| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \
| | |
| | | |
repo-pull: legacy_transaction_resuming flag ignored
|
| |/
| |
| |
| |
| |
| | |
for deltafiles the legacy_transaction_resuming flag is not used,
which will mark the commit as done, even if files are missing.
using already existing commitstate_is_partial function as fix
|
|/
|
|
|
|
|
|
|
|
| |
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.
Also, `ostree admin upgrade --stage` (should) become idempotent.
Closes: https://github.com/ostreedev/ostree/issues/2389
|
|\
| |
| | |
Add an API to verify a commit signature explicitly
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
|
|\ \
| | |
| | | |
checkout: Also ignore xattrs for union in bare-user-only mode
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Followup to PRs related to https://github.com/ostreedev/ostree/issues/2410
Since the test suite now covers this the test was failing on
a Fedora SELinux enabled host where we see `security.selinux`
even if not in the commit.
|
|\ \ \
| | | |
| | | | |
checkout: Save errno when re-throwing
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I was seeing an `EPERM` here which was confusing.
It turned out the real error was `EEXIST`.
Since we're referring to the original error, but we do a
lot of computation in the middle, we need to save errno.
|
|\ \ \
| |/ /
|/| | |
lib: Change read_commit_detached_metadata to be nullable
|
| |/
| |
| |
| | |
Hit this while working on some Rust code.
|
|/
|
|
|
|
|
|
|
|
| |
This fixes some aspects of OstreeRepoAutoTransaction and re-aligns
it with the logic in flatpak. Specifically:
* link to the underlying repo through refcounting
* bridge internal errors to warning messages
* verify the input pointer type
This is a preparation step before exposing this logic as a public API.
|
| |
|
|
|
|
|
| |
This detects bare-user-only mode and automatically enables a
commit modifier with relevant flags.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.
Changes were done with:
```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
dst=${src/list-gpg-keys/gpg-list-keys}
git mv "$src" "$dst"
done
```
|
|
|
|
|
| |
This fixes the logic to detect whether xattrs should be automatically
ignored when diffing.
|
|\
| |
| | |
lib/commit: autofix permissions for bare-user-only
|
| |
| |
| |
| |
| | |
This tweaks commit logic to detect bare-user-only repositories and
canonicalize permissions automatically.
|
|\ \
| |/
|/| |
Remote GPG key info
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
If the key UID contains a valid email address, include the GPG WKD
update URLs in GVariant returned by ostree_repo_remote_get_gpg_keys().
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Calculate the advanced and direct update URLs for the key discovery
portion[1] of the OpenPGP Web Key Directory specification, and include
the URLs in the key listing in ostree_repo_remote_get_gpg_keys(). These
URLs can be used to locate updated GPG keys for the remote.
1. https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service#section-3.1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be used to implement the PGP Web Key Directory (WKD) URL
generation. This is a slightly cleaned up implementation[1] taken from
the zbase32 author's original implementation[2]. It provides a single
zbase32_encode API to convert a set of bytes to the zbase32 encoding.
I believe this should be acceptable for inclusion in ostree. The license
in the source files is BSD style while the original repo LICENSE file
claims the Creative Commons CC0 1.0 Universal license, which is public
domain.
1. https://github.com/dbnicholson/libbase32/tree/for-ostree
2. https://github.com/zooko/libbase32
|
| |
| |
| |
| |
| |
| |
| |
| | |
This provides a wrapper for the `ostree_repo_remote_get_gpg_keys`
function to show the GPG keys associated with a remote. This is
particularly useful for validating that GPG key updates have been
applied. Tests are added, which checks the
`ostree_repo_remote_get_gpg_keys` API by extension.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This function enumerates the trusted GPG keys for a remote and returns
an array of `GVariant`s describing them. This is useful to see which
keys are collected by ostree for a particular remote. The same
information can be gathered with `gpg`. However, since ostree allows
multiple keyring locations, that's only really useful if you have
knowledge of how ostree collects GPG keyrings.
The format of the variants is documented in
`OSTREE_GPG_KEY_GVARIANT_FORMAT`. This format is primarily a copy of
selected fields within `gpgme_key_t` and its subtypes. The fields are
placed within vardicts rather than using a more efficient tuple of
concrete types. This will allow flexibility if more components of
`gpgme_key_t` are desired in the future.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the verifier decides whether to include the global keyrings
based on whether the specified remote has its own keyring or not. Allow
callers to exclude the global keyrings even when that's not the case.
This will be used in a subsequent commit in order to get the GPG keys
only associated with a remote.
|
| |
| |
| |
| |
| |
| |
| | |
In order to use the GPG verifier, it needs to be seeded with GPG keys
after instantation. Currently this is only used for verifying data, but
it will also be used for getting a list of trusted GPG keys in a
subsequent commit.
|
| |
| |
| |
| |
| | |
Currently the verifier only imports all the GPG keys when verifying
data, but it would also be useful for inspecting the trusted keys.
|
| |
| |
| |
| |
| | |
This automatically enables canonical permissions for checkouts in
bare-user-only mode.
|
| |
| |
| |
| |
| |
| | |
This adds a new `OSTREE_CHECKSUM_FLAGS_CANONICAL_PERMISSIONS`
checksumming flag, which is needed in bare-user-only mode
to ignore local IDs.
|
|\ \
| | |
| | | |
builtins/commit: move commit modifier to auto-cleanup
|
| | |
| | |
| | |
| | |
| | | |
This reduces the usage of goto cleanup logic by porting the commit
modifier pointer to autoptr.
|
|/ /
| |
| |
| |
| |
| | |
This explicitly checks for commit command options asking for both
non-zero UID/GID and canonical permissions at the same time,
which are incompatible.
|
| |
| |
| |
| | |
Reported-by: Seth Arnold <seth.arnold@canonical.com>
|
| |
| |
| |
| | |
Reported-by: Seth Arnold <seth.arnold@canonical.com>
|
| |
| |
| |
| |
| |
| |
| | |
We need to check all signatures for one which passes, not just fail on
the first one.
Reported-by: Seth Arnold <seth.arnold@canonical.com>
|
|/
|
|
|
|
| |
Pointer command is dangerous if there is no assignment.
Log: Avoid wild pointers
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The `systemd-rfkill.*` service falls in the category of early things
that need write access to `/var`, so we need to make sure we run before
or it might hit the read-only sysroot.
The long-term fix for this is
https://github.com/ostreedev/ostree/issues/2115.
Closes: https://github.com/coreos/fedora-coreos-tracker/issues/746
|
|
|
|
|
|
|
|
|
| |
This tweaks `ostree_repo_write_commit` so that it checks for the
envinroment variable `SOURCE_DATE_EPOCH` as a way to override
the current time, which is used as the commit timestamp.
Ref: https://reproducible-builds.org/docs/source-date-epoch/
Ref: https://reproducible-builds.org/specs/source-date-epoch/
|
|
|
|
|
|
| |
In configure the systemd unit path is optional, but in the code it's
assumed to be defined. Add an `#ifdef` that throws an error when it's
not defined like the handling of `HAVE_LIBMOUNT` below it.
|
|\
| |
| | |
Use generator to enable ostree-remount.service and ostree-finalize-staged.path
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We struggled for a long time with enablement of our "internal units",
trying to follow the philosophy that units should only be enabled
by explicit preset.
See https://bugzilla.redhat.com/show_bug.cgi?id=1451458
and https://github.com/coreos/rpm-ostree/pull/1482
etc.
And I just saw chat (RH internal on a proprietary system sadly) where
someone hit `ostree-remount.service` not being enabled in CentOS8.
Thinking about this more, I realized we've shipped a systemd generator
for a long time and while its only role until now was to generate `var.mount`,
but by using it to force on our internal units, we don't require
people to deal with presets anymore.
Basically we're inverting things so that "if ostree= is on the kernel
cmdline, then enable our units" and not "enable our units, but have
them use ConditionKernelCmdline=ostree to skip".
Drop the weird gyrations we were doing around `ostree-finalize-staged.path`
too; forking `systemctl start` is just asking for bugs.
So after this, hopefully we won't ever again have to think about
distribution presets and our units.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
This will be ignored, so let's make it very clear
people are doing something wrong. Motivated by a bug
in a build pipeline that injected `/var/lib/rpm` into an ostree
commit which ended up crashing rpm-ostree because it was an empty db
which it wasn't expecting.
It *also* turns out rpm-ostree is incorrectly dumping content in the
deployment `/var` today, which is another bug.
|
|
|
|
|
| |
GSlice is effectively deprecated and has little to no advantage over
using the system allocator on Linux.
|