Commit Graph

6971 Commits

Author SHA1 Message Date
Colin Walters
c7260105db
Merge pull request #3178 from teythoon/justus/long-key-ids
tests: Use long key IDs
2024-02-16 09:06:27 -05:00
Eric Curtin
1aec4deb86 docs: Add webrick dependancy for building site locally
This mimics the GitHub Pages environment so that you can build and serve
the site locally for testing. It requires webrick these days.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-16 13:00:41 +00:00
Justus Winter
ad8c9f9817
tests: Use long key IDs
Short key IDs are not secure, and may be rejected by OpenPGP
implementations.  See https://evil32.com/

Signed-off-by: Justus Winter <justus@sequoia-pgp.org>
2024-02-16 13:34:34 +01:00
Timothée Ravier
b7f6ed7102 dependabot: Update github-actions weekly 2024-02-15 16:20:33 +01:00
Timothée Ravier
99c9c387b8 workflow/docs: Update to actions/checkout@v4 2024-02-15 16:18:32 +01:00
Colin Walters
f46cc0cd85
Merge pull request #3175 from cgwalters/rofiles-fuse-statx
rofiles-fuse: Check fsverity flag for copyup
2024-02-15 09:34:27 -05:00
Colin Walters
d0afefcace rofiles-fuse: Remove unused parameter
The logic simplified, so we don't need it anymore.
2024-02-15 08:07:40 -05:00
Colin Walters
ed4bd88a3e rofiles-fuse: Check fsverity flag for copyup
We need to do a copyup if fsverity is enabled.
Sadly to do this we can't just use ostree_break_hardlink
as is.
2024-02-15 08:03:16 -05:00
Colin Walters
4d95848b8c rofiles-fuse: Port to statx
This allows us to query fsverity efficiently.
2024-02-14 20:32:55 -05:00
Colin Walters
939a62a68e
Merge pull request #3172 from cgwalters/release
Release 2024.3
2024-02-13 19:27:25 -05:00
Colin Walters
b2e97c08d0 Post-release version bump 2024-02-13 17:56:15 -05:00
Colin Walters
d43386f15d Release 2024.3 2024-02-13 17:56:15 -05:00
Colin Walters
d2fc1f3cb9
Merge pull request #3173 from cgwalters/transient-root-really-transient
prepare-root: Switch to a tmpfs for transient root
2024-02-13 17:25:26 -05:00
Colin Walters
0cff65d61a prepare-root: Switch to a tmpfs for transient root
We're debating this over in https://github.com/CentOS/centos-bootc-dev/pull/27
and I have come to the conclusion that having changes to `/`
persist across reboot by default was a bad idea.

- It conflicts with any kind of secure boot scenario
- Having things only go away on upgrades is in some ways even *more* surprising
- The term `transient` implies this

There may be a use case in the future for having something like `root.transient = persistent`,
but this is just a better default.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-02-13 15:56:05 -05:00
Colin Walters
eeccac7fc9
Merge pull request #3171 from ericcurtin/docs-alternate-rollbacks
docs/atomic-rollbacks: Add a section on rollbacks
2024-02-13 12:40:13 -05:00
Eric Curtin
bc5c0717fc docs/atomic-rollbacks: Add a section on rollbacks
Describing how different types of rollbacks work.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-13 17:07:17 +00:00
Colin Walters
a3f9276a32
Merge pull request #3170 from cgwalters/prepare-root-fix
prepare-root: Unify root.transient with composefs
2024-02-13 04:21:21 -05:00
Colin Walters
15b4ee8181
Merge pull request #3168 from cgwalters/drop-tmpfiles-var
Drop tmpfiles var
2024-02-12 18:33:30 -05:00
Colin Walters
f89af07fcb prepare-root: Unify root.transient with composefs
First, I was totally wrong and composefs handles being passed
an upperdir itself, we don't need to stack overlayfs.

Next, there's really no reason to support `root.transient`
*without* a backing composefs.  The legacy ostree bind mount
and readonly `/usr` is just that - legacy.

Finally, we actually *must* do this to enable both composefs
and transient root, because the prepare-root flow assumes
that it just needs to `MS_MOVE` a *single* mount for the root,
not a stack.
2024-02-12 17:42:07 -05:00
Colin Walters
b929378663 prepare-root: Add missing newline
This is ugly in the output.
2024-02-12 17:42:07 -05:00
Colin Walters
c8cf23055e
Merge pull request #3169 from rborn-tx/support-older-linux-headers
Expose MOUNT_ATTR_IDMAP detection result to C code
2024-02-12 14:27:15 -05:00
Colin Walters
6df18abee7 docs/var: Update for latest
This reorients things here around the latest `VOLUME /var` approach.
2024-02-12 13:12:09 -05:00
Colin Walters
87dcc801a2 ostree-tmpfiles.conf: Drop var entry
We are backing away from this semantic, and moving towards
`/var` only being initialized at initial provisioning.
2024-02-12 13:12:09 -05:00
Rogerio Guerra Borin
cdfdfed27d configure: Expose MOUNT_ATTR_IDMAP detection result to C code
This is to allow compiling composefs on machines having somewhat old
Linux kernel headers.

Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
2024-02-12 14:52:26 -03:00
Colin Walters
9350006011
Merge pull request #3167 from smcv/ostree-repo-config-typo
ostree.repo-config(5): Fix a typo
2024-02-11 13:49:33 -05:00
Simon McVittie
d8077eef87 ostree.repo-config(5): Fix a typo
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-02-11 15:56:53 +00:00
Colin Walters
cb3c42e306
Merge pull request #3166 from cgwalters/var-again
sysroot: Rework /var handling to act like Docker `VOLUME /var`
2024-02-10 05:14:18 -05:00
Colin Walters
f81b9fa166 sysroot: Rework /var handling to act like Docker VOLUME /var
We've long struggled with semantics for `/var`.  Our stance of
"/var should start out empty and be managed by the OS" is a strict
one, that pushes things closer to the original systemd upstream
ideal of the "OS state is in /usr".

However...well, a few things.  First, we had some legacy bits
here which were always populating the deployment `/var`.  I don't
think we need that if systemd is in use, so detect if the tree
has `usr/lib/tmpfiles.d`, and don't create that stuff at
`ostree admin stateroot-init` time if so.

Building on that then, we have the stateroot `var` starting out
actually empty.

When we do a deployment, if the stateroot `var` is empty,
make a copy (reflink if possible of course) of the commit's `/var`
into it.

This matches the semantics that Docker created with volumes,
and this is sufficiently simple and easy to explain that I think
it's closer to the right thing to do.

Crucially...it's just really handy to have some pre-existing
directories in `/var` in container images, because Docker (and podman/kube/etc)
don't run systemd and hence don't run `tmpfiles.d` on startup.

I really hit on the fact that we need `/var/tmp` in our container
images by default for example.

So there's still some overlap here with e.g. `/usr/lib/tmpfiles.d/var.conf`
as shipped by systemd, but that's fine - they don't actually conflict
per se.
2024-02-09 17:46:12 -05:00
Colin Walters
1c18bd256a
Merge pull request #3165 from cgwalters/drop-ex-integrity
deploy: Honor prepare-root.conf at deploy time for composefs
2024-02-09 09:57:21 -05:00
Colin Walters
cae4ceb6c5 deploy: Honor prepare-root.conf at deploy time
I want to try to get away from the "repository global" configuration
in the repo config.

A major problem is that there's not an obvious way to configure
it as part of an ostree commit/container build - it needs
to be managed "out of band".

With this change, we parse the `usr/lib/ostree/prepare-root.conf`
in the deployment root, and if composefs is enabled there,
then we honor it.

We do still honor `ex-integrity.composefs` but that I think
we can schedule to remove.
2024-02-08 19:53:23 -05:00
Colin Walters
d8f03c63a7 switchroot: Move a define into library too 2024-02-08 19:35:17 -05:00
Colin Walters
95f4bb6dfe prepare-root: Fix crash if no keys were found
Handle a NULL pointer.
2024-02-08 19:34:54 -05:00
Colin Walters
7d9fa8e92a lib: Move parsing of composefs config into otcore
So it can be shared with the deployment path.  Prep for dropping
`ex-integrity.composefs`.
2024-02-08 18:09:11 -05:00
Colin Walters
751ec9082e
Merge pull request #3151 from mvo5/selinux-labels-on-non-selinux-hosts
libostree: write selinux xattr when on non-selinux systems
2024-02-08 16:46:22 -05:00
Colin Walters
a61724b73e
Merge pull request #3160 from cgwalters/release
Release
2024-02-08 14:39:26 -05:00
Colin Walters
c09abec9af configure: post-release version bump 2024-02-08 13:11:03 -05:00
Colin Walters
9b30c946a1 Release 2024.2 2024-02-08 13:11:03 -05:00
Colin Walters
61ed3bf944
Merge pull request #3164 from cgwalters/prepare-root-device-inode
Track deployment root/inode from prepare root
2024-02-08 13:10:06 -05:00
Colin Walters
525a57d21d Track deployment root/inode from prepare root
When we added composefs, it broke the logic for detecting the booted
deployment which was previously a direct (device, inode) comparison.
So the code there started looking at `etc`.  However, that in
turns breaks with `etc.transient = true` enabled.

Fix all of this by tracking the real deployment directory's
(device,inode) that we found in `ostree-prepare-root`, and inject
it into the extensible metadata we have in `/run/ostree-booted`
which is designed exactly to pass state between the initramfs
and the real root.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-02-08 12:57:53 -05:00
Colin Walters
5cfc5c7b1f ci: Use BOOTC_SKIP_SELINUX_HOST_CHECK, test labeling of /etc
As we work to change ostree to set up the labels
for things even in a selinux-host-disabled case, let's test
it here.
2024-02-08 15:54:23 +01:00
Michael Vogt
092a2b736d libostree: write selinux xattr when on non-selinux systems
Currently when writing data for selinux systems on a non-selinux
system there will be no labels. This is because
`ostree_sepolicy_setfscreatecon()` just returns TRUE on non-selinux
systems and xattr writing for `security.seliux` is filtered out.

This patches uses the suggestion of Colin Walters (thanks!) from
https://github.com/ostreedev/ostree/issues/2804 and detects if
the host has selinux enabled and if not just skips filtering the
xattrs for selinux.
2024-02-08 15:51:41 +01:00
Eric Curtin
da89214065
Merge pull request #3159 from cgwalters/revert-bootprefix
Revert "Enable `sysroot.bootprefix` by default"
2024-02-07 23:26:25 +01:00
Colin Walters
4c813f3221 Revert "Enable sysroot.bootprefix by default"
This reverts commit 8627c8afa1.

See discussion in https://github.com/ostreedev/ostree/pull/3156 ;
we think this breaks s390x in some cases at least, and that warrants
further investigation.
2024-02-07 15:58:06 -05:00
Colin Walters
58aa2187be
Merge pull request #3156 from cgwalters/enable-bootprefix-default
Enable `sysroot.bootprefix` by default
2024-02-06 17:58:42 -05:00
Colin Walters
8627c8afa1 Enable sysroot.bootprefix by default
I've been testing this in various places and not seen any fallout,
so let's finally enable this by default and have the situation where
`/boot` is on the root `/` filesystem work out of the box.
2024-02-06 16:25:33 -05:00
Eric Curtin
ecbd1f7fdd
Merge pull request #3158 from jlebon/pr/main
admin/state-overlay: Require root and don't lock sysroot
2024-02-06 22:18:28 +01:00
Jonathan Lebon
15ec3399c2 generator: Restore graceful exit behaviour if ostree karg missing
In CoreOS live environments, we do have `/run/ostree` but no `ostree=`
karg; we hackily fool `ostree-prepare-root.service` by bind-mounting
over `/proc/cmdline` so it does the right thing. Presumably, we should
clean this up eventually, but even so we don't want to require PXE users
to add an `ostree=` arg, so we need to tolerate this.

So this assertion would fail there. Restore the behaviour prior to
b9ce0e89 and re-add a more contemporary comment.

Fixes b9ce0e89 ("generator: Exit if there's no `/run/ostree`").
2024-02-06 14:47:09 -05:00
Colin Walters
9b64443a4c
Merge pull request #3157 from cgwalters/syslinux-bootprefix-fix
syslinux: Avoid double `/boot` if bootprefix is enabled
2024-02-06 10:44:07 -05:00
Jonathan Lebon
31b804f20d admin/state-overlay: Require root and don't lock sysroot
Not required for anything in particular, but it's good to use the right
flags here anyway.
2024-02-06 10:27:34 -05:00
Colin Walters
a05dbb311e syslinux: Avoid double /boot if bootprefix is enabled
This backend always explicitly emitted a `/boot` - but if
the global `sysroot.bootprefix` is enabled, then we can rely
on the outer code doing it.

Luckily this was caught by the unit tests here failing when
enabling `sysroot.bootprefix` by default.
2024-02-05 15:05:10 -05:00