6597 Commits

Author SHA1 Message Date
Colin Walters
f4e56b910f admin-deploy: Add --stateroot as alias for --os
To further help deprecate the confusing "osname" terminology.
2023-08-17 16:49:09 -04:00
Colin Walters
9d5ccfefff Add ostree admin stateroot-init as alias for os-init
To further help deprecate the confusing "osname" terminology.
2023-08-17 16:46:02 -04:00
Eric Curtin
9ac938c4ff
Merge pull request #2989 from cgwalters/lock-timeout-longer
repo: Bump lock timeout to 5 minutes
2023-08-17 14:38:30 +01:00
Colin Walters
f4b420492f
Merge pull request #2973 from ostreedev/dependabot/submodules/composefs-a6e827d
build(deps): bump composefs from `1704f82` to `a6e827d`
2023-08-17 09:36:20 -04:00
Colin Walters
e88ec69eef repo: Bump lock timeout to 5 minutes
And update the doc text to talk about having a timeout at all
by default being a mistake.

Timeouts are really best handled at a higher level; if two processes
are contending for the ostree lock and one is actually frozen,
resolving this is something an admin may want to handle and introspect/debug
instead of having the waiter error out.

Most people using ostree are doing it in a way in which they have
higher level timeouts (e.g. on a container pod).
2023-08-17 08:28:16 -04:00
Eric Curtin
55121cc4df
Merge pull request #2988 from cgwalters/prepare-root-binding-key
prepare-root: Minor clarifications
2023-08-16 23:20:15 +01:00
Eric Curtin
d648eea631
Merge pull request #2987 from cgwalters/prefix-stage-deploy
deploy: Add some error prefixing
2023-08-16 22:37:06 +01:00
Colin Walters
94cb37cb30 prepare-root: Minor clarifications
No functional changes.
2023-08-16 16:56:12 -04:00
Colin Walters
25a458b94b deploy: Add some error prefixing
We saw a bare
`Txn Rebase on <osname> failed: Failed to find kernel in /usr/lib/modules, /usr/lib/ostree-boot or /boot`
which isn't bad, but it'd be better to be a bit more specific.
2023-08-16 16:16:24 -04:00
Eric Curtin
8712a46756
Merge pull request #2985 from cgwalters/cleanup-proc-cmdline
switchroot,generator: Only read /proc/cmdline once
2023-08-16 19:31:35 +01:00
Colin Walters
083bad8cf2
Merge pull request #2984 from alexlarsson/prepare-root-no-raw-key
prepare-root: Only support base64 formated public key files
2023-08-16 09:05:39 -04:00
Colin Walters
28aed49d87 switchroot,generator: Only read /proc/cmdline once
Change the helper function to parse an existing cmdline instead
of potentially reading `/proc/cmdline` multiple times.
2023-08-16 09:05:19 -04:00
Alexander Larsson
0a79b3b1e2 prepare-root: Only support base64 formated public key files
I've updated the automotive samples to not use the raw format, so
there is no use anymore to support both formats, as base64 is strictly
better.
2023-08-16 11:00:43 +02:00
Alexander Larsson
c94388f3dd
Merge pull request #2980 from cgwalters/prepare-root-minor
Prepare root minor
2023-08-16 10:56:20 +02:00
Colin Walters
871d32a591 prepare-root: Use ptrarray, not linked list
Linked lists are a data structure with only very obscure
use cases, and this is a classic one where since we're appending
it's O(N^2) behavior.

Also we were leaking the memory.

It's more ergonomic, clearer and efficient to use a ptrarray.
2023-08-14 14:36:50 -04:00
Colin Walters
678bfcd934 prepare-root: Check for empty string, not strlen > 0
No point in doing a full strlen, we can just check the first byte.
Also, invert the conditional using `continue` to avoid another
level of indentation.
2023-08-14 14:30:42 -04:00
Colin Walters
bea5d897a8 prepare-root: Use declare-and-initialize
This is our default style.
2023-08-14 14:29:39 -04:00
Joseph Marrero Corchado
3620d3c709
Merge pull request #2979 from cgwalters/enabled-discussions
README.md: Drop dead mailing list, link to GH discussions
2023-08-14 11:47:05 -04:00
Colin Walters
d324f6843b
Merge pull request #2974 from alexlarsson/composefs-config-file
Read composefs configuration from initrd instead of commandline
2023-08-14 11:46:38 -04:00
Colin Walters
f1c1f819ff README.md: Drop dead mailing list, link to GH discussions
While I resisted taking the next step in binding ourselves
more to GH with discussions...it's way, way better than answering
questions out of band in private (also proprietary) chats.

We haven't been successful in using the GNOME discussion forums.
2023-08-14 09:49:41 -04:00
Alexander Larsson
81fa214155 Read composefs configuration from initrd instead of commandline
This drops the `ot-composefs` kernel commandline in favour
of a `[composefs]` section in the `prepare-rootfs.conf` file.

You can set `composefs.enabled` to `signed`, `yes`, `no` or `maybe`,
with `maybe` being the default.

You can also set `composefs.keypath` (or rely on the default
`/etc/ostree/initramfs-root-binding.key`) to point to ed25519 public
keys, one of which which the commit must be signed with, or boot
fails.

The ostree dracut module adds `/etc/ostree/initramfs-root-binding.key`
to the initrd if it exists.

NOTE: This drop the option to define a digest in the commandline.
However, that was currently unused
(i.e. ComposefsConfig.expected_digest was never read).

Additionally it very hard to actually store the composefs digest in
the initrd, as the initrd is typically part of the commit and thus the
composefs. It may be possible to handle this, but lets add it back
when we know exactly how that will work.
2023-08-14 12:27:47 +02:00
Eric Curtin
2cc6b53199
Merge pull request #2966 from cgwalters/ostree-admin-edit
Add `admin set-default`
2023-08-08 14:24:35 +01:00
dependabot[bot]
b108e24c31
build(deps): bump composefs from 1704f82 to a6e827d
Bumps [composefs](https://github.com/containers/composefs) from `1704f82` to `a6e827d`.
- [Release notes](https://github.com/containers/composefs/releases)
- [Commits](1704f823db...a6e827df2d)

---
updated-dependencies:
- dependency-name: composefs
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-08 12:05:10 +00:00
Eric Curtin
c57c00569c
Merge pull request #2958 from cgwalters/deploy-loosen-etc-usretc
deploy: Support an empty `/etc` and populated `/usr/etc`
2023-08-05 16:48:28 +01:00
Joseph Marrero Corchado
7f70614a1a
Merge pull request #2969 from cgwalters/fix-sync-pthreads
deploy: Fix mutex locking for global sync timeout
2023-08-04 11:34:13 -04:00
Eric Curtin
a31f779871
Merge pull request #2967 from cgwalters/drop-trivial-httpd-entrypoint
More fully drop `trivial-httpd` entrypoint
2023-08-04 10:07:09 +01:00
Colin Walters
402e04280b deploy: Fix mutex locking for global sync timeout
The locking here was always too long - by holding the mutex
during the `sync()` call, it means `g_cond_wait_until()` can
never wake up (because its API requires the mutex to be locked).

Confusingly though of course we do still print the "timed out"
message, and I think that tricked us when we were doing testing
here.

We only need to lock the mutex when we're manipulating shared
state, which basically boils down to the `gboolean success`.
2023-08-03 23:10:06 -04:00
Colin Walters
60b4655677 More fully drop trivial-httpd entrypoint
It's just part of the tests and we should no longer
support `ostree trivial-httpd`.

This is a followup cleanup to previous work.
2023-08-03 15:10:11 -04:00
Colin Walters
3cd3251aa1 Add admin set-default
A core underlying primitive in the C library is the ability
to arbitrarily reorder bootloader entries.

Let's expose the basic functionality here with the ability to pick
an arbitrarily deployment for the next boot.

Closes: https://github.com/ostreedev/ostree/issues/2965
2023-08-03 15:09:57 -04:00
Eric Curtin
09160c1a2b
Merge pull request #2962 from cgwalters/os-init-remount
os-init: Create a mount namespace
2023-08-02 20:41:32 +01:00
Colin Walters
ac42e29d66 os-init: Create a mount namespace
Today on anything using readonly sysroot `os-init` fails, because
we don't create a mount namespace if the `UNLOCKED` flag is specified
because we assume it's a readonly operation.

Since technically this is a mutation, let's just lock the sysroot
and use the tested path.
2023-08-02 14:32:22 -04:00
Joseph Marrero Corchado
113e575e8e
Merge pull request #2963 from cgwalters/more-gfileinfo-fix
composefs: Only call `_get_symlink_target()` on symlinks
2023-08-02 13:44:05 -04:00
Colin Walters
15cb0b47b1 composefs: Only call _get_symlink_target() on symlinks
This fixes a warning from newer glib that we're now seeing
in the Debian testing CI runs.
2023-08-01 21:29:04 -04:00
Colin Walters
f44909f8a2
Merge pull request #2960 from ostreedev/dependabot/submodules/libglnx-c02eb59
build(deps): bump libglnx from `07e3e49` to `c02eb59`
2023-07-31 11:04:26 -04:00
dependabot[bot]
a16a14a67b
build(deps): bump libglnx from 07e3e49 to c02eb59
Bumps libglnx from `07e3e49` to `c02eb59`.

---
updated-dependencies:
- dependency-name: libglnx
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-31 12:29:54 +00:00
Eric Curtin
fd968d5939
Merge pull request #2957 from cgwalters/transaction-test-suppress-global-sync
tests/destructive: Turn off global sync()
2023-07-31 10:55:39 +01:00
Colin Walters
0406fd3912 deploy: Support an empty /etc and populated /usr/etc
In preparation for support for a transient `/etc`:
https://github.com/ostreedev/ostree/issues/2868
particularly in combination with composefs.

Basically it's just much more elegant if we can directly mount
an overlayfs on the *empty* `etc` directory, using `usr/etc` as
the lower.

In the composefs case, we'd have to mount the composefs overlayfs
itself writable (and call `mkdir`) *just* so we can make that
empty `etc` directory which is ugly.
2023-07-29 08:47:54 -04:00
Colin Walters
6470429b2b tests/destructive: Turn off global sync()
Let's verify that things work with that off, as they should.

Previously:
cb73129483
"deploy: Add a 5s max timeout on global filesystem sync()"

But we may still have problems even with that, see
https://issues.redhat.com/browse/OCPBUGS-15917
where it might be that even a thread doesn't work because
we're locked in the kernel.
2023-07-28 17:59:28 -04:00
Eric Curtin
a2663e8041
Merge pull request #2956 from cgwalters/finalize-more-verbose
deploy: Be way more verbose about what we're doing
2023-07-28 16:16:57 +01:00
Colin Walters
3d881fee41 deploy: Be way more verbose about what we're doing
This will help us debug bugs like https://issues.redhat.com/browse/OCPBUGS-15917
in the future.
2023-07-27 14:08:15 -04:00
Eric Curtin
1aed5d7cf9
Merge pull request #2954 from cgwalters/harden-gvariant-get-data
Harden gvariant get data
2023-07-27 15:41:24 +01:00
Colin Walters
5b37259607 checksum-utils: Add an assertion that buf != NULL
Another hardening against https://bugzilla.redhat.com/show_bug.cgi?id=2217401
2023-07-26 18:09:28 -04:00
Colin Walters
0392b54602 core, switchroot: Harden a bit against g_variant_get_data() == NULL
I'm not totally sure this is the cause of
https://bugzilla.redhat.com/show_bug.cgi?id=2217401
but analyzing the code a bit it seems the most likely.
2023-07-26 18:09:28 -04:00
Eric Curtin
d7d661218e
Merge pull request #2953 from samcday/patch-1
docs: update boot loader spec link
2023-07-26 15:10:27 +01:00
Eric Curtin
66e425534e
Merge pull request #2930 from cgwalters/prepare-root-config3
prepare-root: Introduce ostree/prepare-root.conf && sysroot.readonly improvements
2023-07-26 10:17:35 +01:00
samcday
b5397887e3
docs: update boot loader spec link 2023-07-25 21:42:41 +02:00
Eric Curtin
af52a88d5f
Merge pull request #2952 from cgwalters/silence-variant-lookup
tree-wide: Consistently `(void)g_variant_lookup()`
2023-07-25 17:36:12 +01:00
Colin Walters
13e7ae907d tree-wide: Consistently (void)g_variant_lookup()
Coverity warns when we're checking the return value in most-but-not-all
instances.  The code is correct in these instances; we're initializing
the values to defaults.  So add a `(void)` cast like we are doing
in many other places.
2023-07-25 11:28:23 -04:00
Colin Walters
3465626015 prepare-root: Don't parse target root when composefs enabled
We shouldn't load anything from the target root filesystem *before*
verifying its integrity if composefs is enabled.

In effect, we want to force composefs users to migrate to
`/usr/lib/ostree/prepare-root.conf` which lives in the initramfs.
(But because we enable sysroot.readonly=true if composefs is enabled
 too, they don't actually need to)
2023-07-25 09:15:11 -04:00
Colin Walters
83d37d6d3c prepare-root: Default sysroot.readonly=true if composefs
Not because it's logically required or anything, but because
it's just a good idea.
2023-07-25 09:15:11 -04:00