Commit Graph

6895 Commits

Author SHA1 Message Date
Colin Walters
cb3c42e306
Merge pull request #3166 from cgwalters/var-again
sysroot: Rework /var handling to act like Docker `VOLUME /var`
2024-02-10 05:14:18 -05:00
Colin Walters
f81b9fa166 sysroot: Rework /var handling to act like Docker VOLUME /var
We've long struggled with semantics for `/var`.  Our stance of
"/var should start out empty and be managed by the OS" is a strict
one, that pushes things closer to the original systemd upstream
ideal of the "OS state is in /usr".

However...well, a few things.  First, we had some legacy bits
here which were always populating the deployment `/var`.  I don't
think we need that if systemd is in use, so detect if the tree
has `usr/lib/tmpfiles.d`, and don't create that stuff at
`ostree admin stateroot-init` time if so.

Building on that then, we have the stateroot `var` starting out
actually empty.

When we do a deployment, if the stateroot `var` is empty,
make a copy (reflink if possible of course) of the commit's `/var`
into it.

This matches the semantics that Docker created with volumes,
and this is sufficiently simple and easy to explain that I think
it's closer to the right thing to do.

Crucially...it's just really handy to have some pre-existing
directories in `/var` in container images, because Docker (and podman/kube/etc)
don't run systemd and hence don't run `tmpfiles.d` on startup.

I really hit on the fact that we need `/var/tmp` in our container
images by default for example.

So there's still some overlap here with e.g. `/usr/lib/tmpfiles.d/var.conf`
as shipped by systemd, but that's fine - they don't actually conflict
per se.
2024-02-09 17:46:12 -05:00
Colin Walters
1c18bd256a
Merge pull request #3165 from cgwalters/drop-ex-integrity
deploy: Honor prepare-root.conf at deploy time for composefs
2024-02-09 09:57:21 -05:00
Colin Walters
cae4ceb6c5 deploy: Honor prepare-root.conf at deploy time
I want to try to get away from the "repository global" configuration
in the repo config.

A major problem is that there's not an obvious way to configure
it as part of an ostree commit/container build - it needs
to be managed "out of band".

With this change, we parse the `usr/lib/ostree/prepare-root.conf`
in the deployment root, and if composefs is enabled there,
then we honor it.

We do still honor `ex-integrity.composefs` but that I think
we can schedule to remove.
2024-02-08 19:53:23 -05:00
Colin Walters
d8f03c63a7 switchroot: Move a define into library too 2024-02-08 19:35:17 -05:00
Colin Walters
95f4bb6dfe prepare-root: Fix crash if no keys were found
Handle a NULL pointer.
2024-02-08 19:34:54 -05:00
Colin Walters
7d9fa8e92a lib: Move parsing of composefs config into otcore
So it can be shared with the deployment path.  Prep for dropping
`ex-integrity.composefs`.
2024-02-08 18:09:11 -05:00
Colin Walters
751ec9082e
Merge pull request #3151 from mvo5/selinux-labels-on-non-selinux-hosts
libostree: write selinux xattr when on non-selinux systems
2024-02-08 16:46:22 -05:00
Colin Walters
a61724b73e
Merge pull request #3160 from cgwalters/release
Release
2024-02-08 14:39:26 -05:00
Colin Walters
c09abec9af configure: post-release version bump 2024-02-08 13:11:03 -05:00
Colin Walters
9b30c946a1 Release 2024.2 2024-02-08 13:11:03 -05:00
Colin Walters
61ed3bf944
Merge pull request #3164 from cgwalters/prepare-root-device-inode
Track deployment root/inode from prepare root
2024-02-08 13:10:06 -05:00
Colin Walters
525a57d21d Track deployment root/inode from prepare root
When we added composefs, it broke the logic for detecting the booted
deployment which was previously a direct (device, inode) comparison.
So the code there started looking at `etc`.  However, that in
turns breaks with `etc.transient = true` enabled.

Fix all of this by tracking the real deployment directory's
(device,inode) that we found in `ostree-prepare-root`, and inject
it into the extensible metadata we have in `/run/ostree-booted`
which is designed exactly to pass state between the initramfs
and the real root.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-02-08 12:57:53 -05:00
Colin Walters
5cfc5c7b1f ci: Use BOOTC_SKIP_SELINUX_HOST_CHECK, test labeling of /etc
As we work to change ostree to set up the labels
for things even in a selinux-host-disabled case, let's test
it here.
2024-02-08 15:54:23 +01:00
Michael Vogt
092a2b736d libostree: write selinux xattr when on non-selinux systems
Currently when writing data for selinux systems on a non-selinux
system there will be no labels. This is because
`ostree_sepolicy_setfscreatecon()` just returns TRUE on non-selinux
systems and xattr writing for `security.seliux` is filtered out.

This patches uses the suggestion of Colin Walters (thanks!) from
https://github.com/ostreedev/ostree/issues/2804 and detects if
the host has selinux enabled and if not just skips filtering the
xattrs for selinux.
2024-02-08 15:51:41 +01:00
Eric Curtin
da89214065
Merge pull request #3159 from cgwalters/revert-bootprefix
Revert "Enable `sysroot.bootprefix` by default"
2024-02-07 23:26:25 +01:00
Colin Walters
4c813f3221 Revert "Enable sysroot.bootprefix by default"
This reverts commit 8627c8afa1.

See discussion in https://github.com/ostreedev/ostree/pull/3156 ;
we think this breaks s390x in some cases at least, and that warrants
further investigation.
2024-02-07 15:58:06 -05:00
Colin Walters
58aa2187be
Merge pull request #3156 from cgwalters/enable-bootprefix-default
Enable `sysroot.bootprefix` by default
2024-02-06 17:58:42 -05:00
Colin Walters
8627c8afa1 Enable sysroot.bootprefix by default
I've been testing this in various places and not seen any fallout,
so let's finally enable this by default and have the situation where
`/boot` is on the root `/` filesystem work out of the box.
2024-02-06 16:25:33 -05:00
Eric Curtin
ecbd1f7fdd
Merge pull request #3158 from jlebon/pr/main
admin/state-overlay: Require root and don't lock sysroot
2024-02-06 22:18:28 +01:00
Jonathan Lebon
15ec3399c2 generator: Restore graceful exit behaviour if ostree karg missing
In CoreOS live environments, we do have `/run/ostree` but no `ostree=`
karg; we hackily fool `ostree-prepare-root.service` by bind-mounting
over `/proc/cmdline` so it does the right thing. Presumably, we should
clean this up eventually, but even so we don't want to require PXE users
to add an `ostree=` arg, so we need to tolerate this.

So this assertion would fail there. Restore the behaviour prior to
b9ce0e89 and re-add a more contemporary comment.

Fixes b9ce0e89 ("generator: Exit if there's no `/run/ostree`").
2024-02-06 14:47:09 -05:00
Colin Walters
9b64443a4c
Merge pull request #3157 from cgwalters/syslinux-bootprefix-fix
syslinux: Avoid double `/boot` if bootprefix is enabled
2024-02-06 10:44:07 -05:00
Jonathan Lebon
31b804f20d admin/state-overlay: Require root and don't lock sysroot
Not required for anything in particular, but it's good to use the right
flags here anyway.
2024-02-06 10:27:34 -05:00
Colin Walters
a05dbb311e syslinux: Avoid double /boot if bootprefix is enabled
This backend always explicitly emitted a `/boot` - but if
the global `sysroot.bootprefix` is enabled, then we can rely
on the outer code doing it.

Luckily this was caught by the unit tests here failing when
enabling `sysroot.bootprefix` by default.
2024-02-05 15:05:10 -05:00
Colin Walters
740413168f
Merge pull request #3150 from travier/grub2-15_ostree-atomic-desktops
grub2-15_ostree: Graceful exit if /etc/default/grub doesn't exist
2024-02-01 08:42:43 -05:00
Colin Walters
a4c5ab11a3
Merge pull request #3152 from cgwalters/ci-bootc
ci: Add a bootc/c9s workflow
2024-01-31 15:44:51 -05:00
Colin Walters
3623f0d805 ci: Add a bootc/c9s workflow
This obsoletes the "just build" on c9s flow, and actually runs
though a bootc install, which exercises more of things.
2024-01-31 14:03:25 -05:00
Timothée Ravier
5203d6df28 grub2-15_ostree: Fix whitespace 2024-01-31 15:41:54 +01:00
Timothée Ravier
c281da8352 grub2-15_ostree: Graceful exit if /etc/default/grub doesn't exist
With the new bootupd installation path in Anaconda, the
`/etc/default/grub` config file is not written anymore as we are only
using BLS configs with new enough bootloaders.

We thus don't need to generate (duplicated) legacy boot entries.

We still need to keep this logic in place in Atomic Desktops
(Silverblue, etc.) until we've actually landed bootupd there and forced
a bootloader update for everybody.

See: https://github.com/fedora-silverblue/issue-tracker/issues/530
See: https://github.com/fedora-silverblue/issue-tracker/issues/120
See: https://fedoraproject.org/wiki/Changes/FedoraSilverblueBootupd
2024-01-31 15:38:32 +01:00
Colin Walters
0b0485c7cc
Merge pull request #3149 from alexlarsson/new-composefs-format
composefs: Bump composefs max version to 1
2024-01-31 08:27:19 -05:00
Alexander Larsson
808f243372 composefs: Bump composefs max version to 1
This generates the new format for whiteout markers which was added in
6.8 (and which will be backported to 6.7). Without this whiteouts
will not work anymore.

This is a slight format change, but will only affect ostree commits
that already were broken (i.e that had whiteouts), and since the
composefs code is still marked experimental I think it is fine to
do this without introducing another format version on the ostree
side.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2024-01-31 12:09:35 +01:00
Alexander Larsson
0d9dc2b25d Update submodule: composefs
This updates composefs to 1.0.3 which has support for the
new overlay nesting format.
2024-01-31 12:09:20 +01:00
Colin Walters
75941b7708
Merge pull request #3146 from ericcurtin/ot-admin-builtin-pin-booted-pending-rollback
admin/pin: Add commands to pin booted, pending and rollbacks deployments
2024-01-29 11:33:43 -05:00
Eric Curtin
cda5103abe admin/pin: Add commands to pin booted, pending and rollback deployments
Add new commands to pin the current, staged and previous deployment for
use in automation and scripting. Right now, it's difficult to pin the
current deployment without needing to look into the output of some other
tooling (like rpm-ostree) to get the index of each deployment. This
index also is not consistent - the current deployment could be 0 when
you first boot the system then 1 shortly after. This change makes it
easy to pin the current or future deployment.

Co-authored-by: Robert Sturla <robertsturla@outlook.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-01-29 11:44:20 +00:00
Colin Walters
47213b5617
Merge pull request #3147 from cgwalters/generator-check-run-ostree
generator: Exit if there's no `/run/ostree`
2024-01-27 11:10:31 -05:00
Colin Walters
b9ce0e8980 generator: Exit if there's no /run/ostree
Currently if run in a container image under systemd, we will
incorrectly synthesize a `var.mount` unit even if `ostree-prepare-root`
hasn't run.

The comment here said why we didn't do that before, but that's
for the really legacy embedded-only "ostree-prepare-root-static"
path, and even then I'm pretty sure it was wrong because
the generator here only runs in the *real* root, and we should
have `/run/ostree` at that point.
2024-01-26 18:10:37 -05:00
Eric Curtin
79cb18bdd6
Merge pull request #3145 from smcv/composefs-xattr
tests: Skip composefs test if /var/tmp does not support user xattrs
2024-01-25 23:29:52 +00:00
Simon McVittie
b42f053db9 tests: Skip composefs test if /var/tmp does not support user xattrs
Otherwise, this test fails on Debian 12 (Linux 6.1) kernels if /var/tmp
is a tmpfs. Some autobuilders put the entire build chroot on a tmpfs,
to speed up builds.

Signed-off-by: Simon McVittie <smcv@debian.org>
2024-01-24 14:03:18 +00:00
Colin Walters
15b64c24ba
Merge pull request #3143 from yummypeng/main
deploy: Ignore sockets, fifos in /etc/<subdir> during merge
2024-01-22 21:05:44 -05:00
Yuanhong Peng
eb1e9cf768 deploy: Ignore sockets, fifos in /etc/<subdir> during merge
It's a followup of commit e6a560b407.
We should also ignore sockets and fifos in the subdir of /etc.

Signed-off-by: Yuanhong Peng <yummypeng@linux.alibaba.com>
2024-01-22 19:48:59 +08:00
Colin Walters
d1d8f4ab40
Merge pull request #3141 from cgwalters/release
Release 2024.1
2024-01-21 11:00:20 -05:00
Colin Walters
0ce6656add configure: post-release version bump 2024-01-19 17:27:09 -05:00
Colin Walters
3b4f5e36ee Release 2024.1 2024-01-19 17:26:26 -05:00
Colin Walters
19cd8cf1c1
Merge pull request #3135 from ericcurtin/aboot-documentation
doc: Add section about ostree and aboot
2024-01-11 11:57:22 -05:00
Colin Walters
6031f1c022
Merge pull request #3120 from jlebon/pr/state-overlays
Add concept of state overlays
2024-01-11 11:56:44 -05:00
Jonathan Lebon
e233d0236f build(deps): bump libglnx from aff1eea to b415d046
Bumps libglnx from `aff1eea` to `b415d046`.

For https://gitlab.gnome.org/GNOME/libglnx/-/merge_requests/52.

Update submodule: libglnx
2024-01-10 15:41:14 -05:00
Jonathan Lebon
92b1a27202 Add concept of state overlays
In the OSTree model, executables go in `/usr`, state in `/var` and
configuration in `/etc`. Software that lives in `/opt` however messes
this up because it often mixes code *and* state, making it harder to
manage.

More generally, it's sometimes useful to have the OSTree commit contain
code under a certain path, but still allow that path to be writable by
software and the sysadmin at runtime (`/usr/local` is another instance).

Add the concept of state overlays. A state overlay is an overlayfs
mount whose upper directory, which contains unmanaged state, is carried
forward on top of a lower directory, containing OSTree-managed files.

In the example of `/usr/local`, OSTree commits can ship content there,
all while allowing users to e.g. add scripts in `/usr/local/bin` when
booted into that commit.

Some reconciliation logic is executed whenever the base is updated so
that newer files in the base are never shadowed by a copied up version
in the upper directory. This matches RPM semantics when upgrading
packages whose files may have been modified.

For ease of integration, this is exposed as a systemd template unit which
any downstream distro/user can enable. The instance name is the mountpath
in escaped systemd path notation (e.g.
`ostree-state-overlay@usr-local.service`).

See discussions in https://github.com/ostreedev/ostree/issues/3113 for
more details.
2024-01-09 23:20:41 -05:00
Jonathan Lebon
062cf603bd
Merge pull request #3136 from ericcurtin/pr-3134-feedback 2024-01-09 11:40:58 -05:00
Eric Curtin
477d472c36 status: Rename query-booted to is-default
This is a tool to check if we are booted as default or not, just a
rename before it becomes widely used. We also shortened the '-h' output
for this.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-01-09 15:24:34 +00:00
Colin Walters
b79a2e16a0
Merge pull request #3134 from ericcurtin/query-boot-real
status: Introduce tool to quickly check if we are booted as default
2024-01-08 13:14:50 -05:00