Commit Graph

3627 Commits

Author SHA1 Message Date
Luca Bruno
73eda79662
Merge pull request #2707 from lucab/ups/libostree-bootloader-asserts
lib/bootloader: assert invariants
2022-09-06 00:36:11 +00:00
Luca BRUNO
273089d9e4
lib/bootloader: assert invariants
This tweaks some invariants checks into full assertions, in order
to avoid returning to the caller in case of known invalid states.
2022-09-05 09:27:38 +00:00
git-bruh
35d6ea88f6
ostree-fetcher-curl: check for HTTP2 support before trying to use it 2022-09-03 12:50:00 +05:30
Colin Walters
683e4eff08 finalize-staged: Don't listen to SIGTERM, just let kernel exit us
Followup from discussion in
https://github.com/ostreedev/ostree/pull/2544#discussion_r958840936

This is more efficient; no need to have the kernel context switch
us in at shutdown time just so we can turn around and call
`exit()`.
2022-08-30 17:50:03 -04:00
Colin Walters
6651b72a7a
Merge pull request #2544 from dbnicholson/finalize-block
finalize-staged: Ensure /boot and /sysroot automounts don't expire
2022-08-30 15:12:32 -04:00
Dan Nicholson
f3db79e7fa finalize-staged: Ensure /boot automount doesn't expire
If `/boot` is an automount, then the unit will be stopped as soon as the
automount expires. That's would defeat the purpose of using systemd to
delay finalizing the deployment until shutdown. This is not uncommon as
`systemd-gpt-auto-generator` will create an automount unit for `/boot`
when it's the EFI System Partition and there's no fstab entry.

To ensure that systemd doesn't stop the service early when the `/boot`
automount expires, introduce a new unit that holds `/boot` open until
it's sent `SIGTERM`. This uses a new `--hold` option for
`finalize-staged` that loads but doesn't lock the sysroot. A separate
unit is used since we want the process to remain active throughout the
finalization run in `ExecStop`. That wouldn't work if it was specified
in `ExecStart` in the same unit since it would be killed before the
`ExecStop` action was run.

Fixes: #2543
2022-08-30 09:16:39 -06:00
Dan Nicholson
e30a3b6b17 main: Factor out sysroot loading
It can be useful to parse the options and initialize the sysroot without
actually loading it until later. Factor out the sysroot loading to a new
`ostree_admin_sysroot_load` and add a new
`OSTREE_ADMIN_BUILTIN_FLAG_NO_LOAD` flag to accommodate this.
2022-08-30 08:46:26 -06:00
Huijing Hei
37aa2ac287 Fix ostree admin kargs edit-in-place assertion when deployments
are pending

This is to support pending deployments instead of rasing assertion.
For example:
```
$ sudo rpm-ostree kargs --append=foo=bar
$ sudo ostree admin kargs edit-in-place --append-if-missing=foobar
```
After reboot we get both `foo=bar foobar`.

Fix https://github.com/ostreedev/ostree/issues/2679
2022-08-29 11:31:32 +08:00
Colin Walters
fb826346fe
Merge pull request #2692 from GeorgesStavracas/gbsneto/transaction-leak
lib/commit: Unref repo on success
2022-08-22 14:25:07 -04:00
Luca BRUNO
ff7d9a8a6d
libostree: fix a typo in annotation
This fixes a typo in the `allow-none` annotation on
`ostree_sysroot_deployment_set_kargs_in_place` argument.
2022-08-19 10:39:09 +00:00
Colin Walters
ad0354ac36 cli/rev-parse: Add --single option
In the current "ostree native container" flow, we're inserting
a commit object into the repo but with no refs.

We have hacks in a few places to find the commit digest via e.g.
`find repo/objects -name *.commit` but that's a horrible hack.
Add `ostree rev-parse --single` which will print the single commit,
and error out if there is not exactly one commit.

Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
2022-08-18 11:08:17 -04:00
Georges Basile Stavracas Neto
092421fabf lib/commit: Unref repo on success
Commit 540e60c3 introduced _ostree_repo_auto_transaction_new(), a
private constructor to OstreeRepoAutoTransaction, by factoring out
some code from _ostree_repo_auto_transaction_start(). This factored
code increased the refcount of the 'repo' variable.

Subsequent commit 71304e854c made ostree_repo_prepare_transaction()
use ths newly introduced constructor. However, in this function, the
happy path assumed no ref was taken, and therefore did not unref it.
Commit 71304e854c didn't add the corresponding unref either.

This leaks a reference to OstreeRepo when calling
ostree_repo_prepare_transaction().

Plug this leak by using g_clear_object() to clear the repo field
of OstreeRepoAutoTransaction, instead of simply setting it to NULL.

Closes https://github.com/flatpak/flatpak/issues/4928
2022-08-16 19:54:29 -03:00
Colin Walters
090f312e40 cli/rev-parse: Port to new code style
Prep for future changes.
2022-08-16 17:11:30 -04:00
Jonathan Lebon
93e47f88f4 lib/commit: Directly use FICLONE for payload link
The idea of payload linking is to reflink between objects where
possible. Instead of relying on `glnx_regfile_copy_bytes` to hit the
`FICLONE` path, just call `FICLONE` directly. At that point in the code,
we've already established that the source and dest repos are on the same
filesystem and that it supports `FICLONE`.

Related: https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/41
Related: https://github.com/ostreedev/ostree/pull/2684#issuecomment-1204068437
2022-08-15 14:00:08 -04:00
Colin Walters
0a908a180f Move FIFREEZE/FITHAW ioctl invocations into linuxfsutil.c
Should help avoid conflicts between glibc and linux headers.

Closes: https://github.com/ostreedev/ostree/issues/2685
2022-08-03 10:44:51 -04:00
Colin Walters
edba4b33be Remove unused linux/fs.h includes
Prep for fixing conflicts introduced by newer glibc.
cc https://github.com/ostreedev/ostree/issues/2685
2022-08-03 10:37:40 -04:00
Colin Walters
15740d042c Release 2022.5 2022-07-22 15:08:25 -04:00
Colin Walters
83e6357186 sign/ed25519: Verify signatures are minimum length
The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.

Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>

Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
2022-07-14 17:13:51 -04:00
Colin Walters
ed1146738b
Merge pull request #2669 from HuijingHei/fix-kargs
Fix `ostree admin kargs edit-in-place` fails issue
2022-07-13 16:35:28 -04:00
Colin Walters
a3749efb1a
Merge pull request #2672 from cgwalters/initialize-sysroot-cleanups
sysroot: Have `ensure_writable` also always initialize
2022-07-13 16:35:17 -04:00
Colin Walters
60853219d5 sysroot: Add a few more assertions about boot_fd
These places are all safe, but it would catch bugs in the future
more clearly to trip an assertion here.
2022-07-13 15:38:59 -04:00
Colin Walters
75aa7a22f6 sysroot: Have ensure_writable also always initialize
For historical reasons we have a fair bit of distinct sysroot
initialization going on.  A lot of code is calling *just* the new
`ensure_writable()` API, which does basically what you'd expect...
except if we're not using a mount namespace.

Which is the case in unit tests and legacy setups.
Change this API to also ensure the sysroot is fully initialized
even in those cases.  Specifically we'll have `self->sysroot_fd`.

For now, callers that need `/boot` also need to separately
call `_ensure_boot_fd()`.
2022-07-13 15:35:00 -04:00
Colin Walters
2c71655205 deploy: Ensure sysroot is initialized for kargs in place
Even without a mount namespace set up.
2022-07-13 15:32:05 -04:00
Huijing Hei
7b7b6d741b Fix ostree admin kargs edit-in-place fails issue
Add func to set kernel arguments in place, instead of create new
deployment
Fix https://github.com/ostreedev/ostree/issues/2664
2022-07-12 16:27:00 +08:00
Saqib Ali
d7107e3036 ostree-repo: bls-append-except-default followup
This PR is followup from https://github.com/coreos/coreos-assembler/pull/2863
Summary of changes:
- Moved bls-append-except-default parsing logic to reload_sysroot_config()
- Made sure heap allocated memory is being freed
2022-07-07 16:06:11 -04:00
Colin Walters
becc18936f lib: Stop using old ostree_sysroot_get_repo() API
It's falliable, and in one place we were actually ignoring
the error and leaving a `NULL` repo object which is just a trap
for people coming along later since it's rarely nullable.

Quite a while ago we switched to loading the repo at the same time
as the sysroot; convert callers in the library to use this infallible
accessor.

Prep for another patch which will use the repo object.
2022-07-06 07:47:57 -04:00
Colin Walters
0d911bf91f
Merge pull request #2632 from saqibali-2k/pr/prune-commit-only
lib/prune: speed up pruning by retrieving only commits
2022-06-30 09:08:54 -04:00
Saqib Ali
a984871237 lib/prune: speed up pruning by retrieving only commits
After landing the new --commit-only functionality, we still noticed
exceedingly long pruning times in large repos. Lets add an optimization
that will only retrieve commit objects when --commit-only flag is used.
2022-06-27 08:04:50 -04:00
Nikita Dubrovskii
14a7c0c74b s390x: rename sd-boot to sdboot
Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
2022-06-24 15:15:57 +02:00
Huijing Hei
3bc59a5206 RFE: Add a hidden option to ostree admin kargs edit-in-place to
update all existing deployments in place

Example:
$ sudo ostree admin kargs edit-in-place --append-if-missing=rw
See https://github.com/ostreedev/ostree/issues/2617

This will not add duplicate key, if there is `TESTARG=VAL1` in the
kernel arguments, `--append-if-missing=TESTARG=VAL2` will be ignored.
2022-06-23 22:31:39 +08:00
Colin Walters
9bdf3861ad cli/refs: Port to C99 style
General background cleanup.
2022-06-15 09:36:54 -04:00
Colin Walters
2f1c9a727e cli/remote-list: Port to C99 style
General background cleanup.
2022-06-15 09:35:03 -04:00
Colin Walters
a0ae2f9156 cli/gpg-sign: Port to C99 style
General background cleanup.
2022-06-15 09:33:46 -04:00
Jonathan Lebon
d9d085dc7b
Merge pull request #2650 from cgwalters/misc-declare-and-initialize-1 2022-06-14 16:20:44 -04:00
Colin Walters
43b712951d cli/diff: Port to C99 style
General background cleanup.
2022-06-14 10:04:04 -04:00
Colin Walters
f8403f46dc cli/config: Port to C99 style
General background cleanup.
2022-06-14 10:03:58 -04:00
Colin Walters
4e356d0e8f cli/unlock: Port to C99 style
General background cleanup.
2022-06-14 09:53:11 -04:00
Colin Walters
588b07e554 cli/undeploy: Port to C99 style
General background cleanup.
2022-06-14 09:51:41 -04:00
Colin Walters
46e1db392d cli/os-init: Port to C99 style
General background cleanup; motivated by a recent PR which
was using pre-C99 code as a base.
2022-06-14 09:50:07 -04:00
Colin Walters
436ff11a00 fsck: Use load_variant_if_exists
This cleans up error handling here.
2022-06-12 10:58:29 -04:00
Colin Walters
bd030a96f2 fsck: Move most commit processing into helper function
The inner loop was way too long; split out most of the heavy
lifting around backrefs and tombstones into a helper function.
2022-06-12 10:57:27 -04:00
Colin Walters
2fe0ea7395 fsck: De-indent loop
Could have done this in the previous change, but wanted to avoid
excessive diff noise.
2022-06-12 10:48:39 -04:00
Colin Walters
6981633f9c fsck: Don't load all object names into memory
We recently discovered `list_objects()` is inefficient with memory.
The more efficient `list_objects_set()` API isn't yet public, but
this fsck code actually just skips over non-commit objects, and
we already have an API to list just those.
2022-06-09 21:01:03 -04:00
Colin Walters
a13d812368 repo: Document non-obvious way to list all commits
I was going to add an API for this and then realized the empty
string does it.
2022-06-09 18:34:51 -04:00
Joseph Marrero Corchado
a6ecd96cda
Merge pull request #2638 from cgwalters/fix-symbol-versioning
lib: Fix symbol versioning inheritance
2022-06-08 17:17:28 -04:00
Colin Walters
145d91d1c9 lib: Fix symbol versioning inheritance
I messed this up; the last release should inherit from the previous
release (N-1) and not the previous to that (N-2).

I think (hope) this isn't an ABI break...

Just noticed this when I was going to add a new symbol.
2022-06-08 16:44:51 -04:00
Colin Walters
fffb111633 prune: Also use object set API in ostree_repo_prune_from_reachable()
I missed the second prune path when working on
https://github.com/ostreedev/ostree/pull/2635
2022-06-08 16:22:26 -04:00
Colin Walters
a71915e436 repo: Further optimize ostree_repo_list_objects_set()
In a prior change we discovered that for bad historical reasons
libostree was returning a mapping "object type+checksum" => "metadata"
but the "metadata" was redundant and pointless.

Optimize the prune API to use a (currently internal) object listing
API which returns a set, not a map.  This allows `GHashTable` to
avoid allocating a separate array for the values, neatly cutting
memory usage in half (from ~13MB to ~6MB) on my test case of a
dry-run prune of a FCOS build.
2022-06-08 10:18:55 -04:00
Colin Walters
c2baa6d10b repo: Optimize memory use of ostree_repo_list_objects()
I was looking at https://github.com/ostreedev/ostree/pull/2632
and confused at the usage of
`GVariant *value = g_variant_new ("(b@as)", TRUE, g_variant_new_strv (NULL, 0));`
which looked strange - why the empty strv?

It turns out that this is a historical legacy of the time when
ostree had pack files.  And nothing actually cares about the values
of these variants; we should have an API that returns a proper set,
and not a hash.

But...since all of these things have exactly the same value, instead
of allocating lots of redundant copies on the heap, just have
them all hold a refcount on a shared value.

This cuts the heap usage from 20MB to 13MB on a test FCOS repository
build.
2022-06-07 20:35:37 -04:00
Colin Walters
5fa364d399 Release 2022.4 2022-06-06 11:04:44 -04:00