Commit Graph

5443 Commits

Author SHA1 Message Date
Luca BRUNO
840cd7ab2d
libostree/sepolicy: get rid of a g_setenv() call
This removes a 'g_setenv()' call, which could potentially be unsafe
in a multi-thread context.
The current libselinux codebase does not seem to check for
`LIBSELINUX_DISABLE_PCRE_PRECOMPILED`, so I think this has no effects
nowadays.
Additionally, I could not find any reference to it in libselinux
git history, so I'm not sure if it ever played any role at all.

My current understanding is that this is coming from version
incompatibilities between an older libselinux in the build environment
and a newer policy (with precompiled regexs) in the target.
But from the ML discussion I found, I think it eventually got
solved in a different way, possibly by avoiding the policy binary
caches.

Refs:
 * https://www.spinics.net/lists/selinux/msg14822.html
 * https://github.com/ostreedev/ostree/pull/2513#discussion_r781042884
2022-01-11 15:56:13 +00:00
Luca Bruno
7cc8481907
Merge pull request #2513 from lucab/ups/setenv-error
ostree: check g_setenv return value
2022-01-10 17:38:50 +00:00
Luca BRUNO
0bdba574d7
ostree: check g_setenv return value
This adds proper return-value checks on g_setenv calls.
It fixes a static analysis warning highlighted by Coverity.
2022-01-10 13:33:36 +00:00
Luca Bruno
92025018f6
Merge pull request #2512 from lucab/ups/variant-builder-error-memleak
libotutil: avoid leaking builder memory on error
2022-01-10 13:32:25 +00:00
Luca BRUNO
0b1a085692
libotutil: avoid leaking builder memory on error
This swaps the order of a couple of input sanity checks, in order
to fix a minor memory leak due to an early-return on the error
path.
Memory for the result is now allocated only after input has been
sanity-checked.
It fixes a static analysis warning highlighted by Coverity.
2022-01-10 09:30:11 +00:00
Luca Bruno
6cb097fb5e
Merge pull request #2509 from ostreedev/release-2022.1
Release 2022.1
2022-01-05 14:32:55 +00:00
Luca BRUNO
9d3ef89230
configure: post-release version bump 2022-01-05 10:03:59 +00:00
Luca BRUNO
6c903ab0b6
Release 2022.1 2022-01-05 10:03:03 +00:00
Dan Nicholson
8e3323fa2f
Merge pull request #2506 from lucab/ups/dependabot-config
github: add dependabot config
2022-01-04 06:17:08 -07:00
Luca BRUNO
2bfdcea2c5
github: add dependabot config
This adds a configuration file for dependabot, taking care of automatic
updates for all git submodules.
2022-01-04 10:34:30 +00:00
Luca Bruno
a3555f4d12
Merge pull request #2376 from smcv/fuse3
rofiles-fuse: Build using FUSE 3 if possible, falling back to FUSE 2
2022-01-04 10:27:14 +00:00
Simon McVittie
43859b58f6
rofiles-fuse: Build using FUSE 3 if possible, falling back to FUSE 2
This adds build-time configuration logic to automatically detect
and switch between libfuse 2.x and 3.x.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Co-authored-by: Luca BRUNO <luca.bruno@coreos.com>
2022-01-04 09:41:38 +00:00
Colin Walters
4d47733f98
Merge pull request #2505 from lucab/ups/bsdiff-error-throw
lib/static-delta: throw a proper error on bspatch failure
2022-01-03 16:57:52 -05:00
Colin Walters
371c2f12a6
Merge pull request #2504 from lucab/ups/bsdiff-CVE-2014-9862
bsdiff: bump submodule, pick up fix for CVE-2014-9862
2022-01-03 13:20:55 -05:00
Luca BRUNO
eae35b7f6e
lib/static-delta: throw a proper error on bspatch failure
This makes sure that a populated GError is returned when bsdiff
patching fails. The human-friendly label also helps in debugging.
2022-01-03 17:38:51 +00:00
Luca BRUNO
97399c166d
bsdiff: bump submodule, pick up fix for CVE-2014-9862
This updates the bsdiff submodule to latest upstream revision, in
order to pick up additional bound checks for CVE-2014-9862.

Update submodule: bsdiff
Ref:
 * https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/
2022-01-03 16:13:01 +00:00
Colin Walters
a27ccc96fd
Merge pull request #2503 from lucab/ups/libostree-content-writer-header
lib: use ostree-content-writer header
2022-01-03 10:14:48 -05:00
Luca BRUNO
cf814284e0
lib: use ostree-content-writer header
This installs and exposes the content of `ostree-content-writer.h`,
so that library consumers can properly reference symbols defined
in that header.
2022-01-03 14:20:58 +00:00
Dan Nicholson
b1ddc6c248
Merge pull request #2502 from cgwalters/analyzer
two minor clang-analyzer fixes
2021-12-21 16:03:45 -07:00
Colin Walters
d2f5a0476f tests: Fix clang-analyzer not seeing through g_error()
Basically due to the glib structured logging rework we lost the
`noreturn` attribute on `g_error()`.
This is fixed in glib as of f97ff20adf

But we might as well just throw an error here.
2021-12-21 15:14:34 -05:00
Colin Walters
27c14f2be6 soup-uri: Fix clang-analyzer warning by dropping dead code
Fixes `Argument with 'nonnull' attribute passed null` by making
the code not exist at all anymore.

In upstream libsoup this code is gone too; it uses `GUri` from glib
which we probably could now too, but one thing at a time.
2021-12-21 15:13:56 -05:00
Luca Bruno
998863e74d
Merge pull request #2501 from lucab/ups/test-cli-extensions-tweak
tests/cli-extensions: tweak test logic
2021-12-21 14:08:48 +00:00
Luca BRUNO
5dbe37ce78
tests/cli-extensions: tweak test logic
This updates the test logic for CLI extensions, actually checking
for functional output from the subcommand.
It also cleans up some environmental leftover.
2021-12-21 10:18:30 +00:00
Colin Walters
7c6719995d
Merge pull request #2500 from lucab/ups/cli-extensions
main: add support for CLI extensions via external binaries
2021-12-20 13:47:31 -05:00
Luca BRUNO
513b3c09a5
main: add support for CLI extensions via external binaries
This adds some logic to detect and dispatch unknown subcommands to
extensions available in `$PATH`. Additional commands can be
implemented by adding relevant `ostree-$verb` binaries to the system.

As an example, if a `/usr/bin/ostree-extcommand` extension is provided,
the execution of `ostree extcommand --help` will be dispatched to that
as `ostree-extcommand extcommand --help`.
2021-12-20 10:00:02 +00:00
Colin Walters
365559eaa8
Merge pull request #2498 from lucab/ups/test-assert-strings
tests: assert mandatory values are present
2021-12-10 13:25:03 -05:00
Luca BRUNO
f44eaf7e8c
tests: assert mandatory values are present
This adds a couple of string assertions to make sure that
the test run is sane.
2021-12-10 11:33:35 +00:00
Colin Walters
b56786c415
Merge pull request #2496 from lucab/ups/repo-asserts
lib/repo: fix problematic invariant checks
2021-12-07 19:58:23 -05:00
Colin Walters
490f515e18
Merge pull request #2494 from jmarrero/fsf-address
Update FSF license notices to use URL instead of address
2021-12-07 15:51:48 -05:00
Luca BRUNO
58bdfb90c9
lib/repo: do no return a NULL on failure
This turns an existing check into an assert. The previously returned
NULL may result in confusing callers, as none of them is checking for
that.
2021-12-07 16:24:56 +00:00
Luca BRUNO
4a0ebe507f
lib/repo: do no return an arbitrary mode on failure
This turns the existing check into an assert. Otherwise, the previous
code may return an arbitrary repo mode (bare) on failure.
2021-12-07 16:23:02 +00:00
Luca BRUNO
f1e24945fa
lib/repo: assert that writable state and error agree
This adds an assertion to check that writable stable and error
are in sync. The subsequent logic uses them interchangeably.
2021-12-07 16:21:21 +00:00
Joseph Marrero
581a58067b Update FSF license notices to use URL instead of address 2021-12-07 08:34:25 -05:00
Colin Walters
a07b8d6c00
Merge pull request #2493 from cgwalters/summary-lock-shared
repo: Change locking for summary regeneration to be shared
2021-12-06 08:19:12 -05:00
Colin Walters
2c39bd88a9 repo: Change locking for summary regeneration to be shared
This is trying to address:
https://pagure.io/fedora-iot/issue/48

Basically we changed rpm-ostree to start doing a shared lock during
commit by default, but this broke because pungi is starting a process
doing a commit for each architecture, and then trying to regenerate
the summary after each one.

This patch is deleting a big comment with a rationale for why
summary regeneration should be exclusive.  Point by point:

> This makes sure the commits and deltas don't get
> deleted while generating the summary.

But prune operations require an exclusive lock, which means that
data still can't be deleted when the summary grabs a shared lock.

> It also means we can be sure refs
> won't be created/updated/deleted during the operation, without having to
> add exclusive locks to those operations which would prevent concurrent
> commits from working.

First: The status quo *has* prevented concurrent commits from working!

There is no real locking solution to this problem. What we really
need to do here is regenerate the summary after each commit *or*
when the caller decides to do it and e.g. include deltas at the same
time.

It's OK if multiple threads race to regenerate the summary;
last-one-wins behavior here is totally fine.
2021-12-03 14:42:03 -05:00
Jonathan Lebon
267ca93da2
Merge pull request #2490 from lucab/ups/static-fixes 2021-11-26 10:55:15 -05:00
Luca BRUNO
cefc1d7854
lib: misc static analysis fixes
This fixes a few warnings from coverity, none of which really
interesting.
2021-11-26 15:11:00 +00:00
Colin Walters
2dc6ec70ec
Merge pull request #2489 from ostreedev/release-2021.6
Release 2021.6
2021-11-23 09:01:57 -05:00
Luca BRUNO
281d310224
configure: post-release version bump 2021-11-23 10:15:19 +00:00
Luca BRUNO
f1155c8d28
Release 2021.6 2021-11-23 10:13:32 +00:00
Colin Walters
48dfff2754
Merge pull request #2486 from jlebon/pr/remount-ostree
app: Only remount /sysroot if needed
2021-11-22 13:35:28 -05:00
Jonathan Lebon
947acbf178 app: Only remount /sysroot if needed
We should only try to remount `/sysroot` if we're actually handling the
sysroot repo and the repo isn't writable. We already have public APIs to
check each of those, so let's use them.

Closes: #2485
2021-11-19 11:01:18 -05:00
Colin Walters
f552e30c0b
Merge pull request #2484 from dbnicholson/prune-serialize
lib/prune: Avoid unnecessary object serialization
2021-11-18 14:49:15 -05:00
Dan Nicholson
47d32d9ead lib/prune: Avoid unnecessary object serialization
`repo_prune_internal` was deserializing each object and passing the
components to `maybe_prune_loose_object`, which promptly reserialized
it.
2021-11-18 11:04:06 -07:00
Luca Bruno
edbcf52134
Merge pull request #2481 from refi64/null-error
lib: Avoid dereferencing NULL error values
2021-11-12 15:19:29 +00:00
Ryan Gonzalez
9c1fe55bbc lib: Avoid dereferencing NULL error values
Otherwise, this will segfault when callers don't need any exact errors.

Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
2021-11-12 08:29:05 -06:00
Colin Walters
e39280ff21
Merge pull request #2479 from cgwalters/ci-capsh
ci: Require `libcap2-bin` for `capsh`
2021-11-09 10:44:08 -05:00
Colin Walters
dff36697cd
Merge pull request #2477 from ratajs/patch-1
Add Fedora Kinoite link
2021-11-09 09:32:02 -05:00
Colin Walters
1a86517d65
Merge pull request #2476 from valentindavid/valentindavid/glib-fix
lib: Fix a bad call to g_file_get_child
2021-11-09 09:27:18 -05:00
Colin Walters
3b338df956 ci: Require libcap2-bin for capsh
This was previously pulled in indirectly, but it looks like we need
to require it explicitly in newer Ubuntu.
2021-11-09 09:22:43 -05:00