6836 Commits

Author SHA1 Message Date
Eric Curtin
ac8638f3e4
Merge pull request #3131 from cgwalters/status-use-remote
status: Pass correct remote name when verifying
2024-01-05 14:28:47 +00:00
Colin Walters
4d06e98e69
Merge pull request #3130 from jlebon/pr/autoprune-aarch64-dtb
lib/deploy: Round to block size in early prune space check
2024-01-04 15:57:08 -05:00
Colin Walters
e95109b3ed status: Add an option to skip signature verification
Since it's really expensive in some cases.
2024-01-04 14:02:08 -05:00
Colin Walters
24bf5b7d11 status: Pass correct remote name when verifying
The default `ostree admin status` tries to do signature
verification, but doesn't error out if that fails.

However, an extremely longstanding bug here is that we passed
the "osname" aka stateroot instead of the remote name.  This
happens to work for e.g. Fedora Silverblue today, where they
are the same.  It doesn't work on FCOS (remote = fedora, stateroot = fedora-coreos).
2024-01-04 13:55:14 -05:00
Jonathan Lebon
cc5747a605 lib/deploy: Add safety margin in early prune space check
There are a few things the estimator doesn't account for, e.g. writing
the new BLS entries. Rather than trying to perfect it (since I think we
should change approach entirely -- see previous commit message), just
add a 1M margin to the space check.
2024-01-04 13:07:08 -05:00
Jonathan Lebon
4982306e67 lib/deploy: Round to block size in early prune space check
When we estimate how much space a new bootcsum dir will use, we
weren't accounting for the space overhead from files not using the
last filesystem block completely. This doesn't matter much if counting
a few files, but e.g. on FCOS aarch64, we include lots of small
devicetree blobs in the bootfs. That loss can add up to enough for the
`fallocate()` check to pass but copying still hitting `ENOSPC` later on.

I think a better fix here is to change approach entirely and instead
refactor `install_deployment_kernel()` so that we can call just the
copying bits of it as part of the early prune logic. We'll get a more
accurate assessment and it's not lost work since we won't need to
recopy later on. Also this would not require having to keep in sync the
estimator and the install bits.

That said, this is blocking FCOS releases, so I went with a more tactical
fix for now.

Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/1637
2024-01-04 12:57:43 -05:00
Colin Walters
9faf55699a
Merge pull request #3129 from cgwalters/fix-unlock-composefs-compat
prepare-root: Fix composefs + ostree admin unlock --hotfix compat
2024-01-04 10:40:09 -05:00
Eric Curtin
6a339ac6eb
Merge pull request #3128 from cgwalters/hotfix-composefs
switchroot: use shared constant for unlock --hotfix
2024-01-04 12:05:02 +00:00
Colin Walters
dd33cc65e0 switchroot: use shared constant for unlock --hotfix
So it's easier to link the two bits of code.
2024-01-03 14:33:55 -05:00
Colin Walters
a1c1c0b500 prepare-root: Fix composefs + ostree admin unlock --hotfix compat
There's a test case for `ostree admin unlock --hotfix` that
runs in FCOS, not here; it breaks when enabling composefs.

The reason is because the composefs is mounted readonly, and
we tried to remount it writable.  Instead of trying to remount
the rootfs writable at this point forcibly, honor the
*real* sysroot readonly state flag from the underlying FS before
we mounted the composefs.

Note that in FCOS derivatives we always have the root mounted
writable via `rw` on the kernel cmdline and this is the default
general expectation now with ostree usage.
2024-01-03 14:01:38 -05:00
Colin Walters
40b143f494
Merge pull request #3127 from cgwalters/composefs-doc-toplevel-chattr
docs/composefs: Add note about toplevel dirs
2024-01-02 15:53:01 -05:00
Joseph Marrero Corchado
ba12a168be
Merge pull request #3119 from cgwalters/zipl-fix-nul-term
zipl: A few fixes
2024-01-02 15:49:24 -05:00
Colin Walters
712eecad4f docs/composefs: Add note about toplevel dirs
Just thinking about trying to land this, I think some people
may hit this one.
2024-01-02 15:18:37 -05:00
Colin Walters
888f29a62a
Merge pull request #3125 from ericcurtin/explicit-sysroot-rw-ro-log
switchroot: Be explicit about what could cause /sysroot to be ro
2023-12-30 16:55:09 +01:00
Eric Curtin
e5498b9445 switchroot: Be explicit about what could cause /sysroot to be ro
If you don't have rw in the kernel cmdline or have ro in it, often you
hit this issue. This is just to be really explicit about that in the
error messages so people can check.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2023-12-21 17:28:23 +00:00
Eric Curtin
02915a3f95
Merge pull request #3124 from cgwalters/rust-features
rust: Add missing feature versions
2023-12-20 12:48:53 +00:00
Colin Walters
798893b314
Merge pull request #3123 from cgwalters/deploy-log-space
deploy: Log calculated needed space
2023-12-20 07:22:21 -05:00
Colin Walters
6722c55fc8 deploy: Log calculated needed space
To aid debugging issues like https://github.com/coreos/fedora-coreos-tracker/issues/1637

If we're hitting this path where we think we have enough space,
let's log what we calculated here to aid in diagnosing why we
may later fail with ENOSPC.
2023-12-19 21:04:22 -05:00
Colin Walters
8b6e96cf52 rust: Add missing feature versions
- We missed 2022_2, which specifically includes
  https://docs.rs/ostree/latest/ostree/static.PATH_BOOTED.html
  and I was really confused why that was missing
- Add more recent upstream versions too
2023-12-19 21:02:59 -05:00
Colin Walters
41c56b37f8
Merge pull request #3121 from fwilhe/patch-1
Link to gardenlinux/ostree-image-builder in README
2023-12-18 09:22:13 -05:00
Florian Wilhelm
1c4420ed90
Link to gardenlinux/ostree-image-builder in README
This repo is the outcome of a PoC on how an existing
debian-based distro could be adapted to be used with OSTree.
2023-12-18 14:12:45 +01:00
Eric Curtin
5c7f42b8d2
Merge pull request #3116 from jmarrero/bootloader-doc
doc: Add section about ostree and bootloaders
2023-12-14 22:05:10 +00:00
Colin Walters
ade0bd2693 zipl: Convert to a data input stream
This high level reader API avoids all the bugs that were
found in previous patches.
2023-12-14 08:09:20 -05:00
Colin Walters
241597a8a5 zipl: NUL terminate buffer we're searching
Found by a static analyzer.
2023-12-14 08:03:01 -05:00
Colin Walters
e9a2a2cf25 zipl: Fix error handling for read
The return value is not errno.
2023-12-14 08:00:38 -05:00
Colin Walters
876ddd32b8 zipl: Use O_CLOEXEC
On general principle.
2023-12-14 07:57:43 -05:00
Joseph Marrero
5466e98cd2 doc: Add section about ostree and bootloaders 2023-12-14 07:34:41 -05:00
Joseph Marrero Corchado
234fa2cefa
Merge pull request #3117 from cgwalters/doc-root-transient
Doc root transient
2023-12-11 14:23:33 -05:00
Colin Walters
8f4beb4a7f docs: Add var.md
This one overlaps a bit with some other sections...the docs
need a bigger rework, but this is better than we had before.
2023-12-08 14:01:13 -05:00
Colin Walters
a0f7b3c789 man: Document root.transient
This one warrants some explanation.
2023-12-08 14:01:02 -05:00
Eric Curtin
071053d915
Merge pull request #3114 from cgwalters/root-ovl
prepare-root: Add support for root.transient
2023-12-08 14:02:56 +00:00
Colin Walters
8fbaebac58 prepare-root: Add support for root.transient
Closes: https://github.com/ostreedev/ostree/issues/3113

It'd greatly improve compatibility with things like RPMs that install
in `/opt` if we supported a full "original docker" style model where
`/` is a transient overlayfs.  We'd still keep our semantics for `/etc`
and `/var` by default, but e.g. we'd stop recommending
`/opt` ➡️ `/var/opt`, in this model,
so `/opt` would be on the overlayfs.

Note this all aligns with composefs, where we'd actually be making
`/` a *read-only* overlayfs by default; it'd be really nice of course
to *implement* this by just making the composefs overlayfs writable,
but I am not sure we can hard require composefs for this right now.

So this change adds support for `root.transient = true`
in `/usr/lib/ostree/prepare-root.conf`.

The major downside is that people could be surprised if files they
write to e.g. `/opt` don't persist across upgrades.  But, that's
already again how it works since Docker started.

Note as part of the implementation of this, we need to add a whole
new "backing" directory distinct from the deployment directories.

(Tangentially related to this, it's tempting to switch to always
 using a *read-only* overlay mount by default.
2023-12-07 13:31:42 -05:00
Colin Walters
59cdd6119f prepare-root: Add an autofree
This doesn't matter at all, but I just noticed this while working
on the code.
2023-12-07 13:31:42 -05:00
Colin Walters
6cb15c35c8 sysroot: Drop unused prototype
This function doesn't exist anymore.
2023-12-07 13:31:42 -05:00
Colin Walters
508b6ea6b6
Merge pull request #3112 from leonheldattoradex/main
Update Torizon information
2023-12-07 09:48:22 -05:00
Leonardo Held
3ff00e43f5
Update Torizon information
TorizonCore became Torizon OS and Torizon OTA is now Torizon Cloud.

Signed-off-by: Leonardo Held <leonardo.held@toradex.com>
2023-12-07 10:08:16 -03:00
Joseph Marrero Corchado
51a34a4030
Merge pull request #3111 from cgwalters/release
Release 2023.8
2023-12-05 21:52:21 -05:00
Colin Walters
56b268dd66 configure: post-release version bump 2023-12-05 14:03:56 -05:00
Colin Walters
5b23804a1a Release 2023.8 v2023.8 2023-12-05 13:37:04 -05:00
Colin Walters
6e3033188c
Merge pull request #3106 from cgwalters/commit-reflink
commit: Try reflinks for local commits by default
2023-12-05 13:36:00 -05:00
Colin Walters
c3dff62e1c commit: Try reflinks for local commits by default
I think we originally used to do this, but at some point in a
code refactoring, this optimization got lost.

It's a quite important optimization for the case of writing content
generated by an external system into an ostree repository.
2023-12-04 20:45:08 -05:00
Joseph Marrero Corchado
59b9f9a8ef
Merge pull request #3105 from cgwalters/sysroot-borrow-fd
sysroot: Add a method to borrow sysroot fd
2023-12-04 18:22:50 -05:00
Colin Walters
09e32d615f
Merge pull request #3107 from cgwalters/drop-userxattr-test
tests: Drop bare-user on tmpfs negative test
2023-12-04 13:14:07 -05:00
Colin Walters
bab87cbd9d tests: Drop bare-user on tmpfs negative test
As of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2daf18a7884dc03d5164ab9c7dc3f2ea70638469
the restriction is lifted, FINALLY.
2023-12-03 09:32:36 -05:00
Colin Walters
15d0777bb4
Merge pull request #3104 from cgwalters/s390x-target
bootloader/zipl: Run in target deployment as container if needed
2023-12-01 16:21:34 -05:00
Colin Walters
c3aa2958c2 bootloader/zipl: Run in target deployment as container if needed
xref https://issues.redhat.com/browse/MGMT-16303

Basically the OCP Assisted installer has now grown code
to try to do OS updates offline post-install, and this means
we need to handle the case of running zipl from the target
root.
2023-12-01 15:06:10 -05:00
Colin Walters
aa635bf559 sysroot: Expose deployment runner outside of selinux
We will use it in e.g. s390x zipl backend.
2023-12-01 15:06:10 -05:00
Joseph Marrero Corchado
e794a0c038
Merge pull request #3103 from cgwalters/tmpfiles-factory-var
tmpfiles: Copy `/usr/share/factory/var` to `/var`
2023-12-01 14:46:39 -05:00
Colin Walters
d3190dbf56 sysroot: Add a method to borrow sysroot fd
For the same reason we have this method on `Repo`.
2023-12-01 14:35:41 -05:00
Colin Walters
744569723d sysroot: Support specifying bwrap arguments
Prep for use with zipl.
2023-12-01 08:15:23 -05:00