| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This is a one-time tree wide reformatting to ensure consistency
going forward.
|
|
|
|
| |
We need all the ostree bits here.
|
|
|
|
| |
This fixes the build with `clang-format`.
|
|
|
|
|
| |
In order to make this work, we need to move the autocleanup
definitions after the other headers.
|
|\
| |
| | |
lib/sysroot-deploy: Add experimental support for automatic early prune
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
During the early design of FCOS and RHCOS, we chose a value of 384M
for the boot partition. This turned out to be too small: some arches
other than x86_64 have larger initrds, kernel binaries, or additional
artifacts (like device tree blobs). We'll likely bump the boot partition
size in the future, but we don't want to abandon all the nodes deployed
with the current size.[[1]]
Because stale entries in `/boot` are cleaned up after new entries are
written, there is a window in the update process during which the bootfs
temporarily must host all the `(kernel, initrd)` pairs for the union of
current and new deployments.
This patch determines if the bootfs is capable of holding all the
pairs. If it can't but it could hold all the pairs from just the new
deployments, the outgoing deployments (e.g. rollbacks) are deleted
*before* new deployments are written. This is done by updating the
bootloader in two steps to maintain atomicity.
Since this is a lot of new logic in an important section of the
code, this feature is gated for now behind an environment variable
(`OSTREE_ENABLE_AUTO_EARLY_PRUNE`). Once we gain more experience with
it, we can consider turning it on by default.
This strategy increases the fallibility of the update system since one
would no longer be able to rollback to the previous deployment if a bug
is present in the bootloader update logic after auto-pruning (see [[2]]
and following). This is however mitigated by the fact that the heuristic
is opportunistic: the rollback is pruned *only if* it's the only way for
the system to update.
[1]: https://github.com/coreos/fedora-coreos-tracker/issues/1247
[2]: https://github.com/ostreedev/ostree/issues/2670#issuecomment-1179341883
Closes: #2670
|
| |
| |
| |
| |
| |
| | |
In the unusual case where one is manually finalizing staged deployments,
as can happen in testing, we expect a successful finalization to remove
the failure stamp file.
|
|/
|
|
|
|
|
|
|
| |
This will help with debugging stalled requests in future, such as
issue #605.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
Helps: #605
|
|\
| |
| | |
Prep patches for automatic early prune
|
| |
| |
| |
| | |
Prep for future patch.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Crawling through the bootfs and the deployment dirs was already mostly
separate. The only inefficiency here is that we now iterate over the
array of active deployments twice when building the hash tables. No
functional change otherwise.
Prep for future patch.
|
| |
| |
| |
| | |
We weren't actually using this `stbuf` anywhere.
|
| |
| |
| |
| | |
Prep for future patch.
|
| |
| |
| |
| | |
No functional change.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
soup3 works best using only the async API from a single thread[1].
Rework the fetcher to stop using worker threads. In order to maximize
session usage across requests, sessions will be reused for each main
context.
1. https://libsoup.org/libsoup-3.0/client-thread-safety.html
|
|/
|
|
|
| |
The default is still soup2, you can use --with-soup3 to enable
the soup3 backend instead.
|
|
|
|
| |
This reverts commit c4d03d28500c75ad2bcf7b75383fc60fe7b83ca8.
|
|\
| |
| | |
libostree: Ignore new_and_connect in the introspection
|
| |
| |
| |
| |
| | |
This function can't be correctly introspected and it is easy enough to connect
to the signal afterwards.
|
|\ \
| | |
| | | |
Cope with GLib 2.76 being more strict about GFileInfo standard::size
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The file info object for symlinks might validly not have this attribute.
If not, behave as though it was 0, matching what happened with older
versions of GLib.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Similar to the previous commit, but for
ostree_raw_file_to_archive_z2_stream() and similar public APIs.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some existing code calls into ostree_raw_file_to_content_stream() with
file objects that do not have the standard::size attribute. Since GLib
2.76.0, attempting to access the size of such an object raises a
critical warning. Handle this more gracefully by defaulting the size
to 0, like earlier versions of GLib did.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|\ \ \
| | | |
| | | | |
Use g_steal_fd() in preference to glnx_steal_fd()
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
g_steal_fd() exists in GLib since 2.70, and libglnx has a backport for
older GLib versions, equivalent to the libglnx-specific glnx_steal_fd().
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|\ \ \ \
| | | | |
| | | | | |
Add `sysroot.bootprefix` option
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a follow up to
https://github.com/ostreedev/ostree/pull/2149/commits/0ced9fde7649271d9458ca424aa8c41908634b02
"sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot"
What we should have done at the time is changed our bootloader entries
to be prefixed with `/boot`. This means that the GRUB2 BLS support
will Just Work.
For now, I'm making this option default to off out of a lot of
conservatism. I think in the future we should flip this on by default.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Unfortunately, the nullability of the output value here is
dependent on whether the `default_value` parameter is provided. There's
no way to express this in introspection or Rust.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- commit parents are optional
- remote URLs are optional
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The code here is not great, embarassing we've gone this
long without docs for some of these public API functions too.
I think this is right though.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* A recent change in glib [1] requires that the appropriate attribute
be available when calling getters. ostree core only sets this attribute
on regular files, and frequently triggers the critical warning. Solve
this by setting standard::size to zero for non-regular files.
Fixes https://github.com/ostreedev/ostree/issues/2827
[1]: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3261
|
|\ \ \ \
| | | | |
| | | | | |
Increase buffer size for create_regular_tmpfile_linkable_with_content
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The small buffer size results in really bad performance under any
FUSE-based filesystems with round-trips.
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
libostree: Enhance the annotation coverage
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | | |
Increase the coverage of the GObject Introspection annotation and most notably
replace the use of "allow-none" with "out" parameters to "nullable" or "optional"
as the previous annotation is deprecated and ambiguous.
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since the value of `data->done` is not watched by the main context, the
context doesn’t know to wake up from `g_main_context_iteration()` when
that value is changed. The code currently relies on something else
happening to wake the main context up shortly after `data->done` is set.
That doesn’t seem very reliable, so wake the main context up explicitly.
Spotted this while reading the code while trying to debug a stall with
backtrace:
```
5 0x00007ffff68bbbfb in g_main_context_iteration (context=0x60f000136900, may_block=1) at ../../source/glib/glib/gmain.c:4343
6 0x00007fffdc0e50db in _ostree_fetcher_mirrored_request_to_membuf_once (fetcher=0x604001138c10, mirrorlist=0x603001df18b0, filename=0x7fffdc1049e7 "summary.sig", flags=OSTREE_FETCHER_REQUEST_OPTIONAL_CONTENT, if_none_match=0x602002f3b7f0 "\"640a49ff-250\"", if_modified_since=1678395903, out_contents=0x7fffdadd0e80, out_not_modified=0x7fffdadd0e38, out_etag=0x7fffdadd0e28, out_last_modified=0x7fffdadd0e00, max_size=10485760, cancellable=0x6060004bd720, error=0x7fffdadd0ca0) at src/libostree/ostree-fetcher-util.c:95
7 0x00007fffdc0e52e0 in _ostree_fetcher_mirrored_request_to_membuf (fetcher=0x604001138c10, mirrorlist=0x603001df18b0, filename=0x7fffdc1049e7 "summary.sig", flags=OSTREE_FETCHER_REQUEST_OPTIONAL_CONTENT, if_none_match=0x602002f3b7f0 "\"640a49ff-250\"", if_modified_since=1678395903, n_network_retries=5, out_contents=0x7fffdadd0e80, out_not_modified=0x7fffdadd0e38, out_etag=0x7fffdadd0e28, out_last_modified=0x7fffdadd0e00, max_size=10485760, cancellable=0x6060004bd720, error=0x7fffdadd10c0) at src/libostree/ostree-fetcher-util.c:155
8 0x00007fffdc08d937 in _ostree_preload_metadata_file (self=0x61600057bd80, fetcher=0x604001138c10, mirrorlist=0x603001df18b0, filename=0x7fffdc1049e7 "summary.sig", is_metalink=0, if_none_match=0x602002f3b7f0 "\"640a49ff-250\"", if_modified_since=1678395903, n_network_retries=5, out_bytes=0x7fffdadd0e80, out_not_modified=0x7fffdadd0e38, out_etag=0x7fffdadd0e28, out_last_modified=0x7fffdadd0e00, cancellable=0x6060004bd720, error=0x7fffdadd10c0) at src/libostree/ostree-repo-pull.c:3329
9 0x00007fffdc099712 in ostree_repo_remote_fetch_summary_with_options (self=0x61600057bd80, name=0x6020007f4fd0 "eos-apps", options=0x0, out_summary=0x7fffdadd0f88, out_signatures=0x7fffdadd0f80, cancellable=0x6060004bd720, error=0x7fffdadd10c0) at src/libostree/ostree-repo-pull.c:6675
10 0x00007fffdc06887f in ostree_repo_remote_fetch_summary (self=0x61600057bd80, name=0x6020007f4fd0 "eos-apps", out_summary=0x7fffdadd0f88, out_signatures=0x7fffdadd0f80, cancellable=0x6060004bd720, error=0x7fffdadd10c0) at src/libostree/ostree-repo.c:2706
11 0x00007fffdc18f5de in flatpak_dir_remote_fetch_summary (self=0x60c00577e640, name_or_uri=0x6020007f4fd0 "eos-apps", only_cached=0, out_summary=0x7fffdadd10f0, out_summary_sig=0x7fffdadd10e8, cancellable=0x6060004bd720, error=0x7fffdadd10c0) at /opt/gnome/source/flatpak/common/flatpak-dir.c:12235
12 0x00007fffdc1918cb in _flatpak_dir_get_remote_state (self=0x60c00577e640, remote_or_uri=0x6020007f4fd0 "eos-apps", optional=1, local_only=0, only_cached=0, opt_summary_is_index=0, opt_summary=0x0, opt_summary_sig=0x0, cancellable=0x6060004bd720, error=0x7fffdadd15a0) at /opt/gnome/source/flatpak/common/flatpak-dir.c:12789
13 0x00007fffdc19206d in flatpak_dir_get_remote_state_optional (self=0x60c00577e640, remote=0x6020007f4fd0 "eos-apps", only_cached=0, cancellable=0x6060004bd720, error=0x7fffdadd15a0) at /opt/gnome/source/flatpak/common/flatpak-dir.c:12953
14 0x00007fffdc1784f2 in flatpak_dir_update_appstream (self=0x60c00577e640, remote=0x6020007f4fd0 "eos-apps", arch=0x7fffdc239f30 "x86_64", out_changed=0x0, progress=0x6110007479c0, cancellable=0x6060004bd720, error=0x7fffdadd15a0) at /opt/gnome/source/flatpak/common/flatpak-dir.c:5182
```
I don’t think it’ll fix it (calling `g_main_context_wakeup()` on the
context in the debugger didn’t help), but it can’t hurt.
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Current FCOS emits a warning:
```
[root@cosa-devsh ~]# journalctl -b -1 -u ostree-finalize-staged --grep=deprecated
Nov 01 20:21:21 cosa-devsh ostree[2481]: The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.
[root@cosa-devsh ~]#
```
|
| | | | |
|
|\ \ \ \
| |_|/ /
|/| | | |
ostree-metadata commit API
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use a temporary directory for the summary and signature file in
`ostree_repo_regenerate_metadata` so that the summary file isn't
published if signing fails. This prevents publishing a summary without a
signature file or leaving a mismatched signature file in place.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Refactor the summary signing APIs to use internal versions where the
directory fd containing the summary can be found. The existing signing
APIs still uses the repo directory fd, but this will allow using a
temporary directory for the summary and signature in the new metadata
generating API.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rather than creating the `ostree-metadata` commit in the summary
builtin, do it in the new `ostree_repo_regenerate_metadata` API. The
commit contents are unchanged and the commit is generated before the
summary as before. To keep from triggering an extra summary update,
automatic summary updating is disabled in the transaction.
Since the summary builtin was already using the new API, it will
continue to generate the `ostree-metadata` commit when the repo has a
collection ID. However, the `ostree_repo_regenerate_summary` API will
still only generate the summary file as before.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If a commit is being made during summary generation, then it would
trigger the summary to be generated again. That's either unwanted busy
work or could result in an infinite loop. Add a boolean in
`OstreeRepoTxn` to disable automatic summary generation as seen fit.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently this is just a wrapper around regenerating and signing the
summary in one call, but later it will be used to also generate the
`ostree-metadata` commit if the repo has a collection ID.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
My editor started following the configuration in .editorconfig and is
applying this rule to many files I'm editing. Let's just get this over
with and strip everything. This was done like so:
git ls-files | grep '\.[ch]$' | xargs sed -ri 's/\s+$//'
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
bootloader: Add an aboot (Android) bootloader backend
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
aboot is special in that it packages kernel, initrd, cmdline, dtb and
signature one combined image (similar to upcoming unified kernel
images). This is then loaded as an image into an aboot partition.
This image is signed by the OS vendor and covers everything in the
image. So locally on the deployed system it should not be possible to
boot an unsigned image (unless signature checking is turned off).
We call a shell script aboot-deploy when it is required to write a new
image to the aboot partition (a file typically starting with aboot and
ending in .img extension). This shell script may also read some
configurations from a .cfg file.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
ALLPERMS is glibc specific, add a definition for musl.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
|