| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |\ \
| |/
|/| |
bin/commit: Fix --tree=tar with --selinux-policy
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that. Fix the imported
labeling with `--tree=tar`. Prep for use with containers.
We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.
It's a bit more code, but it's cleaner if we dis-entangle them.
|
| |\
| |
| | |
two small unit test patches
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Having to touch a global test counter when adding tests is
a recipe for conflicts between PRs.
The TAP protocol allows *ending* with the expected number of
tests, so the best way to do this is to have an explicit
API like our `tap_ok` which bumps a counter, then end with `tap_end`.
I ported one test as a demo.
|
| |/
|
|
|
| |
We do this in other places; avoids touching two numbers when
adding tests. Let computers do the addition.
|
| |\
| |
| | |
Release 2021.4
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Add support for "custom remotes"
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/
Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`. (At least, not until we merge ostree-rs-ext into ostree, but
even then I think the principle stands)
|
| |\ \
| | |
| | | |
repo-pull: legacy_transaction_resuming flag ignored
|
| | |/
| |
| |
| |
| |
| | |
for deltafiles the legacy_transaction_resuming flag is not used,
which will mark the commit as done, even if files are missing.
using already existing commitstate_is_partial function as fix
|
| |\ \
| |/
|/| |
upgrade: Stabilize deployment staging
|
| |/
|
|
|
|
|
|
|
|
| |
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.
Also, `ostree admin upgrade --stage` (should) become idempotent.
Closes: https://github.com/ostreedev/ostree/issues/2389
|
| |\
| |
| | |
tests: fix bare mode unprivileged 'make check'
|
| | |
| |
| |
| |
| |
| | |
There are some existing issues around fsck in unprivileged bare mode,
so this test does not really work at the moment. Leaving it as a FIXME
for the moment.
|
| | |
| |
| |
| |
| | |
This avoids possible issues when trying to chmod, tweaking
permissions instead.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
It cannot work to use `--no-xattrs` when SELinux is enabled
because we get a `security.selinux` attribute on created files
regardless. So just skip this test if true.
Also add some `ostree fsck`s in here which helped me debug
this.
|
| |/ |
|
| |\
| |
| | |
Add an API to verify a commit signature explicitly
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
|
| |\ \
| | |
| | | |
checkout: Also ignore xattrs for union in bare-user-only mode
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Followup to PRs related to https://github.com/ostreedev/ostree/issues/2410
Since the test suite now covers this the test was failing on
a Fedora SELinux enabled host where we see `security.selinux`
even if not in the commit.
|
| |\ \ \
| | | |
| | | | |
checkout: Save errno when re-throwing
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I was seeing an `EPERM` here which was confusing.
It turned out the real error was `EEXIST`.
Since we're referring to the original error, but we do a
lot of computation in the middle, we need to save errno.
|
| |\ \ \
| | | |
| | | | |
ci: Run GH action CI build+test as non-root
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
This is really the standard best practice, matching how
e.g. dpkg/rpm work, as well as most local development
environments (including mine) with e.g. `toolbox`.
|
| |\ \ \
| |/ /
|/| | |
lib: Change read_commit_detached_metadata to be nullable
|
| | |/
| |
| |
| | |
Hit this while working on some Rust code.
|
| |\ \
| |/
|/| |
lib: improve transactions auto-cleanup logic
|
| |/
|
|
|
|
|
|
|
|
| |
This fixes some aspects of OstreeRepoAutoTransaction and re-aligns
it with the logic in flatpak. Specifically:
* link to the underlying repo through refcounting
* bridge internal errors to warning messages
* verify the input pointer type
This is a preparation step before exposing this logic as a public API.
|
| |\
| |
| | |
commit: automatically skip xattrs in bare-user-only mode
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
This detects bare-user-only mode and automatically enables a
commit modifier with relevant flags.
|
| |/ |
|
| |\
| |
| | |
bin/remote: Rename list-gpg-keys to gpg-list-keys
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.
Changes were done with:
```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
dst=${src/list-gpg-keys/gpg-list-keys}
git mv "$src" "$dst"
done
```
|
| |\
| |
| | |
lib/diff: ignore xattrs if disabled on either repos
|
| |/
|
|
|
| |
This fixes the logic to detect whether xattrs should be automatically
ignored when diffing.
|
| |\
| |
| | |
lib/commit: autofix permissions for bare-user-only
|
| | |
| |
| |
| |
| | |
This tweaks commit logic to detect bare-user-only repositories and
canonicalize permissions automatically.
|
| |\ \
| |/
|/| |
Remote GPG key info
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
If the key UID contains a valid email address, include the GPG WKD
update URLs in GVariant returned by ostree_repo_remote_get_gpg_keys().
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Calculate the advanced and direct update URLs for the key discovery
portion[1] of the OpenPGP Web Key Directory specification, and include
the URLs in the key listing in ostree_repo_remote_get_gpg_keys(). These
URLs can be used to locate updated GPG keys for the remote.
1. https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service#section-3.1
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be used to implement the PGP Web Key Directory (WKD) URL
generation. This is a slightly cleaned up implementation[1] taken from
the zbase32 author's original implementation[2]. It provides a single
zbase32_encode API to convert a set of bytes to the zbase32 encoding.
I believe this should be acceptable for inclusion in ostree. The license
in the source files is BSD style while the original repo LICENSE file
claims the Creative Commons CC0 1.0 Universal license, which is public
domain.
1. https://github.com/dbnicholson/libbase32/tree/for-ostree
2. https://github.com/zooko/libbase32
|
