5120 Commits

Author SHA1 Message Date
Colin Walters
857587615d Add an API+CLI to inject metadata for bootable OSTree commits
I was doing some rpm-ostree work and I wanted to compare two
OSTree commits to see if the kernel has changed.  I think
this should be a lot more natural.

Add `ostree commit --bootable` which calls into a new generic
library API `ostree_commit_metadata_for_bootable()` that
discovers the kernel version and injects it as an `ostree.linux`
metadata key.  And for extra clarity, add an `ostree.bootable`
key.

It's interesting because the "core" OSTree layer is all about
generic files, but this is adding special APIs around bootable
OSTree commits (as opposed to e.g. flatpak as well as
things like rpm-ostree's pkgcache refs).

Eventually, I'd like to ensure everyone is using this and
hard require this metadata key for the `ostree admin deploy`
flow - mainly to prevent accidents.
2021-03-12 19:01:42 +00:00
OpenShift Merge Robot
31e19935b5
Merge pull request #2293 from ostreedev/fix-file-uri-decoding
Fix translation of file:// URIs into paths
2021-03-10 21:14:51 +01:00
Phaedrus Leeds
19577522f8 Fix translation of file:// URIs into paths
Currently if a file path contains a special character such as '\', and
that character is encoded into a file:// URI that is passed to
ostree_repo_pull_with_options(), the percent encoding will remain in the
path passed to g_file_new() (in the case of backslash %5C) and the pull
will then fail with a file not found error. This is an important edge
case to handle because by default on many Linux distributions a
filesystem with no label is mounted at a path based on its UUID, and
this is then passed to systemd-escape by Flatpak (when
--enable-auto-sideloading was used at compile time) to create a symbolic
link such as this which contains backslashes:

$ ls -l /run/flatpak/sideload-repos/
total 0
lrwxrwxrwx 1 mwleeds mwleeds 55 Mar  9 14:21
'automount-run-media-mwleeds-29419e8f\x2dc680\x2d4e95\x2d9a31\x2d2cc907d421cb'
-> /run/media/mwleeds/29419e8f-c680-4e95-9a31-2cc907d421cb

And Flatpak then passes libostree a file:// URI containing that path, to
implement sideloading (pulling content from the USB drive).

This results in an error like:

Error: While pulling app/org.videolan.VLC/x86_64/stable from remote
flathub:
/run/flatpak/sideload-repos/automount-run-media-mwleeds-29419e8f%5Cx2dc680%5Cx2d4e95%5Cx2d9a31%5Cx2d2cc907d421cb/.ostree/repo:
opendir(/run/flatpak/sideload-repos/automount-run-media-mwleeds-29419e8f%5Cx2dc680%5Cx2d4e95%5Cx2d9a31%5Cx2d2cc907d421cb/.ostree/repo):
No such file or directory

This patch avoids such errors by using g_file_new_for_uri() instead of
g_file_new_for_path(), so that GLib handles the %-decoding for us.

Bug report by user:
https://community.endlessos.com/t/can-not-install-vlc-from-usb-drive-3-9-3/16353
2021-03-10 10:11:06 -08:00
Phaedrus Leeds
2709da4360 pull: Fix some whitespace and a comment 2021-03-10 10:01:04 -08:00
OpenShift Merge Robot
8459d52fbc
Merge pull request #2292 from pwithnall/summary-leak
ostree-repo-pull: Fix a leak of the summary data if loading from cache
2021-03-09 14:27:50 +01:00
Philip Withnall
60881b75ec ostree-repo-pull: Fix a leak of the summary data if loading from cache
If the `summary_sig_not_modified` branch is taken above, both
`signatures` and `summary` are loaded from the cache. This makes the
`_ostree_repo_load_cache_summary_if_same_sig()` call below redundant (it
checks `signatures` matches the file it was just loaded from, and then
loads `summary` again) — but that call also currently overwrites
`summary` without clearing the old value.

Fix this by only making that call if `signatures` was retrieved, but the
server said the local `summary` cache was invalid.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-09 11:47:23 +00:00
OpenShift Merge Robot
f9a38436fa
Merge pull request #2290 from ostreedev/fix-repo-modes-docs
man: Add missing repo mode in config docs
2021-03-08 23:49:34 +01:00
Phaedrus Leeds
d3e40ca7f6 man: Add missing repo mode in config docs 2021-03-08 13:18:31 -08:00
OpenShift Merge Robot
fd7e96469f
Merge pull request #2288 from leograba/master
docs: Add Torizon to related projects and OS
2021-03-04 19:34:17 -05:00
Leonardo Graboski Veiga
3b935f0d22 docs: Add Torizon to related projects and OS
The Torizon platform, includin the TorizonCore OS, the TorizonCore
Builder Tool and the Torizon OTA, use OSTree as a base for update the
host OS, while the user focus on application development using Docker.

Add TorizonCore to the list of Operating systems and distributions using
OSTree.

Add Torizon and its components to the list of related projects.
2021-03-04 17:04:38 -03:00
OpenShift Merge Robot
ba407750b1
Merge pull request #2287 from jlebon/pr/deployment-parsing-comments
lib/sysroot: Add comments and debug statements around sysroot parsing
2021-03-03 14:36:52 -05:00
Jonathan Lebon
02b6197924 lib/sysroot: Add comments and debug statements around sysroot parsing
Was looking at this code more closely today to investigate issues
related to bootlink mismatches (#2283).
2021-03-02 15:36:27 -05:00
OpenShift Merge Robot
c97aafcda3
Merge pull request #2285 from cgwalters/log-bootloader-stuff
deploy: Add subbootversion to journal
2021-02-28 16:21:15 +01:00
Colin Walters
975496d241 deploy: Add subbootversion to journal
To help debug an issue we've seen where `/boot` isn't
in sync with the `/ostree/boot` dir, let's log to the journal
what we're doing.
2021-02-28 14:47:58 +00:00
OpenShift Merge Robot
ee490bf9ba
Merge pull request #2284 from cgwalters/use-rpmostree-client
tests/inst: Switch to rpmostree-client from git
2021-02-26 01:59:56 +01:00
Colin Walters
dc10bdfb0c tests/inst: Switch to rpmostree-client from git
See discussion in https://github.com/coreos/rpm-ostree/pull/2569#issuecomment-780569188
Currently pinned to a hash, but after the next stable release let's switch to tags
2021-02-23 15:20:54 +00:00
OpenShift Merge Robot
ea3a971f33
Merge pull request #2282 from cgwalters/resolve-nullable
refs: Make ostree_repo_resolve_rev{,_ext}() use (nullable)
2021-02-18 22:44:21 -05:00
Colin Walters
093c63cd46 refs: Make ostree_repo_resolve_rev{,_ext}() use (nullable)
We have an `allow_noent` boolean that controls this, but
were missing the `(nullable)` annotation, so the Rust bindings
panic when the ref doesn't exist instead of being `Option<GString>`.
2021-02-19 01:11:43 +00:00
OpenShift Merge Robot
172a845c2b
Merge pull request #2280 from cgwalters/readme-fix-contributing
README.md: Fix contributing link, add contact section
2021-02-17 17:06:34 -05:00
Colin Walters
bf4bbeca14 README.md: Fix contributing link, add contact section
Came up on #fedora-iot channel.
2021-02-16 15:48:33 +00:00
OpenShift Merge Robot
35292273fc
Merge pull request #2279 from cgwalters/doc-scratch-delta
docs: Describe using scratch/empty deltas for initial fetches
2021-02-12 12:26:03 -05:00
Colin Walters
2195a6099b docs: Describe using scratch/empty deltas for initial fetches
Came up with a user hitting ratelimiting from S3.
2021-02-11 21:19:59 +00:00
OpenShift Merge Robot
12d246301f
Merge pull request #2277 from cgwalters/ci-asan
Add --enable-sanitizers, fix `make check` with it
2021-02-05 11:43:37 -05:00
Colin Walters
d49f3291ad Add --enable-sanitizers, fix make check with it
It's cleaner if this is an build option rather than being
kludged into the CI layer.

Notably we can't use `LD_PRELOAD` anymore with ASAN, so update
our tests to check for `ASAN_OPTIONS`.
2021-02-03 20:33:19 +00:00
OpenShift Merge Robot
0485817978
Merge pull request #2274 from cgwalters/delta-leak
deltas: Fix leak of matches
2021-02-03 10:07:44 -05:00
OpenShift Merge Robot
f0b619dfb9
Merge pull request #2275 from cgwalters/ci-rework
CI: run as non-root and add sanitizer build+check
2021-02-03 09:58:42 -05:00
OpenShift Merge Robot
38ba9a66c8
Merge pull request #2276 from lucab/ups/tests-enhance-destructive
tests/ext/destructive: enhance test logic
2021-02-03 08:58:43 -05:00
Luca BRUNO
bf2c23ca06
tests/ext/destructive: enhance test logic
This enhances external-tests logic, ensuring that destructive tests
have retries and some context to pinpoint failures, and that failed-state
services are reset between iterations.
2021-02-03 12:25:02 +00:00
Colin Walters
5a5f54a459 deltas: Fix leak of matches
Found by ASAN.
2021-02-02 21:26:43 +00:00
OpenShift Merge Robot
9b8871cf97
Merge pull request #2273 from cgwalters/link-stb-apt2ostree
README.md: Also link apt2ostree
2021-02-02 16:21:24 -05:00
Colin Walters
6b5aef7612 ci: Add new build-check-sanitized.sh
All C/C++ projects should use the sanitizers (and static analysis)
in their CI.  We had this but lost it in one of our CI shuffles;
let's readd it.
2021-02-02 21:09:23 +00:00
Colin Walters
afb032e693 ci: Don't install deps if running as non-root
This way we run in Prow too.
2021-02-02 21:08:54 +00:00
Colin Walters
5d730472ae README.md: Also link apt2ostree
Since the topic of Debian+ostree-for-host comes up fairly often.
2021-01-31 16:07:05 +00:00
OpenShift Merge Robot
c216a438b8
Merge pull request #2267 from dbnicholson/pull-depth-fixes
Pull depth fixes
2021-01-12 17:34:03 -05:00
Dan Nicholson
d7f2955f37 pull: Fix local pull with depth and truncated source history
The local pull path was erroring on any missing commit, but that
prevents a depth pull where the source repo has truncated history. As in
the remote case, this also tries to pull in a tombstone commit if the
source repo supports it.

Fixes: #2266
2021-01-12 14:19:01 -07:00
Dan Nicholson
20047ff1fe pull: Error on depth pull with missing head commit
When pulling with depth, missing parent commits are ignored. However,
the check was applying to any commit, which means that it would succeed
even if the requested commit was missing. This might happen on a
corrupted remote repo or when using ref data from a stale summary.

To achieve this, the semantics of the `commit_to_depth` hash table is
changed slightly to only ever includes parent commits. This makes it
easy to detect when a parent commit is being referenced (although there
is a minor bug there when multiple refs are being pulled) while keeping
references to commits that need their `commitpartial` files cleaned up.
It also means that the table is only populated on depth pulls, which
saves some memory and processing in the common depth=0 case.

Fixes: #2265
2021-01-12 14:19:01 -07:00
OpenShift Merge Robot
bdca64340b
Merge pull request #2263 from cgwalters/createat-nullable
repo: Make ostree_repo_create_at take nullable options
2021-01-12 03:38:46 -05:00
OpenShift Merge Robot
1a36dc08b0
Merge pull request #2257 from cgwalters/fsverity
repo: Move fsverity bits to ostree-repo-verity.c
2021-01-11 20:27:51 -05:00
Colin Walters
125c83850a repo: Make ostree_repo_create_at take nullable options
Hit this when trying to use the Rust bindings.
2021-01-12 01:20:23 +00:00
Dan Nicholson
b4f06b47a3 tests: Ensure no dangling commit partials on remote depth pull
This was already being done on the local depth pull test, so this just
adds the matching logic to the remote depth pull test.
2021-01-11 16:07:29 -07:00
Colin Walters
441233b51c repo: Move fsverity bits to ostree-repo-verity.c
This file will get larger when we start doing more with fsverity.
2021-01-11 14:36:40 +00:00
OpenShift Merge Robot
0b90f1f9a8
Merge pull request #2261 from cgwalters/boot-ro-more
sysroot: Handle ro /boot but rw /sysroot
2021-01-11 09:20:30 -05:00
Colin Walters
9a526bbaa5 sysroot: Handle ro /boot but rw /sysroot
The recent change in https://github.com/coreos/fedora-coreos-config/pull/659
broke some of our tests that do `mount -o remount,rw /sysroot` but
leave `/boot` read-only.

We had code for having `/boot` read-only before `/sysroot` but
in practice we had a file descriptor for `/sysroot` that we opened
before the remount that would happen later on.

Clean things up here so that in the library, we also remount
`/boot` at the same time we remount `/sysroot` if either are readonly.

Delete the legacy code for remounting `/boot` rw if we're not in
a mount namespace.  I am fairly confident most users are either
using the `ostree` CLI, or they're using the mount namespace.
2021-01-10 13:49:44 +00:00
Colin Walters
a1c0cffeb3 sysroot: Also maintain canonical boot_fd
Just like we hold a fd for `/sysroot`, also do so for `/boot`
instead of opening and closing it in a few places.

This is a preparatory cleanup for further work.
2021-01-10 13:46:11 +00:00
Colin Walters
10556a95b4 main: Unconditionally set up mount namespace
I was being very conservative initially here, but I think it's
really safe to just unconditionally set up the mount namespace.

This avoids having to check twice for a read-only `/sysroot`
(once in the binary and once in the library).
2021-01-10 13:40:52 +00:00
OpenShift Merge Robot
fd9d422c51
Merge pull request #2254 from dbnicholson/coding-style
pull: Use GNU coding style
2020-12-18 18:54:08 +00:00
Dan Nicholson
92a484d278 pull: Use GNU coding style 2020-12-18 09:13:38 -07:00
OpenShift Merge Robot
39aa419dfa
Merge pull request #2253 from dbnicholson/pull-no-verify-bindings
pull: Allow disabling commit binding verification
2020-12-18 15:39:29 +00:00
Dan Nicholson
4db2ba0eb1 pull: Allow disabling commit binding verification
In some cases such as backups or mirroring you may want to pull commits
from one repo to another even if there commits that have incorrect
bindings. Fixing the commits in the source repository to have correct
bindings may not be feasible, so provide a pull option to disable
verification.

For Endless we have several repositories that predate collection IDs and
ref bindings. Later these repositories gained collection IDs to support
the features they provide and ref bindings as the ostree tooling was
upgraded. These repositories contain released commits that were valid to
the clients they were targeting at the time. Correcting the bindings is
not really an option as it would mean invalidating the repository
history.
2020-12-17 14:07:08 -07:00
OpenShift Merge Robot
5551c54c6e
Merge pull request #2249 from mwleeds/fix-readme-flatpak-typo
README: Fix typos of Flatpak
2020-12-02 05:55:25 +01:00