Commit Graph

894 Commits

Author SHA1 Message Date
Jonathan Lebon
7ae8da08b9 lib/deploy: Also install HMAC file into /boot
To allow for FIPS mode, we need to also install the HMAC file from
`/usr/lib/modules` to `/boot` alongside the kernel image where the
`fips` dracut module will find it. For details, see:

https://github.com/coreos/fedora-coreos-tracker/issues/302

Note I didn't include the file in the boot checksum since it's itself a
checksum of the kernel, so we don't really gain much here other than
potentially causing an unnecessary bootcsum bump.
2019-10-29 16:45:29 -04:00
Alex Kiernan
e314b31ec9 tests/export: Guard with check for libarchive
If we are built without libarchive support, this test fails:

  error: This version of ostree is not compiled with libarchive support
  ...
  ERROR: tests/test-export.sh - too few tests run (expected 5, got 0)
  ERROR: tests/test-export.sh - exited with status 1

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-10-24 19:08:59 +01:00
Colin Walters
01a3a65525 tests: [scan-build] Initialize a variable
False positive.
2019-10-18 15:07:39 +00:00
Colin Walters
0a808ffe20 tests: Port keyfile test to new style
Just noticed in passing.
2019-10-18 15:07:39 +00:00
Colin Walters
a982dc97ea tree-wide: [scan-build] Fix some dead stores
No real issues, just quieting the scanner.
2019-10-18 15:07:31 +00:00
Jonathan Lebon
9d39e7d91e Release 2019.4
Tiny release. Just want to get out the important bugfixes instead of
backporting patches (notably the gpg-agent stuff and
`ostree-finalize-staged.service` ordering).

Closes: #1927
Approved by: cgwalters
2019-09-25 13:43:28 +00:00
Jason Wessel
bdbce9d042 fsck: Add test for --delete corruption, fix repair, and partial commit checks
The ostree fsck test is aimed to check that it will still fail an fsck
if the repository has been repaired by fsck.  It also checks that a
pull operation corrects the error and ostree fsck will exit with zero.

The test was modeled after the following script:

rm -rf ./f1
mkdir -p ./f1
./ostree --repo=./f1 init --mode=archive-z2
mkdir -p ./trial
echo test > ./trial/test
./ostree --repo=./f1 commit --tree=dir=./trial --skip-if-unchanged --branch=exp1 --subject="test Commit"

rm -rf ./f2
mkdir -p ./f2
./ostree --repo=./f2 init
./ostree --repo=./f2 pull-local  ./f1

echo whoops > `find ./f2 |grep objects |grep \\.file `
./ostree fsck --repo=./f2 ; echo Exit: $?
./ostree fsck --delete --repo=./f2 ; echo Exit: $?
./ostree fsck --repo=./f2 ; echo Exit: $?
./ostree --repo=./f2 pull-local  ./f1
./ostree fsck --repo=./f2 ; echo Exit: $?

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>

fsck: Update test so that it will pass on fs without xattrs

The fsck test does not require xattrs to prove that it works.  It is
simple enough to change it to use an archvie instead of a bare type
repository.

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>

Closes: #1910
Approved by: cgwalters
2019-09-09 13:40:36 +00:00
Javier Martinez Canillas
d42f970ed3 lib/bootconfig-parser: Always include deployment index in BLS title
If there are different deployments for the same commit version, the BLS
snippets will have the same title fields (but different version fields):

$ grep title *
ostree-1-testos.conf:title TestOS 42 20190902.0 (ostree)
ostree-2-testos.conf:title TestOS 42 20190902.0 (ostree)
ostree-3-testos.conf:title TestOS 42 20190902.0 (ostree)

But bootloaders could expect the title field to be unique for BLS files.
For example, the zipl bootloader used in the s390x architecture uses the
field to name the boot sections that are created from the BLS snippets.

So two BLS snippets having the same title would lead to zipl failing to
create the IPL boot sections because they would have duplicated names:

$ zipl
Using config file '/etc/zipl.conf'
Using BLS config file '/boot/loader/entries/ostree-3-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-2-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-1-testos.conf'
Error: Config file '/etc/zipl.conf': Line 0: section name 'TestOS 42 20190902.0 (ostree)' already specified

Avoid this by always including the deployment index along with the commit
version in the title field, so this will be unique even if there are BLS
files for deployments that use the same commit version:

$ grep title *
ostree-1-testos.conf:title TestOS 42 20190902.0 (ostree:2)
ostree-2-testos.conf:title TestOS 42 20190902.0 (ostree:1)
ostree-3-testos.conf:title TestOS 42 20190902.0 (ostree:0)

$ zipl
Using config file '/etc/zipl.conf'
Using BLS config file '/boot/loader/entries/ostree-3-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-2-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-1-testos.conf'
Building bootmap in '/boot'
Building menu 'zipl-automatic-menu'
Adding #1: IPL section 'TestOS 42 20190902.0 (ostree:0)' (default)
Adding #2: IPL section 'TestOS 42 20190902.0 (ostree:1)'
Adding #3: IPL section 'TestOS 42 20190902.0 (ostree:2)'
Preparing boot device: dasda (0120).
Done.

Closes: #1911
Approved by: cgwalters
2019-09-02 21:08:58 +00:00
Colin Walters
b15ed42111 Release 2019.3
It's been a while, and we need the new kargs API for rpm-ostree.

Closes: #1902
Approved by: rfairley
2019-08-22 18:37:38 +00:00
Jonathan Lebon
0c48769de3 bin: Better handle --
We would stop passing through `--` and args after it to the underlying
command in `ostree_run`. This made it impossible to use `--` to tell the
parser that following args starting with `-` really are positional.

AFAICT, that logic for `--` here came from a time when we parse options
manually in a big loop, in which case breaking out made sense (see
97558276e4).

There's an extra step here, which is that glib by default leaves the
`--` in the list of args, so we need to take care to remove it from the
list after parsing.

Closes: #1898

Closes: #1899
Approved by: rfairley
2019-08-14 12:31:10 +00:00
Colin Walters
ab73d9f525 admin/init-fs: Add a --modern switch
This skips creating the default stuff in the physical sysroot.
I don't recall why I did that to be honest; it originated with
the first commit of this file.  It might not have ever been
necessary.

In any case, it's not necessary now with Fedora CoreOS, so
prune it and let's have a clean `/`.

Keep the old behavior by default though to avoid breaking anyone.

Closes: #1894
Approved by: ajeddeloh
2019-08-08 20:02:11 +00:00
Denis Pynkin
4c8b0ac255 tests/test-repo-finder-mount: skip some tests if GPG is not supported
`ostree_repo_resolve_keyring_for_collection()` function fail the tests
if there is no GPG support.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Denis Pynkin
3767d87107 tests/gpg: fix GPG-dependent shell tests if no GPG support
Skip tests or run them without GPG-related functionality if GPGME
wasn't enabled in a build time.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Denis Pynkin
453ce83379 tests/gpg: fix the check of GPG support
Shell function `has_gpgme` shouldn't exit if GPG support is not detected
since it stop any test with error.

Added function `skip_without_gpgme` to skip the whole test if it is
useless without GPG support

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Jonathan Lebon
9332830e09 lib/pull: Allow downgrade protection with overrides
There's a valid use case for enabling the timestamp downgrade check
while still also using override commits.

We'll make use of this in Fedora CoreOS, where the agent specifies the
exact commit to upgrade to, while still enforcing that it be newer.

Closes: #1891
Approved by: cgwalters
2019-07-29 13:58:29 +00:00
Dan Nicholson
d2a9c8604e tests/gpg: Skip tests when subkeys can't be expired
The ability to expire subkeys using gpg's --quick-set-expire is only
available on gnupg 2.1.22. If expiring a subkey fails, assume this is
why and skip the tests that require it but run the actions that the
subsequent tests depend on. This was failing on the Debian Stretch CI
tests since stretch has gnupg 2.1.18.

Closes: #1892
Approved by: jlebon
2019-07-27 03:20:21 +00:00
Dan Nicholson
8ac348d19a tests/gpg: Use exit hook to kill agent in temporary GPG homedir
This wasn't available when I originally wrote this, but it ensures that
the running gpg-agent in tmpgpghome is killed in case the tests exit
early.

Closes: #1892
Approved by: jlebon
2019-07-27 03:20:21 +00:00
Dan Nicholson
615861443b tests/sizes.js: Fix byte array unpacking
Recent GJS changed how byte arrays are unpacked with some assumptions
that they are likely strings. Manually use get_child_value() and
get_byte() to ensure the correct value is parsed when checking the
`ostree.sizes` metadata.

The upstream test is currently passing fine with GJS 1.56.2, but at
Endless we (unfortunately) have a downstream change that adds the object
type as an additional byte in the array. This is parsed incorrectly by
`deep_unpack()`. We can carry this patch downstream, but this change
makes the test more robust regardless.

Closes: #1884
Approved by: cgwalters
2019-07-23 12:49:26 +00:00
Dan Nicholson
2312caad76 tests/sizes: Fix call to commit_transaction()
The GIR for commit_transaction() only has a single argument for the
GCancellable. Calling it with 2 arguments prints a GJS warning:

Gjs-Message: 15:37:40.287: JS WARNING: [/home/dan/src/ostree/tests/test-sizes.js 56]: Too many arguments to method OSTree.Repo.commit_transaction: expected 1, got 2

Currently this is harmless, but it could become a hard error in GJS at
some point.

Closes: #1884
Approved by: cgwalters
2019-07-23 12:49:26 +00:00
Dan Nicholson
abb173352d tests: Always cleanup gpg-agent when exiting
Add `libtest_cleanup_gpg()` to the array of commands to run when
exiting. This provides 2 improvements:

1. You don't need to worry about whether the test will spawn a gpg-agent
   and therefore require adding a call to `libtest_cleanup_gpg()`.

2. All the existing users were calling `libtest_cleanup_gpg()` at the
   end of the script. If there was a failure and the script exited
   early, then it wouldn't cleanup and there may be a stray gpg-agent
   hanging around.

Closes: #1799
Approved by: cgwalters
2019-06-19 17:30:24 +00:00
Dan Nicholson
0dd27bbf4b tests/libtest: Allow appending actions to be run on EXIT
Currently if a test script adds a trap on `EXIT` to run some cleanup, it
will stomp on the existing trap to run `save_core()`. Allow for scripts
to append actions that will run on exit by introducing an array that
will be iterated over by a single exit runner.

Closes: #1799
Approved by: cgwalters
2019-06-19 17:30:24 +00:00
Dan Nicholson
0c63f30783 tests/test-gpg-signed-commit: Test more key states
Extend test-gpg-signed-commit.sh to test various key states. If gpg is
found that supports the required options, keys will be generated on the
fly and changed in various ways to exercise the output from
`ostree_gpg_verify_result_describe_variant` used in `ostree show`.

I tested this using gnupg 2.2.12, so I hope it works well enough on
various gpgs found in the wild.

Closes: #1872
Approved by: cgwalters
2019-06-19 17:17:11 +00:00
Dan Nicholson
d8649f4d56 tests/libtest: Allow specifying GPG homedir to cleanup
In case the tests want to use a custom GPG homedir, allow passing in the
homedir to use when cleaning up a running gpg-agent.

Closes: #1872
Approved by: cgwalters
2019-06-19 17:17:11 +00:00
Dan Nicholson
d714e622b8 lib/gpg: Show information for expired keys
Introduce a new signature attribute for the key expiration timestamp and
display it when the key has a non-zero expiration time. Without this,
the error shown is `BAD signature`, which isn't correct.

Closes: #1872
Approved by: cgwalters
2019-06-19 17:17:11 +00:00
Allen Bai
be2572bf68 lib/kargs: Make API public and upstream new rpm-ostree APIs
This change makes public the current kargs API in src/libostree/ostree-kernel-args.c
and adds documentations.

Upstreams the new kargs API from rpm-ostree/src/libpriv/rpmostree-kargs-process.c

Merges libostree_kernel_args_la_SOURCES to libostree_1_la_SOURCES in Makefile-libostree.am

Upstreams tests/check/test-kargs.c from rpm-ostree.

Closes: #1833

Closes: #1869
Approved by: jlebon
2019-06-18 14:29:14 +00:00
Rafael Fonseca
2db79fb398 admin: allow multiple args for pin subcommand
Fixes #1816

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1874
Approved by: rfairley
2019-06-17 15:06:09 +00:00
Dan Nicholson
d916383953 bin/refs: Allow overwriting existing ref
Currently if you want to update a non-alias ref, you need to first check
if it exists and use either `ostree refs --create` or `ostree reset` as
appropriate. That's unnecessarily complicated and is much less
convenient than the old `write-refs` builtin that simply called
`ostree_repo_set_ref_immediate()` without any checks.

Add a `--force` option to be used with `--create` that does not raise an
error when the destination ref already exists.

Closes: #1870
Approved by: jlebon
2019-06-12 15:00:19 +00:00
Tristan Van Berkom
b847cc37bb tests: Test committing archives from stdin
This updates test-libarchive.sh to test committing archives from
stdin and verifying their content is correct.

Closes: #1862
Approved by: jlebon
2019-05-28 17:03:22 +00:00
Robert Fairley
e493505ade tests: Drop unused variable
Closes: #1857
Approved by: cgwalters
2019-05-20 13:09:28 +00:00
Jonathan Lebon
80435e12a7 Release 2019.2
Also add `ostree_repo_get_bootloader` to the public API, which was
missed when it was initially merged.

Closes: #1844
Approved by: rfairley
2019-04-25 16:47:40 +00:00
Robert Fairley
42573eae59 tests/test-admin-deploy-none: Split grub.cfg directory and file creation
Split the creation of the directory containing grub.cfg, and the creation
of the file, so that a failure in the mkdir command will fail the test
and not attempt the touch command.

Closes: #1831
Approved by: jlebon
2019-04-24 21:29:39 +00:00
Robert Fairley
144e99ce47 tests/test-admin-deploy-none: Update comment for #1774 status
Closes: #1831
Approved by: jlebon
2019-04-24 21:29:39 +00:00
Robert Fairley
498a8bd404 tests/test-config: Fix regex causing Debian test failure
Fix CI failure due to mismatching quotes in the error output given
between Fedora and Debian test suites.

Example of the error in Debian Stretch:
https://api.travis-ci.org/v3/job/519335717/log.txt

Closes: #1839
Approved by: cgwalters
2019-04-23 06:11:39 +00:00
Matthew Leeds
89c00e7eb7 tests: Put a regex in quotes
Closes: #1834
Approved by: rfairley
2019-04-11 14:28:32 +00:00
Matthew Leeds
dd6844a61e tests: Escape periods when appropriate
Don't match any character in a regular expression when we only want to
match a period.

Closes: #1834
Approved by: rfairley
2019-04-11 14:28:32 +00:00
Colin Walters
8d2e9b8f9e static-delta: Change show to display from/to commits
When writing a delta to a file this may not always be recorded
in the filename, and it's useful data.

Ref: https://mail.gnome.org/archives/ostree-list/2019-February/msg00000.html

This also required teaching `show` to accept a file path.

Note...for some reason `test-deltas.sh` breaks when run from
a tty - we get `SIGTTIN` which implies something is reading from
the tty but it wasn't obvious to me what.

Closes: #1823
Approved by: jlebon
2019-03-11 13:59:27 +00:00
Jonathan Lebon
978cffed70 lib/deploy: Don't include version twice in bootmenu title
In Silverblue right now, the boot menu title looks like this:

    Fedora 29.20190301.0 (Workstation Edition) 29.20190301.0 (ostree)

This is because RPM-OSTree's `mutate-os-release` feature is enabled,
which injects the OSTree version string directly into `VERSION` and
`PRETTY_NAME`. So appending the version string again is a bit redundant.
Let's just do a simple substring check here before adding the version to
the title.

Closes: #1829
Approved by: cgwalters
2019-03-09 19:44:15 +00:00
Robert Fairley
21ebc7d21e Add sysroot.bootloader repo config key
The sysroot.bootloader key configures the bootloader
that OSTree uses when deploying a sysroot. Having this key
allows specifying behavior not to use the default bootloader
backend code, which is preferable when creating a first
deployment from the sysroot (#1774).

As of now, the key can take the values "auto" or "none". If
the key is not given, the value defaults to "auto".

"auto" causes _ostree_sysroot_query_bootloader() to be used
when writing a new deployment, which is the original behavior
that dynamically detects which bootloader to use.

"none" avoids querying the bootloader dynamically. The BLS
config fragments are still written to
sysroot/boot/loader/entries for use by higher-level software.

More values can be supported in future to specify a single
bootloader, different behavior for the bootloader code, or
a list of bootloaders to try.

Resolves: #1774

Closes: #1814
Approved by: jlebon
2019-03-01 21:20:35 +00:00
Robert Fairley
99cf13b225 libotutil: Add ot_keyfile_get_value_with_default_group_optional()
Add ot_keyfile_get_value_with_default_group_optional() which allows
getting values from keys where the group is optional in the config
file. This is preparatory to add the sysroot.bootloader repo config
key, where the sysroot group is optional.

Closes: #1814
Approved by: jlebon
2019-03-01 21:20:35 +00:00
Robert Fairley
52987b532c tests/test-config: Remove extra space
Closes: #1814
Approved by: jlebon
2019-03-01 21:20:35 +00:00
Matthew Leeds
cfc6046689 ostree/config: Check for too many args
Currently it's not an error to provide too many arguments to an ostree
config command. Change it so we print usage information in that case,
and update the unit tests.

Closes: #1743
Approved by: cgwalters
2019-03-01 16:29:44 +00:00
Matthew Leeds
eecd989d46 ostree/config: Add an "unset" operation
Currently there's a way to set a key to the empty string but there's no
way to unset it completely (remove the key from the group). This might
be helpful for instance if you want to temporarily set
"core.lock-timeout-secs" to a specific value for the duration of one
operation and then return it to the default after that operation
completes.

This commit implements an "unset" operation for the config command, adds
a unit test, and updates the man page.

Closes: #1743
Approved by: cgwalters
2019-03-01 16:29:44 +00:00
Matthew Leeds
2738bbb6d2 tests: Remove unused includes in libostreetest.c
Since commit a06bd82cd we no longer use OVERLAYFS_SUPER_MAGIC or
statfs() so remove the includes for linux/magic.h and sys/vfs.h

Closes: #1815
Approved by: cgwalters
2019-02-11 13:44:07 +00:00
Jeremy Bicha
1ec4945c2d tests: Update for glib 2.59.2
glib 2.59.2 uses a non-breaking space instead of a space to
separate the quantity and unit in g_format_size() so update
our test to handle both a plain space and a non-breaking space.

See https://gitlab.gnome.org/GNOME/glib/issues/1625

Closes: #1818
Approved by: cgwalters
2019-02-11 13:26:32 +00:00
Matthew Leeds
f7a0ec9bf7 tests: Don't skip collection-based summary test
OSTree's P2P support used to be a compile time option but is now always
enabled. One of the tests was still checking for the old feature flag,
"experimental", which has been renamed to "p2p" and skipping for that
reason. Delete the check so the test always runs.

Closes: #1804
Approved by: pwithnall
2019-02-11 00:14:45 +00:00
Dan Nicholson
b33a4e9b1e remote-add: Add --force option to add or replace remote
This uses the OSTREE_REPO_REMOTE_CHANGE_REPLACE operation to add a
remote or replace an existing one. This is roughly the opposite of
--if-not-exists and will raise an error if both options are passed.

Closes: #1166
Approved by: cgwalters
2019-02-08 14:36:41 +00:00
Dan Nicholson
15ba2007a1 repo: Add OstreeRepoRemoteChange replace operation
Add the OSTREE_REPO_REMOTE_CHANGE_REPLACE operation to the
OstreeRepoRemoteChange enum. This operation will add a remote or replace
an existing one. It respects the location of the remote configuration
file when replacing and the remotes config dir settings when adding a
new remote.

Closes: #1166
Approved by: cgwalters
2019-02-08 14:36:41 +00:00
Rafael Fonseca
6e8377cbd1 admin/status: test GPG signature check
Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>

Closes: #1797
Approved by: cgwalters
2019-01-08 14:47:08 +00:00
Umang Jain
963395217a lib/repo-commit: Relax min-free-space check in prepare_transaction()
We want a case where we can disable the min-free-space check. Initially,
it felt like to add a OSTREE_REPO_PULL_FLAGS_DISABLE_FREE_SPACE_CHECK but
the problem is prepare_transaction() does not have a OstreeRepoPullFlags
parameter which we can parse right here. On top of it, prepare_transaction()
enforces min-free-space check and won't let the transaction proceed if
the check failed.

This is pretty bad in conjunction with "inherit-transaction" as what
Flatpak uses. There is no way to disable this check unless we remove
it altogether from prepare_transaction.

This issue came out to light when flatpak wasn't able to write metadata
after fetching from remote:

[uajain@localhost ~]$ flatpak remote-info flathub org.kde.Platform//5.9
error: min-free-space-size 500MB would be exceeded

Metadata objects helps in housekeeping and restricting them means
restricting crucial UX (like search, new updates) functionalities
in clients like gnome-software. The error banners originated from
these issues are also abrupt and not much helpful to the user. This
is the specific instance of the issue this patches tries to address.

See https://github.com/flatpak/flatpak/issues/2139 for discussion.

Closes: #1779
Approved by: mwleeds
2018-12-10 20:04:17 +00:00
Luca Bruno
3ecbdd8197 lib/kargs: allow empty-list arguments
This adds support for empty-list arguments (e.g. `acpi_osi=`), which
are semantically different from simple-keyword arguments.

Ref: https://github.com/projectatomic/rpm-ostree/issues/1706

Closes: #1785
Approved by: cgwalters
2018-12-10 19:39:23 +00:00