summaryrefslogtreecommitdiff
path: root/src/ostree/ot-builtin-commit.c
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2020-04-05 22:23:39 +0000
committerColin Walters <walters@verbum.org>2020-04-06 19:28:51 +0000
commit329a82c57e954392a2b33e60bcb8163892064205 (patch)
treeb40376a7b7ba95ffac848ab7076581f09ed1d6e2 /src/ostree/ot-builtin-commit.c
parenta16fe86b3695a997bab7814d9de63f7e09f07e93 (diff)
downloadostree-329a82c57e954392a2b33e60bcb8163892064205.tar.gz
commit: Add --base argument
I was trying to followup the `--selinux-policy-from-base` work to add a `cosa build --fast=overlay` for coreos-assembler, but hit on the fact that using e.g. `--owner-uid` disables commit optimizations. A while ago, https://github.com/ostreedev/ostree/pull/1643 landed which optimized this for the case where no modifications are provided. But, we really need the SELinux policy bits, and it's super convenient to run `ostree commit` as non-root. It's fairly surprising actually that it's taken us so long to iterate on a good interface for this "commit changes on top of a base" model. In practice, many nontrivial cases really end up needing to do a (hardlink) checkout, and that case is optimized. But for this coreos-assembler work I want to directly overlay onto a commit object another commit object. That previous PR above added exactly the API we need, so let's expose it in the CLI. What you can see happening in the test is that we provide `--owner-uid 42`, but that only applies to directories/files that were added in the commit. And now that I look at this, I think what we really want here is to avoid changing directories that exist in the base, but eh; in practice the main use here is for `--owner-uid 0` while committing as non-root; and that works fine with this since the baseline uid will be zero as well.
Diffstat (limited to 'src/ostree/ot-builtin-commit.c')
-rw-r--r--src/ostree/ot-builtin-commit.c29
1 files changed, 28 insertions, 1 deletions
diff --git a/src/ostree/ot-builtin-commit.c b/src/ostree/ot-builtin-commit.c
index 606af2be..72fa2841 100644
--- a/src/ostree/ot-builtin-commit.c
+++ b/src/ostree/ot-builtin-commit.c
@@ -58,6 +58,7 @@ static gboolean opt_selinux_policy_from_base;
static gboolean opt_canonical_permissions;
static gboolean opt_consume;
static gboolean opt_devino_canonical;
+static char *opt_base;
static char **opt_trees;
static gint opt_owner_uid = -1;
static gint opt_owner_gid = -1;
@@ -101,6 +102,7 @@ static GOptionEntry options[] = {
{ "orphan", 0, 0, G_OPTION_ARG_NONE, &opt_orphan, "Create a commit without writing a ref", NULL },
{ "no-bindings", 0, 0, G_OPTION_ARG_NONE, &opt_no_bindings, "Do not write any ref bindings", NULL },
{ "bind-ref", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_bind_refs, "Add a ref to ref binding commit metadata", "BRANCH" },
+ { "base", 0, 0, G_OPTION_ARG_STRING, &opt_base, "Start from the given commit as a base (no modifiers apply)" },
{ "tree", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_trees, "Overlay the given argument as a tree", "dir=PATH or tar=TARFILE or ref=COMMIT" },
{ "add-metadata-string", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_strings, "Add a key/value pair to metadata", "KEY=VALUE" },
{ "add-metadata", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_variants, "Add a key/value pair to metadata, where the KEY is a string, an VALUE is g_variant_parse() formatted", "KEY=VALUE" },
@@ -600,7 +602,32 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio
if (opt_link_checkout_speedup && !ostree_repo_scan_hardlinks (repo, cancellable, error))
goto out;
- mtree = ostree_mutable_tree_new ();
+ if (opt_base)
+ {
+ g_autofree char *base_commit = NULL;
+ g_autoptr(GFile) root = NULL;
+ if (!ostree_repo_read_commit (repo, opt_base, &root, &base_commit, cancellable, error))
+ goto out;
+ OstreeRepoFile *rootf = (OstreeRepoFile*) root;
+
+ mtree = ostree_mutable_tree_new_from_checksum (repo,
+ ostree_repo_file_tree_get_contents_checksum (rootf),
+ ostree_repo_file_tree_get_metadata_checksum (rootf));
+
+ if (opt_selinux_policy_from_base)
+ {
+ g_assert (modifier);
+ if (!ostree_repo_commit_modifier_set_sepolicy_from_commit (modifier, repo, base_commit, cancellable, error))
+ goto out;
+ /* Don't try to handle it twice */
+ opt_selinux_policy_from_base = FALSE;
+ }
+ }
+ else
+ {
+ mtree = ostree_mutable_tree_new ();
+ }
+
/* Convert implicit . or explicit path via argv into
* --tree=dir= so that we only have one primary code path below.