IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- First I kept wondering what the magic of 10000 was here before
looking above and noticing it matched the number of dtb files.
Make a shared variable so the connection is more obvious
- Next, I *believe* the intention of this test was to test
the edge case of bytes vs blocks, but we ended up subtracting
blocks and I think recent FCOS images happened to get small
enough that we started going negative here.
Fix this to convert the bytes into blocks.
The current "ed25519" signing type assumes raw Ed25519 key format for
both public and private keys. This patch generalizes it by adding a
new signature type "spki" which uses the X.509 SubjectPublicKeyInfo
format for public keys. Keys in this format can easily be created with
openssl tools and provide crypto agility[1] as the format embeds
algorithm identifier.
The supposed use-case of this feature is to attach multiple signatures
with different algorithms to a single commit, so even if an algorithm
turned vulnerable, the signatures made with other algorithms can still
be used as a fallback. For instance, signer can create an Ed25519
signature along with a quantum-resistent ML-DSA signature.
The following are a couple of implementation notes:
- The private keys shall be stored in the PKCS#8 format, though future
extensions may support other format such as opaque key handles on a
hardware token.
- The "spki" signature type prefers the keys to be encoded in the PEM
format on disk, while it still accepts base64 encoded keys when given
through the command-line.
1. https://en.wikipedia.org/wiki/Cryptographic_agility
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This adds a new class OstreePemReader, which reads PEM blocks from an
input stream. This would be useful for the "x509" signing backend, as
the keys are typically stored in the PEM format.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
This defines a new interface OstreeBlobReader, which encapsulates the
key file parsing logic. This would make it easy to support custom file
formats such as PEM.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
We saw this in an error message:
```
error: Generating commit from rootfs: syncfs: Not a directory
```
I'm pretty sure it's this function call but let's be a bit
more sure by adding a bit more context.
Grub doesn't support replaying XFS journal, so when using
XFS for /boot, fsync() or syncfs() are not enough and can
leave the system in an unbootable state.
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This effectively reverts ac1a919f ("boot: Add
ostree-finalize-staged.path").
A bug came in on the OCP side that demonstrates that the way things are
setup right now is racy. If a reboot is triggered quickly after staging
a deployment, the whole pipeline of:
- ostree-finalize-staged.path, which triggers
- ostree-finalize-staged.service, which triggers
- ostree-finalize-staged-hold.service,
may not fully have happened before systemd isolates to `reboot.target`
which will want to kill all pending jobs.
Just directly starting the systemd unit is less elegant but much more
explicit and gets rid of any possible race because it's directly part of
the staging operation.
Fixes: https://issues.redhat.com/browse/OCPBUGS-51150
Previously we were erroring out if xattrs were provided in
non-canonical (e.g. unsorted) form all the way down to just
the bare-user path. But for archive repos and dirmeta we
canonicalized.
Canonicalize bare-user xattrs on both read and write consistently
instead of erroring.
Signed-off-by: Colin Walters <walters@verbum.org>
I hit this in the rpm-ostree rechunker flow somehow
and with this change I now get:
`error: Generating commit from rootfs: Processing dir var: Writing content object: Incorrectly sorted xattr name (prev=user.Librepo.checksum.mtime, cur=security.selinux), index=2`
which is more useful, although I still need to figure out
and fix why that's happening (again?).
Signed-off-by: Colin Walters <walters@verbum.org>
This makes it possible to use pkg-config to link against libostree as
a static library. Unlike shared libraries, static libraries don't
encode their dependencies in the library file, so we have to
communicate them via pkg-config.
Let's quiet the output of libselinux by default, all we
get is the pointless "regex version mismatch" warnings.
This is what e.g. systemd does.
This is exposed via the library; our binary opts in,
then we expect higher level tools like e.g. bootc to
do this too.
Signed-off-by: Colin Walters <walters@verbum.org>
sys/prctl.h already provides prctl.h and adding both imports fails on
musl libc:
/usr/include/sys/prctl.h:88:8: error: redefinition of 'struct prctl_mm_map'
88 | struct prctl_mm_map {
| ^~~~~~~~~~~~
In file included from src/libotutil/ot-unix-utils.c:33:
/usr/include/linux/prctl.h:134:8: note: originally defined here
134 | struct prctl_mm_map {
| ^~~~~~~~~~~~
Fix issues in Dockerfile:
1. Update Fedora image to the latest version 41, otherwise docker build
fails with an error:
Step 1/7 : FROM registry.fedoraproject.org/fedora:28
manifest for registry.fedoraproject.org/fedora:28 not found: manifest unknown: manifest unknown
2. Force install python3-yaml package, as it's required for running some
tests. For example, tests/test-remote-headers.sh will fail without
it:
V=$($CMD_PREFIX ostree --version | \
python3 -c 'import sys, yaml; print(yaml.safe_load(sys.stdin)["libostree"]["Version"])')
Traceback (most recent call last):
File "<string>", line 1, in <module>
import sys, yaml; print(yaml.safe_load(sys.stdin)["libostree"]["Version"])
^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named 'yaml'
With these fixes `make check` executes successfully in a container:
============================================================================
Testsuite summary for libostree 2024.11
============================================================================
TOTAL: 935
PASS: 888
SKIP: 47
XFAIL: 0
FAIL: 0
XPASS: 0
ERROR: 0
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
