Operating system and container binary deployment and upgrades
Go to file
Colin Walters d5498a8b16 libtest: Skip FUSE if CAP_SYS_ADMIN not in bounding set
I'm not sure if something changed or there was a race condition , or
if extraterrestrials intervened to make the tests pass before, but
in the Docker container `/dev/fuse` does exist and since we appear
to be running as uid 0 it'll be writable.

We previously discussed that another requirement for FUSE (and most
setuid binaries) is having `CAP_SYS_ADMIN`, so let's check for that in
the bounding set too.

Closes: #266
Approved by: jlebon
2016-04-18 19:53:13 +00:00
apidoc Rename test-abi to test-symbols, start verifying symbols are documented 2016-04-17 13:52:07 +00:00
bsdiff@1edf9f6568 bsdiff: change submodule location 2015-03-26 23:33:07 +01:00
build-aux Add infrastructure for "make syntax-check" 2015-01-30 15:27:36 +01:00
buildutil tap-test: clean up temporary test directories as intended 2016-03-31 14:22:06 +00:00
contrib/golang contrib: indent golang code using only tabs instead of both tabs and spaces 2016-04-07 12:25:24 +00:00
docs small cleanups 2016-04-08 18:43:18 +00:00
libglnx@769522753c repo: Port -refs.c to openat() 2016-01-28 14:57:13 -05:00
man man: Elaborate on per-remote GPG 2016-04-14 16:05:52 +00:00
manual-tests Fix make syntax-check 2016-03-01 10:08:25 -05:00
packaging packaging: fix bashism in dist-snapshot target 2016-03-28 11:50:11 +00:00
src Rename test-abi to test-symbols, start verifying symbols are documented 2016-04-17 13:52:07 +00:00
tests libtest: Skip FUSE if CAP_SYS_ADMIN not in bounding set 2016-04-18 19:53:13 +00:00
.gitmodules bsdiff: change submodule location 2015-03-26 23:33:07 +01:00
.travis.yml Remove empty new lines at the EOF 2016-04-07 12:25:24 +00:00
autogen.sh build: Make gtk-doc optional 2015-06-29 16:08:51 -04:00
cfg.mk small cleanups 2016-04-08 18:43:18 +00:00
configure.ac Release 2016.5 2016-04-15 15:09:31 +00:00
CONTRIBUTING.md Rewrite manual in mkdocs 2016-01-28 09:31:37 -05:00
COPYING COPYING: Update to latest FSF with current address 2014-01-16 10:22:30 -05:00
git.mk Use git.mk 2016-04-07 12:49:40 +00:00
GNUmakefile Add infrastructure for "make syntax-check" 2015-01-30 15:27:36 +01:00
maint.mk tests: prefix invocation of ostree with where missing 2015-11-16 11:07:55 +01:00
Makefile-boot.am build: Move grub2-15_ostree back to pkglibexecdir 2016-04-11 14:30:22 +00:00
Makefile-decls.am Use git.mk 2016-04-07 12:49:40 +00:00
Makefile-libostree-defines.am build: ostree-gpg-verify-result.h is a public header, install it 2015-03-20 10:56:23 -04:00
Makefile-libostree.am deploy: Handle a read-only /boot 2016-03-21 12:49:05 -04:00
Makefile-man.am admin: Add an unlock command, and libostree API 2016-03-23 11:09:09 -04:00
Makefile-ostree.am admin: Add an unlock command, and libostree API 2016-03-23 11:09:09 -04:00
Makefile-otutil.am libotutil: Establish a place for GPG utilities 2015-05-01 10:20:34 -04:00
Makefile-switchroot.am Add support for mkinitcpio 2013-10-24 14:27:49 -04:00
Makefile-tests.am Rename test-abi to test-symbols, start verifying symbols are documented 2016-04-17 13:52:07 +00:00
Makefile.am Use git.mk 2016-04-07 12:49:40 +00:00
mkdocs.yml docs: Add a section on repository management 2016-03-29 14:10:24 +00:00
ostree.doap doap category infrastructure 2014-07-31 11:26:32 +02:00
README-historical.md README: Just link to wiki, move most of it to README-historical.md 2014-01-20 18:00:09 -05:00
README.md docs: Cleanup Markdown 2016-03-16 15:02:18 -04:00
TODO Fix repeated words. 2015-01-30 15:27:36 +01:00

OSTree

New! See the docs online at Read The Docs (OSTree)


OSTree is a tool that combines a "git-like" model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration.

OSTree is like git in that it checksums individual files and has a content-addressed-object store. It's unlike git in that it "checks out" the files via hardlinks, and they should thus be immutable. Therefore, another way to think of OSTree is that it's just a more polished version of Linux VServer hardlinks.

Features:

  • Atomic upgrades and rollback for the system
  • Replicating content incrementally over HTTP via GPG signatures and "pinned TLS" support
  • Support for parallel installing more than just 2 bootable roots
  • Binary history on the server side (and client)
  • Introspectable shared library API for build and deployment systems

This last point is important - you should think of the OSTree command line as effectively a "demo" for the shared library. The intent is that package managers, system upgrade tools, container build tools and the like use OSTree as a "deduplicating hardlink store".

Projects using OSTree

rpm-ostree is a tool that uses OSTree as a shared library, and supports committing RPMs into an OSTree repository, and deploying them on the client. This is appropriate for "fixed purpose" systems. There is in progress work for more sophisticated hybrid models, deeply integrating the RPM packaging with OSTree.

Project Atomic uses rpm-ostree to provide a minimal host for Docker formatted Linux containers. Replicating a base immutable OS, then using Docker for applications meshes together two different tools with different tradeoffs.

xdg-app uses OSTree for desktop application containers.

GNOME Continuous is a custom build system designed for OSTree, using OpenEmbedded in concert with a custom build system to do continuous delivery from hundreds of git repositories.

Building

Releases are available as GPG signed git tags, and most recent versions support extended validation using git-evtag.

However, in order to build from a git clone, you must update the submodules. If you're packaging OSTree and want a tarball, I recommend using a "recursive git archive" script. There are several available online; this code in OSTree is an example.

Once you have a git clone or recursive archive, building is the same as almost every autotools project:

env NOCONFIGURE=1 ./autogen.sh
./configure --prefix=...
make
make install DESTDIR=/path/to/dest

More documentation

New! See the docs online at Read The Docs (OSTree)

Some more information is available on the old wiki page: https://wiki.gnome.org/Projects/OSTree

Contributing

See Contributing.