| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This reworks `ostree ls` top-level logic so that cancellation
tokens and error details are plumbed through all codepaths.
It also gets rid of all previous goto jumps.
|
| |\
| |
| | |
deploy: Also log to journal if we time out global sync()
|
| |/
|
|
|
|
|
|
|
|
| |
We do implicitly have this data because we log timings via structured
metadata in a later journal entry, but it's quite common to lose
the structured metadata because a lot of tooling just grabs the default
syslog-compatible text from `journalctl`.
Let's be louder when we hit this case as a general rule too; I think
most people shipping ostree systems want to see if it's happening.
|
| |\
| |
| | |
lib/commit: reject empty metadata keys
|
| | |
| |
| |
| |
| | |
This adds one more check to the metadata validation logic in order
to reject empty metadata keys.
|
| |/
|
|
|
| |
This tweaks commit logic in order to always validate metadata,
including on commits where the expected checksum is already known.
|
| |\
| |
| | |
deploy: Add a 5s max timeout on global filesystem `sync()`
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=2003532
Basically there's a systemd bug where it's losing the `_netdev`
aspect of Ceph filesystem mounts. This means the network is taken
down before Ceph is unmounted. In turn, our invocation of `sync()`
blocks on Ceph, which won't succeed.
And this in turn manifests as a failure to transition to the new
deployment.
I initially did this patch to just rip out the global `sync()`. I
am pretty sure we don't need it anymore. We've been doing individual
`syncfs()` on `/sysroot` and `/boot` for a while now, and those
are the only filesystems we should be touching. But *proving* that
is a whole other thing of course.
To be conservative, let's instead just add a timeout of 5s on
our invocation of `sync()`. It doesn't return any information on
success/error anyways.
To allow testing without the `sync()` invocation, we also support
a new `OSTREE_SYSROOT_OPT_SKIP_SYNC=1` environment variable. For
staged deployments, this needs to be injected via e.g. systemd unit
overrides into `ostree-finalize-staged.service`.
Implementing this is a bit hairy - we need to spawn a thread. I
debated blocking in arecursive mainloop, but I think `g_cond_wait_until()`
is also fine here.
|
| |\
| |
| | |
github: Workaround glib/seccomp issue on Ubuntu impish
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ubuntu-latest VMs are currently based on 20.04 (focal). In focal,
libseccomp2 doesn't know about the close_range syscall[1], but
g_spawn_sync in impish tries to use close_range since it's defined in
glibc. That causes libseccomp2 to return EPERM as it does for any
unknown syscalls. g_spawn_sync carries on silently instead of falling
back to other means of setting CLOEXEC on open FDs. Eventually it causes
some tests to hang since once side of a pipe is never closed. Remove
this when libseccomp2 in focal is updated or glib in impish handles the
EPERM better.
1. https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436
Fixes: #2495
|
| |\ |
|
| | |
| |
| |
| |
| | |
This is public API. Motivated by
https://github.com/coreos/rpm-ostree/pull/3325/files#diff-56528694f6f3213d6fb88d872f77291412dceec263b57166519843b13eca9a4dR30
|
| |\ \
| | |
| | | |
libostree/sepolicy: get rid of a g_setenv() call
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This removes a 'g_setenv()' call, which could potentially be unsafe
in a multi-thread context.
The current libselinux codebase does not seem to check for
`LIBSELINUX_DISABLE_PCRE_PRECOMPILED`, so I think this has no effects
nowadays.
Additionally, I could not find any reference to it in libselinux
git history, so I'm not sure if it ever played any role at all.
My current understanding is that this is coming from version
incompatibilities between an older libselinux in the build environment
and a newer policy (with precompiled regexs) in the target.
But from the ML discussion I found, I think it eventually got
solved in a different way, possibly by avoiding the policy binary
caches.
Refs:
* https://www.spinics.net/lists/selinux/msg14822.html
* https://github.com/ostreedev/ostree/pull/2513#discussion_r781042884
|
| |\ \ \
| |/ /
|/| /
| |/ |
main: Also support CLI extensions in `/usr/libexec/libostree/ext`
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
In fixing https://github.com/coreos/rpm-ostree/pull/3323
I felt that it was a bit ugly we're installing `/usr/bin/ostree-container`.
It's kind of an implementation detail. We want users to use
`ostree container`.
Let's support values outside of $PATH too.
For example, this also ensures that TAB completion for `ost` expands
to `ostree ` with a space.
|
| |\
| |
| | |
ostree: check g_setenv return value
|
| |/
|
|
|
| |
This adds proper return-value checks on g_setenv calls.
It fixes a static analysis warning highlighted by Coverity.
|
| |\
| |
| | |
libotutil: avoid leaking builder memory on error
|
| |/
|
|
|
|
|
|
|
| |
This swaps the order of a couple of input sanity checks, in order
to fix a minor memory leak due to an early-return on the error
path.
Memory for the result is now allocated only after input has been
sanity-checked.
It fixes a static analysis warning highlighted by Coverity.
|
| |\
| |
| | |
Release 2022.1
|
| | | |
|
| |/ |
|
| |\
| |
| | |
github: add dependabot config
|
| |/
|
|
|
| |
This adds a configuration file for dependabot, taking care of automatic
updates for all git submodules.
|
| |\
| |
| | |
rofiles-fuse: Build using FUSE 3 if possible, falling back to FUSE 2
|
| |/
|
|
|
|
|
|
| |
This adds build-time configuration logic to automatically detect
and switch between libfuse 2.x and 3.x.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Co-authored-by: Luca BRUNO <luca.bruno@coreos.com>
|
| |\
| |
| | |
lib/static-delta: throw a proper error on bspatch failure
|
| | |
| |
| |
| |
| | |
This makes sure that a populated GError is returned when bsdiff
patching fails. The human-friendly label also helps in debugging.
|
| |\ \
| |/
|/| |
bsdiff: bump submodule, pick up fix for CVE-2014-9862
|
| |/
|
|
|
|
|
|
|
| |
This updates the bsdiff submodule to latest upstream revision, in
order to pick up additional bound checks for CVE-2014-9862.
Update submodule: bsdiff
Ref:
* https://www.x41-dsec.de/lab/advisories/x41-2020-006-bspatch/
|
| |\
| |
| | |
lib: use ostree-content-writer header
|
| |/
|
|
|
|
| |
This installs and exposes the content of `ostree-content-writer.h`,
so that library consumers can properly reference symbols defined
in that header.
|
| |\
| |
| | |
two minor clang-analyzer fixes
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Basically due to the glib structured logging rework we lost the
`noreturn` attribute on `g_error()`.
This is fixed in glib as of https://gitlab.gnome.org/GNOME/glib/-/commit/f97ff20adf4eb7b952dd83e2c13046fe9e282f50
But we might as well just throw an error here.
|
| |/
|
|
|
|
|
|
| |
Fixes `Argument with 'nonnull' attribute passed null` by making
the code not exist at all anymore.
In upstream libsoup this code is gone too; it uses `GUri` from glib
which we probably could now too, but one thing at a time.
|
| |\
| |
| | |
tests/cli-extensions: tweak test logic
|
| |/
|
|
|
|
| |
This updates the test logic for CLI extensions, actually checking
for functional output from the subcommand.
It also cleans up some environmental leftover.
|
| |\
| |
| | |
main: add support for CLI extensions via external binaries
|
| |/
|
|
|
|
|
|
|
|
| |
This adds some logic to detect and dispatch unknown subcommands to
extensions available in `$PATH`. Additional commands can be
implemented by adding relevant `ostree-$verb` binaries to the system.
As an example, if a `/usr/bin/ostree-extcommand` extension is provided,
the execution of `ostree extcommand --help` will be dispatched to that
as `ostree-extcommand extcommand --help`.
|
| |\
| |
| | |
tests: assert mandatory values are present
|
| |/
|
|
|
| |
This adds a couple of string assertions to make sure that
the test run is sane.
|
| |\
| |
| | |
lib/repo: fix problematic invariant checks
|
| | |
| |
| |
| |
| |
| | |
This turns an existing check into an assert. The previously returned
NULL may result in confusing callers, as none of them is checking for
that.
|
| | |
| |
| |
| |
| | |
This turns the existing check into an assert. Otherwise, the previous
code may return an arbitrary repo mode (bare) on failure.
|
| | |
| |
| |
| |
| | |
This adds an assertion to check that writable stable and error
are in sync. The subsequent logic uses them interchangeably.
|
| |\ \
| |/
|/| |
Update FSF license notices to use URL instead of address
|
| | | |
|
| |\ \
| |/
|/| |
repo: Change locking for summary regeneration to be shared
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is trying to address:
https://pagure.io/fedora-iot/issue/48
Basically we changed rpm-ostree to start doing a shared lock during
commit by default, but this broke because pungi is starting a process
doing a commit for each architecture, and then trying to regenerate
the summary after each one.
This patch is deleting a big comment with a rationale for why
summary regeneration should be exclusive. Point by point:
> This makes sure the commits and deltas don't get
> deleted while generating the summary.
But prune operations require an exclusive lock, which means that
data still can't be deleted when the summary grabs a shared lock.
> It also means we can be sure refs
> won't be created/updated/deleted during the operation, without having to
> add exclusive locks to those operations which would prevent concurrent
> commits from working.
First: The status quo *has* prevented concurrent commits from working!
There is no real locking solution to this problem. What we really
need to do here is regenerate the summary after each commit *or*
when the caller decides to do it and e.g. include deltas at the same
time.
It's OK if multiple threads race to regenerate the summary;
last-one-wins behavior here is totally fine.
|
