| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \
| | |
| | | |
repo/private: allow committing/aborting through a transaction guard
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
This enhances the auto-transaction logic, augmenting the scope of a
transaction guard.
It allows committing or aborting a transaction through its guard.
It also supports tracking the completion status of a transaction
guard, avoiding double commits/aborts, while retaining the auto-cleanup
logic.
|
|/
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1945274 is an issue where a privileged
kubernetes daemonset is writing a socket into `/etc`. This makes ostree upgrades barf.
Now, they should clearly move it to `/run`. However, one option is for us to
just ignore it instead of erroring out. Some brief investigation shows that
e.g. `git add somesocket` is a silent no-op, which is an argument in favor of ignoring it.
Closes: https://github.com/ostreedev/ostree/issues/2446
|
|\
| |
| | |
repo: Add an API to init `OstreeSePolicy` from commit directly
|
| |
| |
| |
| |
| | |
Came up in review
https://github.com/ostreedev/ostree/pull/2447#issuecomment-931428312
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.
It just makes more sense as a direct policy API, where it should
have been in the first place. There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
|
|/
|
|
|
|
|
|
|
| |
There's a general Unix philosophy that "silence is golden".
However, when one is explicitly invoking an error check it's nice
to see explicit success.
We already print various statistics, so ending with a happy
note has no extra cost.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that. Fix the imported
labeling with `--tree=tar`. Prep for use with containers.
We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.
It's a bit more code, but it's cleaner if we dis-entangle them.
|
| |
|
|\
| |
| | |
Add support for "custom remotes"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/
Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`. (At least, not until we merge ostree-rs-ext into ostree, but
even then I think the principle stands)
|
|\ \
| | |
| | | |
repo-pull: legacy_transaction_resuming flag ignored
|
| |/
| |
| |
| |
| |
| | |
for deltafiles the legacy_transaction_resuming flag is not used,
which will mark the commit as done, even if files are missing.
using already existing commitstate_is_partial function as fix
|
|/
|
|
|
|
|
|
|
|
| |
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.
Also, `ostree admin upgrade --stage` (should) become idempotent.
Closes: https://github.com/ostreedev/ostree/issues/2389
|
|\
| |
| | |
Add an API to verify a commit signature explicitly
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
|
|\ \
| | |
| | | |
checkout: Also ignore xattrs for union in bare-user-only mode
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Followup to PRs related to https://github.com/ostreedev/ostree/issues/2410
Since the test suite now covers this the test was failing on
a Fedora SELinux enabled host where we see `security.selinux`
even if not in the commit.
|
|\ \ \
| | | |
| | | | |
checkout: Save errno when re-throwing
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I was seeing an `EPERM` here which was confusing.
It turned out the real error was `EEXIST`.
Since we're referring to the original error, but we do a
lot of computation in the middle, we need to save errno.
|
|\ \ \
| |/ /
|/| | |
lib: Change read_commit_detached_metadata to be nullable
|
| |/
| |
| |
| | |
Hit this while working on some Rust code.
|
|/
|
|
|
|
|
|
|
|
| |
This fixes some aspects of OstreeRepoAutoTransaction and re-aligns
it with the logic in flatpak. Specifically:
* link to the underlying repo through refcounting
* bridge internal errors to warning messages
* verify the input pointer type
This is a preparation step before exposing this logic as a public API.
|
| |
|
|
|
|
|
| |
This detects bare-user-only mode and automatically enables a
commit modifier with relevant flags.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.
Changes were done with:
```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
dst=${src/list-gpg-keys/gpg-list-keys}
git mv "$src" "$dst"
done
```
|
|
|
|
|
| |
This fixes the logic to detect whether xattrs should be automatically
ignored when diffing.
|
|\
| |
| | |
lib/commit: autofix permissions for bare-user-only
|
| |
| |
| |
| |
| | |
This tweaks commit logic to detect bare-user-only repositories and
canonicalize permissions automatically.
|
|\ \
| |/
|/| |
Remote GPG key info
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
If the key UID contains a valid email address, include the GPG WKD
update URLs in GVariant returned by ostree_repo_remote_get_gpg_keys().
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Calculate the advanced and direct update URLs for the key discovery
portion[1] of the OpenPGP Web Key Directory specification, and include
the URLs in the key listing in ostree_repo_remote_get_gpg_keys(). These
URLs can be used to locate updated GPG keys for the remote.
1. https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service#section-3.1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be used to implement the PGP Web Key Directory (WKD) URL
generation. This is a slightly cleaned up implementation[1] taken from
the zbase32 author's original implementation[2]. It provides a single
zbase32_encode API to convert a set of bytes to the zbase32 encoding.
I believe this should be acceptable for inclusion in ostree. The license
in the source files is BSD style while the original repo LICENSE file
claims the Creative Commons CC0 1.0 Universal license, which is public
domain.
1. https://github.com/dbnicholson/libbase32/tree/for-ostree
2. https://github.com/zooko/libbase32
|
| |
| |
| |
| |
| |
| |
| |
| | |
This provides a wrapper for the `ostree_repo_remote_get_gpg_keys`
function to show the GPG keys associated with a remote. This is
particularly useful for validating that GPG key updates have been
applied. Tests are added, which checks the
`ostree_repo_remote_get_gpg_keys` API by extension.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This function enumerates the trusted GPG keys for a remote and returns
an array of `GVariant`s describing them. This is useful to see which
keys are collected by ostree for a particular remote. The same
information can be gathered with `gpg`. However, since ostree allows
multiple keyring locations, that's only really useful if you have
knowledge of how ostree collects GPG keyrings.
The format of the variants is documented in
`OSTREE_GPG_KEY_GVARIANT_FORMAT`. This format is primarily a copy of
selected fields within `gpgme_key_t` and its subtypes. The fields are
placed within vardicts rather than using a more efficient tuple of
concrete types. This will allow flexibility if more components of
`gpgme_key_t` are desired in the future.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the verifier decides whether to include the global keyrings
based on whether the specified remote has its own keyring or not. Allow
callers to exclude the global keyrings even when that's not the case.
This will be used in a subsequent commit in order to get the GPG keys
only associated with a remote.
|
| |
| |
| |
| |
| |
| |
| | |
In order to use the GPG verifier, it needs to be seeded with GPG keys
after instantation. Currently this is only used for verifying data, but
it will also be used for getting a list of trusted GPG keys in a
subsequent commit.
|
| |
| |
| |
| |
| | |
Currently the verifier only imports all the GPG keys when verifying
data, but it would also be useful for inspecting the trusted keys.
|
| |
| |
| |
| |
| | |
This automatically enables canonical permissions for checkouts in
bare-user-only mode.
|
| |
| |
| |
| |
| |
| | |
This adds a new `OSTREE_CHECKSUM_FLAGS_CANONICAL_PERMISSIONS`
checksumming flag, which is needed in bare-user-only mode
to ignore local IDs.
|
|\ \
| | |
| | | |
builtins/commit: move commit modifier to auto-cleanup
|
| | |
| | |
| | |
| | |
| | | |
This reduces the usage of goto cleanup logic by porting the commit
modifier pointer to autoptr.
|
|/ /
| |
| |
| |
| |
| | |
This explicitly checks for commit command options asking for both
non-zero UID/GID and canonical permissions at the same time,
which are incompatible.
|
| |
| |
| |
| | |
Reported-by: Seth Arnold <seth.arnold@canonical.com>
|
| |
| |
| |
| | |
Reported-by: Seth Arnold <seth.arnold@canonical.com>
|