Commit Graph

3507 Commits

Author SHA1 Message Date
Colin Walters
c32f234e9a lib/checkout: Do UNION_FILES via atomic renameat()
I was looking at fixing an `rpm-ostree livefs` bug where we need to replace
`/usr/lib/passwd`. It's obviously bad if that temporarily disappears 😉. My plan
is to do a subpath checkout of just `/usr/lib/{passwd,group}`.

Make this atomic (i.e. file always exists) by changing the logic to create a
temporary link in repo/tmp, then rename() it into place.

A bonus here is we kill one of the very few (only?) non-error-cleanup i.e.
"non-linear" `goto`s in the ostree codebase.

Closes: #1171
Approved by: jlebon
2017-09-15 16:44:00 +00:00
Colin Walters
7499620254 lib/repo: Port gpg signing function to new code style
We already had all of the autocleanups ready for this.

Closes: #1164
Approved by: jlebon
2017-09-15 01:43:16 +00:00
Jonathan Lebon
73fa43abc7 build-sys: Post-release version bump
Closes: #1175
Approved by: cgwalters
2017-09-14 20:29:33 +00:00
Colin Walters
6c0738a000 Release 2017.11
Closes: #1173
Approved by: jlebon
2017-09-14 15:04:42 +00:00
Colin Walters
1c2d344074 tests: Port some bits of C to new style
Where we can; perhaps after updating libglnx we should use the
new test error macro?

Closes: #1169
Approved by: jlebon
2017-09-13 19:32:36 +00:00
Colin Walters
051cdf396c lib/checkout: Rename disjoint union, change to merge identical files
It turns out that librpm automatically merges identical files between
distinct packages, and this occurs in practice with Fedora today between
`chkconfig` and `initscripts` for exmaple.

Since we added this for rpm-ostree, we basically want to do what librpm does,
let's change the semantics to do a merge.  While we're here rename
to `UNION_IDENTICAL`.

Closes: #1156
Approved by: jlebon
2017-09-13 19:19:33 +00:00
Colin Walters
8d3752a0d6 lib/repo: Port tmpdir locking func to new style
Prep for future work.

Closes: #1168
Approved by: jlebon
2017-09-13 19:02:31 +00:00
Colin Walters
93038bcf71 build-sys: Add -Werror=switch
We use the "exhaustive enum" pattern (i.e. no `default:`) in some places so
we're forced to touch all users when adding cases.

Closes: #1167
Approved by: peterbaouoft
2017-09-13 17:06:45 +00:00
Dan Nicholson
3b315e16d8 repo: Ensure new config doesn't set remotes in separate file
If the new configuration passed to ostree_write_config () tries to
update options for a remote defined in a separate config file, return an
error. Without this, the full configuration would contain duplicate
remote specifications, which would raise an error the next time the repo
is opened.

Closes: #1159
Approved by: cgwalters
2017-09-13 16:03:25 +00:00
Jonathan Lebon
4cc813133c bin/remote: don't load repo on root command
Subcommands will demand a repo argument themselves. This allows one to
call `ostree remote` and get the "No subcommand" error rather than the
"Missing --repo" error.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:20 +00:00
Jonathan Lebon
4c02fc2daa bin/admin: Don't load sysroot for root commands
There's no need to load the sysroot for root commands which have
subcommands, like `ostree admin` and `ostree admin instutil`. Otherwise,
even just calling them without arguments will cause a failure. The
subcommands will have the appropriate flags set as needed.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:20 +00:00
Jonathan Lebon
225bbdf002 bin/static-delta: Convert to new style and tweak output
Convert the whole file to new style. Also tweak the help outputs to make
it similar enough to the other commands for tests to pass. Of course, we
should just centralize all subcommand handling the same way it was done
in rpm-ostree, though let's punt on that for now.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:20 +00:00
Jonathan Lebon
4efab3feb0 bin/admin: Don't require root for instutil
Otherwise, we can't even do `--help` on it. The subcommands all already
have the root flag set.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:20 +00:00
Jonathan Lebon
077de8ea46 tests/test-help.sh: Rework and strengthen checks
The `sed` expression wasn't actually matching the main output, so we
weren't recursing into the subcommands. Update the syntax to match the
current output and add a check so we don't miss that happening again.

Add a check that the help output is only printed once in all
circumstances. Also add a check for proper handling of non-existent
commands.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:20 +00:00
Jonathan Lebon
ec9a58f247 bin/config: Tweak parameter string
Make the parameter string more detailed.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:19 +00:00
Jonathan Lebon
48364459b8 bin/main: Print usage when no command given
Minor regression from https://github.com/ostreedev/ostree/pull/1106. We
want to print the usage text both when unknown commands are passed, as
well as when no commands are passed at all.

Closes: #1126
Approved by: cgwalters
2017-09-13 14:32:19 +00:00
Colin Walters
662ad5b171 lib/sysroot: Use direct g_mkdtemp() for overlay tmpdir
The new libglnx `glnx_mkdtempat()` uses autocleanups, which
is inconvenient for this use case where we *don't* want autocleanups.
Since we don't need it to be fd-relative, just directly invoke
`g_mkdtemp_full()` which is fine for this use case.

Prep for updating libglnx.

Closes: #1161
Approved by: jlebon
2017-09-12 20:09:12 +00:00
Colin Walters
9689fb720a ci: Fixate CentOS container image until rpm-md repos sync
Copy of https://github.com/projectatomic/rpm-ostree/pull/985

Closes: #1160
Approved by: jlebon
2017-09-12 18:03:58 +00:00
Dan Nicholson
adac42b6ef repo: Add add-remotes-config-dir option
This option allows a repo to explicitly opt out of adding new remotes in
a remotes configuration directory. This currently defaults to true for
system repos and false for non-system repos to maintain legacy behavior
that non-system repos don't add remotes in a configuration directory.
That would be problematic for flatpak, which specifies a remotes config
dir but adds remotes in ways that are incompatible with it.

So, what this really does is allow system repos to control whether they
want to add remotes in the config dir or not. That's important if your
flatpak repo is the system repo like at Endless.

Closes: #1134

Closes: #1155
Approved by: cgwalters
2017-09-11 10:53:20 +00:00
Dan Nicholson
ccbbf77c71 sysroot: Reload config after setting sysroot kind
This allows any repo configuration defaults to be set based on whether
it's a system repo or not.

Closes: #1155
Approved by: cgwalters
2017-09-11 10:53:20 +00:00
Matthew Leeds
9f78386819 lib/repo: Update outdated comment
Closes: #1157
Approved by: cgwalters
2017-09-09 10:47:07 +00:00
Alexander Larsson
08eaf66827 rofiles-fuse: Fix lchown() and hardlink verification for symlinks
If you lchown("symlink") then we were incorrectly trying to chown the
symlink target, rather than the symlink itself. In particular, this cause
cp -a to fail for a broken symlink. Additionally, it was using the
symlink target when verifying writability, rather than the symlink
itself.

To fix this, we need pass AT_SYMLINK_NOFOLLOW in these cases.

In general, the kernel itself will always resolve any symlinks for us
before calling into the fuse backend, so we should really never do any
symlink following in the fuse fs itself. So, we pro-actively add
NOFOLLOW flags to a few other places:

 truncate:
      In reality this will never be hit, because
      the kernel will resolve symlinks before calling us.
 access:
      It seems the current fuse implementation never calls this
      (faccessat w/AT_SYMLINK_NOFOLLOW never reaches the fuse fs)
      but if this ever is implemented this is the correct behaviour.

We would ideally do `chmod` but this is not implemented on current kernels.
Because we're not multi-threaded, this is OK anyways.

Further, our write verification wasn't correctly handling the case of hardlinked
symlinks, which can occur for `bare` checkouts but *not* `bare-user` which the
tests were using. Change to `bare` mode to verify that.

Closes: #1137
Approved by: alexlarsson
2017-09-08 20:38:39 +00:00
Colin Walters
067da211cd lib/syslinux: Port to new code style
There was only one tricky bit here around the ownership of the lines; I made use
of `g_steal_pointer()` to consistently track ownership, and converted to a `for`
loop while still preserving the loop logic around the last entry.

Closes: #1154
Approved by: jlebon
2017-09-08 18:00:19 +00:00
Colin Walters
3594bb2d0f lib: Add a private helper to abort txns, use in sysroot cleanup
Steal some code from flatpak for this, which allows porting a few more things to
new style. I started on a public API version of this but was trying to roll some
other things into it and it snowballed. Let's do this version since it's easy
for now.

While here I changed things so that `generate_deployment_refs()` now just uses
`_set_ref_immediate()` rather than requring a txn.

Also, AFAICS there was no test coverage of `generate_deployment_refs()`; I tried
commenting it out and at least `admin-test.sh` passed. Add some coverage of this
- I verified that with this commenting out bits of that function cause the test
to fail.

Closes: #1132
Approved by: jlebon
2017-09-08 16:25:06 +00:00
Colin Walters
6be4dfe66e lib/grub2: Port some to new code style
I resisted trying to do anything invasive here like fd-relative porting as our
coverage is weak. But this was all straightforward porting to decl-after-stmt
style.

Closes: #1153
Approved by: jlebon
2017-09-08 16:07:18 +00:00
Dan Nicholson
43c78c9006 repo: Fix non-system remotes-config-dir usage
Before commit e0346c1, a non-system repo could specify
remotes-config-dir and have remotes read from there. However, adding
remotes would only be done in the config dir for a system repo. Restore
that by respecting remotes-config-dir when no sysroot is found and
adding back the ostree_repo_is_system() check when adding remotes.

Closes: #1133

Closes: #1151
Approved by: cgwalters
2017-09-08 13:54:30 +00:00
Guy Shapiro
2a7fdfdbc5 uboot: add non-default deployments to uEnv.txt
Include non-default deployments in the uEnv.txt file imported by
U-Boot. All the configurations beside the defaults will have
numerical suffix E.G. "kernel_image2" or "bootargs2".
Those U-Boot environment variables may be used from interactive boot
prompt or from "altbootcmd" script.

Closes: #1138
Approved by: cgwalters
2017-09-08 00:58:08 +00:00
Guy Shapiro
a567b5b47b uboot: move system uEnv merge to new function, clean up
Split the code that merge the system uEnv to new function. While we're here,
clean up the logic to e.g. use `ot_openat_ignore_enoent()`.

Closes: #1138
Approved by: cgwalters
2017-09-08 00:58:08 +00:00
Colin Walters
c7d0be4fba tree-wide: Add error prefixing for most remaining syscalls
There were some important ones there like a random `syncfs()`. The remaining
users are mostly blocked on the "fstatat enoent" case, I'll wait to port those.

Closes: #1150
Approved by: jlebon
2017-09-07 22:31:16 +00:00
Colin Walters
7afa966198 lib/sysroot: Use fd-relative acccess for bootversion cleanup
I noticed this was an easy change.

Closes: #1148
Approved by: peterbaouoft
2017-09-07 20:13:24 +00:00
Robert McQueen
59dff7175e lib/gpg: Provide the public key to the duplicate check
Add keys from the signing homedir to the GpgVerifier used to look
for duplicate signatures. This will allow signatures from subkeys
to be canonicalised and recognised as already signed despite the
differing key ID, avoiding duplicate signatures.

Closes: https://github.com/ostreedev/ostree/issues/608

Closes: #1092
Approved by: cgwalters
2017-09-07 19:56:31 +00:00
Robert McQueen
6b6408a7d0 lib/gpg: Correct missing line prefix with bad signatures
In the case the signature time was bad, a line prefix was missing from the
result of `ostree_gpg_verify_result_describe_variant()`.

Closes: #1092
Approved by: cgwalters
2017-09-07 19:56:31 +00:00
Robert McQueen
2d854368a8 lib/gpg: Add _FINGERPRINT_PRIMARY to OstreeGpgVerifyResult
Revert the switch of _FINGERPRINT to giving the primary key ID
rather than the signing key ID, and instead add the primary
key ID as a new attribute which is available if the key is not
missing.

Closes: https://github.com/ostreedev/ostree/issues/608

Closes: #1092
Approved by: cgwalters
2017-09-07 19:56:31 +00:00
Matthew Leeds
1e3f87c34c tests: Check "refs -c PREFIX" behavior
This commit adds tests to check the behavior of "refs -c PREFIX", where
prefix is interpreted as a collection ID.

Closes: #1149
Approved by: cgwalters
2017-09-07 18:49:55 +00:00
Colin Walters
3f476ac547 lib/commit: Add some error prefixing for txn commit/tmpdir
To help debug this: https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2017-September/msg00001.html

Currently we just get: `error: Commit: unlinkat: Directory not empty`

Closes: #1147
Approved by: jlebon
2017-09-07 17:29:42 +00:00
Colin Walters
ea4d3d1ac4 lib/pull: A bit of new style porting
A lof of the functions here are async and have nontrivial exits, but these ones
are all sync were straightforward ports.

Not prep for anything, just chipping away at porting.

Closes: #1146
Approved by: jlebon
2017-09-07 17:18:50 +00:00
Colin Walters
db6135f5b3 lib/pull: Only look for cookie files for non-local remotes
Just noticed this while reading an strace.

Closes: https://github.com/ostreedev/ostree/issues/1139

Closes: #1145
Approved by: jlebon
2017-09-07 17:06:14 +00:00
Colin Walters
11179e30bd lib/commit: Update docs/code style for ostree_repo_scan_hardlinks()
Happened to notice this one `goto out` user, and decided to tweak the docs at
the same time.

Closes: #1144
Approved by: jlebon
2017-09-07 16:56:35 +00:00
Colin Walters
303320163f tree-wide: Use helpers for unlinkat()
We have `ot_ensure_unlinked_at()` for the "ignore ENOENT" case, and
`glnx_unlinkat()` otherwise. Port all in-tree callers to one or the other as
appropriate.

Just noticed an unprefixed error in the refs case and decided to do a tree-wide
check.

Closes: #1142
Approved by: jlebon
2017-09-07 16:45:48 +00:00
Colin Walters
57509e4d50 tests/rofiles-fuse: Add tests for chmod/chown
Prep for https://github.com/ostreedev/ostree/pull/1137 where
we were incorrectly handling `chown()` on symlinks.

Closes: #1141
Approved by: jlebon
2017-09-07 16:32:08 +00:00
Colin Walters
3c5e373294 lib/gpg: Port a few misc gpg functions to new style
I'd mostly been skipping the GPG functions due to lack of autoptr for a few
things, but I noticed these bits were straightforward.

Closes: #1136
Approved by: jlebon
2017-09-07 16:13:18 +00:00
Colin Walters
6578c362fe lib/gpg: Use nicer helper for gpg error messages
The vast majority of invocations of `ot_gpgme_error_to_gio_error()` were paired
with `g_prefix_error()`; let's combine them for the same reason we do
`glnx_throw_errno_prefix()`. For the few cases that don't we might as well add
some prefix.

I also changed it to `return FALSE` in prep for more style porting.

Closes: #1135
Approved by: jlebon
2017-09-07 15:55:16 +00:00
Colin Walters
1f6fc009f7 lib/sysroot: A bit more new style porting
A few things not done in the last pass; prep for `ostree_sysroot_new_at()` work.

Closes: #1131
Approved by: jlebon
2017-09-07 15:44:17 +00:00
Colin Walters
9c4106f166 bin/local-pull: Clarify docs, add more tests for corrupted local pulls
I was reading the pull-local command docs and realized it was somewhat unclear
that `--untrusted` *only* applied to local repo pulls; in other words that we
always treat non-local pulls as untrusted.

Tweak the docstring, and add tests that verify this explicitly.

Closes: #1130
Approved by: jlebon
2017-09-07 15:30:11 +00:00
Colin Walters
732891efc2 lib/repo: Add error prefixing during hardlink object import
I happened to have a repo with a missing commit object, and got an unprefixed
error during a pull-local.

Closes: #1129
Approved by: jlebon
2017-09-07 15:16:24 +00:00
Colin Walters
8ec76cf024 lib/repo: Add apidoc for repo properties
However, they weren't showing up in the output HTML and I have
no idea why; I looked at what we're doing and it looks close enough
to what's going on in `GDBusConnection` that I was using as a reference.
I'm not going to spend a lot of time to debug it right now.

Closes: #1140
Approved by: jlebon
2017-09-07 13:28:27 +00:00
Colin Walters
5cf128052f ci: Hackaround Fedora rpm/libdb/glibc issue
Not sure I want to wait a few days for a new container, so let's
give this a shot now.

See https://bugzilla.redhat.com/show_bug.cgi?id=1483553

Closes: #1143
Approved by: jlebon
2017-09-06 20:00:20 +00:00
Colin Walters
0fb8686ccc bin/admin: Check for booted sysroot for root-required commands
Drops a use of `ostree_sysroot_get_path()`, prep for `ostree_sysroot_new_at()`.

Closes: #1123
Approved by: jlebon
2017-09-01 21:34:33 +00:00
Colin Walters
4bd63dd919 bin/admin: Do sysroot loading during argument parsing
Followup from previous patch - we can now centralize the sysroot loading.
Besides the obvious cleanup value, this is also prep for dropping an
`ostree_sysroot_get_path()` user.

Closes: #1123
Approved by: jlebon
2017-09-01 21:34:33 +00:00
Colin Walters
517dd9c964 bin/admin: Change init-fs to stop loading a sysroot to init one
This is exactly analogous to the `ostree init` case where
we have `OSTREE_BUILTIN_FLAG_NO_REPO` to avoid trying to load
a repo when we're creating one.

Let's avoid the pointless sysroot for `init-fs`; among other
things this will then let us do `ostree_sysroot_load()` inside
the argument parsing, and drop it from every other user.

Closes: #1123
Approved by: jlebon
2017-09-01 21:34:33 +00:00