Commit Graph

6169 Commits

Author SHA1 Message Date
Colin Walters
edba4b33be Remove unused linux/fs.h includes
Prep for fixing conflicts introduced by newer glibc.
cc https://github.com/ostreedev/ostree/issues/2685
2022-08-03 10:37:40 -04:00
Luca Bruno
5de689b846
Merge pull request #2683 from cgwalters/sync-deny
deny.toml: Add `Unicode-DFS-2016`
2022-08-03 11:41:18 +00:00
Colin Walters
a83673f1a7 deny.toml: Add Unicode-DFS-2016
This is used by the unicode crate now and is definitely a compatible
FOSS license.
2022-08-01 14:43:31 -04:00
Colin Walters
459a4c2227
Merge pull request #2678 from cgwalters/release-2022-5
Release 2022 5
2022-07-22 16:11:20 -04:00
Colin Walters
55292e4007 rust-bindings: Fix cargo fmt 2022-07-22 15:20:05 -04:00
Colin Walters
d7c25a2062 configure: post-release version bump 2022-07-22 15:20:05 -04:00
Colin Walters
15740d042c Release 2022.5 2022-07-22 15:08:25 -04:00
Colin Walters
f50fe7008c
Merge pull request from GHSA-gqf4-p3gv-g8vw
Fix sign ed25519 verify
2022-07-22 15:05:27 -04:00
Luca Bruno
f2ea2f30cc
Merge pull request #2675 from HuijingHei/update-doc
Update doc about adding new function to libostree
2022-07-15 18:25:13 +00:00
Colin Walters
6200ec321f
Merge pull request #2676 from render-se/debos-docs
add debos to readme distribution build tools
2022-07-15 14:24:25 -04:00
Chris Mucciolo
6cb1227177 docs add debos to readme distribution build tools 2022-07-15 13:24:29 -04:00
Colin Walters
e0417957ea rust: Add a test case for ed25519
Specifically, I verified that *before* the previous patch to the
ed25519 C code, the last bit of code would fail with a SIGSEGV when
trying to read the empty signature.
2022-07-14 17:13:51 -04:00
Colin Walters
83e6357186 sign/ed25519: Verify signatures are minimum length
The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>

Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
2022-07-14 17:13:51 -04:00
Huijing Hei
7db2fe8cba Update doc about adding new function to libostree 2022-07-14 16:05:53 +08:00
Colin Walters
ed1146738b
Merge pull request #2669 from HuijingHei/fix-kargs
Fix `ostree admin kargs edit-in-place` fails issue
2022-07-13 16:35:28 -04:00
Colin Walters
a3749efb1a
Merge pull request #2672 from cgwalters/initialize-sysroot-cleanups
sysroot: Have `ensure_writable` also always initialize
2022-07-13 16:35:17 -04:00
Colin Walters
035b290210
Merge pull request #2673 from cgwalters/assert-boot
sysroot: Add a few more assertions about `boot_fd`
2022-07-13 16:35:10 -04:00
Colin Walters
60853219d5 sysroot: Add a few more assertions about boot_fd
These places are all safe, but it would catch bugs in the future
more clearly to trip an assertion here.
2022-07-13 15:38:59 -04:00
Colin Walters
75aa7a22f6 sysroot: Have ensure_writable also always initialize
For historical reasons we have a fair bit of distinct sysroot
initialization going on.  A lot of code is calling *just* the new
`ensure_writable()` API, which does basically what you'd expect...
except if we're not using a mount namespace.

Which is the case in unit tests and legacy setups.
Change this API to also ensure the sysroot is fully initialized
even in those cases.  Specifically we'll have `self->sysroot_fd`.

For now, callers that need `/boot` also need to separately
call `_ensure_boot_fd()`.
2022-07-13 15:35:00 -04:00
Colin Walters
2c71655205 deploy: Ensure sysroot is initialized for kargs in place
Even without a mount namespace set up.
2022-07-13 15:32:05 -04:00
Colin Walters
7e7a3df99b
Merge pull request #2671 from matthiasbeyer/readme-rust-bindings-fix
Fix link to rust bindings
2022-07-12 16:03:09 -04:00
Huijing Hei
8f24e0826a Add test to verify ostree admin kargs edit-in-place working 2022-07-12 20:56:18 +08:00
Huijing Hei
7b7b6d741b Fix ostree admin kargs edit-in-place fails issue
Add func to set kernel arguments in place, instead of create new
deployment
Fix https://github.com/ostreedev/ostree/issues/2664
2022-07-12 16:27:00 +08:00
Jonathan Lebon
2f8e31d172
Merge pull request #2668 from cgwalters/sync-cargo-deny 2022-07-11 13:52:53 -04:00
Matthias Beyer
22946e9d96 Fix link to rust bindings
ostree-rs was merged into ostree, so link to the rust bindings within
this repository.

Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2022-07-11 08:55:43 +02:00
Colin Walters
51ac63aa28
Merge pull request #2666 from saqibali-2k/pr/bls-append
ostree-repo: bls-append-except-default followup
2022-07-08 09:41:04 -04:00
Colin Walters
d3762be9b3 deny: Sync with rpm-ostree
This extends the license set basically and ignores private repos
(which we don't have any yet).
2022-07-08 09:33:18 -04:00
Saqib Ali
d7107e3036 ostree-repo: bls-append-except-default followup
This PR is followup from https://github.com/coreos/coreos-assembler/pull/2863
Summary of changes:
- Moved bls-append-except-default parsing logic to reload_sysroot_config()
- Made sure heap allocated memory is being freed
2022-07-07 16:06:11 -04:00
Colin Walters
c93fb71913
Merge pull request #2667 from cgwalters/deploy-require-repo
lib: Stop using old `ostree_sysroot_get_repo()` API
2022-07-06 17:13:23 -04:00
Colin Walters
becc18936f lib: Stop using old ostree_sysroot_get_repo() API
It's falliable, and in one place we were actually ignoring
the error and leaving a `NULL` repo object which is just a trap
for people coming along later since it's rarely nullable.

Quite a while ago we switched to loading the repo at the same time
as the sysroot; convert callers in the library to use this infallible
accessor.

Prep for another patch which will use the repo object.
2022-07-06 07:47:57 -04:00
Colin Walters
0d911bf91f
Merge pull request #2632 from saqibali-2k/pr/prune-commit-only
lib/prune: speed up pruning by retrieving only commits
2022-06-30 09:08:54 -04:00
Jonathan Lebon
e527cdc582
Merge pull request #2661 from cgwalters/port-cap-std 2022-06-28 16:56:09 -04:00
Saqib Ali
a984871237 lib/prune: speed up pruning by retrieving only commits
After landing the new --commit-only functionality, we still noticed
exceedingly long pruning times in large repos. Lets add an optimization
that will only retrieve commit objects when --commit-only flag is used.
2022-06-27 08:04:50 -04:00
Colin Walters
e98988ba17 tests/inst: Port to cap-std
Part of an ongoing effort.
2022-06-24 16:23:05 -04:00
Colin Walters
bba9724317
Merge pull request #2660 from cgwalters/fix-load-file-api
repo: Metadata return values from `load_file` are not nullable
2022-06-24 14:30:33 -04:00
Jonathan Lebon
40703cad56
Merge pull request #2655 from nikita-dubrovskii/sdboot_rename 2022-06-24 12:49:50 -04:00
Jonathan Lebon
502ad96af2
Merge pull request #2659 from cgwalters/hackaround-cosa-systemd-unit-check 2022-06-24 10:49:19 -04:00
Colin Walters
52d6f4e790 tests/staged-deploy.sh: Hack around cosa systemd unit check
https://github.com/coreos/coreos-assembler/pull/2921 broke this
test which is intentionally causing a systemd unit to fail.

As they say, necessity is the mother of invention.  They don't
say though that need always causes particularly *beautiful* things
to be invented...
2022-06-24 10:18:53 -04:00
Nikita Dubrovskii
14a7c0c74b s390x: rename sd-boot to sdboot
Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
2022-06-24 15:15:57 +02:00
Colin Walters
be2075eef0 repo: Metadata return values from load_file are not nullable
The pattern this API uses in C is to allow the input parameters
pointer targets to be `NULL`, and it doesn't return values in that
case.

A further complexity here is that the API will still return `NULL`
for symbolic links.

But Rust can't express this pattern as is, so we were always
returning values but in `Option<T>` wrappers that the caller needed
to unwrap for the metadata.

(We really want an even more efficient API here that avoids the glib
 objects entirely, e.g. no reason not to pass directly back a type
 that lets Rust directly read from the fd for bare repos, but
 that can come later)
2022-06-23 17:43:42 -04:00
Colin Walters
ee5b3c76c3
Merge pull request #2656 from cgwalters/bump-cap-std
rust: Bump semver to 0.15 && bump cap-std 0.25
2022-06-23 16:36:24 -04:00
Colin Walters
6fda7112c8
Merge pull request #2658 from jlebon/pr/pinger
tests/inst/destructive: stop disabling fedora-coreos-pinger
2022-06-23 16:35:49 -04:00
Jonathan Lebon
7814d9339e tests/inst/destructive: stop disabling fedora-coreos-pinger
It was removed from FCOS:
https://github.com/coreos/fedora-coreos-tracker/issues/770
2022-06-23 15:50:39 -04:00
Colin Walters
63499747b9 Bump to cap-std 0.25 and io-lifetimes 0.7
Prep for bumping ostree-rs-ext, which will help bump rpm-ostree,
which will get it out of having two copies of rustix.
2022-06-23 14:59:03 -04:00
Colin Walters
b87c8a8e23 rust: Bump semver to 0.15
Prep for some breaking changes.
2022-06-23 14:58:22 -04:00
Colin Walters
37d0ca41b6 Fix clippy lint in cap-std bits 2022-06-23 14:58:00 -04:00
Colin Walters
001839b35f ci/rust: Change MSRV to cargo check
No reason to codegen just to throw it away.  We could test here too,
but eh.
2022-06-23 14:45:16 -04:00
Colin Walters
ed98a7904c ci/rust: Enable cap-std-apis in default build, add a no-feature build
Our CI was missing coverage of `cap-std-apis`.
2022-06-23 14:45:11 -04:00
Colin Walters
578a0c2507
Merge pull request #2639 from HuijingHei/admin-kargs-edit-in-place
RFE: Add a hidden option to `ostree admin kargs edit-in-place` to update all existing deployments in place
2022-06-23 12:16:03 -04:00
Huijing Hei
3bc59a5206 RFE: Add a hidden option to ostree admin kargs edit-in-place to
update all existing deployments in place

Example:
$ sudo ostree admin kargs edit-in-place --append-if-missing=rw
See https://github.com/ostreedev/ostree/issues/2617

This will not add duplicate key, if there is `TESTARG=VAL1` in the
kernel arguments, `--append-if-missing=TESTARG=VAL2` will be ignored.
2022-06-23 22:31:39 +08:00