files created in the initramfs will not be labeled,
because the selinux policy has not been loaded. In addition, the
upper dir is on a tmpfs, and any manually set xattr-based selinux
labels on those are reset during policy load. To work around this
ostree-remount will relabel all files on /etc that have
corresponding files in overlayfs upper dir.
* During early boot, systemd mounts /run/machine-id on top of
/etc/machine-id (as /etc is readonly). Later during boot, when etc
is readwrite, systemd-machine-id-commit.service will remove the
mount and update the real file under it with the right content. To
ensure that this keeps working, we need to ensure that when we
relabel /etc/machine-id we relabel the real (covered) file, not the
temporary bind-mount.
* ostree-remount no longer needs to remount /etc read-only in the
transient-etc case.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This test was always skipped, because the check:
if touch overlay/baz/.wh.cow &&
touch overlay/.wh.deeper &&
touch overlay/baz/another/.wh..wh..opq; then
always fails due to the missing overlay/baz/another directory.
Fix by creating the directory.
This will be very useful for enabling a "transient /etc" option
because we won't have to do hacks relabling in the initramfs, or
forcing it on just for composefs.
For some reason we're not picking this up in the Prow build,
which breaks things because now rpm-ostree hard requires it.
Let's make this a fatal build time error for more clear
debugging.
For ostree_repo_export_tree_to_archive(), and 'ostree export', when the
exported tree contains multiple files with the same checksum, write an
archive with hard links.
Without this, importing a tree, then exporting it again breaks
hardlinks.
As an example of savings: this reduces the (compressed) size of the
Fedora Flatpak Runtime image from 1345MiB to 712MiB.
Resolves: #2925
This will allow us to drop code like
87fc693c11/src/create_disk.sh (L503)
which is really just unnecessary since there aren't any other
bootloaders we care about on this architecture.
gitlab.gnome.org is down right now, but it's been somewhat
flaky in the past. Our CI uptime becomes an *intersection*
of all systems it depends on, and by cutting out gitlab.gnome.org
we increase its reliability.
