| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
We do implicitly have this data because we log timings via structured
metadata in a later journal entry, but it's quite common to lose
the structured metadata because a lot of tooling just grabs the default
syslog-compatible text from `journalctl`.
Let's be louder when we hit this case as a general rule too; I think
most people shipping ostree systems want to see if it's happening.
|
|
|
|
|
| |
This adds one more check to the metadata validation logic in order
to reject empty metadata keys.
|
|
|
|
|
| |
This tweaks commit logic in order to always validate metadata,
including on commits where the expected checksum is already known.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=2003532
Basically there's a systemd bug where it's losing the `_netdev`
aspect of Ceph filesystem mounts. This means the network is taken
down before Ceph is unmounted. In turn, our invocation of `sync()`
blocks on Ceph, which won't succeed.
And this in turn manifests as a failure to transition to the new
deployment.
I initially did this patch to just rip out the global `sync()`. I
am pretty sure we don't need it anymore. We've been doing individual
`syncfs()` on `/sysroot` and `/boot` for a while now, and those
are the only filesystems we should be touching. But *proving* that
is a whole other thing of course.
To be conservative, let's instead just add a timeout of 5s on
our invocation of `sync()`. It doesn't return any information on
success/error anyways.
To allow testing without the `sync()` invocation, we also support
a new `OSTREE_SYSROOT_OPT_SKIP_SYNC=1` environment variable. For
staged deployments, this needs to be injected via e.g. systemd unit
overrides into `ostree-finalize-staged.service`.
Implementing this is a bit hairy - we need to spawn a thread. I
debated blocking in arecursive mainloop, but I think `g_cond_wait_until()`
is also fine here.
|
|\ |
|
| |
| |
| |
| |
| | |
This is public API. Motivated by
https://github.com/coreos/rpm-ostree/pull/3325/files#diff-56528694f6f3213d6fb88d872f77291412dceec263b57166519843b13eca9a4dR30
|
|\ \
| |/
|/| |
libostree/sepolicy: get rid of a g_setenv() call
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This removes a 'g_setenv()' call, which could potentially be unsafe
in a multi-thread context.
The current libselinux codebase does not seem to check for
`LIBSELINUX_DISABLE_PCRE_PRECOMPILED`, so I think this has no effects
nowadays.
Additionally, I could not find any reference to it in libselinux
git history, so I'm not sure if it ever played any role at all.
My current understanding is that this is coming from version
incompatibilities between an older libselinux in the build environment
and a newer policy (with precompiled regexs) in the target.
But from the ML discussion I found, I think it eventually got
solved in a different way, possibly by avoiding the policy binary
caches.
Refs:
* https://www.spinics.net/lists/selinux/msg14822.html
* https://github.com/ostreedev/ostree/pull/2513#discussion_r781042884
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
In fixing https://github.com/coreos/rpm-ostree/pull/3323
I felt that it was a bit ugly we're installing `/usr/bin/ostree-container`.
It's kind of an implementation detail. We want users to use
`ostree container`.
Let's support values outside of $PATH too.
For example, this also ensures that TAB completion for `ost` expands
to `ostree ` with a space.
|
|
|
|
|
| |
This adds proper return-value checks on g_setenv calls.
It fixes a static analysis warning highlighted by Coverity.
|
|
|
|
|
| |
This makes sure that a populated GError is returned when bsdiff
patching fails. The human-friendly label also helps in debugging.
|
|
|
|
|
|
| |
This installs and exposes the content of `ostree-content-writer.h`,
so that library consumers can properly reference symbols defined
in that header.
|
|
|
|
|
|
|
|
| |
Fixes `Argument with 'nonnull' attribute passed null` by making
the code not exist at all anymore.
In upstream libsoup this code is gone too; it uses `GUri` from glib
which we probably could now too, but one thing at a time.
|
|\
| |
| | |
lib/repo: fix problematic invariant checks
|
| |
| |
| |
| |
| |
| | |
This turns an existing check into an assert. The previously returned
NULL may result in confusing callers, as none of them is checking for
that.
|
| |
| |
| |
| |
| | |
This turns the existing check into an assert. Otherwise, the previous
code may return an arbitrary repo mode (bare) on failure.
|
| |
| |
| |
| |
| | |
This adds an assertion to check that writable stable and error
are in sync. The subsequent logic uses them interchangeably.
|
|\ \
| |/
|/| |
Update FSF license notices to use URL instead of address
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is trying to address:
https://pagure.io/fedora-iot/issue/48
Basically we changed rpm-ostree to start doing a shared lock during
commit by default, but this broke because pungi is starting a process
doing a commit for each architecture, and then trying to regenerate
the summary after each one.
This patch is deleting a big comment with a rationale for why
summary regeneration should be exclusive. Point by point:
> This makes sure the commits and deltas don't get
> deleted while generating the summary.
But prune operations require an exclusive lock, which means that
data still can't be deleted when the summary grabs a shared lock.
> It also means we can be sure refs
> won't be created/updated/deleted during the operation, without having to
> add exclusive locks to those operations which would prevent concurrent
> commits from working.
First: The status quo *has* prevented concurrent commits from working!
There is no real locking solution to this problem. What we really
need to do here is regenerate the summary after each commit *or*
when the caller decides to do it and e.g. include deltas at the same
time.
It's OK if multiple threads race to regenerate the summary;
last-one-wins behavior here is totally fine.
|
|
|
|
|
| |
This fixes a few warnings from coverity, none of which really
interesting.
|
|
|
|
|
|
| |
`repo_prune_internal` was deserializing each object and passing the
components to `maybe_prune_loose_object`, which promptly reserialized
it.
|
|
|
|
|
|
| |
Otherwise, this will segfault when callers don't need any exact errors.
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Glib, since commit 3a6e8bc8876e149c36b6b14c6a25a718edb581ed,
`g_file_get_child` does not accept absolute path as paramater anymore.
The broken assertion was encountered during `ostree admin deploy`
command for the checkout of subpath `etc`.
Example of error log:
```
(ostree admin deploy:1640): GLib-GIO-CRITICAL **: 03:42:00.570: g_file_get_child: assertion '!g_path_is_absolute (name)' failed
(ostree admin deploy:1640): GLib-GIO-CRITICAL **: 03:42:00.570: g_file_query_info: assertion 'G_IS_FILE (file)' failed
**
OSTree:ERROR:src/ostree/ot-main.c:232:ostree_run: assertion failed: (success || error)
Bail out! OSTree:ERROR:src/ostree/ot-main.c:232:ostree_run: assertion failed: (success || error)
```
|
|\
| |
| | |
Fix various mostly theoretical gcc `-fanalyzer` issues
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
|/
|
|
|
|
|
| |
This defines `OstreeRepoAutoTransaction` as a boxed type, in order
to support auto-generating bindings for it.
That first requires adding internal reference-counting to it, to
allow freely copying/freeing references to a single transaction guard.
|
|
|
|
|
|
|
|
| |
We filter out everything named `-private.h` from scanning,
which differs from the gtk-doc exclude. Eventually this will
be solved when we switch to the new gir-based docs.
Came up in https://github.com/ostreedev/ostree-rs/pull/34#discussion_r723337772
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
This is nicer than having the caller parse the commit
object, or indirect via the `OstreeRepoFile*` object of the root.
Will be used in ostree-rs-ext around tar parsing.
|
|\ \
| | |
| | | |
repo/private: allow committing/aborting through a transaction guard
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This enhances the auto-transaction logic, augmenting the scope of a
transaction guard.
It allows committing or aborting a transaction through its guard.
It also supports tracking the completion status of a transaction
guard, avoiding double commits/aborts, while retaining the auto-cleanup
logic.
|
|/
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1945274 is an issue where a privileged
kubernetes daemonset is writing a socket into `/etc`. This makes ostree upgrades barf.
Now, they should clearly move it to `/run`. However, one option is for us to
just ignore it instead of erroring out. Some brief investigation shows that
e.g. `git add somesocket` is a silent no-op, which is an argument in favor of ignoring it.
Closes: https://github.com/ostreedev/ostree/issues/2446
|
|
|
|
|
| |
Came up in review
https://github.com/ostreedev/ostree/pull/2447#issuecomment-931428312
|
|
|
|
|
|
|
|
|
|
| |
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.
It just makes more sense as a direct policy API, where it should
have been in the first place. There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
|
| |
|
|\
| |
| | |
Add support for "custom remotes"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/
Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`. (At least, not until we merge ostree-rs-ext into ostree, but
even then I think the principle stands)
|
|\ \
| | |
| | | |
repo-pull: legacy_transaction_resuming flag ignored
|
| |/
| |
| |
| |
| |
| | |
for deltafiles the legacy_transaction_resuming flag is not used,
which will mark the commit as done, even if files are missing.
using already existing commitstate_is_partial function as fix
|
|/
|
|
|
|
|
|
|
|
| |
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.
Also, `ostree admin upgrade --stage` (should) become idempotent.
Closes: https://github.com/ostreedev/ostree/issues/2389
|
|\
| |
| | |
Add an API to verify a commit signature explicitly
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
|
|\ \
| | |
| | | |
checkout: Also ignore xattrs for union in bare-user-only mode
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Followup to PRs related to https://github.com/ostreedev/ostree/issues/2410
Since the test suite now covers this the test was failing on
a Fedora SELinux enabled host where we see `security.selinux`
even if not in the commit.
|
|\ \ \
| | | |
| | | | |
checkout: Save errno when re-throwing
|