| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This swaps the order of a couple of input sanity checks, in order
to fix a minor memory leak due to an early-return on the error
path.
Memory for the result is now allocated only after input has been
sanity-checked.
It fixes a static analysis warning highlighted by Coverity.
|
| |
|
|
|
|
|
|
| |
This adds build-time configuration logic to automatically detect
and switch between libfuse 2.x and 3.x.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Co-authored-by: Luca BRUNO <luca.bruno@coreos.com>
|
| |
|
|
|
| |
This makes sure that a populated GError is returned when bsdiff
patching fails. The human-friendly label also helps in debugging.
|
| |
|
|
|
|
| |
This installs and exposes the content of `ostree-content-writer.h`,
so that library consumers can properly reference symbols defined
in that header.
|
| |
|
|
|
|
|
|
| |
Fixes `Argument with 'nonnull' attribute passed null` by making
the code not exist at all anymore.
In upstream libsoup this code is gone too; it uses `GUri` from glib
which we probably could now too, but one thing at a time.
|
| |
|
|
|
|
|
|
|
|
| |
This adds some logic to detect and dispatch unknown subcommands to
extensions available in `$PATH`. Additional commands can be
implemented by adding relevant `ostree-$verb` binaries to the system.
As an example, if a `/usr/bin/ostree-extcommand` extension is provided,
the execution of `ostree extcommand --help` will be dispatched to that
as `ostree-extcommand extcommand --help`.
|
| |\
| |
| | |
lib/repo: fix problematic invariant checks
|
| | |
| |
| |
| |
| |
| | |
This turns an existing check into an assert. The previously returned
NULL may result in confusing callers, as none of them is checking for
that.
|
| | |
| |
| |
| |
| | |
This turns the existing check into an assert. Otherwise, the previous
code may return an arbitrary repo mode (bare) on failure.
|
| | |
| |
| |
| |
| | |
This adds an assertion to check that writable stable and error
are in sync. The subsequent logic uses them interchangeably.
|
| |\ \
| |/
|/| |
Update FSF license notices to use URL instead of address
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is trying to address:
https://pagure.io/fedora-iot/issue/48
Basically we changed rpm-ostree to start doing a shared lock during
commit by default, but this broke because pungi is starting a process
doing a commit for each architecture, and then trying to regenerate
the summary after each one.
This patch is deleting a big comment with a rationale for why
summary regeneration should be exclusive. Point by point:
> This makes sure the commits and deltas don't get
> deleted while generating the summary.
But prune operations require an exclusive lock, which means that
data still can't be deleted when the summary grabs a shared lock.
> It also means we can be sure refs
> won't be created/updated/deleted during the operation, without having to
> add exclusive locks to those operations which would prevent concurrent
> commits from working.
First: The status quo *has* prevented concurrent commits from working!
There is no real locking solution to this problem. What we really
need to do here is regenerate the summary after each commit *or*
when the caller decides to do it and e.g. include deltas at the same
time.
It's OK if multiple threads race to regenerate the summary;
last-one-wins behavior here is totally fine.
|
| |
|
|
|
| |
This fixes a few warnings from coverity, none of which really
interesting.
|
| |
|
|
|
|
|
|
| |
We should only try to remount `/sysroot` if we're actually handling the
sysroot repo and the repo isn't writable. We already have public APIs to
check each of those, so let's use them.
Closes: #2485
|
| |
|
|
|
|
| |
`repo_prune_internal` was deserializing each object and passing the
components to `maybe_prune_loose_object`, which promptly reserialized
it.
|
| |
|
|
|
|
| |
Otherwise, this will segfault when callers don't need any exact errors.
Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
|
| |\
| |
| | |
lib: Fix a bad call to g_file_get_child
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In Glib, since commit 3a6e8bc8876e149c36b6b14c6a25a718edb581ed,
`g_file_get_child` does not accept absolute path as paramater anymore.
The broken assertion was encountered during `ostree admin deploy`
command for the checkout of subpath `etc`.
Example of error log:
```
(ostree admin deploy:1640): GLib-GIO-CRITICAL **: 03:42:00.570: g_file_get_child: assertion '!g_path_is_absolute (name)' failed
(ostree admin deploy:1640): GLib-GIO-CRITICAL **: 03:42:00.570: g_file_query_info: assertion 'G_IS_FILE (file)' failed
**
OSTree:ERROR:src/ostree/ot-main.c:232:ostree_run: assertion failed: (success || error)
Bail out! OSTree:ERROR:src/ostree/ot-main.c:232:ostree_run: assertion failed: (success || error)
```
|
| |/
|
|
|
|
|
|
| |
Let's ensure things are right from the start in the initramfs;
this closes off various race conditions. Followup to
https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077
Closes: https://github.com/ostreedev/ostree/issues/2115
|
| |
|
|
|
|
|
|
| |
This moves read-only sysroot checks upfront, so that they are not
intermixed with mount operations.
It has no immediate side-effects, but allow these check to be
independent from the rest of the mounting logic (and future changes
to it).
|
| |\ |
|
| | |
| |
| |
| |
| | |
This adds checks around all `snprintf` calls in order to detect
failures and gracefully abort.
|
| |/
|
|
|
| |
This moves a global mutable variable to a smaller local scope,
as it is not really used outside of that.
|
| |
|
|
|
|
|
| |
This adds a `MS_SILENT` flag to all `mount(2)` calls, reducing the
amount of kernel logs produced on each boot.
Those messages do not contain actionable details, and in the "mount
plus read-only remount" case they can easily become highly redundant.
|
| |\
| |
| | |
Fix various mostly theoretical gcc `-fanalyzer` issues
|
| | |
| |
| |
| |
| | |
Add some not-NULL assertions for return values from glib,
and upgrade some `g_return_if_fail` to `g_assert`.
|
| | |
| |
| |
| | |
Again this one is just in theory, but let's add an assertion.
|
| | |
| |
| |
| |
| |
| | |
Flagged by `gcc -fanalyzer`. I didn't study this really deeply
but I think it's not actually reachable. Anyways, let's catch
it on general principle.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
|
| |/
|
|
|
|
|
| |
This defines `OstreeRepoAutoTransaction` as a boxed type, in order
to support auto-generating bindings for it.
That first requires adding internal reference-counting to it, to
allow freely copying/freeing references to a single transaction guard.
|
| |
|
|
|
|
|
|
| |
This rewords errors and log messages in the functions which take care
of preparing sysroot in initramfs.
Depending on the boot flow, it is possible to reach this logic
with a sysroot mounted (unexpectedly) as read-only.
In that case, let's clearly point out the problematic mountpoint.
|
| |
|
|
|
|
|
|
| |
We filter out everything named `-private.h` from scanning,
which differs from the gtk-doc exclude. Eventually this will
be solved when we switch to the new gir-based docs.
Came up in https://github.com/ostreedev/ostree-rs/pull/34#discussion_r723337772
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
This is nicer than having the caller parse the commit
object, or indirect via the `OstreeRepoFile*` object of the root.
Will be used in ostree-rs-ext around tar parsing.
|
| |\ \
| | |
| | | |
repo/private: allow committing/aborting through a transaction guard
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
This enhances the auto-transaction logic, augmenting the scope of a
transaction guard.
It allows committing or aborting a transaction through its guard.
It also supports tracking the completion status of a transaction
guard, avoiding double commits/aborts, while retaining the auto-cleanup
logic.
|
| |/
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1945274 is an issue where a privileged
kubernetes daemonset is writing a socket into `/etc`. This makes ostree upgrades barf.
Now, they should clearly move it to `/run`. However, one option is for us to
just ignore it instead of erroring out. Some brief investigation shows that
e.g. `git add somesocket` is a silent no-op, which is an argument in favor of ignoring it.
Closes: https://github.com/ostreedev/ostree/issues/2446
|
| |\
| |
| | |
repo: Add an API to init `OstreeSePolicy` from commit directly
|
| | |
| |
| |
| |
| | |
Came up in review
https://github.com/ostreedev/ostree/pull/2447#issuecomment-931428312
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.
It just makes more sense as a direct policy API, where it should
have been in the first place. There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
|
| |/
|
|
|
|
|
|
|
| |
There's a general Unix philosophy that "silence is golden".
However, when one is explicitly invoking an error check it's nice
to see explicit success.
We already print various statistics, so ending with a happy
note has no extra cost.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that. Fix the imported
labeling with `--tree=tar`. Prep for use with containers.
We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.
It's a bit more code, but it's cleaner if we dis-entangle them.
|
| | |
|
| |\
| |
| | |
Add support for "custom remotes"
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/
Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`. (At least, not until we merge ostree-rs-ext into ostree, but
even then I think the principle stands)
|
