| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In fixing https://github.com/coreos/rpm-ostree/pull/3323
I felt that it was a bit ugly we're installing `/usr/bin/ostree-container`.
It's kind of an implementation detail. We want users to use
`ostree container`.
Let's support values outside of $PATH too.
For example, this also ensures that TAB completion for `ost` expands
to `ostree ` with a space.
|
|
|
|
|
| |
This adds proper return-value checks on g_setenv calls.
It fixes a static analysis warning highlighted by Coverity.
|
|
|
|
|
|
|
|
| |
Basically due to the glib structured logging rework we lost the
`noreturn` attribute on `g_error()`.
This is fixed in glib as of https://gitlab.gnome.org/GNOME/glib/-/commit/f97ff20adf4eb7b952dd83e2c13046fe9e282f50
But we might as well just throw an error here.
|
|
|
|
|
|
| |
This updates the test logic for CLI extensions, actually checking
for functional output from the subcommand.
It also cleans up some environmental leftover.
|
|
|
|
|
|
|
|
|
|
| |
This adds some logic to detect and dispatch unknown subcommands to
extensions available in `$PATH`. Additional commands can be
implemented by adding relevant `ostree-$verb` binaries to the system.
As an example, if a `/usr/bin/ostree-extcommand` extension is provided,
the execution of `ostree extcommand --help` will be dispatched to that
as `ostree-extcommand extcommand --help`.
|
|
|
|
|
| |
This adds a couple of string assertions to make sure that
the test run is sane.
|
| |
|
|
|
|
|
| |
This fixes a few warnings from coverity, none of which really
interesting.
|
|
|
|
|
|
|
|
| |
This reworks the var-mount destructive test in order to properly use
the datadir for the current stateroot instead of a duplicated one.
In turn, it ensures that the resulting `var.mount` after reboot is
correctly pointing to the same location which hosted `/var` on the
previous boot.
|
|
|
|
| |
To pacify gcc's `-fanalyzer`.
|
|\
| |
| | |
test-commit-sign.sh: Skip a unit test when running as an installed-test
|
| |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1945274 is an issue where a privileged
kubernetes daemonset is writing a socket into `/etc`. This makes ostree upgrades barf.
Now, they should clearly move it to `/run`. However, one option is for us to
just ignore it instead of erroring out. Some brief investigation shows that
e.g. `git add somesocket` is a silent no-op, which is an argument in favor of ignoring it.
Closes: https://github.com/ostreedev/ostree/issues/2446
|
|\ |
|
| |
| |
| |
| |
| | |
This updates to the modern glib 0.14 and paves the way for
some reverse dependency testing by using ostree-ext's code.
|
|/
|
|
|
|
|
|
|
|
|
|
| |
The logic for `--selinux-policy` ended up in the `--tree=dir`
path, but there's no reason for that. Fix the imported
labeling with `--tree=tar`. Prep for use with containers.
We had this bug because the previous logic was trying to avoid
duplicating the code for generic `--selinux-policy` and
the case of `--selinux-policy-from-base --tree=dir`.
It's a bit more code, but it's cleaner if we dis-entangle them.
|
|
|
|
|
|
|
|
|
|
|
| |
Having to touch a global test counter when adding tests is
a recipe for conflicts between PRs.
The TAP protocol allows *ending* with the expected number of
tests, so the best way to do this is to have an explicit
API like our `tap_ok` which bumps a counter, then end with `tap_end`.
I ported one test as a demo.
|
|
|
|
|
| |
We do this in other places; avoids touching two numbers when
adding tests. Let computers do the addition.
|
| |
|
|\
| |
| | |
Add support for "custom remotes"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be helpful for the "ostree native container" work in
https://github.com/ostreedev/ostree-rs-ext/
Basically in order to reuse GPG/signapi verification, we need
to support adding a remote, even though it can't be used via
`ostree pull`. (At least, not until we merge ostree-rs-ext into ostree, but
even then I think the principle stands)
|
|/
|
|
|
|
|
|
|
|
| |
We're waaay overdue for this, it's been the default
in rpm-ostree for years, and solves several important bugs
around not capturing `/etc` while things are running.
Also, `ostree admin upgrade --stage` (should) become idempotent.
Closes: https://github.com/ostreedev/ostree/issues/2389
|
|
|
|
|
|
| |
There are some existing issues around fsck in unprivileged bare mode,
so this test does not really work at the moment. Leaving it as a FIXME
for the moment.
|
|
|
|
|
| |
This avoids possible issues when trying to chmod, tweaking
permissions instead.
|
|
|
|
|
|
|
|
|
| |
It cannot work to use `--no-xattrs` when SELinux is enabled
because we get a `security.selinux` attribute on created files
regardless. So just skip this test if true.
Also add some `ostree fsck`s in here which helped me debug
this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a bunch of APIs to do GPG verification of a commit,
but that doesn't generalize to signapi. Further, they
require the caller to check the signature status explicitly
which seems like a trap.
This much higher level API works with both GPG and signapi.
The intention is to use this in things that are doing "external
pulls" like the ostree-ext tar import support. There we will
get the commitmeta from the tarball and we want to verify it
at the same time we import the commit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As pointed out in the original review, `gpg-list-keys` fits better
alongside the existing `gpg-import`.
Changes were done with:
```
git grep -l list-gpg-keys | xargs sed -i 's/list-gpg-keys/gpg-list-keys/'
for src in $(git ls-files '*list-gpg-keys*'); do
dst=${src/list-gpg-keys/gpg-list-keys}
git mv "$src" "$dst"
done
```
|
|\
| |
| | |
lib/commit: autofix permissions for bare-user-only
|
| |
| |
| |
| |
| | |
This tweaks commit logic to detect bare-user-only repositories and
canonicalize permissions automatically.
|
|\ \
| |/
|/| |
Remote GPG key info
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This provides a wrapper for the `ostree_repo_remote_get_gpg_keys`
function to show the GPG keys associated with a remote. This is
particularly useful for validating that GPG key updates have been
applied. Tests are added, which checks the
`ostree_repo_remote_get_gpg_keys` API by extension.
|
| |
| |
| |
| |
| | |
This automatically enables canonical permissions for checkouts in
bare-user-only mode.
|
| |
| |
| |
| |
| |
| | |
This explicitly checks for commit command options asking for both
non-zero UID/GID and canonical permissions at the same time,
which are incompatible.
|
| |
| |
| |
| |
| |
| |
| | |
We need to check all signatures for one which passes, not just fail on
the first one.
Reported-by: Seth Arnold <seth.arnold@canonical.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Some distributions set this during build in order to have reproducible
builds from the same source code: for example, Debian uses the date
from debian/changelog.
However, some of our tests assume that `ostree commit` will result in
a commit with the current date/time, and SOURCE_DATE_EPOCH breaks that
assumption. Unset it for our build-time tests.
Resolves: https://github.com/ostreedev/ostree/issues/2405
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This tweaks `ostree_repo_write_commit` so that it checks for the
envinroment variable `SOURCE_DATE_EPOCH` as a way to override
the current time, which is used as the commit timestamp.
Ref: https://reproducible-builds.org/docs/source-date-epoch/
Ref: https://reproducible-builds.org/specs/source-date-epoch/
|
|
|
|
|
|
|
| |
Since #2377 was merged, this is in libtest-core.sh, which is sourced by
libtest.sh.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|\
| |
| | |
libtest-core: Add some improvements from bubblewrap
|
| |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
| |
| |
| | |
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
If we fail as a result of `set -x`, It's often not completely obvious
which command failed or how. Use a trap on ERR to show the command that
failed, and its exit status.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |
| |
| |
| |
| |
| | |
[Originally from bubblewrap commits c5c999a7 "tests: test --userns"
and 3e5fe1bf "tests: Better error message if assert_files_equal fails";
separated into this commit by Simon McVittie.]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We struggled for a long time with enablement of our "internal units",
trying to follow the philosophy that units should only be enabled
by explicit preset.
See https://bugzilla.redhat.com/show_bug.cgi?id=1451458
and https://github.com/coreos/rpm-ostree/pull/1482
etc.
And I just saw chat (RH internal on a proprietary system sadly) where
someone hit `ostree-remount.service` not being enabled in CentOS8.
Thinking about this more, I realized we've shipped a systemd generator
for a long time and while its only role until now was to generate `var.mount`,
but by using it to force on our internal units, we don't require
people to deal with presets anymore.
Basically we're inverting things so that "if ostree= is on the kernel
cmdline, then enable our units" and not "enable our units, but have
them use ConditionKernelCmdline=ostree to skip".
Drop the weird gyrations we were doing around `ostree-finalize-staged.path`
too; forking `systemctl start` is just asking for bugs.
So after this, hopefully we won't ever again have to think about
distribution presets and our units.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will be ignored, so let's make it very clear
people are doing something wrong. Motivated by a bug
in a build pipeline that injected `/var/lib/rpm` into an ostree
commit which ended up crashing rpm-ostree because it was an empty db
which it wasn't expecting.
It *also* turns out rpm-ostree is incorrectly dumping content in the
deployment `/var` today, which is another bug.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The semantics of multiple process locking are covered by
test-concurrency.py, but the semantics of the repository locking from a
single process aren't handled there.
This checks how the repository locking is handled from a single thread
with one OstreeRepo, a single thread with multiple OstreeRepos, and
multiple threads sharing an OstreeRepo.
|