Commit Graph

3489 Commits

Author SHA1 Message Date
Colin Walters
2a9689b76a Update libglnx, port various bits to new API
Using the error prefixing in the delta processing allows us to
do new code style.  Also strip trailing whitespace.

Use error prefixing in a few other random places.  I didn't
hunt for all of them, just testing out the new API.

Use `glnx_fchmod()`.  Also note I dropped one `fchmod (tmpf, 0600)`
which is no longer necessary.

Update submodule: libglnx

Closes: #1011
Approved by: jlebon
2017-07-18 19:18:38 +00:00
Colin Walters
efd460782a lib/pull: Drop direct use of ->repodir
Prep for `ostree_repo_new_at()`.  Down the line perhaps
we should extend libcurl to accept a file descriptor for cookies,
but this works OK for now.

Closes: #1010
Approved by: jlebon
2017-07-18 19:07:56 +00:00
Colin Walters
9430b8ad75 bin/cookies: Drop libsoup code, fix fd-relative issues, new style
Prep for `ostree_repo_new_at()`. These commands were directly accessing
`repo->repodir`, which it turns out was unnecessary since the the APIs they then
used were fd-relative. Except actually there were bugs there, so fix all of the
cookie util code to actually use the passed `dfd` and not just hardcode
`AT_FDCWD`.

Also, libsoup can't handle this (its APIs require fully qualifed paths), and
there's not a really good reason to have two implementations now; historically
it was useful to cross-check them, but I don't think we need that.

While I'm here, port to new style.

Closes: #1010
Approved by: jlebon
2017-07-18 19:07:56 +00:00
Colin Walters
e0346c1494 Add a notion of "physical" sysroot, use for remote writing
(Note this PR was reverted in <https://github.com/ostreedev/ostree/pull/902>;
 this version should be better)

Using `${sysroot}` to mean the physical storage root: We don't want to write to
`${sysroot}/etc/ostree/remotes.d`, since nothing will read it, and really
`${sysroot}` should just have `/ostree` (ideally). Today the Anaconda rpmostree
code ends up writing there. Fix this by adding a notion of "physical" sysroot.
We determine whether the path is physical by checking for `/sysroot`, which
exists in deployment roots (and there shouldn't be a `${sysroot}/sysroot`).

In order to unit test this, I added a `--sysroot` argument to `remote add`.
However, doing this better would require reworking the command line parsing for
the `remote` argument to support specifying `--repo` or `--sysroot`, and I
didn't quite want to do that yet in this patch.

This second iteration of this patch fixes the bug we hit the first time;
embarassingly enough I broke `ostree remote list` finding system remotes.
The fix is to have `ostree_repo_open()` figure out whether it's the same
as `/ostree/repo` for now.

Down the line...we might consider having the `ostree remote` command line itself
instatiate an `OstreeSysroot` by default, but this maximizes compatibility; we
just have to pay a small cost that `ostree` usage outside of that case like
`ostree static-delta` in a releng Jenkins job or whatever will do this `stat()`
too.

Closes: https://github.com/ostreedev/ostree/issues/892

Closes: #1008
Approved by: mbarnes
2017-07-18 18:58:06 +00:00
Colin Walters
8b1f1c4428 lib/pull: Do local content imports async too
This came up in <https://github.com/ostreedev/ostree/pull/982>; when
we added more direct local importing, we did it synchronously.

This was actually quite a regression when doing local pulls between different
modes; in particular between a bare mode and `archive`, as we were suddenly
doing gzip {de,}compression in the main thread.

Down the line actually...a simpler fix is probably to change things so that the
local path is really only used when we know we can hardlink; everything else
would go though the fetcher codepath but with `file://`.

But this isn't a lot more code, and the speed/interactivity win is large.

Note we're only doing content async with this patch. We could do metadata as
well; we have the object already local. But the metadata code path is messier,
and metadata objects are smaller.

Another area where this comes up is that in e.g. Fedora releng, most operations
talk to a NetApp via NFS. So this has the classic network filesystem problem
that operations that are normally cheap like `stat()` can actually have
nontrivial latency. Doing as much as possible in threads is better there too.

Closes: #1006
Approved by: jlebon
2017-07-18 17:03:13 +00:00
Colin Walters
96e49a67f9 ci/papr: Update to F26
In particular F25AH will stop getting updates.

Closes: #1012
Approved by: jlebon
2017-07-18 14:01:54 +00:00
Emmanuele Bassi
47a54bf876 Move the include directive to the enum template
There is no actual written guarantee in glib-mkenums that the template
line specified using --fhead will be added after the templates specified
inside the template file. Since the template file is only used once, we
can simply move the `#include` directive inside the template, so that it
is guaranteed to be in the right place.

Closes: #1007
Approved by: cgwalters
2017-07-17 15:14:44 +00:00
Colin Walters
620a90ebfa lib/pull: Avoid journaling 404s for optional content
Currently in Fedora we don't sign summaries, and every use of
`rpm-ostree` would emit to the journal an error when we failed
to fetch it.

Fix this by having `OSTREE_FETCHER_REQUEST_OPTIONAL_CONTENT` tell the fetcher
not to journal 404 errors. While fixing this, we had a mix of two booleans vs
the flags; fix things so we consistently use the flags in the fetcher and pull
code.

Closes: #1004
Approved by: mbarnes
2017-07-13 21:41:00 +00:00
Philip Withnall
82024f161b build: Ensure all experimental tests are distributed in tarballs
As with the previous commit, ensure that tests which are run when
configured with --enable-experimental-api, are always distributed; even
when running `make dist` from a source tree configured with
--disable-experimental-api.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #1002
Approved by: cgwalters
2017-07-12 14:23:44 +00:00
Philip Withnall
f6ba20d9d6 build: Ensure all .sym files are distributed in tarballs
Since we’re using a custom variable for listing the .sym files,
automake’s magic support for automatically distributing all files in
conditionals doesn’t work, and the devel and experimental .sym files
were only being distributed if `make dist` was run on a source tree
which had been configured with --enable-experimental-api or not a
release flag.

Fix that by explicitly listing all the .sym files in EXTRA_DIST.

Specifically, this fixes the case of trying to compile with
--enable-experimental-api from a release tarball which was disted with
--disable-experimental-api.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #1001
Approved by: cgwalters
2017-07-12 13:04:32 +00:00
Philip Withnall
acb14648d7 lib/repo: Add OSTREE_REPO_METADATA_REF as a well-known metadata store
As discussed in https://github.com/ostreedev/ostree/pull/946, the
summary file is becoming an unsigned cache of ref information; any
additional metadata for the repository needs to move elsewhere in order
to remain signed. Introduce OSTREE_REPO_METADATA_REF as the well-known
name of a ref where such metadata can live, as the metadata on
contentless commits.

Don’t yet update the documentation for summary-related methods to
mention this, since it’s still hidden behind the
--enable-experimental-api configure option.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #946
Approved by: cgwalters
2017-07-11 19:50:32 +00:00
Philip Withnall
7d57459e83 lib/repo-commit: Fix types of content size cache entries
Use goffset rather than gsize for file sizes. More importantly, get the
unpacked_size from g_file_info_get_size() (goffset) rather than from the
splice return value, which has type gssize.

This will make a difference on 32-bit systems, where goffset is defined
as off64_t, but gsize is 32 bits.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #999
Approved by: cgwalters
2017-07-11 14:55:55 +00:00
Colin Walters
0aa20df20e tests: Run pull tests for bare/bare-user
We have variants of `test-basic` for all 4 modes, but not for pull-test, which
for some reason was named `pull-archive`, but mostly pulls *into* bare repos.
The test code was structured like the basic one where it called into a
`pull-test.sh`, so let's actually use it for 2/3 bare modes. (I tried to extend
it to `bare-user-only` but it failed, going to look at that after this).

This is related to https://github.com/ostreedev/ostree/issues/991

Closes: #998
Approved by: jlebon
2017-07-10 14:18:18 +00:00
Colin Walters
9d941dcebb checkout: Don't set dir mtime to 0 when doing a force copy checkout
When we [switched to using checkout + force_copy](e8efd1c8dc),
a side effect that went unnoticed at the time is that we started
setting directory mtimes to zero.

See the below bug where we long ago set the file times to zero, which got fixed,
so let's not regress things by setting the directory times to zero either. (Even
though AFAICS GNU tar doesn't complain about those)

This semantic is somewhat "overloaded" onto `force_copy`, but it avoids adding
yet another boolean; we don't have that many reserved boolean slots left. I
can't really think of many good use cases for `force_copy` *other* than the
`/etc` merge anyways.

https://bugzilla.redhat.com/show_bug.cgi?id=1229160

Closes: https://github.com/ostreedev/ostree/issues/995

Closes: #997
Approved by: jlebon
2017-07-07 15:01:51 +00:00
Colin Walters
d2a05e5a09 deploy: Port some functions to new style
There are a number of simple ports here.  Prep for further work
in `/etc` merge.

I also stripped trailing whitespace globally.

Closes: #996
Approved by: jlebon
2017-07-07 14:39:47 +00:00
Krzesimir Nowak
7fa534ac17 tests: New tests for creating commits with bindings and pulling them
Closes: #972
Approved by: cgwalters
2017-07-06 19:08:14 +00:00
Krzesimir Nowak
cc9a0386c4 lib/pull: Collection and ref bindings verification
This verifies the collection and ref bindings in the commit metadata
against the collection ID we have stored in the remote config and ref
we want to pull from. For the HEAD commits, we also check if the
checksum of the commit we just fetched agrees with the checksum we
really wanted to pull from the ref.

For commits with explicitly specified checksums and without specified
refs, we only verify if the commit has the bindings. We are able to
only verify the collection binding, though.

Closes: #972
Approved by: cgwalters
2017-07-06 19:08:14 +00:00
Krzesimir Nowak
d91f6a0f61 lib/pull: Pass the ref together with the request
We will want to use the requested ref later for the binding
verification.

Closes: #972
Approved by: cgwalters
2017-07-06 19:08:14 +00:00
Krzesimir Nowak
cf16805a2f ostree: Add collection and ref bindings to metadata on commit
The collection and ref bindings are stored in the commit metadata
under ostree.collection-binding and ostree.ref-binding,
respectively. They will be used to verify if the commit really comes
from the collection and ref we wanted to pull from.

Closes: #972
Approved by: cgwalters
2017-07-06 19:08:14 +00:00
Colin Walters
28ec43c41a build-sys: Post-release version bump
Closes: #994
Approved by: jlebon
2017-07-06 14:45:02 +00:00
Colin Walters
5a5e465492 Release 2017.8
Closes: #994
Approved by: jlebon
2017-07-06 14:45:02 +00:00
Colin Walters
23b93a3eb6 lib/repo: Immediately error creating bare-user repo on tmpfs
And in general, if for some reason we can't write `user.` xattrs, provide an
error immediately rather than doing it during a later pull. This way the failure
cause is a lot more obvious.

Related: https://github.com/ostreedev/ostree/issues/991

Closes: #993
Approved by: jlebon
2017-07-06 14:31:37 +00:00
Colin Walters
3234295324 pull: Cleanly error when doing local pulls of remote-prefixed refs
In the storage PR I was trying to do a `pull-local` of the whole
`/ostree/repo` on the system, which ended up triggering a `g_critical()`
in the collections code, since we tried to parse a remote-prefixed ref
`fedora:fedora/26/x86_64/atomic-host` as a ref.

I'm not sure offhand what our behavior in this case *should* be.  I
think git only clones local refs, but I need to check.

This corner case arises only with `pull-local`.  But in any case,
while we were previously saying this is programmer error, since it's
so easy to pass various unchecked input into the pull machinery,
make invalid refs an explicit error.

Closes: #992
Approved by: jlebon
2017-07-05 13:37:22 +00:00
Colin Walters
1f5ce1a9f7 lib/repo: Add min-free-space-percent option, default 3%
For ostree-as-host, we're the superuser, so we'll blow past
any reserved free space by default.  While deltas have size
metadata, if one happens to do a loose fetch, we can fill
up the disk.

Another case is flatpak: the system helper has similar concerns
here as ostree-as-host, and for `flatpak --user`, we also
want to be nice and avoid filling up the user's quota.

Closes: https://github.com/ostreedev/ostree/issues/962

Closes: #987
Approved by: jlebon
2017-07-04 16:15:11 +00:00
Colin Walters
8d4d638e99 lib/commit: Use provided length when doing writes
This is prep for storage space checks, where we look at free
space after parsing the metadata, before we write anything.

We did length-limited writes in the fd-based input path, but not for the
`GInputStream` path which in practice is used for HTTP pulls.

Closes: #987
Approved by: jlebon
2017-07-04 16:15:11 +00:00
Colin Walters
3348baf6eb lib/commit: Ensure bare-user objects are always user-readable
Some of the Jenkins jobs for Fedora Atomic Host broke after updating
to 2017.7, and it turns out that we regressed handling unreadable
files in `bare-user` mode.  An example of this is `/etc/shadow`, which
ends up in the ostree-as-host content as `/usr/etc/shadow`.

Now there are better fixes here; we should probably delete it and create it
during the config merge if it doesn't exist.  In general, having secret files in
ostree really isn't supported, so it doesn't make sense to include them.

But let's fix this regression - when operating as an unprivileged user we don't
have `CAP_DAC_OVERRIDE` and hence will fail to open un-user-readable objects.

(We still preserve the actual `0` mode of course in the xattr and will
 apply it in `bare`)

Closes: #989
Approved by: jlebon
2017-06-30 21:23:48 +00:00
Colin Walters
cd7d35945a bin/commit: Add '=' to --statoverride
Previously, we only supported additions in the statoverride file;
it was mainly for adding the setuid bit without having that physically
on disk.

However, for testing a change to `bare-user` handling around *unreadable*
files (which happens for `/etc/shadow` in host content), I need a way
to write that into a repo in the test suite.

I'm not actually aware of a non-test-suite use case for this; a more
sophisticated user is going to be using the API directly, which can already do
this. But we need it for tests at least.

Closes: #989
Approved by: jlebon
2017-06-30 21:23:48 +00:00
Colin Walters
e3a540a606 bin/commit: Port helper functions to new style
Prep for more work here.  Can't yet port the main function
without a cleanup for transactions.

Closes: #988
Approved by: jlebon
2017-06-30 20:28:48 +00:00
Colin Walters
192e7b888f lib/commit: Fix a tmpfile fd leak in static delta processing
I had thought `glnx_link_tmpfile_at()` actually consumed the tmpfile;
it does consume the *path* but not the fd.  In the non-delta path
things were fine since we used the autocleanup.

But the delta code had a tmpfile allocated in its struct that got reused, and
hence leaked the fd. Fix this by making the commit API actually consume the
tmpfile fully, just like the path path.

Closes: #986
Approved by: jlebon
2017-06-30 19:48:05 +00:00
Colin Walters
4273e670ea Add "pull --localcache-repo"
This is a lot like `git clone --reference`, but we chose "localcache" as the
term "reference" is already used.

The main use case I'm targeting this for is the Fedora Atomic Host installer
case where we embed the repo content in the installer, but we may want to
kickstart and download newer content. There, while we want to get a newer ref,
we can still use the local repo as an object cache, since we have it sitting
there in memory anyways.

Another case is where one has a host ostree (say e.g. Fedora Atomic
Workstation), and one wants to create a local archive mirror of FAH. Then one
can use `pull --reference /ostree/repo` and pull the common objects (e.g.
contents of `bash.rpm` etc.)

Closes: https://github.com/ostreedev/ostree/issues/975

Closes: #982
Approved by: jlebon
2017-06-30 19:37:23 +00:00
Colin Walters
1782a1c279 lib/pull: Move check for requested content earlier
This is prep for a later patch; currently the logic is unchanged, but we'll need
this if we make local imports async.

Closes: #982
Approved by: jlebon
2017-06-30 19:37:23 +00:00
Jonathan Lebon
d5dd576d20 pull: fix GLNX_HASH_TABLE_FOREACH_KV regressions
These are regression from #971. We were stuffing a pointer size inside a
variable of integer size. So the assignment was spilling over into other
variables' storage space. Actually use a gpointer and GPOINTER_TO_[U]INT
as was done originally.

Also bump libglnx which has static checks for this error in the future.

Update submodule: libglnx

Closes: #990
Approved by: cgwalters
2017-06-30 16:26:53 +00:00
Philip Withnall
acace571ef lib/repo: Fix repo-finder deleting remote configs when run
An inverted condition in _ostree_repo_add_remote() was causing the
OstreeRepoFinder to delete precisely the wrong remote
configurations from memory once it was finished. It’s supposed to delete
the ones which it transiently added; but was instead deleting all the
existing remote configurations.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #985
Approved by: cgwalters
2017-06-29 23:49:25 +00:00
Colin Walters
aa26db825f lib/commit: Port a few minor functions to new style
Not sure why these weren't converted before.

Closes: #984
Approved by: jlebon
2017-06-29 22:07:23 +00:00
Colin Walters
d57410a7e6 lib: Add a helper to convert struct stat → GFileInfo
It's more natural for a few calling places. Prep for patches to go the other
way, which in turn are prep for adding a commit filter v2 that takes `struct
stat`.

`ot_gfile_type_for_mode()` was only used in this function, so inline it here.

Closes: #974
Approved by: jlebon
2017-06-29 18:17:28 +00:00
Colin Walters
1a9a473580 cmdline/pull: Print final status even if noninteractive
Previously, `ostree pull` was silent if not on a tty.  I don't
see a reason not to print the final status line at least.  This
is prep for more work in the test suite, so I can write assertions
on the output.

But it should also be nicer for people who e.g. do an `ostree pull` in a Jenkins
job or whatever.

Closes: #981
Approved by: jlebon
2017-06-29 16:16:25 +00:00
Colin Walters
90e0d56332 tree-wide: Replace various uses of archive-z2archive
The `-z2` is annoying now since it's really a legacy; we've long
since supported typing `archive`.  Convert the docs fully and
explain that.

Also do some (but not all) of the tests just to encourage newer tests to use
`archive` too.

Closes: #980
Approved by: jlebon
2017-06-29 16:00:13 +00:00
Colin Walters
8d586a9da0 lib/pull: Don't fetch detached metadata twice for local pulls
Obviously very minor, but I noticed this while working on `pull --reference`. If
we have a local repo, we'll have already done a hardlink and copied the detached
metadata too, so there's no reason to request it again via the fetcher path.

Closes: #978
Approved by: jlebon
2017-06-29 15:48:59 +00:00
Colin Walters
2013db0527 tests: Fix assert_files_hardlinked
It was always succeeding because we were trying to stat the inode number, and
failing, and thus getting the empty string for both, which compared as true.

Regression from:
<https://github.com/ostreedev/ostree/commit/74e3581e>

Noticed this while working on
<https://github.com/ostreedev/ostree/pull/974>
and looking at the test results.

Closes: #976
Approved by: jlebon
2017-06-29 15:34:57 +00:00
Colin Walters
ea15025c19 lib/pull: Some small style porting
I'd mostly been avoiding this file since there's always patches outstanding, but
these few functions shouldn't conflict much.

Closes: #979
Approved by: jlebon
2017-06-29 15:21:06 +00:00
Colin Walters
250e305f73 lib/repo: Port bareuser-conversion stat to bare load
I noticed this is a simple call that's useful to port to the new internal-only
non-allocating API.

Closes: #977
Approved by: jlebon
2017-06-29 15:07:49 +00:00
Colin Walters
064d7bffef lib/deltas: More porting to new code style
Just noticed some of this while working on the previous tmpfile bits.

Closes: #973
Approved by: jlebon
2017-06-29 14:46:18 +00:00
Colin Walters
ab9fef5279 lib/commit: Refactor non-failable size indexing function
It can't throw, so remove the `GError` machinery.

Closes: #973
Approved by: jlebon
2017-06-29 14:46:18 +00:00
Colin Walters
6f2ea23e8a libutil: Add a helper for O_TMPFILE + mmap()
I added `glnx_open_anonymous_tmpfile()`, but then later noticed
that the usage of this was really to be combined with `mmap()`,
and we had two versions of that in the delta code.  Add a helper.

(Bigger picture...how is this different from glibc's "mmap() of /dev/zero"
 approach for large chunks? One advantage is the storage can be "swapped" to
 `/var/tmp`, but still deleted automatically, rather than requiring swap space)

Closes: #973
Approved by: jlebon
2017-06-29 14:46:18 +00:00
Jonathan Lebon
9d10bdfd0d ci: unconditionally turn on -Werror
Closes: #971
Approved by: cgwalters
2017-06-28 16:37:15 +00:00
Jonathan Lebon
373dc4b66c codebase: start using GLNX_HASH_TABLE_FOREACH macros
Use the new macros introduced recently in libglnx to make iterating over
hash tables cleaner. This is just a start, it does not migrate the whole
tree.

Update submodule: libglnx

Closes: #971
Approved by: cgwalters
2017-06-28 16:37:15 +00:00
Colin Walters
ba918e49c5 tree-wide: Misc porting to newer libglnx APIs
- Use the new tmpfile bits
 - `glnx_try_fallocate`
 - `glnx_renameat()`

Depends: https://github.com/GNOME/libglnx/pull/57

Update submodule: libglnx

Closes: #970
Approved by: jlebon
2017-06-28 15:27:56 +00:00
Colin Walters
5776d5dcc0 Port to GLnxTmpfile
There's lots of mechanically replacing `OtTmpFile` with `GLnxTmpfile`;
the biggest changes are in the commit path.  Symlink commits are now
very clearly separated from regular files.  Symlinks are `OtCleanupUnlinkat`,
and regular files are `GLnxTmpfile`.

The commit codepath separates those as `_ostree_repo_commit_path_final()` and
`_ostree_repo_commit_tmpf_final()`. A nice aspect of all of this is that they
both *consume* the temporary on success. This avoids an extra spurious
`unlink()` call.

One of the biggest bits of code motion is in `commit_loose_regfile_object()`,
which no longer needs to care about symlinks. For the most parth though it's
just removing conditionals.

Update submodule: libglnx

Closes: #958
Approved by: jlebon
2017-06-27 22:02:14 +00:00
Jonathan Lebon
79f285d188 test-switchroot.sh: skip if no busybox
Closes: #968
Approved by: cgwalters
2017-06-27 21:45:34 +00:00
Jonathan Lebon
48e49df7f7 papr: build and test on c7
Start testing on CentOS 7 as well to cover kernel differences (e.g.
O_TMPFILE support).

Closes: #968
Approved by: cgwalters
2017-06-27 21:45:34 +00:00