Commit Graph

6962 Commits

Author SHA1 Message Date
HuijingHei
abc7d5b9a0 kargs: parse spaces in kargs input and keep quotes
According to Jonathan's suggestion, should fix the code from
ostree repo.

With this patch:
- kargs input like "init_on_alloc=1 init_on_free=1", will be
parsed as 2 seperated args `init_on_alloc=1` and `init_on_free=1`,
instead of whole;
- According to https://www.kernel.org/doc/html/v4.14/admin-guide/kernel-parameters.html,
need to keep spaces in double-quotes, like `param="spaces in here"`
will be parsed as whole instead of 3.

Fixes https://github.com/coreos/rpm-ostree/issues/4821
2024-03-08 10:01:06 +08:00
Eric Curtin
d95c2f8dd8
Merge pull request #3206 from cgwalters/enable-new-naming
sysroot: Turn on bootloader-naming-2 by default
2024-03-07 10:53:56 +00:00
Colin Walters
2fb7a04838 sysroot: Turn on bootloader-naming-2 by default
I think it's about time we flipped this on by default;
like the bootprefix I was a bit too chicken.  We still have
a `bootloader-naming-1` that can be flipped on in case of
some regression.

Closes: https://github.com/ostreedev/ostree/issues/2961
2024-02-28 09:40:34 -05:00
Colin Walters
f1e663bdb2
Merge pull request #3205 from cgwalters/fix-grub-probing
bootloader/grub2: Don't do anything if we have static configs
2024-02-27 16:00:29 -05:00
Colin Walters
e47b370963 bootloader/grub2: Don't do anything if we have static configs
This builds on top of fa9924e4fe
(But in a very hacky way because we don't currently link to a JSON library)

Basically, bootupd supports injecting static configs, and this
is the currently least hacky way for us to detect this and understand
that we shouldn't try to run `grub2-mkconfig`.

A further patch I'd like to do here is also change the probing
logic to gracefully no-op if `grub2-mkconfig` doesn't exist,
but that has a bit more risk and involvement.
2024-02-27 14:21:26 -05:00
Colin Walters
b4a1e38392
Merge pull request #3204 from cgwalters/quiet-config-load
otcore: Drop config load print
2024-02-27 13:03:45 -05:00
Colin Walters
1a54d94fed
Merge pull request #3203 from dbnicholson/version-sigpipe
main: Ignore SIGPIPE when printing version
2024-02-27 12:24:35 -05:00
Colin Walters
bf811629c0 otcore: Drop config load print
Now that we're using `otcore_load_config` from the deploy
path we end up printing to stdout even for API callers (e.g.
our own CLI tools, and rpm-ostree/bootc/etc) which is wrong.

We don't need this print, so just drop it.
2024-02-27 10:59:47 -05:00
Dan Nicholson
422a2887d7 main: Ignore SIGPIPE when printing version
In order to do a runtime feature check, `ostree --version` can be piped
to `grep` or similar. However, if the read end of the pipe doesn't read
all of the output, `ostree` will receive `SIGPIPE` when trying to write
output. Ignore it so that `ostree` still exits successfully in that
case.
2024-02-27 08:41:46 -07:00
Colin Walters
1b3ffe54e8
Merge pull request #3196 from cgwalters/fix-sepolicy-public
sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled
2024-02-25 10:45:12 -05:00
Timothée Ravier
3ae7118e04
Merge pull request #3199 from travier/docs-fix
docs: Move SPDX identifiers under first title
2024-02-24 16:45:37 +01:00
Timothée Ravier
a63f951601 docs: Cleanup title for historical OSTree README 2024-02-24 16:39:19 +01:00
Timothée Ravier
4ae5065844 docs: Move SPDX identifiers under first title
Having a comment right before the first title apparently confuses
Jekyll.

Fixes: https://github.com/ostreedev/ostree/pull/3185
2024-02-24 16:39:19 +01:00
Colin Walters
cdb4cad46d
Merge pull request #3197 from cgwalters/release
Release 2024.4
2024-02-23 16:21:11 -05:00
Colin Walters
084e027d0b sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled
As this is only used by internal code, just drop the `_OSTREE_PUBLIC`
marker for now.  If we have a reason to export it we can do that
later.

Closes: https://github.com/ostreedev/ostree/issues/3182
2024-02-23 13:46:50 -05:00
Colin Walters
14a5746d05 Post-release version bump 2024-02-23 13:45:37 -05:00
Colin Walters
2d2e0bddf3 Release 2024.4 2024-02-23 13:45:21 -05:00
Jonathan Lebon
26e220e0c0
Merge pull request #3195 from ericcurtin/pr3192_comments 2024-02-23 11:30:00 -05:00
Eric Curtin
e48cdb90d3 sysroot: Reword comment and use gboolean over bool, error handling
Be more explicit in the comment, and use gboolean over bool. Less header
inclusions when we use gboolean. Although bool is used in some places.
Write a separate _ostree_sysroot_parse_bootlink_aboot function for
aboot. Make is_aboot optional. Handle invalid androidboot karg and no
ostree and androidboot kargs differently.

Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-23 14:58:48 +00:00
Eric Curtin
e790e79e11
Merge pull request #3192 from ericcurtin/ostree-impl-system-generator-aboot
generator: Fixes for Android Boot environment
2024-02-22 17:06:19 +00:00
Joseph Marrero Corchado
b460d28405
Merge pull request #3194 from alexlarsson/composefs-no-hotfix
prepare-root: Disallow hotfixes if using signed composefs images
2024-02-22 11:25:41 -05:00
Huijing Hei
311def51a5
Merge pull request #3185 from travier/main-docs-spdx-fixes
Docs fixes & SPDX identifiers uniformisation
2024-02-22 21:44:57 +08:00
Alexander Larsson
41fd55aa79 prepare-root: Disallow hotfixes if using signed composefs images
As mentioned in https://github.com/ostreedev/ostree/issues/3187, we
can't allow a hotfix overlay of /usr when using signed composefs
images as that would allow an attacker to persist something used
across boots.
2024-02-22 12:10:41 +01:00
Eric Curtin
4a71845b12 generator: Fixes for Android Boot environment
In Android Boot environment we do not parse ostree= karg to determine
what directory to boot into, alternatively we do this based on the
androidboot.slot_suffix= karg. But we do set ostree=true karg to denote
that we are indeed booting an ostree environment (required for some
systemd unit files). This change accounts for this approach in the
systemd generator. In this case androidboot.slot_suffix= points you to
/ostree/root.[a|b] and then that points you to the directory to boot
into in /ostree/deploy... Here is what a cmdline may look like in this
type of environment:

androidboot.slot_suffix=_a androidboot.bootdevice=*.ufshc root=PARTLABEL=system_a root=UUID=76a22bf4-f153-4541-b6c7-0332c0dfaeac rw ostree=true loglevel=4 acpi=off console=ttyAMA0 systemd.show_status=auto libahci.ignore_sss=1 slub_debug=FPZ fsck.mode=skip rcupdate.rcu_normal_after_boot=0 rcupdate.rcu_expedited=1

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-21 20:54:55 +00:00
Joseph Marrero Corchado
8f98143d64
Merge pull request #3186 from rborn-tx/amend-ms-shared-comment
ostree-prepare-root: Amend comment about shared mounts
2024-02-21 07:53:32 -05:00
Eric Curtin
1a3d1792f3
Merge pull request #3189 from alexlarsson/composefs-config-with-no-key
deploy: Don't fail if loading composefs configuration fails due to mi…
2024-02-21 12:34:09 +00:00
Alexander Larsson
b7688609b5 deploy: Don't fail if loading composefs configuration fails due to missing keys
When we load the configuration during deploy we don't need to actually
use the keys, so avoid loading them. This fixes an issue we had where
this broke the initial deploy becasue of a failure to load the key. In
our case it fails because the code looks for the config file in the
deploy dir, but then for the binding key in the real root.

However, even if it were to look for the key in the deploy dir I don't
think it necessarily has to be in the rootfs, it could be only in the
initrd.

This fixes https://github.com/ostreedev/ostree/issues/3188
2024-02-21 10:21:00 +01:00
Jonathan Lebon
255d40d79b
Merge pull request #3184 from smcv/issue3183 2024-02-20 22:29:56 -05:00
Rogerio Guerra Borin
5d0f1ad90d
ostree-prepare-root: Amend comment about shared mounts
Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
2024-02-20 15:07:51 -03:00
Timothée Ravier
d005bf27cb README & docs: Sync README and docs index page 2024-02-20 17:08:24 +01:00
Timothée Ravier
038bb57a8d docs: Misc whitespace fixes 2024-02-20 17:04:44 +01:00
Timothée Ravier
1ce6216625 docs: Consistently use SPDX identifiers
Standardize on a single SPDX identifier in a comment at the top.
2024-02-20 17:04:02 +01:00
Simon McVittie
035b2c1647 test-admin-deploy-var: Don't rely on OSTREE_FEATURES
This is set during build-time testing, but unset during "as-installed"
tests.

Resolves: https://github.com/ostreedev/ostree/issues/3183
Signed-off-by: Simon McVittie <smcv@debian.org>
2024-02-19 21:01:15 +00:00
Simon McVittie
37466ec35b tests: Use skip_without_ostree_feature to detect libarchive, composefs
This avoids false negatives from `ostree --version | grep -q ...`
exiting with failure under `set -o pipefail` because `grep -q` can exit
as soon as it sees the desired string, leaving `ostree --version` to be
terminated by `SIGPIPE` next time it writes to stdout.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-02-19 21:01:07 +00:00
Simon McVittie
a84e56d603 tests: Generalize has_gpgme, has_sign_ed25519 into has_ostree_feature
Signed-off-by: Simon McVittie <smcv@collabora.com>
2024-02-19 21:01:05 +00:00
Eric Curtin
695a52ae21
Merge pull request #3176 from travier/docs-dependabot-update
workflow/docs: Update to actions/checkout@v4 & dependabot: Update github-actions weekly
2024-02-19 14:37:37 +00:00
Colin Walters
fa59b3ef87
Merge pull request #3181 from ericcurtin/mention-rhivos
README: Add Red Hat In-Vehicle Operating System
2024-02-19 09:36:58 -05:00
Eric Curtin
83f18c4b27 README: Add Red Hat In-Vehicle Operating System
RHIVOS is a derivative of CentOS Automotive Stream Distribution that
uses OSTree, it's closest Fedora derivative is Fedora IoT although it
was created as it's own distribution.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-17 17:16:33 +00:00
Colin Walters
549f9d6a59
Merge pull request #3180 from teythoon/justus/long-key-ids
tests: Use long key IDs, I found another one
2024-02-16 12:10:09 -05:00
Colin Walters
bd7663fa9d
Merge pull request #3179 from ericcurtin/additional-docs-dependancy
docs: Add webrick dependancy for building site locally
2024-02-16 11:12:03 -05:00
Justus Winter
9b5a373adb
tests: Use long key IDs
Short key IDs are not secure, and may be rejected by OpenPGP
implementations.  See https://evil32.com/

Signed-off-by: Justus Winter <justus@sequoia-pgp.org>
2024-02-16 16:24:18 +01:00
Colin Walters
c7260105db
Merge pull request #3178 from teythoon/justus/long-key-ids
tests: Use long key IDs
2024-02-16 09:06:27 -05:00
Eric Curtin
1aec4deb86 docs: Add webrick dependancy for building site locally
This mimics the GitHub Pages environment so that you can build and serve
the site locally for testing. It requires webrick these days.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-02-16 13:00:41 +00:00
Justus Winter
ad8c9f9817
tests: Use long key IDs
Short key IDs are not secure, and may be rejected by OpenPGP
implementations.  See https://evil32.com/

Signed-off-by: Justus Winter <justus@sequoia-pgp.org>
2024-02-16 13:34:34 +01:00
Timothée Ravier
b7f6ed7102 dependabot: Update github-actions weekly 2024-02-15 16:20:33 +01:00
Timothée Ravier
99c9c387b8 workflow/docs: Update to actions/checkout@v4 2024-02-15 16:18:32 +01:00
Colin Walters
f46cc0cd85
Merge pull request #3175 from cgwalters/rofiles-fuse-statx
rofiles-fuse: Check fsverity flag for copyup
2024-02-15 09:34:27 -05:00
Colin Walters
d0afefcace rofiles-fuse: Remove unused parameter
The logic simplified, so we don't need it anymore.
2024-02-15 08:07:40 -05:00
Colin Walters
ed4bd88a3e rofiles-fuse: Check fsverity flag for copyup
We need to do a copyup if fsverity is enabled.
Sadly to do this we can't just use ostree_break_hardlink
as is.
2024-02-15 08:03:16 -05:00
Colin Walters
4d95848b8c rofiles-fuse: Port to statx
This allows us to query fsverity efficiently.
2024-02-14 20:32:55 -05:00