Commit Graph

191 Commits

Author SHA1 Message Date
Colin Walters
eb54a44169 Switch to external composefs
Since there's now a stable shared library, let's use it.
2024-04-12 16:16:21 -04:00
Colin Walters
56b268dd66 configure: post-release version bump 2023-12-05 14:03:56 -05:00
Alexander Larsson
accb1f0602 Add ostree admin post-copy command
This command will apply fs-verity on all objects that need it and
needs to be called when an ostree deployment has been copied on a
file-by-file basis, which would loose information such as fs-verity.

This is needed by osbuild which works by creating the final image in a
rootfs, and then separately copying that rootfs file-by-file to a
loopback mounted filesystem image.
2023-11-14 10:15:19 +01:00
Eric Curtin
5e2eedeec9
Merge pull request #2949 from cgwalters/kargs-cleanup
kernel-args: Move private functions out of public header
2023-07-24 21:06:59 +01:00
Colin Walters
d7fe9e54ed kernel-args: Move private functions out of public header
External users can't call `_` prefixed APIs, so move them
to a `-private.h`.
2023-07-23 13:22:14 -04:00
Colin Walters
303e7eb2e1 src/generator: Move all logic into libostree-1.so
This pushes down the code for parsing the `ostree=` cmdline
in the generator into code that's part of libostree-1.so.

This is prep for using logic shared in libotcore.la.

But in general it's just cleaner to also keep the binary
entrypoint to just be a trampoline into the C library.
2023-07-23 10:47:19 -04:00
Colin Walters
b8ff210941 Factor out a libotcore
This will contain logic shared between ostree-prepare-root
and libostree-1.so.  It will just link to libgio.so, so as
to avoid pulling in e.g. libcurl and other things.

In other words, `ostree-prepare-root` will not link to `libostree-1.so`,
but will pull in just what it needs from this library.
2023-07-11 14:08:32 -04:00
Colin Walters
265cf7d786 build-sys: Add libsodium to OT_DEP_CRYPTO
There's no reason to have these distinct really.  If we're using
libsodium, we want it in the same places we're using openssl.

Prep for further refactoring.
2023-07-08 15:42:12 -04:00
Colin Walters
0c35149c7e Release 2023.4 2023-06-20 09:39:04 -04:00
Colin Walters
a6f2d053c8 lib: Rework composefs metadata, drop custom signatures
We will be switching to handling signature verification of
the target ostree commit.
2023-06-17 17:08:46 -04:00
Alexander Larsson
e3be4ee52a Update submodule: composefs
Instead of using pkg-config, etc we just include composefs.
In the end the library is just 5 c source files, and it is set up
to be easy to use as a submodule.

For now, composefs support is disabled by default.
2023-05-31 10:57:37 +02:00
Alexander Larsson
e2956e2c08 lib: Add (private) API for checking out commits into a composefs image
This supports checking out a commit into a tree which is then
converted into a composefs image containing fs-verity digests for all
the regular files, and payloads that are relative to a the
`repo/objects` directory of a bare ostree repo.

Some specal files are always created in the image. This ensures that
various directories (usr, etc, boot, var, sysroot) exists in the
created image, even if they were not in the source commit. These are
needed (as bindmount targets) if you want to boot from the image. In
the non-composefs case these are just created as needed in the checked
out deploydir, but we can't do that here.

This is all controlled by the new ex-integrity config section, which
has the following layout:

```
[ex-integrity]
fsverity=yes/no/maybe
composefs=yes/no/maybe
composefs-apply-sig=yes/no
composefs-add-metadata=yes/no
composefs-keyfiile=/a/path
composefs-certfile=/a/path
```

The `fsverity` key overrides the old `ex-fsverity` section if
specified.  The default for all these is for the new behaviour to be
disabled. Additionally, enabling composefs implies fsverity defaults
to `maybe`, to avoid having to set both.
2023-05-31 10:55:14 +02:00
Daniel Kolesa
d0ea2db430 fetcher: add libsoup3 backend
The default is still soup2, you can use --with-soup3 to enable
the soup3 backend instead.
2023-04-12 22:33:08 -06:00
Colin Walters
d49632faa6
Merge pull request #2812 from tintou/tintou/g-ir-fix
build: Do not include private headers in the introspection
2023-03-17 11:36:22 -04:00
Colin Walters
cd100df413 Release 2023.1 2023-02-17 11:31:27 -05:00
Corentin Noël
518c5977e9 build: Do not include private headers in the introspection
This leads to private symbols being exported.

Also specify the single C header, this relies on the gir_C_INCLUDES make variable,
which was introduced in gobject-introspection 1.51.5.
2023-02-09 11:41:43 +01:00
Dan Nicholson
6cc75a6c1e lib: Provide internal summary signing with separate directory
Refactor the summary signing APIs to use internal versions where the
directory fd containing the summary can be found. The existing signing
APIs still uses the repo directory fd, but this will allow using a
temporary directory for the summary and signature in the new metadata
generating API.
2023-02-07 14:50:47 -07:00
Dan Nicholson
1384267973 repo: Add API to regenerate and sign repo metadata
Currently this is just a wrapper around regenerating and signing the
summary in one call, but later it will be used to also generate the
`ostree-metadata` commit if the repo has a collection ID.
2023-02-07 14:50:47 -07:00
Eric Curtin
97117753e3 bootloader: Add an aboot (Android) bootloader backend
aboot is special in that it packages kernel, initrd, cmdline, dtb and
signature one combined image (similar to upcoming unified kernel
images). This is then loaded as an image into an aboot partition.

This image is signed by the OS vendor and covers everything in the
image. So locally on the deployed system it should not be possible to
boot an unsigned image (unless signature checking is turned off).

We call a shell script aboot-deploy when it is required to write a new
image to the aboot partition (a file typically starting with aboot and
ending in .img extension). This shell script may also read some
configurations from a .cfg file.

Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2022-12-15 16:09:08 +00:00
Colin Walters
1d1aaec899 configure: post-release version bump 2022-11-23 10:42:45 -05:00
Rafael Garcia Ruiz
c4db171dae ostree_kernel_args_contains for OstreeKernelArgs
Check if an argument is present in OstreeKernelArgs. This is a way to
make easier idempotent append and delete operations.
ostree_kernel_args_append_if_missing uses it to avoid inserting a
duplicate key.

Closes #2329

Signed-off-by: Rafael Garcia Ruiz <rafael.garcia@collabora.com>
2022-11-18 13:52:08 +01:00
Nikita Dubrovskii
c6a53ef6e8 s390x: use 'libarchive' to modify initrd in SE case 2022-09-08 11:41:34 +02:00
Colin Walters
15740d042c Release 2022.5 2022-07-22 15:08:25 -04:00
Huijing Hei
3bc59a5206 RFE: Add a hidden option to ostree admin kargs edit-in-place to
update all existing deployments in place

Example:
$ sudo ostree admin kargs edit-in-place --append-if-missing=rw
See https://github.com/ostreedev/ostree/issues/2617

This will not add duplicate key, if there is `TESTARG=VAL1` in the
kernel arguments, `--append-if-missing=TESTARG=VAL2` will be ignored.
2022-06-23 22:31:39 +08:00
Colin Walters
5fa364d399 Release 2022.4 2022-06-06 11:04:44 -04:00
Colin Walters
32ee82133b Rename ostree-cmdprivate to drop out of introspection
I was looking at our `.gir` and noticed we had the cmdprivate bits
because the pattern for excluding headers is `-private.h`, which
didn't match `cmdprivate.h`.
2022-06-02 17:13:17 -04:00
Colin Walters
f79b2cea91 Add APIs to get xattrs from disk
I'm aiming to do some more work on the Rust side around `fsck`
like functionality, and this is a useful primitive.  There isn't
a great Rust crate for xattrs, and I think it's better to share this
code.
2022-05-09 12:33:38 -04:00
Daniel Kolesa
aca9e8e6a7 glib: bump glib requirement to 2.66 and port to GUri
This removes the old SoupURI copypasta from previous generation
of libsoup and opens up a path for a simple libsoup3 port.
2022-03-12 04:44:18 +01:00
Colin Walters
fbc6d21c2f Release 2022.2 2022-03-03 18:44:30 -05:00
Saqib Ali
725d50a3b5 src/ostree: Add --commit-only option to ostree prune
Recently we have noticed exceedingly long execution times
for multiple invocations of ostree prune. This is a result of
calculating full reachability on each invocation.

The --commit-only flag provides an alternative strategy. It will only
traverse and delete commit objects to avoid the more expensive
reachability calculations. This allows us to chain multiple --commit-only
commands cheaply, and then follow with a more expensive ostree prune
invocation at the end to clean up orphaned meta and content objects.
2022-02-25 18:32:25 -05:00
Nikita Dubrovskii
d1ab18f327 s390x: add LUKS keyfile to 'sd-boot'
This allows to use Secure Execution with LUKS encrypted boot disk,
key and cryptab are stored only in 'sd-boot' encrypted image.

Signed-off-by: Nikita Dubrovskii <nikita@linux.ibm.com>
2022-02-11 09:02:42 +01:00
Joseph Marrero
581a58067b Update FSF license notices to use URL instead of address 2021-12-07 08:34:25 -05:00
Colin Walters
a73a28634d Remove OstreeTlsCertInteraction bits from introspection
We filter out everything named `-private.h` from scanning,
which differs from the gtk-doc exclude.  Eventually this will
be solved when we switch to the new gir-based docs.

Came up in https://github.com/ostreedev/ostree-rs/pull/34#discussion_r723337772
2021-10-06 12:42:56 -04:00
Colin Walters
63bf5e606b Release 2021.5 2021-10-05 15:59:43 -04:00
Colin Walters
1b9e3a9375 repo: Add an API to init OstreeSePolicy from commit directly
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.

It just makes more sense as a direct policy API, where it should
have been in the first place.  There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
2021-09-30 15:54:48 -04:00
Colin Walters
d1a73e1aba configure: post-release version bump 2021-09-08 14:18:11 -04:00
Dan Nicholson
a50f6d0b9f lib/repo: Add ostree_repo_remote_get_gpg_keys()
This function enumerates the trusted GPG keys for a remote and returns
an array of `GVariant`s describing them. This is useful to see which
keys are collected by ostree for a particular remote. The same
information can be gathered with `gpg`. However, since ostree allows
multiple keyring locations, that's only really useful if you have
knowledge of how ostree collects GPG keyrings.

The format of the variants is documented in
`OSTREE_GPG_KEY_GVARIANT_FORMAT`. This format is primarily a copy of
selected fields within `gpgme_key_t` and its subtypes. The fields are
placed within vardicts rather than using a more efficient tuple of
concrete types. This will allow flexibility if more components of
`gpgme_key_t` are desired in the future.
2021-07-15 15:50:04 -06:00
Luca BRUNO
38c14b3745
Release 2021.3 2021-07-12 08:38:38 +00:00
Colin Walters
0f36d8c221 repo: Make locking APIs public
Doing anything even somewhat sophisticated requires this;
turns out our own `ostree prune` CLI wants this, e.g.
https://github.com/ostreedev/ostree/issues/2337

Closes: https://github.com/ostreedev/ostree/issues/2286
2021-06-05 09:00:21 -06:00
Colin Walters
6a72674ec6 Release 2021.2 2021-04-15 13:02:48 -04:00
Colin Walters
6f84aff0ae repo: Add ostree_repo_write_regfile
This API is push rather than pull, which makes it much more
suitable to use cases like parsing a tar file from external
code.

Now, we have a large mess in this area internally because
the original file writing code was pull based, but static
deltas hit the same problem of wanting a push API, so I added
this special `OstreeRepoBareContent` just for writing regular
files from a push API.

Eventually...I'd like to deprecate the pull based API,
and rework things so that for regular files the push API
is the default, and then `write_content_object()` would
be split up into archive/bare cases.

In this world the `ostree_repo_write_content()` API would
then need to hackily bridge pull to push and it'd be
less efficient.

Anyways for now due to this bifurcation, this API only
works on non-archive repositories, but that's fine for
now because that's what I want for the `ostree-ext-container`
bits.
2021-04-09 21:54:44 +00:00
Colin Walters
9332955b5f
Merge pull request #2327 from cgwalters/writing-apis
repo: Add ostree_repo_write_regfile_inline
2021-04-08 17:09:11 -04:00
Colin Walters
4e2a14eb0c repo: Add ostree_repo_write_regfile_inline
When working on ostree-ext and importing from tar, it's
quite inefficient and awkward for small files to end up creating
a whole `GInputStream` and `GFileInfo` and etc. for small files.

Plus the gtk-rs binding API to map from `impl Read` to Gio
https://docs.rs/gio/0.9.1/gio/struct.ReadInputStream.html
requires that the input stream is `Send` but the Rust `tar` API
isn't.

This is only 1/3 of the problem; we also need similar APIs
to directly create a symlink, and to stream large objects via
a push-based API.
2021-04-08 14:57:33 +00:00
Colin Walters
a90d59cf2d build-sys: Remove --enable-experimental-api
It was added for the collections bits, but we made that stable.
It's now just cruft and we're very unlikely to reuse the infrastructure
again.

Motivated by a unit test failure when running from a tarball:
https://github.com/ostreedev/ostree/issues/2313
2021-04-07 19:19:05 +00:00
Colin Walters
e9e4b91120 Release 2021.1 2021-03-23 15:23:55 -04:00
Colin Walters
61184163ea Drop minimal rust/ library
This was my first experiment with using Rust in this way; I gained
a lot of knowledge from it.  But, we don't really gain
anything from the code as it is today - while it is "bit fiddling"
code, the C code is well tested.

We have a lot of compile-time options, and trimming them will be
helpful.

We've also gotten pushback on hard requiring Rust client side.

Instead, what I'd like to do is hopefully soon create an `ostree-system`
crate that uses the existing `ostree` library and can contain
code drained from the rpm-ostree Rust and used by other projects perhaps.

So the goal here is really more Rust, but we need to focus our
efforts on where it's most valuable.
2021-03-18 21:54:52 +00:00
Colin Walters
857587615d Add an API+CLI to inject metadata for bootable OSTree commits
I was doing some rpm-ostree work and I wanted to compare two
OSTree commits to see if the kernel has changed.  I think
this should be a lot more natural.

Add `ostree commit --bootable` which calls into a new generic
library API `ostree_commit_metadata_for_bootable()` that
discovers the kernel version and injects it as an `ostree.linux`
metadata key.  And for extra clarity, add an `ostree.bootable`
key.

It's interesting because the "core" OSTree layer is all about
generic files, but this is adding special APIs around bootable
OSTree commits (as opposed to e.g. flatpak as well as
things like rpm-ostree's pkgcache refs).

Eventually, I'd like to ensure everyone is using this and
hard require this metadata key for the `ostree admin deploy`
flow - mainly to prevent accidents.
2021-03-12 19:01:42 +00:00
Colin Walters
441233b51c repo: Move fsverity bits to ostree-repo-verity.c
This file will get larger when we start doing more with fsverity.
2021-01-11 14:36:40 +00:00
Luca BRUNO
3e289b1934
Release 2020.8 2020-11-17 10:32:57 +00:00
Alexander Larsson
8e1f199dd4 deltas: Add ostree_repo_list_static_delta_indexes() function
This lists all the available delta indexes.
2020-10-23 12:30:08 +02:00