diff options
| author | Colin Walters <walters@verbum.org> | 2016-03-18 15:32:58 -0400 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2016-03-23 11:09:09 -0400 |
| commit | 09238da065e8a442dcffdd1f8d906f4330a6e032 (patch) | |
| tree | 417acc768c5364d286f02f18a9da6ca0aa1680a4 /src/libostree/ostree-deployment.c | |
| parent | 0b1d301d81a36c010b4b56f3e6320420b8344305 (diff) | |
| download | ostree-09238da065e8a442dcffdd1f8d906f4330a6e032.tar.gz | |
admin: Add an `unlock` command, and libostree API
I'm trying to improve the developer experience on OSTree-managed
systems, and I had an epiphany the other day - there's no reason we
have to be absolutely against mutating the current rootfs live. The
key should be making it easy to rollback/reset to a known good state.
I see this command as useful for two related but distinct workflows:
- `ostree admin unlock` will assume you're doing "development". The
semantics hare are that we mount an overlayfs on `/usr`, but the
overlay data is in `/var/tmp`, and is thus discarded on reboot.
- `ostree admin unlock --hotfix` first clones your current deployment,
then creates an overlayfs over `/usr` persistent
to this deployment. Persistent in that now the initramfs switchroot
tool knows how to mount it as well. In this model, if you want
to discard the hotfix, at the moment you roll back/reboot into
the clone.
Note originally, I tried using `rofiles-fuse` over `/usr` for this,
but then everything immediately explodes because the default (at least
CentOS 7) SELinux policy denies tons of things (including `sshd_t`
access to `fusefs_t`). Sigh.
So the switch to `overlayfs` came after experimentation. It still
seems to have some issues...specifically `unix_chkpwd` is broken,
possibly because it's setuid? Basically I can't ssh in anymore.
But I *can* `rpm -Uvh strace.rpm` which is handy.
NOTE: I haven't tested the hotfix path fully yet, specifically
the initramfs bits.
Diffstat (limited to 'src/libostree/ostree-deployment.c')
| -rw-r--r-- | src/libostree/ostree-deployment.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/src/libostree/ostree-deployment.c b/src/libostree/ostree-deployment.c index 3a80474e..7b93e6cc 100644 --- a/src/libostree/ostree-deployment.c +++ b/src/libostree/ostree-deployment.c @@ -23,20 +23,6 @@ #include "ostree-deployment-private.h" #include "libglnx.h" -struct _OstreeDeployment -{ - GObject parent_instance; - - int index; /* Global offset */ - char *osname; /* osname */ - char *csum; /* OSTree checksum of tree */ - int deployserial; /* How many times this particular csum appears in deployment list */ - char *bootcsum; /* Checksum of kernel+initramfs */ - int bootserial; /* An integer assigned to this tree per its ${bootcsum} */ - OstreeBootconfigParser *bootconfig; /* Bootloader configuration */ - GKeyFile *origin; /* How to construct an upgraded version of this tree */ -}; - typedef GObjectClass OstreeDeploymentClass; G_DEFINE_TYPE (OstreeDeployment, ostree_deployment, G_TYPE_OBJECT) @@ -258,6 +244,7 @@ ostree_deployment_new (int index, self->deployserial = deployserial; self->bootcsum = g_strdup (bootcsum); self->bootserial = bootserial; + self->unlocked = OSTREE_DEPLOYMENT_UNLOCKED_NONE; return self; } @@ -279,3 +266,24 @@ ostree_deployment_get_origin_relpath (OstreeDeployment *self) ostree_deployment_get_csum (self), ostree_deployment_get_deployserial (self)); } + +const char * +ostree_deployment_unlocked_state_to_string (OstreeDeploymentUnlockedState state) +{ + switch (state) + { + case OSTREE_DEPLOYMENT_UNLOCKED_NONE: + return "none"; + case OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX: + return "hotfix"; + case OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT: + return "development"; + } + g_assert_not_reached (); +} + +OstreeDeploymentUnlockedState +ostree_deployment_get_unlocked (OstreeDeployment *self) +{ + return self->unlocked; +} |