daa57b4630
Normally, a configured remote will only serve refs with one associated collection ID, but temporary remotes such as USB drives or LAN peers can serve refs from multiple collection IDs which may use different GPG keyrings. So the OstreeRepoFinderMount and OstreeRepoFinderAvahi classes create dynamic OstreeRemote objects for each (uri, keyring) pair. So if for example the USB mounted at /mnt/usb serves content from the configured remotes "eos-apps" and "eos-sdk", the OstreeRepoFinderResult array returned by ostree_repo_find_remotes_async() will have one result with a remote called something like file_mnt_usb_eos-apps.trustedkeys.gpg and the list of refs on the USB that came from eos-apps, and another result with a remote file_mnt_usb_eos-sdk.trustedkeys.gpg and the list of refs from eos-sdk. Unfortunately while OstreeRepoFinderMount and OstreeRepoFinderAvahi correctly only include refs in a result if the ref uses the associated keyring, the find_remotes_cb() function used to clean up the set of results looks at the remote summary file and includes every ref that's in the intersection with the requested refs, regardless of whether it uses a different remote's keyring. This leads to an error when you try to pull from a USB containing refs from different collection IDs: the pull using the wrong collection ID will error out with "Refspec not found" and the result with the correct keyring will then be ignored "as it has no relevant refs or they have already been pulled." So the pull ultimately fails. This commit fixes the issue by filtering refs coming from a dynamic remote, so that only ones with the collection ID associated with the keyring remote are examined. This only needs to be done for dynamic remotes because you should be able to pull any ref from a configured remote using its keyring. It's also only done when looking at the collection map in the summary file, because LAN/USB remotes won't have a "main" collection ID set (OSTREE_SUMMARY_COLLECTION_ID). Closes: #1695 Approved by: pwithnall
libostree
New! See the docs online at Read The Docs (OSTree)
This project is now known as "libostree", though it is still appropriate to use the previous name: "OSTree" (or "ostree"). The focus is on projects which use libostree's shared library, rather than users directly invoking the command line tools (except for build systems). However, in most of the rest of the documentation, we will use the term "OSTree", since it's slightly shorter, and changing all documentation at once is impractical. We expect to transition to the new name over time.
As implied above, libostree is both a shared library and suite of command line tools that combines a "git-like" model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration.
The core OSTree model is like git in that it checksums individual files and has a content-addressed-object store. It's unlike git in that it "checks out" the files via hardlinks, and they thus need to be immutable to prevent corruption. Therefore, another way to think of OSTree is that it's just a more polished version of Linux VServer hardlinks.
Features:
- Transactional upgrades and rollback for the system
- Replicating content incrementally over HTTP via GPG signatures and "pinned TLS" support
- Support for parallel installing more than just 2 bootable roots
- Binary history on the server side (and client)
- Introspectable shared library API for build and deployment systems
- Flexible support for multiple branches and repositories, supporting projects like flatpak which use libostree for applications, rather than hosts.
Projects using OSTree
meta-updater is a layer available for OpenEmbedded systems.
QtOTA is Qt's over-the-air update framework which uses libostree.
rpm-ostree is a next-generation hybrid package/image system for Fedora and CentOS, used by the Atomic Host project. By default it uses libostree to atomically replicate a base OS (all dependency resolution is done on the server), but it supports "package layering", where additional RPMs can be layered on top of the base. This brings a "best of both worlds"" model for image and package systems.
flatpak uses libostree for desktop application containers. Unlike most of the other systems here, flatpak does not use the "libostree host system" aspects (e.g. bootloader management), just the "git-like hardlink dedup". For example, flatpak supports a per-user OSTree repository.
Endless OS uses libostree for their host system as well as flatpak. See their eos-updater and deb-ostree-builder projects.
GNOME Continuous is where OSTree was born - as a high performance continuous delivery/testing system for GNOME.
The BuildStream build and integration tool uses libostree as a caching system to store and share built artifacts.
Building
Releases are available as GPG signed git tags, and most recent versions support extended validation using git-evtag.
However, in order to build from a git clone, you must update the submodules. If you're packaging OSTree and want a tarball, I recommend using a "recursive git archive" script. There are several available online; this code in OSTree is an example.
Once you have a git clone or recursive archive, building is the same as almost every autotools project:
git submodule update --init
env NOCONFIGURE=1 ./autogen.sh
./configure --prefix=...
make
make install DESTDIR=/path/to/dest
More documentation
New! See the docs online at Read The Docs (OSTree)
Contributing
See Contributing.
Licensing
The licensing for the code of libostree can be canonically found in the individual files; and the overall status in the COPYING file in the source. Currently, that's LGPLv2+. This also covers the man pages and API docs.
The license for the manual documentation in the doc/ directory is:
SPDX-License-Identifier: (CC-BY-SA-3.0 OR GFDL-1.3-or-later)
This is intended to allow use by Wikipedia and other projects.
In general, files should have a SPDX-License-Identifier and that is canonical.