mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-25 10:04:14 +03:00
2cfa8aba72
The explanation of sysroot.readonly is a little confusing - we say that "everything else is mounted read-only" but it's perhaps clearer to say /sysroot is mounted read-only. Also note that read-only is the default with composefs. Finally, document the option in ostree.repo-config even though it is now considered legacy - as of commit 22b8e4f9 (#2930) - it is still commonly seen in repo configs, so users will look to understand what it means.
520 lines
21 KiB
XML
520 lines
21 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||
|
||
<!--
|
||
Copyright 2014 Colin Walters <walters@verbum.org>
|
||
|
||
SPDX-License-Identifier: LGPL-2.0+
|
||
|
||
This library is free software; you can redistribute it and/or
|
||
modify it under the terms of the GNU Lesser General Public
|
||
License as published by the Free Software Foundation; either
|
||
version 2 of the License, or (at your option) any later version.
|
||
|
||
This library is distributed in the hope that it will be useful,
|
||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
Lesser General Public License for more details.
|
||
|
||
You should have received a copy of the GNU Lesser General Public
|
||
License along with this library. If not, see <https://www.gnu.org/licenses/>.
|
||
-->
|
||
|
||
<refentry id="ostree.repo-config">
|
||
|
||
<refentryinfo>
|
||
<title>ostree.repo-config</title>
|
||
<productname>OSTree</productname>
|
||
|
||
<authorgroup>
|
||
<author>
|
||
<contrib>Developer</contrib>
|
||
<firstname>Colin</firstname>
|
||
<surname>Walters</surname>
|
||
<email>walters@verbum.org</email>
|
||
</author>
|
||
</authorgroup>
|
||
</refentryinfo>
|
||
|
||
<refmeta>
|
||
<refentrytitle>ostree.repo-config</refentrytitle>
|
||
<manvolnum>5</manvolnum>
|
||
</refmeta>
|
||
|
||
<refnamediv>
|
||
<refname>ostree.repo-config</refname>
|
||
<refpurpose>OSTree repository configuration</refpurpose>
|
||
</refnamediv>
|
||
|
||
<refsect1>
|
||
<title>Description</title>
|
||
|
||
<para>
|
||
The <filename>config</filename> file in an OSTree
|
||
repository is a "keyfile" in the <ulink
|
||
url="http://standards.freedesktop.org/desktop-entry-spec/latest/">XDG
|
||
Desktop Entry Specification</ulink> format. It has
|
||
several global flags, as well as zero or more remote
|
||
entries which describe how to access remote
|
||
repositories.
|
||
</para>
|
||
|
||
<para>
|
||
See <citerefentry><refentrytitle>ostree.repo</refentrytitle><manvolnum>5</manvolnum></citerefentry> for more information
|
||
about OSTree repositories.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[core] Section Options</title>
|
||
|
||
<para>
|
||
Repository-global options. The following entries are defined:
|
||
</para>
|
||
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term><varname>mode</varname></term>
|
||
<listitem><para>One of <literal>bare</literal>, <literal>bare-user</literal>, <literal>bare-user-only</literal>, or <literal>archive-z2</literal> (note that <literal>archive</literal> is used everywhere else.)</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>repo_version</varname></term>
|
||
<listitem><para>Currently, this must be set to <literal>1</literal>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>auto-update-summary</varname></term>
|
||
<listitem><para>Boolean value controlling whether or not to
|
||
automatically update the summary file after any ref is added,
|
||
removed, or updated. Other modifications which may render a
|
||
summary file stale (like static deltas, or collection IDs) do
|
||
not currently trigger an auto-update.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>commit-update-summary</varname></term>
|
||
<listitem><para>This option is deprecated. Use
|
||
<literal>auto-update-summary</literal> instead, for which this
|
||
option is now an alias.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>fsync</varname></term>
|
||
<listitem><para>Boolean value controlling whether or not to
|
||
ensure files are on stable storage when performing operations
|
||
such as commits, pulls, and checkouts. Defaults to
|
||
<literal>true</literal>.</para>
|
||
<para>
|
||
If you disable fsync, OSTree will no longer be robust
|
||
against kernel crashes or power loss.
|
||
</para>
|
||
<para>
|
||
You might choose to disable this for local development
|
||
repositories, under the assumption they can be recreated from
|
||
source. Similarly, you could disable for a mirror where you could
|
||
re-pull.
|
||
</para>
|
||
<para>
|
||
For the system repository, you might choose to disable fsync
|
||
if you have uninterruptable power supplies and a well tested
|
||
kernel.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>per-object-fsync</varname></term>
|
||
<listitem><para>By default, OSTree will batch fsync() after
|
||
writing everything; however, this can cause latency spikes
|
||
for other processes which are also invoking fsync().
|
||
Turn on this boolean to reduce potential latency spikes,
|
||
at the cost of slowing down OSTree updates. You most
|
||
likely want this on by default for "background" OS updates.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>min-free-space-percent</varname></term>
|
||
<listitem>
|
||
<para>
|
||
Integer percentage value (0-99) that specifies a minimum percentage
|
||
of total space (in blocks) in the underlying filesystem to keep
|
||
free. The default value is 3, which is enforced when neither this
|
||
option nor <varname>min-free-space-size</varname> are set.
|
||
</para>
|
||
<para>
|
||
If <varname>min-free-space-size</varname> is set to a non-zero
|
||
value, <varname>min-free-space-percent</varname> is ignored. Note
|
||
that, <varname>min-free-space-percent</varname> is not enforced on
|
||
metadata objects. It is assumed that metadata objects are relatively
|
||
small in size compared to content objects and thus kept outside the
|
||
scope of this option.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>min-free-space-size</varname></term>
|
||
<listitem>
|
||
<para>
|
||
Value (in power-of-2 MB, GB or TB) that specifies a minimum space
|
||
in the underlying filesystem to keep free. Examples of acceptable
|
||
values: <literal>500MB</literal> (524 288 000 bytes),
|
||
<literal>1GB</literal> (1 073 741 824 bytes),
|
||
<literal>1TB</literal> (1 099 511 627 776 bytes).
|
||
</para>
|
||
<para>
|
||
If this option is set to a non-zero value, and
|
||
<varname>min-free-space-percent</varname> is also set, this option
|
||
takes priority. Note that, <varname>min-free-space-size</varname> is
|
||
not enforced on metadata objects. It is assumed that metadata objects
|
||
are relatively small in size compared to content objects and thus kept
|
||
outside the scope of this option.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>add-remotes-config-dir</varname></term>
|
||
<listitem>
|
||
<para>
|
||
Boolean value controlling whether new remotes will be added
|
||
in the remotes configuration directory. Defaults to
|
||
<literal>true</literal> for system ostree repositories. When
|
||
this is <literal>false</literal>, remotes will be added in
|
||
the repository's <filename>config</filename> file.
|
||
</para>
|
||
<para>
|
||
This only applies to repositories that use a remotes
|
||
configuration directory such as system ostree repositories,
|
||
which use <filename>/etc/ostree/remotes.d</filename>.
|
||
Non-system repositories do not use a remotes configuration
|
||
directory unless one is specified when the repository is
|
||
opened.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>payload-link-threshold</varname></term>
|
||
<listitem><para>An integer value that specifies a minimum file size for creating
|
||
a payload link. By default it is disabled.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>collection-id</varname></term>
|
||
<listitem><para>A reverse DNS domain name under your control, which enables peer
|
||
to peer distribution of refs in this repository. See the
|
||
<literal>--collection-id</literal> section in
|
||
<citerefentry><refentrytitle>ostree-init</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>locking</varname></term>
|
||
<listitem><para>Boolean value controlling whether or not OSTree does
|
||
repository locking internally. This uses file locks and is
|
||
hence for multiple process exclusion (e.g. Flatpak and OSTree
|
||
writing to the same repository separately). This is enabled by
|
||
default since 2018.5.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>lock-timeout-secs</varname></term>
|
||
<listitem><para>Integer value controlling the number of seconds to
|
||
block while attempting to acquire a lock (see above). A value
|
||
of -1 means block indefinitely. The default value is 300. This timeout
|
||
is now regarded as a mistake; because it's likely to cause flakes.
|
||
It's recommended to set it to -1, and have timeouts at a higher application
|
||
level if desired.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>default-repo-finders</varname></term>
|
||
<listitem><para>Semicolon separated default list of finders (sources
|
||
for refs) to use when pulling. This can be used to disable
|
||
pulling from mounted filesystems, peers on the local network,
|
||
or the Internet. However note that it only applies when a set
|
||
of finders isn't explicitly specified, either by a consumer of
|
||
libostree API or on the command line. Possible values:
|
||
<literal>config</literal>, <literal>lan</literal>, and
|
||
<literal>mount</literal> (or any combination thereof). If unset, this
|
||
defaults to <literal>config;mount;</literal> (since the LAN finder is
|
||
costly).
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>no-deltas-in-summary</varname></term>
|
||
<listitem><para>Boolean value controlling whether OSTree should skip
|
||
putting an index of available deltas in the summary file. Defaults to false.
|
||
</para>
|
||
<para>
|
||
Since 2020.7 OSTree can use delta indexes outside the summary file,
|
||
making the summary file smaller (especially for larger repositories). However
|
||
by default we still create the index in the summary file to make older clients
|
||
work. If you know all clients will be 2020.7 later you can enable this to
|
||
save network bandwidth.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[remote "name"] Section Options</title>
|
||
|
||
<para>
|
||
Describes a remote repository location.
|
||
</para>
|
||
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term><varname>url</varname></term>
|
||
<listitem><para>Must be present; declares URL for accessing metadata and
|
||
content for remote. See also <literal>contenturl</literal>. The
|
||
supported schemes are documented below.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>contenturl</varname></term>
|
||
<listitem><para>Declares URL for accessing content (filez, static delta
|
||
parts). When specified, <literal>url</literal> is used just for
|
||
metadata: summary, static delta "superblocks".</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>branches</varname></term>
|
||
<listitem><para>A list of strings. Represents the default configured
|
||
branches to fetch from the remote when no specific branches are
|
||
requested during a pull operation.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>proxy</varname></term>
|
||
<listitem><para>A string value, if given should be a URL for a
|
||
HTTP proxy to use for access to this repository.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>gpg-verify</varname></term>
|
||
<listitem><para>A boolean value, defaults to true.
|
||
Controls whether or not OSTree will require commits to be
|
||
signed by a known GPG key. For more information, see the
|
||
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
manual under GPG.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>gpg-verify-summary</varname></term>
|
||
<listitem><para>A boolean value, defaults to false.
|
||
Controls whether or not OSTree will check if the summary
|
||
is signed by a known GPG key.
|
||
For more information, see the <citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
manual under GPG.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>tls-permissive</varname></term>
|
||
<listitem><para>A boolean value, defaults to false. By
|
||
default, server TLS certificates will be checked against the
|
||
system certificate store. If this variable is set, any
|
||
certificate will be accepted.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>tls-client-cert-path</varname></term>
|
||
<listitem><para>Path to file for client-side certificate, to present when making requests to this repository.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>tls-client-key-path</varname></term>
|
||
<listitem><para>Path to file containing client-side certificate key, to present when making requests to this repository.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>tls-ca-path</varname></term>
|
||
<listitem><para>Path to file containing trusted anchors instead of the system CA database.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>http2</varname></term>
|
||
<listitem><para>A boolean value, defaults to true. By
|
||
default, libostree will use HTTP2; setting this to <literal>false</literal>
|
||
will disable it. May be useful to work around broken servers.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>unconfigured-state</varname></term>
|
||
<listitem><para>If set, pulls from this remote will fail with the configured text. This is intended for OS vendors which have a subscription process to access content.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>custom-backend</varname></term>
|
||
<listitem><para>If set, pulls from this remote via libostree will fail with an error that mentions the value.
|
||
It is recommended to make this a software identifier token (e.g. "examplecorp-fetcher"), not freeform text ("ExampleCorp Fetcher").
|
||
This is intended to be used by higher level software that wants to fetch ostree commits via some other mechanism, while still reusing the core libostree infrastructure around e.g. signatures.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
</variablelist>
|
||
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[sysroot] Section Options</title>
|
||
|
||
<para>
|
||
Options for the sysroot, which contains the OSTree repository,
|
||
deployments, and stateroots. The following entries are defined:
|
||
</para>
|
||
|
||
<variablelist>
|
||
|
||
<varlistentry>
|
||
<term><varname>readonly</varname></term>
|
||
<listitem><para>A boolean value. If this is set to <literal>true</literal>, then the
|
||
<literal>/sysroot</literal> mount point is mounted read-only. This is configured a
|
||
legacy repository configuration and the equivalent option in <literal>ostree/prepare-root.conf</literal>
|
||
should be used instead - see <citerefentry><refentrytitle>ostree-prepare-root</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>bootloader</varname></term>
|
||
<listitem><para>Configure the bootloader that OSTree uses when
|
||
deploying the sysroot. This may take the values
|
||
<literal>bootloader=none</literal>, <literal>bootloader=auto</literal>,
|
||
<literal>bootloader=grub2</literal>, <literal>bootloader=syslinux</literal>,
|
||
<literal>bootloader=uboot</literal> or <literal>bootloader=zipl</literal>.
|
||
Default is <literal>auto</literal>.
|
||
</para>
|
||
<para>
|
||
If <literal>none</literal>, then OSTree will generate only BLS (Boot
|
||
Loader Specification) fragments in <literal>sysroot/boot/loader/entries/</literal>
|
||
for the deployment.
|
||
</para>
|
||
<para>
|
||
If <literal>auto</literal>, then in addition to generating BLS
|
||
fragments, OSTree will dynamically check for the existence of grub2,
|
||
uboot, and syslinux bootloaders. If one of the bootloaders is found,
|
||
then OSTree will generate a config for the bootloader found. For
|
||
example, <literal>grub2-mkconfig</literal> is run for the grub2 case.
|
||
</para>
|
||
<para>
|
||
A specific bootloader type may also be explicitly requested by choosing
|
||
<literal>grub2</literal>, <literal>syslinux</literal>, <literal>uboot</literal> or
|
||
<literal>zipl</literal>.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>bls-append-except-default</varname></term>
|
||
<listitem><para>A semicolon seperated string list of key-value pairs. For example:
|
||
<literal>bls-append-except-default=key1=value1;key2=value2</literal>. These key-value
|
||
pairs will be injected into the generated BLS fragments of the non-default deployments.
|
||
In other words, the BLS fragment of the default deployment will be unaffected by
|
||
<literal>bls-append-except-default</literal>.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><varname>bootprefix</varname></term>
|
||
<listitem><para>A boolean value; defaults to false. If set to true, the bootloader entries
|
||
generated will include <literal>/boot</literal> as a prefix. This will likely be turned
|
||
on by default in the future.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
</variablelist>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>[ex-integrity] Section Options</title>
|
||
|
||
<para>
|
||
The "ex-" prefix here signifies experimental options. The <literal>ex-integrity</literal> section
|
||
contains options related to system integrity. Information about experimental
|
||
options is canonically found in upstream tracking issues.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>/etc/ostree/remotes.d</title>
|
||
|
||
<para>
|
||
In addition to the <filename>/ostree/repo/config</filename>
|
||
file, remotes may also be specified in
|
||
<filename>/etc/ostree/remotes.d</filename>. The remote
|
||
configuration file must end in <literal>.conf</literal>; files
|
||
whose name does not end in <literal>.conf</literal> will be
|
||
ignored.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Repository url/contenturl</title>
|
||
<para>
|
||
Originally, OSTree had just a <literal>url</literal> option
|
||
for remotes. Since then, the <literal>contenturl</literal>
|
||
option was introduced. Both of these support
|
||
<literal>file</literal>, <literal>http</literal>, and
|
||
<literal>https</literal> schemes.
|
||
</para>
|
||
<para>
|
||
Additionally, both of these can be prefixed with the string
|
||
<literal>mirrorlist=</literal>, which instructs the client
|
||
that the target url is a "mirrorlist" format, which is
|
||
a plain text file of newline-separated URLs. Earlier
|
||
URLs will be given precedence.
|
||
</para>
|
||
<para>
|
||
Note that currently, the <literal>tls-ca-path</literal> and
|
||
<literal>tls-client-cert-path</literal> options apply to every HTTP
|
||
request, even when <literal>contenturl</literal> and/or
|
||
<literal>mirrorlist</literal> are in use. This may change in the future to
|
||
only apply to metadata (i.e. <literal>url</literal>, not
|
||
<literal>contenturl</literal>) fetches.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Per-remote GPG keyrings and verification</title>
|
||
<para>
|
||
OSTree supports a per-remote GPG keyring, as well as a
|
||
<literal>gpgkeypath</literal> option. For more information see
|
||
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||
in the section <literal>GPG verification</literal>.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Per-remote HTTP cookies</title>
|
||
<para>
|
||
Some content providers may want to control access to remote
|
||
repositories via HTTP cookies. The <command>ostree remote
|
||
add-cookie</command> and <command>ostree remote
|
||
delete-cookie</command> commands will update a per-remote
|
||
lookaside cookie jar, named
|
||
<filename>$remotename.cookies.txt</filename>.
|
||
</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>See Also</title>
|
||
<para>
|
||
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>ostree.repo</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
</para>
|
||
</refsect1>
|
||
</refentry>
|