IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I am not sure why this is failing on older Debian systems,
but I'm wildly guessing that something being done in `libtest.sh`
is setting up automake in a way that we need. This is done
in other tests.
Or maybe it's the missing `$CMD_PREFIX`? Let's see...
Commit aa72caffb540114a0e8635ab2990b9c8b0b8f9db
regressed the `ostree-system-generator` on non-ostree systems.
If there's no `ostree=` karg, we need to just exit 0.
Closes: https://github.com/ostreedev/ostree/issues/2909
Fixes: aa72caffb540114a0e8635ab2990b9c8b0b8f9db
Our `install` target doesn't depend on `all` unlike the
rpm-ostree version; not doing so is arguably better, so let's
explicitly build before installing.
This reverts commit f7f6f87c513c9f35bc24f35e909779c19cb49d3a.
This seems to have broken flatpak, so we'll revert and then
investigate.
Closes: https://github.com/ostreedev/ostree/issues/2900
This fixes a regression from the latest composefs submodule update in
1582edd1d4a6b26874d3897de8a5586f979a0715. In composefs commit
7560a4fd388481f479c0b3fc2e6d20c6321d9b74 the struct field was changed
from the generic `expected_digest` with the thought that there may be
other signatures or digests in the future.
aboot-deploy must know where the next root filesystem to boot is to set
up a symlink /ostree/root.a or /ostree/root.b , this location is in the
ostree= part of these passed in options.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Not clear why this was __off_t which is the sole appearance in the code
base, but it breaks musl builds.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
I want to gain testing over the composefs path; but without
yet changing the main Jenkins build. Because we have duplicate/overlapping
CI systems, we can take advantage of this by testing the composefs
flow via Prow.
Sync the Prow build scripts with what's in coreos/rpm-ostree
right now.
Then let's test the composefs flow a bit more e2e there.
The interaction of `iter_loop` and autofree is way too subtle;
I happened to be reading this code and noticed we did the NULL
reset in one path but not another.
The real fix is Rust...
I've got more debug information in the error case that motivated
bae4347abe
"pull: Add error prefixing for corrupt checksums"
where the sole error is
`error: Invalid checksum of length 0 expected 32`
This must be coming from the pull code in the case where we've
already fetched the commit object.
- Add some error prefixing here in the core commit validation code
- Ensure that we do the validation immediately after loading, including
of the parent commit reference where I think this error must be coming
from
- Then the pull code can just safely call `ostree_commit_get_parent`
which already does the hex conversion etc.
The current logic to select the HTTP version to be use relies on
the fact that curl don't use by default HTTP2. This assumption seems wrong with
recent versions of curl.
Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>
Let's describe the state of things at a high level, independent
of the tracking issue which has a lot more detail (and hence noise).
This document keeps things at a high level and describes how to
enable things today.
With f461c02bb55bf2853a3b81ed5c8618040ab54e98 use of gpg_strerror_r
was added this symbol comes from libgpg-error however, therefore its
needed to add -lgpg-error to cmdline to resolve this symbol especially
with gold and lld linker. Fixes
aarch64-yoe-linux-ld.lld: error: undefined reference due to --no-allow-shlib-undefined: gpg_strerror_r
>>> referenced by ./.libs/libostree-1.so
I got a bug report with the bare error
```
error: Invalid checksum of length 0 expected 32
```
And I'm pretty sure it's from here. Add error prefixing so we
know exactly which metadata object was corrupt.
I think there's never been a real race condition here. Instead
the problem is:
- We have a timeout on the lock, after which we error out (30s)
- This test actually *lowers* the timeout
Looking through the failures for test-concurrency what I see
is
`error: Locking repo exclusive failed: Resource temporarily unavailable`
which is us hitting the timeout.
Hardcoded timeouts are just going to be subject to race conditions.
I understand not wanting to block forever in some cases, but any
arbitrary timeout is just going to get hit in real world conditions
too.
Anyways for now, stop shooting ourselves in the foot and at least
keep the timeout at the default.
Closes: https://github.com/ostreedev/ostree/issues/2038
Currently we generate a signature for the actual composefs image, and
then we apply that when we enable fsverity on the composefs
image. However, there are some issues with this.
First of all, such a signed fs-verity image file can only be read if
the corresponding puiblic keyring is loaded into the fs-verity
keyring. In a typical secure setup we will have a per-commit key that
is loaded from the initrd. Additionally, the keyring is often sealed
to avoid loading more keys later.
This means you can only ever mount (or even look at) composefs images
from the current boot. While this is not a huge issue it is something
of a pain for example when debugging things.
Secondly, and more problematic, during a deploy we can't enable
fs-verity on the newly created composefs file, because and at that
point you need to pass in the signature. Unfortunately this will fail
if the matching public key is not in the keyring, which will fail for
similar reasons as the first issue.
The current workaround is to *not* enable fs-verity during deploy, but
write the signature to a file. Then the first time the particular
commit is booted we apply the signature to the iamge. This works
around issue two, but not issue one. But it causes us to do a lot of
writes and computation during the first boot as we need to write the
fs-verity merkle tree to disk. It would be much better and robust if
the merkle tree could be written during the deployment of the update
(i.e. before boot).
The new apporach is to always deploy an unsigned, but fs-verity
enabled composefs image. Then we create separate files that contain
the expected digest, and a signature of that file. On the first boot
we sign the digest file, and on further boots we can just verify
that it is signed before using it.
This fixes issue 1, since all deploys are always readable, and it
makes the workaround for issue 2 much less problematic, as we only
need to change a much smaller file on the first boot.
Long term I would like to avoid the first-boot writing totally, and
I've been chatting with David Howells (kernel keyring maintainer) and
he proposed adding a new keyring syscall that verifies a PKCS#7
signature from userspace directly. This would be exactly what
fs-verity does, except we wouldn't have to write the digest to disk
during boot, we would just read the digest file and the signature file
each boot and ask the kernel to verify it.
