IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Linked lists are a data structure with only very obscure
use cases, and this is a classic one where since we're appending
it's O(N^2) behavior.
Also we were leaking the memory.
It's more ergonomic, clearer and efficient to use a ptrarray.
No point in doing a full strlen, we can just check the first byte.
Also, invert the conditional using `continue` to avoid another
level of indentation.
While I resisted taking the next step in binding ourselves
more to GH with discussions...it's way, way better than answering
questions out of band in private (also proprietary) chats.
We haven't been successful in using the GNOME discussion forums.
This drops the `ot-composefs` kernel commandline in favour
of a `[composefs]` section in the `prepare-rootfs.conf` file.
You can set `composefs.enabled` to `signed`, `yes`, `no` or `maybe`,
with `maybe` being the default.
You can also set `composefs.keypath` (or rely on the default
`/etc/ostree/initramfs-root-binding.key`) to point to ed25519 public
keys, one of which which the commit must be signed with, or boot
fails.
The ostree dracut module adds `/etc/ostree/initramfs-root-binding.key`
to the initrd if it exists.
NOTE: This drop the option to define a digest in the commandline.
However, that was currently unused
(i.e. ComposefsConfig.expected_digest was never read).
Additionally it very hard to actually store the composefs digest in
the initrd, as the initrd is typically part of the commit and thus the
composefs. It may be possible to handle this, but lets add it back
when we know exactly how that will work.
The locking here was always too long - by holding the mutex
during the `sync()` call, it means `g_cond_wait_until()` can
never wake up (because its API requires the mutex to be locked).
Confusingly though of course we do still print the "timed out"
message, and I think that tricked us when we were doing testing
here.
We only need to lock the mutex when we're manipulating shared
state, which basically boils down to the `gboolean success`.
A core underlying primitive in the C library is the ability
to arbitrarily reorder bootloader entries.
Let's expose the basic functionality here with the ability to pick
an arbitrarily deployment for the next boot.
Closes: https://github.com/ostreedev/ostree/issues/2965
Today on anything using readonly sysroot `os-init` fails, because
we don't create a mount namespace if the `UNLOCKED` flag is specified
because we assume it's a readonly operation.
Since technically this is a mutation, let's just lock the sysroot
and use the tested path.
In preparation for support for a transient `/etc`:
https://github.com/ostreedev/ostree/issues/2868
particularly in combination with composefs.
Basically it's just much more elegant if we can directly mount
an overlayfs on the *empty* `etc` directory, using `usr/etc` as
the lower.
In the composefs case, we'd have to mount the composefs overlayfs
itself writable (and call `mkdir`) *just* so we can make that
empty `etc` directory which is ugly.
Let's verify that things work with that off, as they should.
Previously:
cb73129483
"deploy: Add a 5s max timeout on global filesystem sync()"
But we may still have problems even with that, see
https://issues.redhat.com/browse/OCPBUGS-15917
where it might be that even a thread doesn't work because
we're locked in the kernel.
Coverity warns when we're checking the return value in most-but-not-all
instances. The code is correct in these instances; we're initializing
the values to defaults. So add a `(void)` cast like we are doing
in many other places.
We shouldn't load anything from the target root filesystem *before*
verifying its integrity if composefs is enabled.
In effect, we want to force composefs users to migrate to
`/usr/lib/ostree/prepare-root.conf` which lives in the initramfs.
(But because we enable sysroot.readonly=true if composefs is enabled
too, they don't actually need to)
Using the repository configuration for configuration of this
program was always a bit hacky.
But actually with composefs, we really must validate
the target root *before* we parse anything in it.
Let's add a config file for `ostree-prepare-root` that can live
in the initramfs, which will already have been verified.
In the future we'll also add configuration for composefs here.
We expect OS builders to drop this in `/usr/lib/ostree/prepare-root.conf`,
but system local configuration can live in `/etc`.
This pushes down the code for parsing the `ostree=` cmdline
in the generator into code that's part of libostree-1.so.
This is prep for using logic shared in libotcore.la.
But in general it's just cleaner to also keep the binary
entrypoint to just be a trampoline into the C library.
