Commit Graph

1321 Commits

Author SHA1 Message Date
Colin Walters
bcc0ef7583 tests: Use ostree-ext 0.3.0
This updates to the modern glib 0.14 and paves the way for
some reverse dependency testing by using ostree-ext's code.
2021-09-30 13:38:25 -04:00
Colin Walters
ab12e380fc bin/commit: Fix --tree=tar with --selinux-policy
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that.  Fix the imported
labeling with `--tree=tar`.  Prep for use with containers.

We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.

It's a bit more code, but it's cleaner if we dis-entangle them.
2021-09-30 11:44:27 -04:00
Colin Walters
bc30806c6e tests: Add new TAP APIs
Having to touch a global test counter when adding tests is
a recipe for conflicts between PRs.

The TAP protocol allows *ending* with the expected number of
tests, so the best way to do this is to have an explicit
API like our `tap_ok` which bumps a counter, then end with `tap_end`.

I ported one test as a demo.
2021-09-10 17:07:42 -04:00
Colin Walters
213b8608ea tests/pull-test: Avoid duplicating test numbers
We do this in other places; avoids touching two numbers when
adding tests.  Let computers do the addition.
2021-09-10 17:07:38 -04:00
Colin Walters
55090f108d Release 2021.4 2021-09-08 14:00:12 -04:00
Colin Walters
ce36e05d38
Merge pull request #2434 from cgwalters/custom-remote
Add support for "custom remotes"
2021-09-08 09:27:26 -04:00
Colin Walters
511c7a13ee Add support for "custom remotes"
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/

Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`.  (At least, not until we merge ostree-rs-ext into ostree, but
 even then I think the principle stands)
2021-09-08 07:42:25 -04:00
Colin Walters
8821ec6e56 upgrade: Stabilize deployment staging
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.

Also, `ostree admin upgrade --stage` (should) become idempotent.

Closes: https://github.com/ostreedev/ostree/issues/2389
2021-09-07 16:12:43 -04:00
Luca BRUNO
fff24089dd
tests: skip a broken fsck case
There are some existing issues around fsck in unprivileged bare mode,
so this test does not really work at the moment. Leaving it as a FIXME
for the moment.
2021-09-06 07:52:42 +00:00
Luca BRUNO
aa0bb176c5
tests/basic: avoid changing ownership
This avoids possible issues when trying to chmod, tweaking
permissions instead.
2021-09-06 07:41:02 +00:00
Colin Walters
9f5b636990
tests/basic: Skip --no-xattrs if we have selinux
It cannot work to use `--no-xattrs` when SELinux is enabled
because we get a `security.selinux` attribute on created files
regardless.  So just skip this test if true.

Also add some `ostree fsck`s in here which helped me debug
this.
2021-09-06 07:41:01 +00:00
Luca BRUNO
27fcee861a
libtest: tweak selinux/relabel message 2021-09-06 07:41:00 +00:00
Colin Walters
359435de84 Add an API to verify a commit signature explicitly
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi.  Further, they
require the caller to check the signature status explicitly
which seems like a trap.

This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support.  There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
2021-08-30 13:27:38 -04:00
Luca BRUNO
00660eae79
tests: update several bare-user-only checks 2021-08-24 07:56:48 +00:00
Dan Nicholson
58a683f8f0 bin/remote: Rename list-gpg-keys to gpg-list-keys
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.

Changes were done with:

```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
  dst=${src/list-gpg-keys/gpg-list-keys}
  git mv "$src" "$dst"
done
```
2021-08-23 15:30:31 -06:00
Colin Walters
2f675cf1b1
Merge pull request #2412 from lucab/ups/lib-commit-canonicalize
lib/commit: autofix permissions for bare-user-only
2021-08-20 15:12:21 -04:00
Colin Walters
98f3fe3d8e
Merge pull request #2401 from dbnicholson/gpg-key-info
Remote GPG key info
2021-08-20 15:11:11 -04:00
Luca BRUNO
8a5241dd6a
lib/commit: autofix permissions for bare-user-only
This tweaks commit logic to detect bare-user-only repositories and
canonicalize permissions automatically.
2021-08-20 16:11:04 +00:00
Luca BRUNO
d41fcd17a7
lib/repo/checkout: use canonical perms in bare-user-only mode
This automatically enables canonical permissions for checkouts in
bare-user-only mode.
2021-08-19 16:09:54 +00:00
Luca BRUNO
5a3d5fb86f
builtins/commit: check for conflicting permissions options
This explicitly checks for commit command options asking for both
non-zero UID/GID and canonical permissions at the same time,
which are incompatible.
2021-08-18 08:16:26 +00:00
Jonathan Lebon
75b17937cf lib/sign-dummy: Handle incorrect signatures correctly
We need to check all signatures for one which passes, not just fail on
the first one.

Reported-by: Seth Arnold <seth.arnold@canonical.com>
2021-08-03 16:49:49 -04:00
Simon McVittie
2c5fa2cdb6 tests: Unset SOURCE_DATE_EPOCH
Some distributions set this during build in order to have reproducible
builds from the same source code: for example, Debian uses the date
from debian/changelog.

However, some of our tests assume that `ostree commit` will result in
a commit with the current date/time, and SOURCE_DATE_EPOCH breaks that
assumption. Unset it for our build-time tests.

Resolves: https://github.com/ostreedev/ostree/issues/2405
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-07-26 11:48:45 +01:00
Dan Nicholson
90a3bda1f8 bin/remote: Include update URLs in list-gpg-keys 2021-07-15 15:50:04 -06:00
Dan Nicholson
74fb0c5f78 bin/remote: Add list-gpg-keys subcommand
This provides a wrapper for the `ostree_repo_remote_get_gpg_keys`
function to show the GPG keys associated with a remote. This is
particularly useful for validating that GPG key updates have been
applied. Tests are added, which checks the
`ostree_repo_remote_get_gpg_keys` API by extension.
2021-07-15 15:50:04 -06:00
Luca BRUNO
38c14b3745
Release 2021.3 2021-07-12 08:38:38 +00:00
Luca BRUNO
70a8f56ce1
lib/commit: respect SOURCE_DATE_EPOCH for commit timestamp
This tweaks `ostree_repo_write_commit` so that it checks for the
envinroment variable `SOURCE_DATE_EPOCH` as a way to override
the current time, which is used as the commit timestamp.

Ref: https://reproducible-builds.org/docs/source-date-epoch/
Ref: https://reproducible-builds.org/specs/source-date-epoch/
2021-06-22 12:15:18 +00:00
Simon McVittie
3cc4f8710f libtest.sh: Remove duplicate ERR trap and report_err()
Since #2377 was merged, this is in libtest-core.sh, which is sourced by
libtest.sh.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-22 10:37:39 +01:00
Colin Walters
7ff848f101
Merge pull request #2377 from smcv/libtest-core
libtest-core: Add some improvements from bubblewrap
2021-06-21 10:12:40 -04:00
Simon McVittie
14d6e75752 libtest-core: Mention bubblewrap as a user of this file
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-18 10:14:01 +01:00
Simon McVittie
c0157f96b2 libtest-core: Update URL of rpm-ostree
Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-18 10:13:38 +01:00
Simon McVittie
d7cdde5d34 libtest-core: On failure, make it clearer what has happened
If we fail as a result of `set -x`, It's often not completely obvious
which command failed or how. Use a trap on ERR to show the command that
failed, and its exit status.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-06-18 09:49:53 +01:00
Alexander Larsson
c934fc8f99 libtest-core: Add assert_files_equal
[Originally from bubblewrap commits c5c999a7 "tests: test --userns"
and 3e5fe1bf "tests: Better error message if assert_files_equal fails";
separated into this commit by Simon McVittie.]
2021-06-18 09:46:31 +01:00
Colin Walters
73e3ccc401 Use generator to enable ostree-remount.service and ostree-finalize-staged.path
We struggled for a long time with enablement of our "internal units",
trying to follow the philosophy that units should only be enabled
by explicit preset.

See https://bugzilla.redhat.com/show_bug.cgi?id=1451458
and https://github.com/coreos/rpm-ostree/pull/1482
etc.

And I just saw chat (RH internal on a proprietary system sadly) where
someone hit `ostree-remount.service` not being enabled in CentOS8.

Thinking about this more, I realized we've shipped a systemd generator
for a long time and while its only role until now was to generate `var.mount`,
but by using it to force on our internal units, we don't require
people to deal with presets anymore.

Basically we're inverting things so that "if ostree= is on the kernel
cmdline, then enable our units" and not "enable our units, but have
them use ConditionKernelCmdline=ostree to skip".

Drop the weird gyrations we were doing around `ostree-finalize-staged.path`
too; forking `systemctl start` is just asking for bugs.

So after this, hopefully we won't ever again have to think about
distribution presets and our units.
2021-06-16 09:40:28 -04:00
Colin Walters
edf7477ee9 deploy: Warn if we find content in the deployment's /var
This will be ignored, so let's make it very clear
people are doing something wrong.  Motivated by a bug
in a build pipeline that injected `/var/lib/rpm` into an ostree
commit which ended up crashing rpm-ostree because it was an empty db
which it wasn't expecting.

It *also* turns out rpm-ostree is incorrectly dumping content in the
deployment `/var` today, which is another bug.
2021-06-10 07:33:17 -04:00
Dan Nicholson
06bb56be6d tests: Add single process repo locking tests
The semantics of multiple process locking are covered by
test-concurrency.py, but the semantics of the repository locking from a
single process aren't handled there.

This checks how the repository locking is handled from a single thread
with one OstreeRepo, a single thread with multiple OstreeRepos, and
multiple threads sharing an OstreeRepo.
2021-06-05 09:15:34 -06:00
Dan Nicholson
055b263dee test-concurrency: Lower lock timeout
If there's a locking issue in this test, then it's likely not going to
resolve after a few seconds of serializing access. Lower the default 30
second lock timeout to 5 seconds to prevent the test from hanging
unnecessarily.
2021-06-05 09:15:34 -06:00
Dan Nicholson
c3ada6fa7a repo: Require lock type in ostree_repo_lock_pop
This simplifies the lock state management considerably since the
previously pushed type doesn't need to be tracked. Instead, 2 counters
are kept to track how many times each lock type has been pushed. When
the number of exclusive locks drops to 0, the lock transitions back to
shared.
2021-06-05 09:07:39 -06:00
Colin Walters
0f36d8c221 repo: Make locking APIs public
Doing anything even somewhat sophisticated requires this;
turns out our own `ostree prune` CLI wants this, e.g.
https://github.com/ostreedev/ostree/issues/2337

Closes: https://github.com/ostreedev/ostree/issues/2286
2021-06-05 09:00:21 -06:00
Dan Nicholson
9c20d162a4 tests/gpg: Don't assert subkey expiration when only primary expired
In gnupg 2.3.0[1], if a primary key is expired and a subkey does not
have an expiration or its expiration is older than the primary key, the
subkey's expiration will be reported as the primary's. Previously a
subkey without an expiration would not report one regardless of the
primary key's expiration.

This caused a regression in a test setting an expiration on a primary
key. The test was checking that the subkey was not expired by asserting
that there was no `Key expired` line in the signature verification
output. With gnupg 2.3.0+, it will show as expired, causing the test to
fail.

Remove the assertion since it's not consistent across gnupg versions. In
practice we don't care whether the subkey is considered expired or not
as long as the signature verification fails when the primary key is
expired.

1. https://dev.gnupg.org/T3343

Fixes: #2359
2021-05-28 15:35:58 -06:00
Colin Walters
6664ee4ed4 ci: Fix staged-delay to work with newer systemd
Yeah, we should stop parsing the text; I need to dig at that
at some point.
2021-05-25 16:28:32 -04:00
Timothée Ravier
a709d4f846 *: rename master branch to main (external repos) 2021-05-07 16:55:03 +02:00
Timothée Ravier
02527f115e *: rename master to main in tests & examples 2021-05-07 16:55:03 +02:00
Colin Walters
0f3bccf640 pull: Cleanly error out on unknown schemes
Previous to this we'd trip an assertion `abort()` deep in the curl code if e.g.
a user did `ostree remote add foo htttp://...` etc.

Motivated by considering supporting "external remotes" where code outside
ostree does a pull, but we want to reuse the signing verification infrastructure.
2021-04-27 13:11:18 -04:00
Dan Nicholson
e660855796 tests: Test without a cache directory by default
Several tests generate summaries and then expect to use the generated
summary immediately. However, this can cause intermittent test failures
when they inadvertantly get a cached summary file. This typically
happens when the test is run on a filesystem that doesn't support user
extended attributes. In that case, the caching code can only use the
last modified time, which only has 1 second granularity. If tests don't
carefully manage the summary modification times or the repo cache then
they are likely subject to races in some test environments.

This introduces an environment variable `OSTREE_SKIP_CACHE` that
prevents the repo from using a cache directory. This is enabled by
default in tests and disabled for tests that are a explicitly trying to
test the caching behavior.

Fixes: #2313
Fixes: #2351
2021-04-19 11:09:44 -06:00
Simon McVittie
9d48d39a4b libtest: On failure, make it clearer what has happened
If we fail as a result of `set -x`, It's often not completely obvious
which command failed or how. Use a trap on ERR to show the command that
failed, and its exit status.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-04-18 12:17:00 +01:00
Colin Walters
e4d42be31f
Merge pull request #2343 from cgwalters/cargo-workspace
build-sys: Add toplevel workspace Cargo.toml
2021-04-15 19:32:11 -04:00
Colin Walters
6a72674ec6 Release 2021.2 2021-04-15 13:02:48 -04:00
Colin Walters
7310203ce9 tests/inst: Make nondestructive tests runnable as unit tests
Ideally in the future we change more of our unit tests to
support running installed; we've tried this in the past with
https://wiki.gnome.org/Initiatives/GnomeGoals/InstalledTests

I'd like to pick that back up again.  This takes a step
towards that by having our Rust tests.

To make this even easier, add a `tests/run-installed`
which runs the installed tests (uninstalled, confusingly
but conveniently for now).
2021-04-15 12:33:34 -04:00
Colin Walters
46a0911c6d build-sys: Add toplevel workspace Cargo.toml
rust-analyzer is happier with this because it understands
the project structure out of the box.

We aren't actually again adding a dependency on Rust/cargo in the core,
this is only used to make `cargo build` work out of the box to build
the Rust test code.
2021-04-15 12:33:34 -04:00
Colin Walters
2cc11b7808 tests: More tests for inline writing
I'm hitting a bug, add more tests.
2021-04-09 21:54:44 +00:00
Colin Walters
6f84aff0ae repo: Add ostree_repo_write_regfile
This API is push rather than pull, which makes it much more
suitable to use cases like parsing a tar file from external
code.

Now, we have a large mess in this area internally because
the original file writing code was pull based, but static
deltas hit the same problem of wanting a push API, so I added
this special `OstreeRepoBareContent` just for writing regular
files from a push API.

Eventually...I'd like to deprecate the pull based API,
and rework things so that for regular files the push API
is the default, and then `write_content_object()` would
be split up into archive/bare cases.

In this world the `ostree_repo_write_content()` API would
then need to hackily bridge pull to push and it'd be
less efficient.

Anyways for now due to this bifurcation, this API only
works on non-archive repositories, but that's fine for
now because that's what I want for the `ostree-ext-container`
bits.
2021-04-09 21:54:44 +00:00
Colin Walters
fce69cdf70 repo: Add ostree_repo_write_symlink
Continuation of the addition of `ostree_repo_write_regfile_inline()`.
This will be helpful for ostree-rs-ext and importing from tar, it's
quite inefficient and awkward for small files to end up creating
a whole `GInputStream` and `GFileInfo` and etc. for small files.
2021-04-08 21:10:00 +00:00
Colin Walters
9332955b5f
Merge pull request #2327 from cgwalters/writing-apis
repo: Add ostree_repo_write_regfile_inline
2021-04-08 17:09:11 -04:00
Colin Walters
4e2a14eb0c repo: Add ostree_repo_write_regfile_inline
When working on ostree-ext and importing from tar, it's
quite inefficient and awkward for small files to end up creating
a whole `GInputStream` and `GFileInfo` and etc. for small files.

Plus the gtk-rs binding API to map from `impl Read` to Gio
https://docs.rs/gio/0.9.1/gio/struct.ReadInputStream.html
requires that the input stream is `Send` but the Rust `tar` API
isn't.

This is only 1/3 of the problem; we also need similar APIs
to directly create a symlink, and to stream large objects via
a push-based API.
2021-04-08 14:57:33 +00:00
Luca Bruno
6dca0e0e29
Merge pull request #2330 from cgwalters/silence-libarchive-warning
tests: Silence a gcc warning
2021-04-08 14:54:42 +00:00
Colin Walters
5d68a99a2f tests: Silence a gcc warning
We can't mix `goto` and `__attribute__((cleanup))`.
2021-04-08 14:45:28 +00:00
Luca Bruno
9154f41fd4
Merge pull request #2324 from cgwalters/test-use-ex
Various patches for tests/inst
2021-04-08 08:10:05 +00:00
Colin Walters
a90d59cf2d build-sys: Remove --enable-experimental-api
It was added for the collections bits, but we made that stable.
It's now just cruft and we're very unlikely to reuse the infrastructure
again.

Motivated by a unit test failure when running from a tarball:
https://github.com/ostreedev/ostree/issues/2313
2021-04-07 19:19:05 +00:00
Colin Walters
4d9e6de46b tests/inst: Update tokio, hyper and nix 2021-04-07 18:00:57 +00:00
Colin Walters
2628637a78 tests/inst: Update rpm-ostree client 2021-04-07 18:00:57 +00:00
Colin Walters
642dcd10ef tests/inst: Update ostree crate 2021-04-07 18:00:57 +00:00
Colin Walters
35d4e657e7 tests: Drop openat override
No longer needed.
2021-04-07 18:00:57 +00:00
Stefan Berger
81d3017463 rofiles-fuse: Enable support for setting and getting xattrs
Enable support for setting and getting xattrs. Allow modifications
to xattrs only on user.ima xattr.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Co-authored-by: Colin Walters <walters@verbum.org>
2021-04-05 17:01:58 -04:00
Colin Walters
6d0bb10bf0 cci: Update for buildroot changes
See latest in https://github.com/coreos/fedora-coreos-tracker/blob/master/docs/ci-and-builds.md
2021-03-31 15:11:34 -04:00
Colin Walters
cb0fd2bf93 tests/pull-test: Use mv -f in a few cases
For some reason I'm hitting this locally because some files are mode `0`.
Which is clearly a different bug but anyways we don't want to prompt.
2021-03-31 15:11:34 -04:00
Colin Walters
e9e4b91120 Release 2021.1 2021-03-23 15:23:55 -04:00
Colin Walters
b69a4180b8 tests/inst: Patch to use my PR for openat
Fixes the build.
2021-03-19 21:45:54 +00:00
Colin Walters
407477f191
Merge pull request #2301 from cgwalters/api-require-booted
sysroot: Add _require_booted_deployment() API
2021-03-18 08:46:35 -04:00
Colin Walters
1b28e6041c sysroot: Add _require_booted_deployment() API
This is a common pattern that is replicated both in our code
and in rpm-ostree a lot.  Let's add a canonical API.
2021-03-17 19:55:56 +00:00
Colin Walters
c52a2ff52e tests/inst: cargo fmt 2021-03-17 18:45:17 +00:00
Colin Walters
d11dd7a37b tests/inst: Fix lots of cargo clippy warnings
Prep for doing this in CI.
2021-03-17 17:13:52 +00:00
Colin Walters
857587615d Add an API+CLI to inject metadata for bootable OSTree commits
I was doing some rpm-ostree work and I wanted to compare two
OSTree commits to see if the kernel has changed.  I think
this should be a lot more natural.

Add `ostree commit --bootable` which calls into a new generic
library API `ostree_commit_metadata_for_bootable()` that
discovers the kernel version and injects it as an `ostree.linux`
metadata key.  And for extra clarity, add an `ostree.bootable`
key.

It's interesting because the "core" OSTree layer is all about
generic files, but this is adding special APIs around bootable
OSTree commits (as opposed to e.g. flatpak as well as
things like rpm-ostree's pkgcache refs).

Eventually, I'd like to ensure everyone is using this and
hard require this metadata key for the `ostree admin deploy`
flow - mainly to prevent accidents.
2021-03-12 19:01:42 +00:00
OpenShift Merge Robot
c97aafcda3
Merge pull request #2285 from cgwalters/log-bootloader-stuff
deploy: Add subbootversion to journal
2021-02-28 16:21:15 +01:00
Colin Walters
975496d241 deploy: Add subbootversion to journal
To help debug an issue we've seen where `/boot` isn't
in sync with the `/ostree/boot` dir, let's log to the journal
what we're doing.
2021-02-28 14:47:58 +00:00
OpenShift Merge Robot
ee490bf9ba
Merge pull request #2284 from cgwalters/use-rpmostree-client
tests/inst: Switch to rpmostree-client from git
2021-02-26 01:59:56 +01:00
Colin Walters
dc10bdfb0c tests/inst: Switch to rpmostree-client from git
See discussion in https://github.com/coreos/rpm-ostree/pull/2569#issuecomment-780569188
Currently pinned to a hash, but after the next stable release let's switch to tags
2021-02-23 15:20:54 +00:00
Colin Walters
d49f3291ad Add --enable-sanitizers, fix make check with it
It's cleaner if this is an build option rather than being
kludged into the CI layer.

Notably we can't use `LD_PRELOAD` anymore with ASAN, so update
our tests to check for `ASAN_OPTIONS`.
2021-02-03 20:33:19 +00:00
Luca BRUNO
bf2c23ca06
tests/ext/destructive: enhance test logic
This enhances external-tests logic, ensuring that destructive tests
have retries and some context to pinpoint failures, and that failed-state
services are reset between iterations.
2021-02-03 12:25:02 +00:00
Dan Nicholson
d7f2955f37 pull: Fix local pull with depth and truncated source history
The local pull path was erroring on any missing commit, but that
prevents a depth pull where the source repo has truncated history. As in
the remote case, this also tries to pull in a tombstone commit if the
source repo supports it.

Fixes: #2266
2021-01-12 14:19:01 -07:00
Dan Nicholson
20047ff1fe pull: Error on depth pull with missing head commit
When pulling with depth, missing parent commits are ignored. However,
the check was applying to any commit, which means that it would succeed
even if the requested commit was missing. This might happen on a
corrupted remote repo or when using ref data from a stale summary.

To achieve this, the semantics of the `commit_to_depth` hash table is
changed slightly to only ever includes parent commits. This makes it
easy to detect when a parent commit is being referenced (although there
is a minor bug there when multiple refs are being pulled) while keeping
references to commits that need their `commitpartial` files cleaned up.
It also means that the table is only populated on depth pulls, which
saves some memory and processing in the common depth=0 case.

Fixes: #2265
2021-01-12 14:19:01 -07:00
Dan Nicholson
b4f06b47a3 tests: Ensure no dangling commit partials on remote depth pull
This was already being done on the local depth pull test, so this just
adds the matching logic to the remote depth pull test.
2021-01-11 16:07:29 -07:00
Dan Nicholson
4db2ba0eb1 pull: Allow disabling commit binding verification
In some cases such as backups or mirroring you may want to pull commits
from one repo to another even if there commits that have incorrect
bindings. Fixing the commits in the source repository to have correct
bindings may not be feasible, so provide a pull option to disable
verification.

For Endless we have several repositories that predate collection IDs and
ref bindings. Later these repositories gained collection IDs to support
the features they provide and ref bindings as the ostree tooling was
upgraded. These repositories contain released commits that were valid to
the clients they were targeting at the time. Correcting the bindings is
not really an option as it would mean invalidating the repository
history.
2020-12-17 14:07:08 -07:00
Simon McVittie
07c4249a3f test-pull-summary-sigs: Set timestamps to serve expected files
If this is not done, the test can fail when the temporary directory is
a tmpfs: for example this happens during build-time testing with /var/tmp
on tmpfs or TEST_TMPDIR pointing to a tmpfs, or installed-tests with
gnome-desktop-testing-runner allocating the test directory on a tmpfs.

In particular, many of Debian's official autobuilders now do the entire
build and test procedure in a chroot hosted on a tmpfs, to improve build
performance and prevent fsync overhead.

In this situation, it appears that overwriting summary.sig with a copy
of summary.sig.2 is not sufficient for the web server to tell the
libostree client that it needs to be re-downloaded. I'm not completely
sure why, because tmpfs does appear to have sub-second-resolution
timestamps, but forcing a distinct mtime is certainly enough to
resolve it.

Resolves: https://github.com/ostreedev/ostree/issues/2245
Bug-Debian: https://bugs.debian.org/975418
Signed-off-by: Simon McVittie <smcv@collabora.com>
2020-11-22 13:17:45 +00:00
OpenShift Merge Robot
874f2ca625
Merge pull request #2242 from stb-tester/tarball-import-xattrs
ostree commit --tree=tar: Import xattrs from tarballs
2020-11-17 22:38:32 +01:00
William Manley
a88d2f5f7b ostree commit --tree=tar: Import xattrs from tarballs
If you specify an `xattr_callback` the xattrs will still be taken from
there for now.
2020-11-17 16:54:32 +00:00
Luca BRUNO
3e289b1934
Release 2020.8 2020-11-17 10:32:57 +00:00
William Manley
2a6c0b21db Tests: Refactor bootloader-entries-crosscheck
I've made this use functions to make it easier to add support for more
bootloaders.  Seeing as there will be a big diff anyway I've also adjusted
the formatting to make it pep8 compliant.
2020-10-26 23:54:19 +00:00
Alexander Larsson
bc924ff870 tests: Add a testcase to ensure we're not using the summary if we don't need it
With deltas outside the summary, if a commit is specified when pulling
we don't download the summary. Verify this.
2020-10-23 13:55:33 +02:00
Alexander Larsson
e8a7485458 deltas: Add tests for delta indexes
This tests generation of the index as well as using it when pulling
2020-10-23 13:06:46 +02:00
OpenShift Merge Robot
f8f6464580
Merge pull request #2205 from pwithnall/etags-and-last-modified
Add support for ETag and Last-Modified headers for summary and summary.sig
2020-10-22 18:20:23 -04:00
Philip Withnall
0974a7faf1 tests: Split RFC 2616 date parsing code out and add tests
This makes it testable, and increases its test coverage too 100% of
lines, as measured by `make coverage`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-22 21:03:34 +01:00
Philip Withnall
a522bf7628 tests: Add simple test for summary file caching
This test would have actually passed before the summary file caching
changes (in the previous few commits) were added, as the `summary.sig`
essentially acted as the ETag for the summary file, and itself wasn’t
updated on disk if it didn’t change when querying the server.

Actually testing that the HTTP caching headers are working to reduce
HTTP traffic would require test hooks into the pull code or the
trivial-httpd server, neither of which I have the time to add at the
moment.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2020-10-22 21:03:34 +01:00
Colin Walters
32a3a12973 Release 2020.7 2020-10-13 14:31:26 -04:00
OpenShift Merge Robot
9f98aa9223
Merge pull request #2198 from cgwalters/no-hardlink-zerosize
checkout: Don't hardlink zero sized files
2020-10-05 22:06:38 +02:00
OpenShift Merge Robot
06a77bfd69
Merge pull request #2155 from jlebon/pr/add-initrds
lib/deploy: Add support for overlay initrds
2020-10-02 16:41:01 -04:00
Colin Walters
558720e7aa checkout: Don't hardlink zero sized files
Alternative to https://github.com/ostreedev/ostree/pull/2197

Python's (usually) zero-sized `__init__.py` files can provoke
us hitting the hardlink limits on some filesystems (`EMLINK`).
At least one Fedora rpm-ostree user hit this.

The benefits of hardlinking here are quite marginal; lots
of hardlinks can behave suboptimally in particular filesystems
like BTRFS too.

This builds on prior code which made this an option, introduced
in 673cacd633
Now we just do it uncondtionally.

Also this provoked a different bug in a very obscure user mode checkout
case; when the "real" permissions were different from the "physical"
permissions, we would still hardlink.  Fix the test case for this.
2020-10-01 16:47:07 -04:00
Philip Withnall
206f1d3a13 lib/repo: Add mode and tombstone config options to the summary file
Currently, they are set in the `config` file and cause that to be
downloaded on every pull. Given that the client is already pulling the
`summary` file, it makes sense to avoid an additional network round trip
and cache those options in the `summary` file.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Helps: #2165
2020-10-01 11:06:56 +01:00
Jonathan Lebon
81b13da8e3 lib/deploy: Add support for overlay initrds
In FCOS and RHCOS, the need to configure software in the initramfs has
come up multiple times. Sometimes, using kernel arguments suffices.
Other times, it really must be a configuration file. Rebuilding the
initramfs on the client-side however is a costly operation. Not only
does it add complexity to the update workflow, it also erodes a lot of
the value obtained from using the baked "blessed" initramfs from the
tree itself.

One elegant way to address this is to allow specifying multiple
initramfses. This is supported by most bootloaders (notably GRUB) and
results in each initrd being overlayed on top of each other.

This patch allows libostree clients to leverage this so that they can
avoid regenerating the initramfs entirely. libostree itself is agnostic
as to what kind and how much data overlay initrds contain. It's up to
the clients to enforce such boundaries.

To implement this, we add a new ostree_sysroot_stage_overlay_initrd
which takes a file descriptor and returns a checksum. Then users can
pass these checksums when calling the deploy APIs via the new array
option `overlay_initrds`. We copy these files into `/boot` and add them
to the BLS as another `initrd` entry.
2020-09-30 13:29:32 -04:00
Jonathan Lebon
f04e5d047d lib: Minor versioning related fixes
Fix/add the `Since` marker to the new static delta APIs, and update the
symbol versioning templates/comments.
2020-09-25 15:30:20 -04:00
OpenShift Merge Robot
e6f673a8ed
Merge pull request #2202 from cgwalters/bootcsum-dtb
deploy: Remove deployment bootcsum assertion
2020-09-24 22:14:31 +00:00
Colin Walters
aa2a2783ea deploy: Remove deployment bootcsum assertion
When support for devicetree was added, it created a problem
because old and new ostree versions would compute different
checksums for the "boot data".  The scenario here is:

- Have system with ostree < 2020.4
- Reboot into system with ostree 2020.5
- Try to perform an operation that would retain
  that previous booted deployment (common)

Currently ostree iterates over all the deployments
that will be retained and calls `install_deployment_kernel()`,
even for the booted one (which is a bit silly), but
just to verify that all boot data for the targeted
deployments are installed.

This then re-computes the checksum and we'd trip this
assertion.

In practice though, we don't strictly require them to match;
the only thing that will happen if they don't is that we'll
end up with another copy of the kernel/initramfs - and
that only temporarily until the previous deployment
gets GC'd.

Longer term, I think what we really want to do anyways
is probably closer to like a little ostree repo for `/boot`
so that we can e.g. still hardlink kernels there even if
the initramfs changes, or hardlink both kernel/initramfs
if just the devicetree changes, etc.

Closes: https://github.com/ostreedev/ostree/issues/2154
2020-09-24 21:24:48 +00:00
OpenShift Merge Robot
00df896550
Merge pull request #1985 from fdanis-oss/wip/fda/sign_delta_metadata
Static-delta's superblock signature support
2020-09-24 14:21:16 +00:00
Colin Walters
3441a48c58 checkout: Ensure copies of unreadable usermode checkouts are readable
The extreme special case of "zero mode" files like `/etc/shadow`
comes up again.  What we want is for "user mode" checkouts to
override it to make the file readable; otherwise when operating
as non-root without `CAP_DAC_OVERRIDE` it becomes very difficult
to work with.

Previously, we were hardlinking these files, but then it intersects
with *another* special case around zero sized files, which is
*also* true for `/etc/shadow`.

Trying to avoid hardlinking there unveiled this bug - when
we go to do a copy checkout, we need to override the mode.
2020-09-16 15:14:54 +00:00
Frédéric Danis
ecbfe08ec7 tests/delta: Add new tests for applying signed deltas
Add new test to apply offline signed deltas.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
869dbc037e tests/delta: new tests for 'ed25519' signed deltas
Add tests to generate signed deltas and verify them using 'ed25519'
signature engine.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
96bcc25632 tests/libtest.sh: Add skip_without_sign_ed25519() function
Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Frédéric Danis
c98a993c99 tests/delta: new tests for signed deltas
Add tests to generate signed deltas and verify them using 'dummy'
signature engine.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>
2020-09-14 09:27:19 +02:00
Phaedrus Leeds
c4f26bfdc8 Avoid shadowing local variables
This should help with code readability.

Fixes https://github.com/ostreedev/ostree/issues/2194
2020-09-13 10:08:02 -07:00
Alexander Larsson
b7d1a9746b Update the symbols files to match that we're now on 2020.6 2020-09-11 12:35:32 +02:00
Colin Walters
ef55c2c981 tests/inst: Update to published sh-inline crate
And I made a few more API tweaks, such as supporting `Path`
objects directly and also not needing e.g. `commit = commit`, see

- cfa7c71126
- 679bce4cc7
2020-08-26 17:00:19 +00:00
Colin Walters
33e2d34ea5 tests/inst: Port to new sh-inline repo
I cleaned up my fork of commandspec (see git log) and am
planning to publish to crates.  Port to the new API in prep
for that.
2020-08-25 22:06:13 +00:00
Colin Walters
cc1b70d921 tests: Check the immutable bit
See https://bugzilla.redhat.com/show_bug.cgi?id=1867601

We really want an upstream test for this, even if (to my knowledge)
nothing is running ostree's upstream CI on !x86_64.
2020-08-21 17:39:39 +00:00
OpenShift Merge Robot
56f00586dd
Merge pull request #2176 from cgwalters/pin-str
admin/pin: Enforce that index is a number
2020-08-19 15:45:40 +02:00
Colin Walters
22a445c189 admin/pin: Enforce that index is a number
Validate that we're parsing a number; we want to guard
against typos.

Closes: https://github.com/ostreedev/ostree/issues/2171
2020-08-19 13:11:55 +00:00
OpenShift Merge Robot
199562fc14
Merge pull request #2149 from stb-tester/boot-self-symlink
sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot
2020-08-19 01:08:30 +02:00
Colin Walters
9f8c3f4400 tests/inst: Bump to latest ostree and gtk-rs
Updating our tests to the latest ostree crate is so deliciously
circular.
2020-08-18 18:00:19 +00:00
Colin Walters
1101c02c2a tests/inst: Add destructive test framework
This adds infrastructure to the Rust test suite for destructive
tests, and adds a new `transactionality` test which runs
rpm-ostree in a loop (along with `ostree-finalize-staged`) and
repeatedly uses either `kill -9`, `reboot` and  `reboot -ff`.

The main goal here is to flush out any "logic errors".

So far I've validated that this passes a lot of cycles
using
```
$ kola run --qemu-image=fastbuild-fedora-coreos-ostree-qemu.qcow2 ext.ostree.destructive-rs.transactionality --debug --multiply 8 --parallel 4
```
a number of times.
2020-08-17 14:34:04 +00:00
Colin Walters
f2773c1b55 Add "transient" unlock
I was thinking a bit more recently about the "live" changes
stuff https://github.com/coreos/rpm-ostree/issues/639
(particularly since https://github.com/coreos/rpm-ostree/pull/2060 )
and I realized reading the last debates in that issue that
there's really a much simpler solution; do exactly the same
thing we do for `ostree admin unlock`, except mount it read-only
by default.

Then, anything that wants to modify it does the same thing
libostree does for `/sysroot` and `/boot` as of recently; create
a new mount namespace and do the modifications there.

The advantages of this are numerous.  First, we already have
all of the code, it's basically just plumbing through a new
entry in the state enumeration and passing `MS_RDONLY` into
the `mount()` system call.

"live" changes here also naturally don't persist, unlike what
we are currently doing in rpm-ostree.
2020-08-07 18:57:56 +00:00
Colin Walters
f3c7834f1e tests/repo-finder: Explicitly commit empty dir
We were committing the whole tempdir, which seems to fail
in Travis because the GPG agent Unix domain socket ends up there too,
and ostree refuses to commit sockets.
2020-08-02 12:54:11 +00:00
Colin Walters
901747f985 Release 2020.4
A lot of stuff here, new signing API is the biggest.  Let's
get a release out.
2020-07-21 21:48:51 +00:00
OpenShift Merge Robot
12a9161a79
Merge pull request #2152 from cgwalters/pull-fdatasync
pull: Add --per-object-fsync
2020-07-20 13:55:26 -04:00
Colin Walters
a615d35762 pull: Add --per-object-fsync
This is the opposite of
https://github.com/ostreedev/ostree/issues/1184

Motivated by OpenShift seeing etcd performance issues during
OS updates: https://github.com/openshift/machine-config-operator/issues/1897

Basically, if we switch to invoking `fsync()` as we go, it makes
ostree performance worse (in my tests, 31s to write 2G versus 7s if we
delay sync) but it avoids *huge* outliers in `fsync()` time for etcd.
2020-07-18 14:59:01 +00:00
Colin Walters
5b75358357 pull: Also append bytes written
This is very useful information that we get from the transaction
stats.  Append it to the final display if we're not inheriting
the transaction.
2020-07-17 17:03:08 +00:00
Colin Walters
6a5f97c145 tests: Add needs-internet tag for webserver bits
Fixes the tests, see https://github.com/coreos/coreos-assembler/pull/1600
TODO: provide a webserver binary via virtio or so
2020-07-17 01:37:46 +00:00
William Manley
0ced9fde76 sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot
We use a similar trick to having a `sysroot -> .` symlink on the real root
here to support both /boot on root as well as on a separate filesystem.  No
matter how it's mounted `/boot/xyz` will always refer to the file you'd
expect.

This is nicer than my previous attempts at this because there's no
configuration nor auto-detection required.
2020-07-15 20:37:49 +01:00
William Manley
4deb426835 Refactor tests/bootloader-entries-crosscheck.py
Reduce duplication.
2020-07-15 17:42:04 +01:00
OpenShift Merge Robot
fd8ecdf047
Merge pull request #2131 from cgwalters/sign-success
signapi: Change API to also return a success message
2020-06-24 18:24:41 -04:00
OpenShift Merge Robot
adcd261596
Merge pull request #2001 from agners/multi-device-tree
deploy: support devicetree directory
2020-06-24 03:02:18 -04:00
Colin Walters
5aa22e0b1f tests: Port to Debian autopkgtest reboot API
See https://github.com/coreos/coreos-assembler/pull/1528

I think we can drop the old cosa reboot APIs after this,
though I've already forgotten where else I might have written
tests using it.
2020-06-19 13:04:22 +00:00
Matthew Leeds
d21181653e tests: Check that example symbol isn't released
For the motivation for this see #2132.
2020-06-17 15:28:15 -07:00
Colin Walters
36258036ae signapi: Change API to also return a success message
This is the dual of 1f3c8c5b3d
where we output more detail when signapi fails to validate.

Extend the API to return a string for success, which we output
to stdout.

This will help the test suite *and* end users validate that the expected
thing is happening.

In order to make this cleaner, split the "verified commit" set
in the pull code into GPG and signapi verified sets, and have
the signapi verified set contain the verification string.

We're not doing anything with the verification string in the
pull code *yet* but I plan to add something like
`ostree pull --verbose` which would finally print this.
2020-06-17 00:33:47 +00:00
Colin Walters
1f3c8c5b3d sign/ed25519: Output failed signatures in error message
To aid debuggability, when we find a commit that isn't signed
by our expected key, output a specific error message with the
key.

(And then add code to switch to just printing the count beyond 3
 because the test suite injects 100 keys and hopefully no one
 ever actually does that)
2020-06-16 18:20:54 +03:00
Colin Walters
40d6f6b5ee tests: Add a pre-signed-pull.sh test
I'm thinking about adding an implementation of ed25519 signatures
with OpenSSL (so we can ship the feature with Fedora CoreOS
without requiring an additional library) and in preparation for
that it's essential that we validate that libsodium-generated
signatures and OpenSSL-generated signatures are compatible.

I don't know if they are yet actually, but the goal of this
new test is to add a pre-generated repository with a signed
commit generated by libsodium.

This will catch if e.g. there's ever a change in libsodium,
or if existing libsodium implementation versions (e.g. the
one in Debian) might differ from what we ship here.
2020-06-11 18:56:35 +00:00
Colin Walters
1cd902cd1a tests/rust: Extract a with_webserver_in helper wrapper
It's much cleaner if the Tokio stuff stays in `test.rs`, and
easier to write tests if the function is synchronous.

Prep for further tests.
2020-06-04 13:04:35 +00:00
Stefan Agner
5f08649f51 deploy: support devicetree directory
Add support for a devicetree directory at /usr/lib/modules/$kver/dtb/.
In ARM world a general purpose distribution often suppports multiple
boards with a single operating system. However, OSTree currently only
supports a single device tree, which does not allow to use the same
OSTree on different ARM machines. In this scenario typically the boot
loader selects the effective device tree.

This adds device tree directory support for the new boot artefact
location under /usr/lib/modules. If the file `devicetree` does not
exist, then the folder dtb will be checked. All devicetrees are hashed
into the deployment hash. This makes sure that even a single devicetree
change leads to a new deployment and hence can be rolled back.

The loader configuration has a new key "devicetreepath" which contains
the path where devicetrees are stored. This is also written to the
U-Boot variable "fdtdir". The boot loader is expected to use this path
to load a particular machines device tree from.

Closes: #1900
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
2020-05-29 19:56:11 +02:00
Colin Walters
1f637bf341 Add new Rust-based tests
There's a lot going on here.  First, this is intended to run
nicely as part of the new [cosa/kola ext-tests](https://github.com/coreos/coreos-assembler/pull/1252).

With Rust we can get one big static binary that we can upload,
and include a webserver as part of the binary.  This way we don't
need to do the hack of running a container with Python or whatever.

Now, what's even better about Rust for this is that it has macros,
and specifically we are using [commandspec](https://github.com/tcr/commandspec/)
which allows us to "inline" shell script.  I think the macros
could be even better, but this shows how we can intermix
pure Rust code along with using shell safely enough.

We're using my fork of commandspec because the upstream hasn't
merged [a few PRs](https://github.com/tcr/commandspec/pulls?q=is%3Apr+author%3Acgwalters+).

This model is intended to replace *both* some of our
`make check` tests as well.

Oh, and this takes the obvious step of using the Rust OSTree bindings
as part of our tests.  Currently the "commandspec tests" and "API tests"
are separate, but nothing stops us from intermixing them if we wanted.

I haven't yet tried to write destructive tests with this but
I think it will go well.
2020-05-27 21:59:23 +00:00
Colin Walters
718cca8055 tests/kola: Move to tests/kolainst
Follow the precedent set in https://github.com/coreos/rpm-ostree/pull/2106
and rename the directory, to more clearly move away from the
"uninstalled" test model.  Prep for Rust-based tests.
2020-05-27 15:16:50 +00:00
Colin Walters
5cb9d0df38 pull: Add support for sign-verify=<list>
The goal here is to move the code towards a model
where the *client* can explicitly specify which signature types
are acceptable.

We retain support for `sign-verify=true` for backwards compatibility.
But in that configuration, a missing public key is just "no signatures found".

With `sign-verify=ed25519` and no key configured, we can
explicitly say `No keys found for required signapi type ed25519`
which is much, much clearer.

Implementation side, rather than maintaining `gboolean sign_verify` *and*
`GPtrArray sign_verifiers`, just have the array.  If it's `NULL` that means
not to verify.

Note that currently, an explicit list is an OR of signatures, not AND.
In practice...I think most people are going to be using a single entry
anyways.
2020-05-22 19:10:32 +00:00
Jonathan Lebon
6730acc350 tests/admin-test: Fix --allow-downgrade check
We were doing a check to verify that `ostree admin upgrade` wouldn't
accept a downgrade without `--allow-downgrade`. However, there's no
guarantee that the commit it's upgrading from is older than HEAD^ (what
we're upgrading to). Specifically, if the test runs fast enough, the
timestamps could be equal, since the lowest resolution is seconds.

Rework the test so that we first upgrade to HEAD, which we're sure is at
least 1 second apart from HEAD^, and *then* check that downgrade
protection is enforced.

We also can't use `rev-parse testos/buildmaster/x86_64-runtime` as a way
to know what commit the host is sitting on since the ref might've gone
ahead. Instead, just use `ostree admin status | head -n1`. (I played
with using the `ostree/I/J/K` refs, but those depend on what the
boot/subbootversion is and can easily change if we change previous
tests).
2020-05-22 13:59:36 -04:00
OpenShift Merge Robot
be62a01bff
Merge pull request #2106 from jlebon/pr/fix-admin-test
tests/admin-test: Ensure that commits are 1s apart
2020-05-20 19:05:35 +02:00
Colin Walters
191ce95ca1 admin-test: Show err.txt on unexpected failure
In a CI run I think one of these `ostree show` commands is failing.
While that output would be useful, the actual `err.txt` usually
has what we want too.
2020-05-20 15:57:10 +00:00
Jonathan Lebon
70ebb91aa3 tests/admin-test: Ensure that commits are 1s apart
Otherwise the new check we added there to verify that upgrading without
`--allow-downgrade` fails itself fails.

See: https://github.com/ostreedev/ostree/pull/2099#issuecomment-629805840
2020-05-20 10:48:44 -04:00
Colin Walters
f14aa894d3 ci: Test for clock skew
I saw `tests/test-admin-deploy.none.sh` fail in one CI run, and
I want to check if it was because of clock skew, so fail
fast if we detect that.

xref https://github.com/ostreedev/ostree/pull/2099#issuecomment-629805375
2020-05-18 18:48:28 +00:00
Colin Walters
5a47c926c1 pull: Only have API to disable signapi for local pulls
There's a lot of historical baggage associated with GPG verification
and `ostree pull` versus `ostree pull-local`.  In particular nowadays,
if you use a `file://` remote things are transparently optimized
to e.g. use reflinks if available.

So for anyone who doesn't trust the "remote" repository, you should
really go through through the regular
`ostree remote add --sign-verify=X file://`
path for example.

Having a mechanism to say "turn on signapi verification" *without*
providing keys goes back into the "global state" debate I brought
up in https://github.com/ostreedev/ostree/issues/2080

It's just much cleaner architecturally if there is exactly one
path to find keys: from a remote config.

So here in contrast to the GPG code, for `pull-local` we explictily
disable signapi validation, and the `ostree_repo_pull()` API just
surfaces flags to disable it, not enable it.
2020-05-17 13:52:24 +00:00
OpenShift Merge Robot
b5e51d8c08
Merge pull request #2100 from cgwalters/make-install-kola-tests
ci: Install kola tests
2020-05-15 14:38:00 -07:00
Colin Walters
48f5a1885e ci: Install kola tests
This builds on
https://github.com/coreos/coreos-assembler/pull/1441
to install our tests rather than running them from the source
directory.  This model will more cleanly allow us to ship
our tests along with a test container or elsewhere, separate
from the source directory.

Also prep for https://github.com/ostreedev/ostree/pull/2048
2020-05-15 19:40:54 +00:00
Jonathan Lebon
79079c2657 lib/upgrader: Pull with timestamp-check-from-rev
For the same reason as https://github.com/coreos/rpm-ostree/pull/2094.
What we care most about is that the new commit we pull is newer than the
one we're currently sitting on, not necessarily that it's newer than the
branch itself, which it might not be if e.g. we're trying to deploy a
commit older than the tip but still newer than the deployment (via
`--override-commit`).
2020-05-14 15:27:29 -04:00
Jonathan Lebon
c8efce0656 lib/pull: Add timestamp-check-from-rev
The way `timestamp-check` works might be too restrictive in some
situations. Essentially, we need to support the case where users want to
pull an older commit than the current tip, but while still guaranteeing
that it is newer than some even older commit.

This will be used in Fedora CoreOS. For more information see:
https://github.com/coreos/rpm-ostree/pull/2094
https://github.com/coreos/fedora-coreos-tracker/issues/481
2020-05-14 14:00:42 -04:00
Colin Walters
474e1e2a33 tests/staged-delay.sh: New test
Attempting to reproduce
https://bugzilla.redhat.com/show_bug.cgi?id=1827712
but no dice yet.
2020-05-11 21:31:13 +00:00
Colin Walters
588f42e8c6 remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF
Per https://github.com/ostreedev/ostree/issues/2080#issuecomment-623614483

A huge benefit of ed25519 (and ECC in general) is that keys are very
short - short enough that it's completely reasonable to inline
them into a command line argument.

And I think that's a good model; it makes the keys very visible.

For example, someone could easily copy-paste a commandline
argument from a webpage (secured via TLS) that says to run
`ostree remote add --sign-verify=ed25519=inline:KEY`.
2020-05-09 20:07:44 +00:00
Colin Walters
7392259332 commit: Add --mode-ro-executables option
I think we should encourage removing the writable bits from
executables.  This has happened to me:
https://thomask.sdf.org/blog/2019/11/09/take-care-editing-bash-scripts.html

And not having the writable bit may help prevent hardlink
corruption with OSTree in some cases.

We can't do this by default, but add a convenient CLI flag
for it.
2020-05-06 19:41:27 +00:00
Colin Walters
37e1921b51 tests/staged-deploy: Cleanup initial state
I'm using [cosa build-fast](https://github.com/coreos/coreos-assembler/pull/1371)
and this test doesn't like starting out with two deployments.  Clean
things up to one at the start just to simplify things.
2020-04-29 01:47:14 +00:00
Colin Walters
368574b657 deploy: Add --no-merge
All of the underlying libostree APIs have supported passing `NULL`
for a merge deployment for...a long time.  But we never plumbed
it up into the CLI.

Add a `--no-merge` option to aid people who want to do a "factory reset":
https://github.com/ostreedev/ostree/issues/1793
2020-04-22 14:09:54 +00:00
Denis Pynkin
40a2fb3b07 tests/signed-commit: fix the test of well-known places
Commit e474033e removed the redirection of incorrect public keys
aimed to generate a lot of files without correct public signature.

Fix the test by returning back the creation of files containing
incorrect public keys for ed25519.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-17 16:46:49 +03:00
Colin Walters
d1e5ed379e Use sign-ed25519 for the feature name
`libsodium` is an implementation detail.  In particular, I'd like
to consider using OpenSSL for ed25519 (if libsodium isn't configured
and openssl is).

So switch the name of the exposed feature and adjust the tests.
2020-04-16 16:43:43 +00:00
Colin Walters
8e7aea4473 Change signature opts to include type, cleanup error handling
Previously we would pass the `verification-key` and `verification-file`
to all backends, ignoring errors from loading keys until we
found one that worked.

Instead, change the options to be `verification-<engine>-key`
and `verification-<engine>-file`, and then
rework this to use standard error handling; barf explicitly if
we can't load the public keys for example.  Preserve
the semantics of accepting the first valid signature.  The
first signature error is captured, the others are currently
compressed into a `(and %d more)` prefix.

And now that I look at this more closely there's a lot of
duplication between the two code paths in pull.c for verifying;
will dedup this next.
2020-04-15 22:07:11 +00:00
Colin Walters
b6040143e5 Only enable "dummy" signature type with opt-in env variable
I don't want to even have to think about people using
this in production.
2020-04-14 22:18:13 +00:00
OpenShift Merge Robot
8baee5cd04
Merge pull request #2058 from cgwalters/signing-cleanups
pull: Update key loading function to match error style
2020-04-07 20:49:04 +02:00
OpenShift Merge Robot
0638d1ea86
Merge pull request #2057 from cgwalters/test-sizes-error
tests/pull-sizes: Disable xattrs everywhere
2020-04-06 22:33:43 +02:00
Colin Walters
329a82c57e commit: Add --base argument
I was trying to followup the `--selinux-policy-from-base` work
to add a `cosa build --fast=overlay` for coreos-assembler,
but hit on the fact that using e.g. `--owner-uid` disables
commit optimizations.

A while ago, https://github.com/ostreedev/ostree/pull/1643 landed
which optimized this for the case where no modifications are provided.
But, we really need the SELinux policy bits, and it's super convenient
to run `ostree commit` as non-root.

It's fairly surprising actually that it's taken us so long to
iterate on a good interface for this "commit changes on top of a base"
model.  In practice, many nontrivial cases really end up needing
to do a (hardlink) checkout, and that case is optimized.

But for this coreos-assembler work I want to directly overlay onto
a commit object another commit object.

That previous PR above added exactly the API we need, so let's
expose it in the CLI.

What you can see happening in the test is that we provide
`--owner-uid 42`, but that only applies to directories/files
that were added in the commit.

And now that I look at this, I think what we really want here
is to avoid changing directories that exist in the base, but
eh; in practice the main use here is for `--owner-uid 0` while
committing as non-root; and that works fine with this since
the baseline uid will be zero as well.
2020-04-06 19:28:51 +00:00
Colin Walters
47539874b8 pull: Update key loading function to match error style
This code wasn't written with idiomatic GError usage; it's not standard
to construct an error up front and continually append to its
message.  The exit from a function is usually `return TRUE`,
with error conditions before that.

Updating it to match style reveals what I think is a bug;
we were silently ignoring failure to parse key files.
2020-04-05 18:49:25 +00:00
Colin Walters
6d89b969ed tests/pull-sizes: Disable xattrs everywhere
I am getting SELinux xattrs committed in local development (inside
https://github.com/cgwalters/coretoolbox ), which
throws off the hardcoded sizes in this test.
2020-04-05 18:38:26 +00:00
OpenShift Merge Robot
a16fe86b36
Merge pull request #1878 from d4s/wip/d4s/no_gpg
Alternative signing system
2020-04-04 19:46:12 +02:00
Matthew Leeds
164b2aa35b Don't copy summary for collection-ref mirror subset pulls
When we're only pulling a subset of the refs available in the remote, it
doesn't make sense to copy the remote's summary (which may not be valid
for the local repo). This makes the check here match the one done
several lines above when we decide whether to error out if there's no
remote summary available.

This extends the fix in https://github.com/ostreedev/ostree/pull/935 for
the case of collection-refs.

Also, add a unit test for this issue, based on the existing one in
pull-test.sh.
2020-03-28 10:35:19 -07:00
Denis Pynkin
cce3864160 sign-pull: improve error handling
Use glnx_* functions in signature related pull code for clear
error handling.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
5a39281fbe tests/sign: check pull failure with invalid remote options
Pull should to fail if no known signature available in remote's
configuration or well-known places.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
09d5b475af tests/sign: added check with file and single key on pull
Additional test of signatures check behavior during the pull
with keys file containing wrong signatures and correct verification
key. Both are set as a part of remote's configuration.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
1de2efa2ed tests/sign: new test for summary file verification
Add test for signature verification of summary file during the pull.
Adopted version of GPG tests from `test-pull-summary-sigs.sh`.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
acace9b95a tests/sign: allow to start pull test without libsodium
Allow to run the pulling test if there is no ed25519 support.
Test the signed pull only with dummy engine. Fixed tests names.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:55 +03:00
Denis Pynkin
5dca74fab7 tests/sign: add verification key for pulling with dummy
After splitting out the common key to secret/public inside the dummy engine we
need to pass the the public key for remote with dummy engine usage.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
fbd2666e07 tests/sign: disable GPG for alternatively signed pull
Explicitly disable GPG verification for remote while testing
alternative signing mechanism.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
68aa13550a tests: use option "--no-sign-verify" for adding remote
Option "--no-sign-verify" disable the signature verification including
GPG. So use it in tests instead of "--no-gpg-verification".

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
72d81d7401 tests/local-pull: test "--sign-verify" option
Ensure what with this option only signed commit is pulled.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
e474033ea9 tests/sign: use library functions for ed25519 keys
Switch to library functions usage.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
a9df634c47 tests/libtest: add functions for ed25519 tests
Add functions for keys generation to be used in signing-related tests:
- gen_ed25519_keys initializing variables ED25519PUBLIC, ED25519SEED and
  ED25519SECRET with appropriate base64-encoded keys
- gen_ed25519_random_public print a random base64 public key (used in
  tests with wrong keys)

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
7e71f87ebc tests/sign: check system-wide config and revoked keys
Extend the ed25519 tests with checking the system-wide directory
keys loading code(with the help of redefinition).
Added test of ed25519 revoking keys mechanism.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
ea291a0605 builtin/sign: allow to use multiple public keys for verification
`ostree sign` is able to use several public keys provided via arguments
and via file with keys.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
5fc2ddff30 tests/gpg: skip test in JS if GPG is not supported
Skip the single JS test which throws an error if GPG support
is disabled in a build time.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
36e4667973 builtin/sign: allow to sign with keys from secret file
Read keys from secret file provided by `--keys-file=` option.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
073876d9b2 lib/sign: add support of file with valid keys for remote
Allow to use custom file with public keys for remote.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
82c773710c tests/sign: add initial test for pulling
Test if we pull signed commits from remote.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
0b55db9b2f tests/sign: check public keys load from file
Test ed25519 public keys load from file and verify signed commit
against that file.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
2303202c86 sign: API changes for public keys and CLI keys format
API changes:
- added function `ostree_sign_add_pk()` for multiple public keys using.
- `ostree_sign_set_pk()` now substitutes all previously added keys.
- added function `ostree_sign_load_pk()` allowed to load keys from file.
- `ostree_sign_ed25519_load_pk()` able to load the raw keys list from file.
- use base64 encoded public and private ed25519 keys for CLI and keys file.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
Denis Pynkin
9e8f0f4ca0 tests: add test for commits sign/verification
Add tests checking:
- sign mechanism is in working state
- module 'dummy' is able to sign/verify commit
- module 'ed25519' is able to sign/verify commit
- both modules could be used for the same commit
- 'ostree sign' builtin works with commits
- 'ostree commit' builtin able to sign commits

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:23:54 +03:00
OpenShift Merge Robot
7a95929867
Merge pull request #2041 from cgwalters/auto-sepolicy
repo/commit: Add support for --selinux-policy-from-base
2020-03-24 20:06:55 +01:00
Colin Walters
b3bbbd1542 repo/commit: Add support for --selinux-policy-from-base
The [dev-overlay](332c6ab3b9/src/cmd-dev-overlay)
script shipped in coreos-assembler mostly exists to deal
with the nontrivial logic around SELinux policy.  Let's make
the use case of "commit some binaries overlaying a base tree, using
the base's selinux policy" just require a magical
`--selinux-policy-from-base` argument to `ostree commit`.

A new C API was added to implement this in the case of `--tree=ref`;
when the base directory is already checked out, we can just reuse
the existing logic that `--selinux-policy` was using.

Requires: https://github.com/ostreedev/ostree/pull/2039
2020-03-24 16:34:26 +00:00
Colin Walters
ea16f7603d tests/pull-repeated: Bump up retries to match max fails
This test keeps occasionally failing in CI - as expected, because
we retry 8 times for an object but it's completely possible for
us to hit the <0.5% chance of 50% failure 8 times in a row.

Since the max errors from the server is 100, set retries to the
same thing.
2020-03-24 12:24:46 +00:00
Colin Walters
635fd0aa9c tests/kola: Two test fixes
Now that we're actually running this in CI.
2020-03-21 20:48:15 +00:00
OpenShift Merge Robot
d0b3e76fa8
Merge pull request #2036 from jlebon/pr/partial-parent
lib/pull: Don't leave commits pulled by depth as partial
2020-03-19 18:05:00 +01:00
Colin Walters
b93180a4d3 tests: Rework tests/installed → tests/kola
Previously we made an effort to use the [Fedora Standard Test Interface](https://docs.fedoraproject.org/en-US/ci/standard-test-interface/).
This effort was not very successful; the primary thing that
it really died on is Ansible just didn't support rebooting
very well.  I think that's since gotten better, but even
then, Ansible wasn't the best thing for a test framework
for us anyways.

In the meantime Fedora CoreOS happened emphasizing Ignition
and not "post-hoc reconciliation" models like Ansible over
ssh.

And, [coreos-assembler](https://github.com/coreos/coreos-assembler) happened too.

Furthermore, we really need to test OSTree's interaction
with Ignition as we've invented several special things there.

Then most recently, I've been working on having
cosa/kola support running externally defined tests:
https://github.com/coreos/coreos-assembler/pull/1215

There's a lot of things to clean up after this but at least this
works for me:

```
$ cd /srv/fcos
$ cosa kola run -- --parallel 4 --output-dir tmp/kola -E ~/src/github/ostreedev/ostree/ 'ext.ostree.*'
```

NOTE: This *does not* drop ostree binaries into the target.  See:
https://github.com/coreos/coreos-assembler/pull/1252#issuecomment-600623315

This drops our dependency on Python in the installed tests, and
also fixes a few bugs that came up.

I disabled the `itest-bare-user-root.sh` one because it's
entangled with the shell script infrastructure for the unit tests.
2020-03-19 16:01:57 +00:00
Jonathan Lebon
fd822a8dfd lib/pull: Don't leave commits pulled by depth as partial
When pulling full parent commits via e.g. `--depth N`, we weren't
unmarking them as partial in the out path.

Closes: #2035
2020-03-19 10:10:50 -04:00
Colin Walters
c6085ebd5e Release 2020.2
"Brown paper bag" release that actually sets the
`is_release_build=yes` flag and also fixes the
`Since:` on a few new functions.
2020-02-21 14:45:49 +00:00
Colin Walters
04c85fa101 Release 2020.1
New year, new release!
2020-02-20 16:35:47 +00:00
Colin Walters
6d104f6257 ci: Replace PAPR with CoreOS CI
Move the alternative builds into the Jenkinsfile.

Update it to do a FCOS build + kola run.

We drop the flatpak/rpm-ostree runs for now; the former
will needs some work to do the automatic virt bits.  The
latter I think we can circle back to when we e.g. figure
out how to include rpm-ostree's tests in kola runs.
2020-02-06 23:14:42 +00:00
OpenShift Merge Robot
8a9a496501
Merge pull request #1957 from dbnicholson/commit-sizes
Upstream Endless sizes metadata changes
2020-01-27 08:25:59 -08:00
Dan Nicholson
b81a6b4ab2 tests/gpg: Add tests for importing updated remote GPG keys
This checks whether gpg-import will properly update the keyring for a
key that already exists. In particular, we check that changing the key
expiration time or revoking it results in commit verification failure
after re-importing the keys.
2020-01-24 13:02:17 -07:00
Dan Nicholson
01da2371c5 tests/gpg: Test ostree_gpg_verify_result_require_valid_signature
Add explicit tests for
`ostree_gpg_verify_result_require_valid_signature` in addition to the
implicit tests via `ostree pull` and others. This allows checking the
error code raised.
2020-01-24 13:02:17 -07:00
Dan Nicholson
0fbfc0b207 lib/gpg: Add more specific OstreeGpgError codes
Currently `ostree_gpg_verify_result_require_valid_signature` always
returns an error that the key used for the signature is missing from the
keyring. However, all that's been determined is that there are no valid
signatures. The error could also be from an expired signature, an
expired key, a revoked key or an invalid signature.

Provide values for these missing errors and return them from
`ostree_gpg_verify_result_require_valid_signature`. The description of
each result is appended to the error message, but since the result can
contain more than one signature but only a single error can be returned,
the status of the last signature is used for the error code. See the
comment for rationale.

Related: flatpak/flatpak#1450
2020-01-24 13:02:17 -07:00
Dan Nicholson
2c24f28ce4 tests/test-gpg-verify-result: Allow specifying signature files
Currently tests are always run against the full lgpl2.sig file with all
signatures, but it should also be possible to specify one or more of the
individual lgpgl2.sig<N> files.

Drop the current usage of passing the signature index in the test data
since it's always specific to the test function and instead provide an
optional array of signature files for the test fixture to sign with.
2020-01-24 13:02:09 -07:00
Dan Nicholson
b786d1b4bc tests/gpg-verify-data: Empty out trustdb.gpg
When the private keys were generated, gpg added an ultimate trust entry
since you normally want to trust your own keys. However, this throws off
the expired signature testing since gpgme considers it valid if the key
is fully or ultimately trusted.

The use of a trustdb for the test-gpg-verify-result is unlike any other
GPG verification in ostree. Under normal circumstances, a temporary GPG
homedir is created without any trust information, so all keys are
treated as having unknown trust.

Regenerate an empty trustdb.gpg in gpg-verify-data so that the tests
behave as ostree normally operates. After this the expired signature
testing correctly shows up as a non-valid signature. The trustdb was
regenerated by simply removing it and running any gpg operation with the
gpg-verify-data directory as the homedir.
2020-01-24 13:02:09 -07:00
Dan Nicholson
7fe265b087 tests/gpg-verify-data: Split out signature data
The full block with all 5 signatures remains, but this allows passing
individual signatures through the GPG verification APIs. The split was
done with `gpgsplit`, and looking at the output of `gpg --list-packets`
of the split and unsplit files appears correct.
2020-01-24 13:02:09 -07:00
Dan Nicholson
b825083549 tests/gpghome: Create revocation certificates for keys
These can then be imported during a test to revoke a key without trying
to go through the gpg --generate-revocation dialog. Note that these need
to go in a subdirectory of the homedir since `gpgkeypath` will try to
import every regular file in the homedir.
2020-01-24 13:02:09 -07:00
Dan Nicholson
63414e85c3 tests/libtest: Make temporary gpghome private
gpg prints a warning about unsafe permissions if the homedir is group or
world readable. This is just noise in the test logs, so appease it by
making the homedir 700.
2020-01-24 13:02:09 -07:00
Dan Nicholson
7f04c5d764 tests/libtest: Record long GPG key IDs and fingerprints
Use long GPG key IDs as it's safer and matches the format used by gpg
and gpgme. Add the associated fingerprints since these are needed by gpg
when manipulating keys.
2020-01-24 13:02:09 -07:00
Dan Nicholson
5135a1e58a tests/core: Really pick C.UTF-8 locale
The case-ignoring regex `^(C|en_US)` will match any locale that starts
with `c`. On my system this is `ca_AD.utf8`, which breaks the test
suite. Instead, use a single regex that includes the joining `.` rather
than 2 separate regexes. This also changes `head` to use the `-n`
option, which has been preferred for at least 10 years in the coreutils
version and is supported by busybox as well.
2020-01-21 10:29:41 -07:00
Dan Nicholson
97c831dd5f bin/show: Add --print-sizes option to show sizes metadata
Use the new `ostree_commit_get_object_sizes()` API to read the
`ostree.sizes` commit metadata and print a summary.
2020-01-20 20:46:31 -07:00
Dan Nicholson
1bbe674d91 libarchive: Support commit sizes metadata
Call the helper to set the generate_sizes boolean so that object size
data is stored while writing the mtree.
2020-01-20 20:42:27 -07:00
John Hiesey
291e9da258 lib/commit: Include object type in sizes metadata
Append a byte encoding the OSTree object type for each object in the
metadata. This allows the commit metadata to be fetched and then for the
program to see which objects it already has for an accurate calculation
of which objects need to be downloaded.

This slightly breaks the `ostree.sizes` `ay` metadata entries. However,
it's unlikely anyone was asserting the length of the entries since the
array currently ends in 2 variable length integers. As far as I know,
the only users of the sizes metadata are the ostree test suite and
Endless' eos-updater[1]. The former is updated here and the latter
already expects this format.

1. https://github.com/endlessm/eos-updater/
2020-01-20 20:42:27 -07:00
Dan Nicholson
a4592678aa tests/sizes: Check duplicate file doesn't add sizes entry
A duplicate file will resolve to the same object, so it shouldn't add
any entries to the sizes metadata.
2020-01-20 20:42:27 -07:00
Dan Nicholson
4f1b991246 tests/sizes: Test that sizes metadata is not reused
Ensure that the object sizes hash table is cleared after a commit and
not only when the repo is closed.
2020-01-20 20:42:27 -07:00
Dan Nicholson
1ea719b76b tests/sizes: Test sizes metadata with existing objects
Repeat the commit to make sure that the files are enumerated again for
the size metadata.
2020-01-20 20:42:27 -07:00
Dan Nicholson
694b741a36 tests/sizes: Improve metadata validation
Ensure all 3 of the checksum, compressed size and uncompressed size are
correct. For repeatable objects, skip xattrs and use canonical
permissions for the commit. For the sizes, read a varint rather than
assuming they will be a single byte. To work around bugs in gjs with
byte array unpacking, manually build the array byte by byte. Split out
some helper functions to use in subsequent tests.
2020-01-20 20:42:27 -07:00
OpenShift Merge Robot
20d84f40fa
Merge pull request #1987 from akiernan/us-switchroot-tests
Skip /var test if running with systemd and libmount
2020-01-16 16:47:41 +01:00
Alex Kiernan
d61183ce43 fixup! test-switchroot.sh: Find ostree-prepare-root in installed tests 2019-12-30 13:28:35 +00:00
Alex Kiernan
e4db245bec test-switchroot.sh: Find ostree-prepare-root in installed tests
When running with installed tests, ostree-prepare-root (probably)
exists in /usr/lib. Add heuristics to look for it based on the directory
we're running from.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-12-29 14:24:30 +00:00
Alex Kiernan
87ccb400a2 tests: Skip /var test if running with systemd and libmount
If running with systemd and libmount then /var mounting is deferred for
systemd. Skip the relevant tests in this case as it will always fail.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-12-29 14:18:36 +00:00
Alex Kiernan
f6867358e2 test-switchroot.sh: Exclude /proc from file list
Since we're not interested in any file inside /proc, exclude it from the
file listing in our fake root thus avoiding failures when processes die
during our execution and find(1) can't then look inside those
directories.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-12-29 12:37:10 +00:00
Colin Walters
978bd19f97 Release 2019.6
Nothing really big here, but let's get a release out
so some bigger things like ro-sysroot, signing, sizes can
bake in master for a bit.
2019-12-09 16:18:01 +00:00
Colin Walters
36039759e2 pull: Add support for basic auth
This has been requested a few times for people delivering
OSTree content and wanting to do access control.
2019-12-02 22:48:33 +00:00
Colin Walters
16bb294384 tests/repo-finder: Run realpath() on /tmp
This fixes running this test case inside
https://github.com/cgwalters/coretoolbox
2019-11-23 18:04:58 +00:00
Robert Fairley
aadc4db012 lib/kernel-args: Store kernel args as key/value entries
Define an `OstreeKernelArgsEntry` structure, which holds
both the key and the value. The kargs order array stores
entries for each key/value pair, instead of just the keys.
The hash table is used to locate entries, by storing
entries in a pointer array for each key. The same public
interface is preserved, while maintaining ordering
information of each key/value pair when
appending/replacing/deleting kargs.

Fixes: #1859
2019-11-07 23:39:10 -05:00
Colin Walters
58980a717a lib/keyfile: Treat "group not found" the same as "key not found"
Prep for fsverity, where I want to create a new group
`[fsverity]` in the keyfile that has default values.  We should
treat the absence of a group the same as absence of a key
in these "with defaults" APIs.
2019-11-07 21:15:41 +00:00
Alex Kiernan
abf1a7392b tests: Avoid musl failure with cp -a
When copying the tree, using musl and GNU coreutils, something gets confused
when setting the ownership of symlinks and the copy fails with:

  cp: failed to preserve ownership for osdata-devel/bin: Not supported

Rework using tar to avoid the problem.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-11-01 05:05:53 +00:00
Alex Kiernan
3d48021fb0 tests/core: Assume C.UTF-8 if locale isn't found
When building with musl there's no locale command, also its default
locale is C.UTF-8, so just get C.UTF-8 if we can't find locale.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-11-01 05:05:53 +00:00
Alex Kiernan
fb519f0361 tests: Handle EPIPE failures when head terminates
When using musl, it appears that the default is line buffered output, so
when `head -1` reads from a pipe we have to handle the source end of the
pipe getting EPIPE.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-11-01 05:05:53 +00:00
Alex Kiernan
4d17cd917f tests/core: Fallback to en_US.UTF-8 locale
A number of tests expect explicit left/right single quotes in their
messages, which will never happen in the C locale. Change so we pick a
likely UTF-8 locale, or fail if we can't find one.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-10-31 21:28:30 +00:00
Colin Walters
980ca07b03 Release 2019.5 2019-10-30 17:08:00 +00:00
Jonathan Lebon
7ae8da08b9 lib/deploy: Also install HMAC file into /boot
To allow for FIPS mode, we need to also install the HMAC file from
`/usr/lib/modules` to `/boot` alongside the kernel image where the
`fips` dracut module will find it. For details, see:

https://github.com/coreos/fedora-coreos-tracker/issues/302

Note I didn't include the file in the boot checksum since it's itself a
checksum of the kernel, so we don't really gain much here other than
potentially causing an unnecessary bootcsum bump.
2019-10-29 16:45:29 -04:00
Alex Kiernan
e314b31ec9 tests/export: Guard with check for libarchive
If we are built without libarchive support, this test fails:

  error: This version of ostree is not compiled with libarchive support
  ...
  ERROR: tests/test-export.sh - too few tests run (expected 5, got 0)
  ERROR: tests/test-export.sh - exited with status 1

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-10-24 19:08:59 +01:00
Colin Walters
01a3a65525 tests: [scan-build] Initialize a variable
False positive.
2019-10-18 15:07:39 +00:00
Colin Walters
0a808ffe20 tests: Port keyfile test to new style
Just noticed in passing.
2019-10-18 15:07:39 +00:00
Colin Walters
a982dc97ea tree-wide: [scan-build] Fix some dead stores
No real issues, just quieting the scanner.
2019-10-18 15:07:31 +00:00
Jonathan Lebon
9d39e7d91e Release 2019.4
Tiny release. Just want to get out the important bugfixes instead of
backporting patches (notably the gpg-agent stuff and
`ostree-finalize-staged.service` ordering).

Closes: #1927
Approved by: cgwalters
2019-09-25 13:43:28 +00:00
Jason Wessel
bdbce9d042 fsck: Add test for --delete corruption, fix repair, and partial commit checks
The ostree fsck test is aimed to check that it will still fail an fsck
if the repository has been repaired by fsck.  It also checks that a
pull operation corrects the error and ostree fsck will exit with zero.

The test was modeled after the following script:

rm -rf ./f1
mkdir -p ./f1
./ostree --repo=./f1 init --mode=archive-z2
mkdir -p ./trial
echo test > ./trial/test
./ostree --repo=./f1 commit --tree=dir=./trial --skip-if-unchanged --branch=exp1 --subject="test Commit"

rm -rf ./f2
mkdir -p ./f2
./ostree --repo=./f2 init
./ostree --repo=./f2 pull-local  ./f1

echo whoops > `find ./f2 |grep objects |grep \\.file `
./ostree fsck --repo=./f2 ; echo Exit: $?
./ostree fsck --delete --repo=./f2 ; echo Exit: $?
./ostree fsck --repo=./f2 ; echo Exit: $?
./ostree --repo=./f2 pull-local  ./f1
./ostree fsck --repo=./f2 ; echo Exit: $?

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>

fsck: Update test so that it will pass on fs without xattrs

The fsck test does not require xattrs to prove that it works.  It is
simple enough to change it to use an archvie instead of a bare type
repository.

Signed-off-by: Jason Wessel <jason.wessel@windriver.com>

Closes: #1910
Approved by: cgwalters
2019-09-09 13:40:36 +00:00
Javier Martinez Canillas
d42f970ed3 lib/bootconfig-parser: Always include deployment index in BLS title
If there are different deployments for the same commit version, the BLS
snippets will have the same title fields (but different version fields):

$ grep title *
ostree-1-testos.conf:title TestOS 42 20190902.0 (ostree)
ostree-2-testos.conf:title TestOS 42 20190902.0 (ostree)
ostree-3-testos.conf:title TestOS 42 20190902.0 (ostree)

But bootloaders could expect the title field to be unique for BLS files.
For example, the zipl bootloader used in the s390x architecture uses the
field to name the boot sections that are created from the BLS snippets.

So two BLS snippets having the same title would lead to zipl failing to
create the IPL boot sections because they would have duplicated names:

$ zipl
Using config file '/etc/zipl.conf'
Using BLS config file '/boot/loader/entries/ostree-3-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-2-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-1-testos.conf'
Error: Config file '/etc/zipl.conf': Line 0: section name 'TestOS 42 20190902.0 (ostree)' already specified

Avoid this by always including the deployment index along with the commit
version in the title field, so this will be unique even if there are BLS
files for deployments that use the same commit version:

$ grep title *
ostree-1-testos.conf:title TestOS 42 20190902.0 (ostree:2)
ostree-2-testos.conf:title TestOS 42 20190902.0 (ostree:1)
ostree-3-testos.conf:title TestOS 42 20190902.0 (ostree:0)

$ zipl
Using config file '/etc/zipl.conf'
Using BLS config file '/boot/loader/entries/ostree-3-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-2-testos.conf'
Using BLS config file '/boot/loader/entries/ostree-1-testos.conf'
Building bootmap in '/boot'
Building menu 'zipl-automatic-menu'
Adding #1: IPL section 'TestOS 42 20190902.0 (ostree:0)' (default)
Adding #2: IPL section 'TestOS 42 20190902.0 (ostree:1)'
Adding #3: IPL section 'TestOS 42 20190902.0 (ostree:2)'
Preparing boot device: dasda (0120).
Done.

Closes: #1911
Approved by: cgwalters
2019-09-02 21:08:58 +00:00
Colin Walters
b15ed42111 Release 2019.3
It's been a while, and we need the new kargs API for rpm-ostree.

Closes: #1902
Approved by: rfairley
2019-08-22 18:37:38 +00:00
Jonathan Lebon
0c48769de3 bin: Better handle --
We would stop passing through `--` and args after it to the underlying
command in `ostree_run`. This made it impossible to use `--` to tell the
parser that following args starting with `-` really are positional.

AFAICT, that logic for `--` here came from a time when we parse options
manually in a big loop, in which case breaking out made sense (see
97558276e4).

There's an extra step here, which is that glib by default leaves the
`--` in the list of args, so we need to take care to remove it from the
list after parsing.

Closes: #1898

Closes: #1899
Approved by: rfairley
2019-08-14 12:31:10 +00:00
Colin Walters
ab73d9f525 admin/init-fs: Add a --modern switch
This skips creating the default stuff in the physical sysroot.
I don't recall why I did that to be honest; it originated with
the first commit of this file.  It might not have ever been
necessary.

In any case, it's not necessary now with Fedora CoreOS, so
prune it and let's have a clean `/`.

Keep the old behavior by default though to avoid breaking anyone.

Closes: #1894
Approved by: ajeddeloh
2019-08-08 20:02:11 +00:00
Denis Pynkin
4c8b0ac255 tests/test-repo-finder-mount: skip some tests if GPG is not supported
`ostree_repo_resolve_keyring_for_collection()` function fail the tests
if there is no GPG support.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Denis Pynkin
3767d87107 tests/gpg: fix GPG-dependent shell tests if no GPG support
Skip tests or run them without GPG-related functionality if GPGME
wasn't enabled in a build time.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Denis Pynkin
453ce83379 tests/gpg: fix the check of GPG support
Shell function `has_gpgme` shouldn't exit if GPG support is not detected
since it stop any test with error.

Added function `skip_without_gpgme` to skip the whole test if it is
useless without GPG support

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Closes: #1889
Approved by: cgwalters
2019-08-01 02:06:47 +00:00
Jonathan Lebon
9332830e09 lib/pull: Allow downgrade protection with overrides
There's a valid use case for enabling the timestamp downgrade check
while still also using override commits.

We'll make use of this in Fedora CoreOS, where the agent specifies the
exact commit to upgrade to, while still enforcing that it be newer.

Closes: #1891
Approved by: cgwalters
2019-07-29 13:58:29 +00:00
Dan Nicholson
d2a9c8604e tests/gpg: Skip tests when subkeys can't be expired
The ability to expire subkeys using gpg's --quick-set-expire is only
available on gnupg 2.1.22. If expiring a subkey fails, assume this is
why and skip the tests that require it but run the actions that the
subsequent tests depend on. This was failing on the Debian Stretch CI
tests since stretch has gnupg 2.1.18.

Closes: #1892
Approved by: jlebon
2019-07-27 03:20:21 +00:00
Dan Nicholson
8ac348d19a tests/gpg: Use exit hook to kill agent in temporary GPG homedir
This wasn't available when I originally wrote this, but it ensures that
the running gpg-agent in tmpgpghome is killed in case the tests exit
early.

Closes: #1892
Approved by: jlebon
2019-07-27 03:20:21 +00:00
Dan Nicholson
615861443b tests/sizes.js: Fix byte array unpacking
Recent GJS changed how byte arrays are unpacked with some assumptions
that they are likely strings. Manually use get_child_value() and
get_byte() to ensure the correct value is parsed when checking the
`ostree.sizes` metadata.

The upstream test is currently passing fine with GJS 1.56.2, but at
Endless we (unfortunately) have a downstream change that adds the object
type as an additional byte in the array. This is parsed incorrectly by
`deep_unpack()`. We can carry this patch downstream, but this change
makes the test more robust regardless.

Closes: #1884
Approved by: cgwalters
2019-07-23 12:49:26 +00:00
Dan Nicholson
2312caad76 tests/sizes: Fix call to commit_transaction()
The GIR for commit_transaction() only has a single argument for the
GCancellable. Calling it with 2 arguments prints a GJS warning:

Gjs-Message: 15:37:40.287: JS WARNING: [/home/dan/src/ostree/tests/test-sizes.js 56]: Too many arguments to method OSTree.Repo.commit_transaction: expected 1, got 2

Currently this is harmless, but it could become a hard error in GJS at
some point.

Closes: #1884
Approved by: cgwalters
2019-07-23 12:49:26 +00:00
Dan Nicholson
abb173352d tests: Always cleanup gpg-agent when exiting
Add `libtest_cleanup_gpg()` to the array of commands to run when
exiting. This provides 2 improvements:

1. You don't need to worry about whether the test will spawn a gpg-agent
   and therefore require adding a call to `libtest_cleanup_gpg()`.

2. All the existing users were calling `libtest_cleanup_gpg()` at the
   end of the script. If there was a failure and the script exited
   early, then it wouldn't cleanup and there may be a stray gpg-agent
   hanging around.

Closes: #1799
Approved by: cgwalters
2019-06-19 17:30:24 +00:00
Dan Nicholson
0dd27bbf4b tests/libtest: Allow appending actions to be run on EXIT
Currently if a test script adds a trap on `EXIT` to run some cleanup, it
will stomp on the existing trap to run `save_core()`. Allow for scripts
to append actions that will run on exit by introducing an array that
will be iterated over by a single exit runner.

Closes: #1799
Approved by: cgwalters
2019-06-19 17:30:24 +00:00
Dan Nicholson
0c63f30783 tests/test-gpg-signed-commit: Test more key states
Extend test-gpg-signed-commit.sh to test various key states. If gpg is
found that supports the required options, keys will be generated on the
fly and changed in various ways to exercise the output from
`ostree_gpg_verify_result_describe_variant` used in `ostree show`.

I tested this using gnupg 2.2.12, so I hope it works well enough on
various gpgs found in the wild.

Closes: #1872
Approved by: cgwalters
2019-06-19 17:17:11 +00:00
Dan Nicholson
d8649f4d56 tests/libtest: Allow specifying GPG homedir to cleanup
In case the tests want to use a custom GPG homedir, allow passing in the
homedir to use when cleaning up a running gpg-agent.

Closes: #1872
Approved by: cgwalters
2019-06-19 17:17:11 +00:00