| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
This is nicer than having the caller parse the commit
object, or indirect via the `OstreeRepoFile*` object of the root.
Will be used in ostree-rs-ext around tar parsing.
|
|\ \
| | |
| | | |
repo/private: allow committing/aborting through a transaction guard
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This enhances the auto-transaction logic, augmenting the scope of a
transaction guard.
It allows committing or aborting a transaction through its guard.
It also supports tracking the completion status of a transaction
guard, avoiding double commits/aborts, while retaining the auto-cleanup
logic.
|
|\ \
| |/
|/| |
|
|/
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1945274 is an issue where a privileged
kubernetes daemonset is writing a socket into `/etc`. This makes ostree upgrades barf.
Now, they should clearly move it to `/run`. However, one option is for us to
just ignore it instead of erroring out. Some brief investigation shows that
e.g. `git add somesocket` is a silent no-op, which is an argument in favor of ignoring it.
Closes: https://github.com/ostreedev/ostree/issues/2446
|
|\
| |
| | |
repo: Add an API to init `OstreeSePolicy` from commit directly
|
| |
| |
| |
| |
| | |
Came up in review
https://github.com/ostreedev/ostree/pull/2447#issuecomment-931428312
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.
It just makes more sense as a direct policy API, where it should
have been in the first place. There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
There's a general Unix philosophy that "silence is golden".
However, when one is explicitly invoking an error check it's nice
to see explicit success.
We already print various statistics, so ending with a happy
note has no extra cost.
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| | |
This updates to the modern glib 0.14 and paves the way for
some reverse dependency testing by using ostree-ext's code.
|
|\ \
| |/
|/| |
bin/commit: Fix --tree=tar with --selinux-policy
|
|/
|
|
|
|
|
|
|
|
|
|
| |
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that. Fix the imported
labeling with `--tree=tar`. Prep for use with containers.
We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.
It's a bit more code, but it's cleaner if we dis-entangle them.
|
|\
| |
| | |
two small unit test patches
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having to touch a global test counter when adding tests is
a recipe for conflicts between PRs.
The TAP protocol allows *ending* with the expected number of
tests, so the best way to do this is to have an explicit
API like our `tap_ok` which bumps a counter, then end with `tap_end`.
I ported one test as a demo.
|
|/
|
|
|
| |
We do this in other places; avoids touching two numbers when
adding tests. Let computers do the addition.
|
|\
| |
| | |
Release 2021.4
|
| | |
|
|/ |
|
|\
| |
| | |
Add support for "custom remotes"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/
Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`. (At least, not until we merge ostree-rs-ext into ostree, but
even then I think the principle stands)
|
|\ \
| | |
| | | |
repo-pull: legacy_transaction_resuming flag ignored
|
| |/
| |
| |
| |
| |
| | |
for deltafiles the legacy_transaction_resuming flag is not used,
which will mark the commit as done, even if files are missing.
using already existing commitstate_is_partial function as fix
|
|\ \
| |/
|/| |
upgrade: Stabilize deployment staging
|
|/
|
|
|
|
|
|
|
|
| |
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.
Also, `ostree admin upgrade --stage` (should) become idempotent.
Closes: https://github.com/ostreedev/ostree/issues/2389
|
|\
| |
| | |
tests: fix bare mode unprivileged 'make check'
|
| |
| |
| |
| |
| |
| | |
There are some existing issues around fsck in unprivileged bare mode,
so this test does not really work at the moment. Leaving it as a FIXME
for the moment.
|
| |
| |
| |
| |
| | |
This avoids possible issues when trying to chmod, tweaking
permissions instead.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It cannot work to use `--no-xattrs` when SELinux is enabled
because we get a `security.selinux` attribute on created files
regardless. So just skip this test if true.
Also add some `ostree fsck`s in here which helped me debug
this.
|
|/ |
|
|\
| |
| | |
Add an API to verify a commit signature explicitly
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
|
|\ \
| | |
| | | |
checkout: Also ignore xattrs for union in bare-user-only mode
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Followup to PRs related to https://github.com/ostreedev/ostree/issues/2410
Since the test suite now covers this the test was failing on
a Fedora SELinux enabled host where we see `security.selinux`
even if not in the commit.
|
|\ \ \
| | | |
| | | | |
checkout: Save errno when re-throwing
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I was seeing an `EPERM` here which was confusing.
It turned out the real error was `EEXIST`.
Since we're referring to the original error, but we do a
lot of computation in the middle, we need to save errno.
|
|\ \ \
| | | |
| | | | |
ci: Run GH action CI build+test as non-root
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
This is really the standard best practice, matching how
e.g. dpkg/rpm work, as well as most local development
environments (including mine) with e.g. `toolbox`.
|
|\ \ \
| |/ /
|/| | |
lib: Change read_commit_detached_metadata to be nullable
|
| |/
| |
| |
| | |
Hit this while working on some Rust code.
|
|\ \
| |/
|/| |
lib: improve transactions auto-cleanup logic
|
|/
|
|
|
|
|
|
|
|
| |
This fixes some aspects of OstreeRepoAutoTransaction and re-aligns
it with the logic in flatpak. Specifically:
* link to the underlying repo through refcounting
* bridge internal errors to warning messages
* verify the input pointer type
This is a preparation step before exposing this logic as a public API.
|
|\
| |
| | |
commit: automatically skip xattrs in bare-user-only mode
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This detects bare-user-only mode and automatically enables a
commit modifier with relevant flags.
|