Commit Graph

7132 Commits

Author SHA1 Message Date
Colin Walters
64a38aec8c
Merge pull request #3353 from jlebon/pr/composefs-maybe
libostree/deploy: enable composefs by default
2024-12-17 15:34:37 -05:00
Colin Walters
1c68410368
Merge pull request #3354 from ruihe774/cfs-verity
prepare-root: Add composefs.enabled=verity
2024-12-17 14:59:00 -05:00
Colin Walters
08395e2479
Merge pull request #3348 from qiuzhiqian/main
rofiles-fuse: when fuse execution fails, rofiles-fuse still returns exit code 0
2024-12-17 14:22:10 -05:00
Colin Walters
3f7eb362f4
Merge pull request #3357 from ruihe774/validate-len
sign-ed25519: Fix error message of validate_length
2024-12-17 14:21:53 -05:00
Jonathan Lebon
41a7f36f8e
lib/deploy: error out if composefs enabled but unsupported
If composefs was explicitly requested (`enabled = true`) but libostree
was not compiled with composefs support, error out at deploy time. This
matches the logic in `ostree-prepare-root`.
2024-12-17 13:30:11 -05:00
Jonathan Lebon
9a0acd7249
libostree/deploy: enable composefs by default
The composefs libostree integration has been supported for a while now
and is actively in use in various ostree/bootc-based systems. Let's
turn it on by default.

This has no effect if composefs support is not compiled in. Note also
that this does not change the default value of the `composefs.enabled`
tristate to `true`. The default is still `maybe`, but the deploy API
will now also create composefs images for `maybe`.

The reason for doing it this way is so that systems upgrading from
old libostree versions (which may either not have composefs support or
may have composefs-related bugs) will still be able to upgrade and not
trip `ostree-prepare-root` in the new deployment (which allows missing
composefs images for `maybe`).

We may in the future change the default value to `true`.

See also: https://github.com/ostreedev/ostree/issues/2867
2024-12-17 13:30:08 -05:00
Colin Walters
ec363ade9d
Merge pull request #3356 from cgwalters/fix-ci
Fix ci
2024-12-17 11:39:49 -05:00
Misaki Kasumi
a8f75bfe35 sign-ed25519: Fix error message of validate_length 2024-12-17 15:55:08 +00:00
Misaki Kasumi
5831fb5a63 sysroot-deploy: Require fsverity when composefs.enabled=verity 2024-12-17 15:53:54 +00:00
Misaki Kasumi
881c88162a prepare-root: Add composefs.enabled=verity 2024-12-17 15:53:54 +00:00
Colin Walters
eb9aab652a deny: Add Unicode-3.0
This is under e.g.
https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
and is now used by the unicode-ident crate.
2024-12-16 17:03:03 +00:00
Colin Walters
c1ef3942f3 Switch to quay.io vs registry.ci
The old one was a mirror that seems to have finally
been decommissioned.
2024-12-16 16:56:57 +00:00
Colin Walters
74efebdf50
Merge pull request #3346 from cgwalters/commit-label-ordering
core: Always sort incoming xattrs
2024-12-03 11:20:33 -05:00
qiuzhiqian
8346244443 rofiles-fuse: Fixed the problem that when fuse execution fails, the command returns a status code of 0
testcase:
`$ sudo rofiles-fuse a b`
fuse: bad mount point `b': No such file or directory
`$ echo $?`
0
2024-12-03 20:38:35 +08:00
Colin Walters
1858d3d300 core: Always sort incoming xattrs
When recomputing selinux attrs during commit, we weren't sorting,
which could cause various issues like fsck failures.

This is a big hammer; change things so we always canonicalize
(i.e. sort) the incoming xattrs when creating a file header
and directory metadata.

I think almost all places in the code were already keeping
things sorted, but it's better to ensure correctness first.
If we ever have some performance issue (I'm doubtful) we
could add something like `_ostree_file_header_known_canonicalized`
or so.

Closes: https://github.com/ostreedev/ostree/issues/3343

Signed-off-by: Colin Walters <walters@verbum.org>
2024-12-02 10:40:17 -05:00
Colin Walters
111a45fa5c
Merge pull request #3340 from smcv/issue3339
composefs: Ensure buffer is suitably aligned for struct fsverity_digest
2024-11-14 16:49:32 -07:00
Simon McVittie
67ed2acad4 composefs: Ensure buffer is suitably aligned for struct fsverity_digest
struct fsverity_digest starts with a __u16, so it will normally require
16-bit alignment, which is not guaranteed for a char array.

Resolves: https://github.com/ostreedev/ostree/issues/3339
Signed-off-by: Simon McVittie <smcv@debian.org>
2024-11-14 13:55:11 +00:00
Colin Walters
8705495bc5
Merge pull request #3337 from dabukalam/patch-1
README: Update buildstream URL to new github repo
2024-11-12 08:47:29 -07:00
Danny Abukalam
3543fd823c
README: Update buildstream URL to new github repo 2024-11-12 14:27:15 +00:00
John Eckersberg
295841b472
Merge pull request #3328 from cgwalters/release
Release 2024.9
2024-11-05 09:41:27 -05:00
Colin Walters
72b6963c95 configure: post-release version bump
Signed-off-by: Colin Walters <walters@verbum.org>
2024-11-04 17:27:41 -05:00
Colin Walters
5fcb1896f5 Release 2024.9
Signed-off-by: Colin Walters <walters@verbum.org>
2024-11-04 17:27:41 -05:00
Colin Walters
20ebd3f6c3
Merge pull request #3334 from cgwalters/fix-composefs-default-docs
prepare-root: Fix composefs docs
2024-11-04 17:27:09 -05:00
Colin Walters
5a262340e7
Merge pull request #3331 from cgwalters/verity-no-verity
checkout: Only verify digest if repo requires fsverity
2024-11-04 16:10:39 -05:00
Colin Walters
9e0d778df3 bootupd-static: Drop this test
It breaks due to https://bugzilla.redhat.com/show_bug.cgi?id=2308594
2024-11-04 14:28:13 -05:00
Colin Walters
f3fdf2e3f6 prepare-root: Fix composefs docs
In practice in ostree-sysroot-deploy.c we only react to having
`composefs = yes`; the docs mention `maybe` but that never did
anything.

The value is wrong in the code too, but I'm not touching
that here to avoid conflating changes - the main thing to fix
is the docs because here `maybe == no`.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-11-04 13:52:10 -05:00
Colin Walters
6ed1f83ab8 checkout: Only verify digest if repo requires fsverity
Fixes a regression from the previous commit; in
the case where the target repo doesn't have composefs in
signed mode there's no reason to verify the digest
at checkout time because we aren't verifying it at
boot time either.

The regression is in cases that use rpm-ostree e.g.
where as of recently we unconditionally add the composefs
digest, but for e.g. FCOS we aren't deploying with fsverity
enabled.

Closes: https://github.com/ostreedev/ostree/issues/3330

Signed-off-by: Colin Walters <walters@verbum.org>
2024-11-04 13:01:55 -05:00
Colin Walters
ab8a7f7855
Merge pull request #3333 from smcv/gpg-2-2-45
tests: Work around GPG 2.2.45 error behaviour when revoking an expired key
2024-10-31 08:15:24 -04:00
Simon McVittie
1d916231a4 tests: Work around GPG 2.2.45 error behaviour when revoking an expired key
In GPG 2.2.45, a diagnostic message about the only trusted key having
already expired causes this import to produce exit status 2, but the
import still succeeds (the key is still revoked).

Bug: https://dev.gnupg.org/T7351
Bug-Debian: https://bugs.debian.org/1086140
2024-10-31 10:54:23 +00:00
Colin Walters
a35094a5cd
Merge pull request #3332 from cgwalters/fixups-for-fcos-composefs-default
tests: Skip checking for immutable bit on composefs
2024-10-30 14:37:59 -04:00
Colin Walters
80c7b86551 tests: Skip checking for immutable bit on composefs
Needed changing after FCOS switch.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-10-30 13:07:01 -04:00
Colin Walters
841c8a67d5
Merge pull request #3326 from cgwalters/hack-deploy-no-verity
deploy: Don't recompute verity checksums if not enabled
2024-10-29 15:09:59 -04:00
Colin Walters
a6d07b6cc3 deploy: Don't recompute verity checksums if not enabled
This fixes a truly horrific performance bug when
composefs is enabled, but fsverity is not supported
by the filesystem. We'd fall back to doing *userspace*
checksumming of all files at deployment time which was absolutely
not expected or required.

There's really an immense amount of technical debt
here, such as the confusion between `ex-integity.composefs`
vs the prepare-root config, how we handle "torn" states
where some objects don't have verity enabled but some do,
etc.

The ostree composefs state has two modes:

- signed: We need to enforce fsverity
- unsigned: Best effort resilience

So we fix this by making the deploy path to make verity
"opportunistic" - if the ioctl gives us the data, then we
add it to the composefs.

However, this code path is also invoked when we're
computing the expected composefs digest to inject
as commit metadata, and *that* API must work regardless
of whether the target repo has fsverity enabled as
it may operate on a build server.

One lucky thing in all of this: When I went to add
the "checkout composefs" API I added a stub `GVariant`
for options extensibility, which we now use.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-10-28 09:31:34 -04:00
Colin Walters
3625130ec0
Merge pull request #3323 from cgwalters/copydir-no-xattrs
deploy: Don't copy xattrs for devicetree
2024-10-21 08:02:32 -04:00
Colin Walters
72202df98f deploy: Don't copy xattrs for devicetree
xref: https://github.com/coreos/fedora-coreos-tracker/issues/1808

For the kernel/initramfs that we copy to `/boot`
we use an explicit relabeling today, ignoring the source SELinux
context.

When we added handling for devicetree it reuse the `copy_dir_recurse`
we have for `etc` handling, and that copied the source xattrs.

Let's ensure that the devicetree is also `boot_t` by *not* copying
xattrs and relying on the default labeling.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-10-18 11:32:42 -04:00
Colin Walters
f7018d84de
Merge pull request #3316 from ruihe774/readonly-cmdline
prepare-root: allow `sysroot.readonly=true` with kernel cmdline `ro`
2024-10-10 14:40:48 -04:00
Dan Nicholson
6dc8b87346
Merge pull request #3322 from cgwalters/tweak-commit-assertion
commit: Give a better error message for unhandled file type
2024-10-10 17:33:29 +02:00
Colin Walters
f11e6a4ae0 commit: Give a better error message for unhandled file type
xref https://github.com/ostreedev/ostree/issues/3319

It'd be useful to know what file type is being hit here; I believe
this code path should be unreachable.
2024-10-10 12:54:33 +00:00
Misaki Kasumi
5b6d208801 prepare-root: allow sysroot.readonly=true with kernel cmdline ro 2024-10-10 20:38:34 +08:00
Eric Curtin
a54518e4d9
Merge pull request #3317 from cgwalters/minor-overlay-tweaks
checkout: Add commentary around whiteout "quoting"
2024-10-02 14:13:26 +01:00
Colin Walters
fdfeb0ba7b checkout: Add commentary around whiteout "quoting"
Signed-off-by: Colin Walters <walters@verbum.org>
2024-10-01 17:07:59 -04:00
Eric Curtin
9ca8b4604d
Merge pull request #3311 from cgwalters/curl-minor
curl: Add more assertions for curl return values
2024-09-23 22:13:30 +01:00
Eric Curtin
199d062191
Merge pull request #3313 from cgwalters/fix-readthedocs
rust-bindings: Fix readthedocs.io link
2024-09-23 12:57:54 +01:00
Colin Walters
64af3bc059 rust-bindings: Fix readthedocs.io link
It should now point at GH pages.

Closes: https://github.com/ostreedev/ostree/issues/3312

Signed-off-by: Colin Walters <walters@verbum.org>
2024-09-23 10:19:53 +00:00
Colin Walters
772df8f600 curl: Add more assertions for curl return values
Followup to the previous curl fixes; if we'd had an assertion
earlier debugging the failure would have been more obvious.

All of these are "should not fail" cases so asserting is
right.
2024-09-19 14:29:20 -04:00
Colin Walters
688ced3901
Merge pull request #3309 from cgwalters/release
Release 2024.8
2024-09-19 09:58:54 -04:00
Colin Walters
a902afff65 Post-release version bump 2024-09-19 08:01:10 -04:00
Colin Walters
05d36e056d Release 2024.8 2024-09-19 07:53:45 -04:00
Dan Nicholson
e560092f54
Merge pull request #3307 from cgwalters/curl-reorder-teardown
curl: Make socket callback during cleanup into no-op
2024-09-18 21:36:13 -06:00
Colin Walters
05442f2a92
Merge pull request #3306 from cgwalters/curl-assert
curl: Assert that curl_multi_assign worked
2024-09-18 18:34:08 -04:00