Commit Graph

6992 Commits

Author SHA1 Message Date
Eric Curtin
9e51fb1627 docs: Fix spelling and grammer
Make Android bootloader section clearer.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-04-24 21:00:42 +01:00
Eric Curtin
998a0ab57b docs: More accurate diagram in bootloaders documentation for aboot
The android bootloader is also split into two partitions, previously
that wasn't represented in the diagram.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-04-24 21:00:37 +01:00
Eric Curtin
c8c436e5db
Merge pull request #3231 from alexlarsson/fix-aboot-non-ab
prepare-root: Handle non-AB aboot properly
2024-04-15 20:48:09 +01:00
Alexander Larsson
6ac8c49a83 prepare-root: Handle non-AB aboot properly
otcore_get_ostree_target() should set is_aboot for android boot
systems, but currently it only does this on A/B boot systems, not
single-boot-partition systems. Fix this by setting it in the second
case.
2024-04-15 20:09:34 +02:00
Colin Walters
99ef9806e2
Merge pull request #3230 from cgwalters/initfs-epoch-2
init-fs: Add --epoch=2
2024-04-12 19:56:35 -04:00
Colin Walters
818af91dfe
Merge pull request #3108 from cgwalters/use-external-composefs
Switch to external composefs
2024-04-12 17:48:22 -04:00
Colin Walters
eb54a44169 Switch to external composefs
Since there's now a stable shared library, let's use it.
2024-04-12 16:16:21 -04:00
Colin Walters
8a9f067d61 ci: Drop SKIP_INSTALLDEPS=1
Right now there's skew where we don't have composefs-devel
in the buildroot.  In general this optimization isn't worth it.
2024-04-12 16:16:21 -04:00
Colin Walters
3647395fe5 tests: Skip composefs tests without the feature
Previously this was masked by us shipping composefs vendored.
2024-04-12 16:16:21 -04:00
Colin Walters
74a3d2da9c init-fs: Add --epoch=2
We want to start switching things so that the toplevel `/ostree`
repository is mode 0700, to close off unprivileged code
from being able to access it.  Previous deployment roots
may have setuid binaries, etc.  The `/var/lib/containers/storage`
directory is mode 0700 for this reason I believe.

Closes: https://github.com/ostreedev/ostree/issues/3211
2024-04-12 16:10:36 -04:00
Colin Walters
0c0b6cee61
Merge pull request #3229 from cgwalters/init-deploy-0700
init-fs: Add --epoch
2024-04-12 14:00:27 -04:00
Colin Walters
38f6b9b3ab init-fs: Add --epoch
I want to add another variant here, and `--modern` is now old.  Let's
acknowledge that we may want to make even more changes in the
future.  So `--modern == --epoch=1` but I will add `--epoch=2` after
this.
2024-04-12 08:56:13 -04:00
Colin Walters
3c2e9d0974
Merge pull request #3227 from alexlarsson/fix-fsverity-error-check
_ostree_ensure_fsverity: Properly check for errors
2024-04-08 12:40:03 -04:00
Alexander Larsson
374fb05d0e _ostree_ensure_fsverity: Properly check for errors
If fs_verity_wanted == _OSTREE_FEATURE_YES we should fail if
!suported, but we were checking !supported where supported is a
pointer, not a boolean. This caused us to miss errors when the kernel
didn't support fs-verity that lead to lots of debugging.
2024-04-08 17:05:23 +02:00
Colin Walters
d05c48b746
Merge pull request #3226 from ericcurtin/rm-rhivos
README & docs: Remove "RHIVOS" acronym
2024-03-30 09:40:17 -04:00
Eric Curtin
24c0c1c4f6 README & docs: Remove "RHIVOS" acronym
Remove the unofficial acronym RHIVOS from both the README and docs
files. The acronym is associated with Red Hat In-Vehicle Operating
System but isn't officially recognized.

Co-Authored-By: Felicia Kleinfelt <fkleinfe@redhat.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-03-30 13:19:00 +00:00
Colin Walters
3c25a93bac
Merge pull request #3220 from jlebon/pr/on-failure-isolate
ostree-prepare-root.service: add OnFailureJobMode=isolate
2024-03-21 13:57:45 -04:00
Jonathan Lebon
05b3b66275
ostree-prepare-root.service: add OnFailureJobMode=isolate
This is stronger than the default (`replace`) because it tells systemd
to *stop everything* and go to `emergency.target`. In other codebases,
this has definitely helped me with the problem of "systemd keeps going
even after a failure".

Likely addresses #3219.

See also e.g. 3d2e165f97.
2024-03-21 12:19:32 -04:00
Colin Walters
dc4d4b5592
Merge pull request #3218 from cgwalters/policy-allow-none
sepolicy: Add missing `(nullable)`
2024-03-19 12:28:54 -04:00
Joseph Marrero Corchado
b96b4ff46a
Merge pull request #3216 from cgwalters/mirrorlist-retries
curl: Also map HTTP errors for retries
2024-03-19 10:48:43 -04:00
Colin Walters
45453b73e5 sepolicy: Add missing (nullable)
This can return NULL if there's no real policy.

Now obviously we need to update the Rust bindings too but...
I am having trouble doing that, we're pretty out of date with
upstream.
2024-03-19 10:23:43 -04:00
Colin Walters
76ab862188 curl: Also map HTTP errors for retries
When we added the retry logic, the intention here was definitely
to do it not just for network errors but also e.g. HTTP 500s and
the like.

xref https://pagure.io/releng/issue/11439
where we rather painfully debugged that this was missing.
2024-03-15 18:45:22 -04:00
Colin Walters
7fdc792f85
Merge pull request #3215 from cgwalters/release
Release 2024.5
2024-03-14 11:26:35 -04:00
Colin Walters
1bc7d20777 configure: post-release version bump 2024-03-14 09:47:14 -04:00
Colin Walters
f3b66e8c2d Release 2024.5 2024-03-14 09:46:17 -04:00
Colin Walters
756e2dade0
Merge pull request #3214 from cgwalters/checkout-overwrite-force
checkout: Always replace existing content with overlay mode
2024-03-13 16:05:23 -04:00
Colin Walters
bb6dfd3ab0 checkout: Always replace existing content in overlay mode
The combination of the "honor whiteout" and "union" flags
are intended to basically be "merge trees like overlayfs does".
But we were missing this case in order to support e.g. replacing
a symlink with a directory.
2024-03-13 14:07:54 -04:00
Jonathan Lebon
c314eaa90c
Merge pull request #3213 from rborn-tx/fix-early-prune 2024-03-13 13:24:27 -04:00
Rogerio Guerra Borin
4efb44f35a deploy: Ensure boot directory is open before accessing it
This fixes a bug in the (early) deployment pruning function which before
tried to access the boot directory without opening it first.

Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
2024-03-12 17:29:35 -03:00
Huijing Hei
223a1af4b5
Merge pull request #3208 from HuijingHei/split-whitespace
kargs: parse spaces in kargs input and keep quotes
2024-03-11 09:59:43 +08:00
HuijingHei
abc7d5b9a0 kargs: parse spaces in kargs input and keep quotes
According to Jonathan's suggestion, should fix the code from
ostree repo.

With this patch:
- kargs input like "init_on_alloc=1 init_on_free=1", will be
parsed as 2 seperated args `init_on_alloc=1` and `init_on_free=1`,
instead of whole;
- According to https://www.kernel.org/doc/html/v4.14/admin-guide/kernel-parameters.html,
need to keep spaces in double-quotes, like `param="spaces in here"`
will be parsed as whole instead of 3.

Fixes https://github.com/coreos/rpm-ostree/issues/4821
2024-03-08 10:01:06 +08:00
Eric Curtin
d95c2f8dd8
Merge pull request #3206 from cgwalters/enable-new-naming
sysroot: Turn on bootloader-naming-2 by default
2024-03-07 10:53:56 +00:00
Colin Walters
2fb7a04838 sysroot: Turn on bootloader-naming-2 by default
I think it's about time we flipped this on by default;
like the bootprefix I was a bit too chicken.  We still have
a `bootloader-naming-1` that can be flipped on in case of
some regression.

Closes: https://github.com/ostreedev/ostree/issues/2961
2024-02-28 09:40:34 -05:00
Colin Walters
f1e663bdb2
Merge pull request #3205 from cgwalters/fix-grub-probing
bootloader/grub2: Don't do anything if we have static configs
2024-02-27 16:00:29 -05:00
Colin Walters
e47b370963 bootloader/grub2: Don't do anything if we have static configs
This builds on top of fa9924e4fe
(But in a very hacky way because we don't currently link to a JSON library)

Basically, bootupd supports injecting static configs, and this
is the currently least hacky way for us to detect this and understand
that we shouldn't try to run `grub2-mkconfig`.

A further patch I'd like to do here is also change the probing
logic to gracefully no-op if `grub2-mkconfig` doesn't exist,
but that has a bit more risk and involvement.
2024-02-27 14:21:26 -05:00
Colin Walters
b4a1e38392
Merge pull request #3204 from cgwalters/quiet-config-load
otcore: Drop config load print
2024-02-27 13:03:45 -05:00
Colin Walters
1a54d94fed
Merge pull request #3203 from dbnicholson/version-sigpipe
main: Ignore SIGPIPE when printing version
2024-02-27 12:24:35 -05:00
Colin Walters
bf811629c0 otcore: Drop config load print
Now that we're using `otcore_load_config` from the deploy
path we end up printing to stdout even for API callers (e.g.
our own CLI tools, and rpm-ostree/bootc/etc) which is wrong.

We don't need this print, so just drop it.
2024-02-27 10:59:47 -05:00
Dan Nicholson
422a2887d7 main: Ignore SIGPIPE when printing version
In order to do a runtime feature check, `ostree --version` can be piped
to `grep` or similar. However, if the read end of the pipe doesn't read
all of the output, `ostree` will receive `SIGPIPE` when trying to write
output. Ignore it so that `ostree` still exits successfully in that
case.
2024-02-27 08:41:46 -07:00
Colin Walters
1b3ffe54e8
Merge pull request #3196 from cgwalters/fix-sepolicy-public
sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled
2024-02-25 10:45:12 -05:00
Timothée Ravier
3ae7118e04
Merge pull request #3199 from travier/docs-fix
docs: Move SPDX identifiers under first title
2024-02-24 16:45:37 +01:00
Timothée Ravier
a63f951601 docs: Cleanup title for historical OSTree README 2024-02-24 16:39:19 +01:00
Timothée Ravier
4ae5065844 docs: Move SPDX identifiers under first title
Having a comment right before the first title apparently confuses
Jekyll.

Fixes: https://github.com/ostreedev/ostree/pull/3185
2024-02-24 16:39:19 +01:00
Colin Walters
cdb4cad46d
Merge pull request #3197 from cgwalters/release
Release 2024.4
2024-02-23 16:21:11 -05:00
Colin Walters
084e027d0b sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled
As this is only used by internal code, just drop the `_OSTREE_PUBLIC`
marker for now.  If we have a reason to export it we can do that
later.

Closes: https://github.com/ostreedev/ostree/issues/3182
2024-02-23 13:46:50 -05:00
Colin Walters
14a5746d05 Post-release version bump 2024-02-23 13:45:37 -05:00
Colin Walters
2d2e0bddf3 Release 2024.4 2024-02-23 13:45:21 -05:00
Jonathan Lebon
26e220e0c0
Merge pull request #3195 from ericcurtin/pr3192_comments 2024-02-23 11:30:00 -05:00
Eric Curtin
e48cdb90d3 sysroot: Reword comment and use gboolean over bool, error handling
Be more explicit in the comment, and use gboolean over bool. Less header
inclusions when we use gboolean. Although bool is used in some places.
Write a separate _ostree_sysroot_parse_bootlink_aboot function for
aboot. Make is_aboot optional. Handle invalid androidboot karg and no
ostree and androidboot kargs differently.

Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-23 14:58:48 +00:00
Eric Curtin
e790e79e11
Merge pull request #3192 from ericcurtin/ostree-impl-system-generator-aboot
generator: Fixes for Android Boot environment
2024-02-22 17:06:19 +00:00