7053 Commits

Author SHA1 Message Date
Colin Walters
d260d918dd tests: Add a payload link unit test
Motivated by changing this code.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-29 17:08:03 -04:00
Colin Walters
5dac2adef6
Merge pull request #3280 from cgwalters/release
Release 2024.7
2024-07-19 07:10:51 -04:00
Colin Walters
68679e03b3 Post-release version bump
Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-18 17:55:21 -04:00
Colin Walters
4941d9cd0d Release 2024.7
Signed-off-by: Colin Walters <walters@verbum.org>
v2024.7
2024-07-18 17:55:21 -04:00
Colin Walters
4b96359e10
Merge pull request #3277 from cgwalters/karg-disable-composefs
prepare-root: Add ostree.prepare-root.composefs
2024-07-11 20:08:38 -04:00
Colin Walters
e226c87614 prepare-root: Add ostree.prepare-root.composefs
We have a use case for overriding the composefs state via
the kernel commandline; see e.g.
https://gitlab.com/fedora/bootc/tracker/-/issues/27

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-11 17:04:09 -04:00
Colin Walters
5378fe2aa9
Merge pull request #3276 from cgwalters/parse-bool
keyfile-utils: Add API to parse tristate strings
2024-07-11 16:06:35 -04:00
Colin Walters
65ff404195 prepare-root: Gather kernel cmdline early
Prep for parsing the composefs config from the kernel cmdline.
No functional changes intended.
2024-07-10 17:52:28 -04:00
Colin Walters
26abca7126 keyfile-utils: Add API to parse tristate strings
Prep for using this in multiple places. Add unit tests.
2024-07-10 17:52:28 -04:00
Colin Walters
47edd1a2a9 keyfile-utils: Add API to parse tristate strings
Prep for using this in multiple places. Add unit tests.
2024-07-10 17:21:57 -04:00
Colin Walters
97fb11127b
Merge pull request #3275 from ueno/wip/dueno/glib-2.44
libostree: Remove compatibility code with GLib < 2.44
2024-07-10 08:27:45 -04:00
Daiki Ueno
a0bd18945f libostree: Remove compatibility code with GLib < 2.44
As the build system has required GLib 2.44 since commit
eb09207e1abd7499bd92866cce1de6148d659a4a, the manual expansion of
G_DECLARE_INTERFACE and G_DECLARE_FINAL_TYPE is no longer necessary.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-10 10:22:07 +09:00
Colin Walters
d7eb9a1040
Merge pull request #3273 from cgwalters/drop-library-printf
sysroot: Use journal rather than printf()
2024-07-08 09:56:26 -04:00
Colin Walters
772801faf0 sysroot: Use journal rather than printf()
Fix the TODO here; this was making some bootc output
ugly.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-08 07:52:39 -04:00
Colin Walters
9b977e2828
Merge pull request #3265 from lukewarmtemp/2023.8-3-coverity-scan
2023.8-3 coverity scan
2024-06-27 13:05:53 -04:00
Luke Yang
e99693c787 prepare: Create global var for tmp_sysroot_etc
Coverity points out that ""/sysroot.tmp/etc"" could be a copy-paste
error. This is mistake from coverity, but to supress the warning,
we create a global var, tmp_sysroot_etc, which replaces all
instances of TMP_SYSROOT "/etc".
2024-06-20 15:09:11 -04:00
Luke Yang
d528083cae repo: Fix dir_or_file_path memory leak
Coverity points out that we have a memory leak from
`g_strdup(dir_or_file_path)`. Make the duplication of the string a
temporary variable that is freed using `g_autofree`.
2024-06-20 15:09:11 -04:00
Luke Yang
20d5bc8453 commit: Null terminate target_buf var
Coverity points out that we are passing an unterminated string to
sprintf(). Fix by using snprintf() which stores the content as a C
string.
2024-06-20 15:09:11 -04:00
Luke Yang
dc9eaef1e5 tree: Fix name memory leak
Coverity points out that we have a memory leak from `g_strdup(name)`.
`insert_child_mtree()` takes a const char * and duplicates it.
`name` can be passed directly to `insert_child_mtree()`.
2024-06-20 15:09:11 -04:00
Colin Walters
0ea7d2e326
Merge pull request #3269 from cgwalters/fix-ordering
remount: Drop `Before=systemd-sysusers.service`
2024-06-20 11:54:23 -04:00
Colin Walters
1db6911e41
Merge pull request #3270 from cgwalters/bump-runners
ci: Bump bootc e2e to latest ubuntu, drop docker
2024-06-20 11:23:27 -04:00
Colin Walters
0153abe4bb ci: Bump bootc e2e to latest ubuntu, drop docker
As newer docker refuses to talk to ancient skopeo.
Update this to use podman directly, also add the missing `-v /dev:/dev`.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-06-20 09:52:38 -04:00
Colin Walters
1544d20560
Merge pull request #3268 from ueno/wip/dueno/composefs-doc-fixes
Minor cleanup related to composefs
2024-06-20 09:18:55 -04:00
Colin Walters
b0ab531e08 remount: Drop Before=systemd-sysusers.service
This created an ordering cycle, and I merged over red CI
for bad reasons.
2024-06-20 09:18:08 -04:00
Daiki Ueno
371540f9ab repo: Remove leftover OpenSSL includes
This removes OpenSSL includes for PKCS#7, previously used to generate
fs-verity builtin signatures.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-20 15:06:49 +09:00
Daiki Ueno
023888d8a3 docs/composefs: Fix reference to ostree sign
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-20 15:06:46 +09:00
Colin Walters
f280b1216b
Merge pull request #3266 from ericcurtin/if-file-missing-on-relabel-continue
remount: ignore ENOENT error during SELinux relabeling
2024-06-18 14:14:02 -04:00
Eric Curtin
e25ca8099f remount: ignore ENOENT error during SELinux relabeling
Ignore ENOENT error in selinux_restorecon to avoid failures when
temporary files created by systemd-sysusers in /etc are missing during
relabeling. This prevents errors such as:

  "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory"

and allows the process to continue.

Co-Authored-By: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-06-18 18:43:51 +01:00
Colin Walters
8f559e94b7
Merge pull request #3261 from cgwalters/validate-xattrs
core: Validate that xattr names aren't empty
2024-06-04 13:32:20 -04:00
Colin Walters
e19f732481 core: Validate that xattr names aren't empty
In the ostree-ext codebase the test fixture was generating xattrs
without the trailing NUL byte.  This caused confusing errors
later.  Change the dirmeta validator to catch this.

The way GVariant represents bytestrings, the trailing NUL is there
on wire/disk so it can be there in memory too, but `g_variant_get_bytestring()`
will just return an empty `""` string if actually the value
has a missing NUL.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-06-01 14:46:23 -04:00
Colin Walters
ac6ba43922
Merge pull request #3259 from cgwalters/c9s-buildroot
ci: Add buildroot to c9s build
2024-05-30 12:46:14 -04:00
Colin Walters
3ef9ae95b9 ci: Add buildroot to c9s build
Because composefs-devel isn't shipped in RHEL.
2024-05-30 11:05:20 -04:00
Colin Walters
114118e48d
Merge pull request #3258 from cgwalters/prepare-comments
docs: Describe `/boot/ostree`
2024-05-30 10:39:50 -04:00
Colin Walters
f63b751225 docs: Describe /boot/ostree
People get confused by the sha256 here being different
from the ostree commit hash.
2024-05-30 09:42:24 -04:00
Eric Curtin
b605230635
Merge pull request #3253 from cgwalters/prepare-comments
prepare-root: Cleanup comments
2024-05-23 16:52:32 +02:00
Colin Walters
a2ae287964
Merge pull request #3252 from cgwalters/checkout-cfs
checkout: Add API to directly checkout composefs
2024-05-23 07:54:10 -04:00
Colin Walters
f041e0253f prepare-root: Cleanup comments
Mainly we can now drop the TODO for mounting `/` readonly - that's
handled by composefs.  Add a few other comments, typo fixes
while we're here.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-05-22 21:08:32 -04:00
Colin Walters
c0a715f1e2 checkout: Add API to directly checkout composefs
We were missing the simple, obvious API and CLI to go
from ostree commit -> composefs.

Internally, we had `ostree_repo_checkout_composefs`
with the right "shape" mostly, except it had more code
in the deploy path to turn that into a composefs.

Add a straightforward public API that does what
the deploy code did before, and then the old
API becomes an explicitly internal helper with an `_`
prefix.

Goals:

- Lead towards a composefs-oriented future
- This makes the composefs logic more testable directly

Signed-off-by: Colin Walters <walters@verbum.org>
2024-05-22 20:38:24 -04:00
Colin Walters
e84dc96612
Merge pull request #3249 from ericcurtin/add-webos
docs: add webOS as users of libostree
2024-05-22 20:09:04 -04:00
Colin Walters
1ab70be76d
Merge pull request #3250 from ericcurtin/minor-bootloader-doc-change
docs: make /ostree/root.X clearer as symlinks
2024-05-22 20:08:27 -04:00
Eric Curtin
bee18edfbc docs: make /ostree/root.X clearer as symlinks
Feedback from Alexander Larsson before Linaro Connect talk which used
this diagram.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-05-21 15:02:04 +01:00
Eric Curtin
fef5feca1c docs: add webOS as users of libostree
Updated the README.md to include information about webOS, an OS for
smart devices such as smart TVs, which from version 2.0.0 supports
Firmware-Over-the-Air (FOTA) based on libostree. Added relevant links
for further details on webOS and FOTA setup.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-05-21 14:54:19 +01:00
Colin Walters
64a09da0eb
Merge pull request #3246 from jmarrero/release-2024.6
Release 2024.6
2024-05-16 18:17:58 -04:00
Joseph Marrero
32bec27a24 configure: post-release version bump 2024-05-16 16:34:35 -04:00
Joseph Marrero
d4a7a8d94b Release 2024.6 v2024.6 2024-05-16 16:31:51 -04:00
Colin Walters
4ed4d618b9
Merge pull request #3245 from cgwalters/doc-offline-deltas
docs: Describe offline updates with static deltas
2024-05-16 12:32:40 -04:00
Colin Walters
37b3c7677e docs: Describe offline updates with static deltas
This one isn't immediately obvious that it's possible.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-05-16 12:28:27 -04:00
Joseph Marrero Corchado
664116f03a
Merge pull request #3244 from alexlarsson/fix-fsverity-supported
Fix _ostree_ensure_fsverity reporting of supports in early exit
2024-05-15 13:15:05 -04:00
Dan Nicholson
92f2abcb85
Merge pull request #3243 from cgwalters/loaded_ts_fix
sysroot: Handle `/ostree/deploy` having epoch 0
2024-05-15 10:11:40 -06:00
Alexander Larsson
083eacd6de Fix _ostree_ensure_fsverity reporting of supports in early exit
If supported_out is passed to _ostree_ensure_fsverity and we
successfully exit early, for example because the file is a symlink, then
*supported_out is not initialized.

This is problematic in the case of ostree_sysroot_update_post_copy(),
because it passes in an uninitialized supported, and on successfull
return of _ostree_ensure_fsverity() it assumes that it is iniialized.

In case supported happened to be initialized to non-zero it will take
this branch:

      if (!supported)
        break; /* If not supported, skip rest */

Which means *all* further objects will not get fs-verity enabled.
2024-05-15 17:31:09 +02:00