dgit.raspbian.org Git - ostree.git/log

lib/repo: Support hardlink conversions from bare-user to bu-only

Thinking about the problem of flatpak converting from `bare-user` to `bare-user-only`
"in place" by creating a new repo and doing a `pull-local`, I realized
that we can optimize this process by doing hardlinks for both metadata
and regular files. The repo formats are *almost* compatible, the
exception being symlinks.

An earlier patch caused us to do hardlinks for metadata, this patch takes things
to the next step and special cases this specific conversion. In this case we
need to parse the source object to determine whether or not it's a symlink.

Closes: #922
Approved by: alexlarsson

lib/repo: Import metadata via hardlink even for distinct repo modes

Our previous logic for import-via-hardlink only tried if the repo modes match,
but we *can* hardlink metadata between e.g. `archive` and `bare-user` repos, and
that's quite useful thing to do. Our documentation encourages converting to/from
those repo modes locally for build systems.

Closes: #922
Approved by: alexlarsson

lib/repo: Skip import via hardlink if repo owners don't match

Before this, if one had repos of matching mode but different owners,
which could happen if one e.g. makes a `bare` non-root repo in
`/ostree/deploy/$stateroot/var/tmp`, every time we tried to call `linkat()`
we'd get `EPERM` and fall back to a copy.

Fix this by saving the repo owner uid, and avoid trying to call `linkat()` if we
know it's going to fail. Of course most commonly in this scenario we'll
immediately fail trying to `chown` the files to `0`, but this is prep for a
future patch to improve `bare-user` → `bare-user-only` imports where we'll be a
bit more sophisticated.

Closes: #922
Approved by: alexlarsson

lib/pull: Fix construction of a refspec to use the correct separator

This code looks like it was supposed to build a refspec, but it used a
slash as a separator rather than a colon. The following code does
recover by supporting prefix matching with slashes, but it seems like
this was perhaps not the intention.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #912
Approved by: cgwalters

lib/repo: Always look in staging directory for objects

Its often the case that we want to look at objects inside a commit,
before the objects the transaction is finished. For instance:
https://github.com/flatpak/flatpak/pull/837
Which tries to verify the file permissions before committing the
transaction.

And:
https://github.com/flatpak/flatpak/commit/1e5ffa926a25acb655af7889b679b140bf44870b
Which collects the storage size of the objects so that we can
put the total download size in the commit metadata.

I tried to find all the places where we did reads from the
object directories, and in particular this fixes:

- `ostree_repo_load_file()` for `bare` repos (`archive` was already working).
- `ostree_repo_query_object_storage_size()`
- Applying deltas that reference not-yet-commited objects

Closes: #916
Approved by: cgwalters

lib/repo: Refactor object copy import function

This came up in: https://github.com/ostreedev/ostree/pull/881

Basically doing streaming for metadata is dumb. Split up the metadata/content
paths so we pass metadata around as `GVariant`. This drops the last internal
caller of `ostree_repo_write_metadata_stream_trusted()` which was the dumb
function mentioned.

Closes: #923
Approved by: jlebon

lib/checkout: Ignore world-writable dirs for bare-user-only checkout

See https://github.com/ostreedev/ostree/pull/909 for more information on the
rationale. Basically there's no reason for flatpak (which uses `bare-user-only`)
to have world-writable dirs. Particularly with the presence of the system
helper.

An approach I considered instead was to parse and validate directory metadata
objects at commit time. We still may do that in addition; for file objects we *had*
to do it that way because the actual files would be laid down suid. But directories
live only as inert `.dirmeta` objects until we do a checkout (i.e. `mkdir()`), so
we can solve the problem at checkout time.

Closes: #914
Approved by: alexlarsson

lib/commit: Drop some conditionals/clarify code in content path

Both callers of `commit_loose_object_trusted()` were passing
`OSTREE_OBJECT_TYPE_FILE`, so drop that parameter. This in turn
allows us to drop lots of checking of that inside the function.

Add a doc comment, and rename to `commit_loose_content_object()` for clarity.

Closes: #914
Approved by: alexlarsson

lib/commit: Port final object writing function to new code style

I noticed my previous patches incorrectly started doing `return glnx_throw*`
inside a `goto out;` function. Fix this by porting forward consistently to new
style. We just do the error prefixing in the caller.

Closes: #914
Approved by: alexlarsson

repo: Fix leak of superblock fds when generating summary

Related: https://github.com/ostreedev/ostree/issues/920

Closes: #921
Approved by: alexlarsson

ci: Add CentOS 7 build

For similar reasons as https://github.com/projectatomic/rpm-ostree/pull/824

Closes: #919
Approved by: jlebon

ci: Update to match current rpm-ostree

This copies the `ci/` directory from rpm-ostree, with much the same rationale;
among other things we don't want to depend on the Docker hub.

The specific reason I'm doing this is that I want to add a CentOS7 build, but
that means we can't use `projectatomic/ostree-tester`, and at that point we
might as well unwind it all.

Closes: #917
Approved by: jlebon

repo: After renaming in all loose objects, ensure metadata is stable

When a transaction is finished and we have moved all the staged loose
objects into the repo we fsync all the object directory, to ensure the
filenames are stable before we update the refs files to point to the
new commits.

With out this an unclean shutdown after the transaction is finished
could result in a refs file that points to an incomplete commit.

https://bugzilla.gnome.org/show_bug.cgi?id=759442

Closes: #918
Approved by: cgwalters

repo/commit: Support group-writable files for bare-user-only

These exist in the wild for flatpak, and aren't really a problem. The canonical
permissions are still either `0755` or `0644`, we just support the additional
writable bit for the group (i.e. extend the set to include `0775` and `0664`)
now to avoid breaking some flatpak content.

Closes: #913
Approved by: alexlarsson

tests: Add a test for bare-user-only failing to commit suid content

We didn't have coverage of this before, and adding the test infrastructure will
help ensure we have coverage for more changes here.

Closes: #913
Approved by: alexlarsson

lib/repo: For bare-user, mask content object modes with 0775

Having every object in a bare-user repo (and checkouts) be executable
is ugly. I can't think of a good reason to do that; they should only
be executable if their input is. This does
for `bare-user` what we did for `bare-user-only` in
https://github.com/ostreedev/ostree/pull/909
It's also a stronger version of what we do with `checkout -U` in suppressing
suid - here we also strip world-writable files and the sticky bit (even though
that's meaningless today, it might not be in the future).

Closes: https://github.com/ostreedev/ostree/issues/907
Closes: #908
Approved by: alexlarsson

lib/repofile: Follow symlinks for `g_file_read()`

This avoids `ostree cat /path/to/symlink` crashing, a longstanding embarassing
issue.

Closes: #915
Approved by: jlebon

lib/repofile: Port mostly to new code style

Prep for a bugfix.

Closes: #915
Approved by: jlebon

builtins/cat: Port to new code style

Definitely better. Prep for another fix.

Closes: #915
Approved by: jlebon

lib/fetcher: Add cleanup function for OstreeFetcher

This is only used internally (the header is not public), so it doesn’t
have to go in ostree-autocleanups.h. It will be used in some following
commits.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

lib/repo: Omit deltas from the summary file if there are none

If there are no deltas to be listed in the summary file, don’t bother
including the key for them in the additional metadata section of the
file. This saves a few bytes in some cases.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

ostree/dump: Improve formatting for well-known commit metadata keys

This follows on from commit a946c3d4, which added formatting for
well-known summary metadata keys. This commit adds it for commits.

Currently, the only well-known commit metadata key is
ostree.commit.timestamp. Formatting this correctly is especially
important, since it’s a big-endian uint64, which is completely unusable
for mere mortals when presented as a number rather than a date.

Non-formatted output can still be retrieved using the OSTREE_DUMP_RAW
flag, and the non-formatted key name is always printed for clarity.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

lib/pull: Fix an over-indented block

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

lib/pull: Drop some trailing whitespace

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

lib/pull: Simplify a for-loop initialisation

It’s a bit neater to initialise the loop iterator and maximum in the
same place.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

lib/pull: Fix a typo in a documentation comment

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

lib/repo: Reindent some code in regenerate_summary() for clarity

This makes it a bit more easily separable from the rest of the code in
the function. No functional changes.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #911
Approved by: cgwalters

Canonicalize bare-user-only perms with 0755 mask

For the flatpak use case where bare-user-only was introduced, we actually
don't want to support s{u,g} id files in particular.

Actually, I can't think of a reason to have anything outside of the
`0755 i.e. (u=rwx,g=rx,o=rx)` mask, so that's what we do here.

This will have the effect of treating existing `bare-user-only` repositories as
corrupted if they have files outside of that mask, but I think we should do this
now; most of the flatpak users will still be on `bare-user`, and we haven't
changed the semantics of that mode yet.

Note that in this patch we will also *reject* file content that doesn't
match this. This is somewhat asymmetric, since we aren't similarly rejecting
e.g. directory metadata. But, this will close off the biggest source
of the problem for flatpak (setuid binaries).

See: https://github.com/ostreedev/ostree/pull/908
See: https://github.com/flatpak/flatpak/pull/837

Closes: #909
Approved by: alexlarsson

lib/repo: Don't copy xattrs when manipulating the GPG keyring

Copying xattrs when manipulating the GPG keyring for a repository
causes errors when the underlying filesystem doesn't support writing
xattrs - overlayfs is a common example. It also causes the selinux
attributes of the keyring files to be copied from the temporary
location instead of properly inherited from the destination directory
(ending up, for example, as unconfined_u:object_r:user_tmp_t:s0, rather
than unconfined_u:object_r:data_home_t:s0)

Closes: #910
Approved by: cgwalters

Don't install trivial-httpd man page if not enabled

I just noticed this scroll by in a file listing.

Closes: #905
Approved by: jlebon

basic-test.sh: explicitly check for uncompressed objects

It's not enough to check that the dir exists, since that's done by
default when we open the repo. We want to actually check that
uncompressed objects were cached (i.e. the opposite of the earlier error
path).

Closes: #903
Approved by: cgwalters

manual: document bare-user-only repo mode

Closes: #903
Approved by: cgwalters

checkout: also chmod in the user checkout case

When falling back to copying, we previously would only chmod checked out
files in the non-user-checkout mode. Fix this by always doing chmod.
The file_mode was being prepared but never actually applied.

Add a basic test in the archive-z2 --> usermode checkout case in which
we're guaranteed to always fall back to copy mode.

Closes: #633
Closes: #903
Approved by: cgwalters

checkout: don't apply SELinux labeling in user mode

If the user requested a user checkout, we don't want to set the SELinux
label xattr.

Closes: #903
Approved by: cgwalters

Remove the OSTREE_MAX_RECURSION limit on metadata depth

This was making it impossible to pull or mirror a large ostree repo, and
according to Colin is no longer necessary. It works fine with a test
against a repo with 2741 commit and 451468 objects in it.

Closes: #899
Closes: #904
Approved by: jlebon

Revert "Add a notion of "physical" sysroot, use for remote writing"

This reverts commit 1eff3e83436b6129c0dc350dbbda52ba330e3834. There
are a few issues with it. It's not a critical thing for now, so
let's ugly up the git history and revisit when we have time to
debug it and add more tests.

Besides the below issue, I noticed that the simple `ostree remote add`
now writes to `/ostree/repo/config` because we *aren't* using the
`--sysroot` argument.

Closes: https://github.com/ostreedev/ostree/issues/901
Closes: #902
Approved by: mike-nguyen

lib/sysroot: Document the NO_CLEAN flag

Closes: #900
Approved by: jlebon

lib/repo: Delete unused private prototypes

The implementations were removed in: 6ffcb24d227eae5a479caf45adb8037eceb6ae33
I noticed this while looking at the commit code.

Closes: #898
Approved by: jlebon

repo/commit: Split up metadata/content commit paths

There was a lot of conditionals inside `write_object()` differentating
between metadata/content, and then for content, on the different repo
types. Further, in the metadata path since the logic is simpler, can
present a non-streaming API, and further use `OtTmpfile`, etc.

Splitting them up helps drop a lot of conditionals. We introduce a small
`CleanupUnlinkat` that allows us to fully convert to the new code style in both
functions.

This itself is still prep for fully switching to `GLnxTmpfile`.

Closes: #881
Approved by: jlebon

repo/commit: Don't renormalize trusted metadata

As the comment in the code says; in the expected checksum case, the caller
really has to have a normal form already.

Closes: #881
Approved by: jlebon

repo/commit: In the expected checksum case, check existence early

If we have an expected checksum, call `fstatat(repo_dfd, checksum)`
early on before we do much else. This actually duplicates code,
but future work here is going to split up the metadata/content
commit paths, so they'll need to diverge anyways.

Closes: #881
Approved by: jlebon

repo/commit: Dedup content writing API implementation

Similar to metadata, for `write_content_trusted()` we can just
call `_write_content()` with a `NULL` output checksum.

Closes: #881
Approved by: jlebon

repo/commit: Dedup metadata writing API implementations

First, the streaming metadata API is pretty dumb, since metadata
should be small.  Really we should have supported a `GBytes`
version.  Currently, this API *is* used when we do local pulls,
so this commit has test coverage.  However, I plan to change
the object import to avoid using this.  But that's fine, since
I can't think of why someone would use this API.

Next, the only difference between `ostree_repo_write_metadata()` and
`ostree_repo_write_metadata_trusted()` is whether or not we pass
an output checksum; so just dedup the implementations.

Also while I'm here break out the input length validation and do
it early in the streaming case.

Closes: #881
Approved by: jlebon

Add a notion of "physical" sysroot, use for remote writing

Using `${sysroot}` to mean the physical storage root: We don't want to write to
`${sysroot}/etc/ostree/remotes.d`, since nothing will read it, and really
`${sysroot}` should just have `/ostree` (ideally). Today the Anaconda rpmostree
code ends up writing there. Fix this by adding a notion of "physical" sysroot.
We determine whether the path is physical by checking for `/sysroot`, which
exists in deployment roots (and there shouldn't be a `${sysroot}/sysroot`).

In order to unit test this, I added a `--sysroot` argument to `remote add`.
However, doing this better would require reworking the command line parsing for
the `remote` argument to support specifying `--repo` or `--sysroot`, and I
didn't quite want to do that yet in this patch.

Closes: https://github.com/ostreedev/ostree/issues/892
Closes: #896
Approved by: jlebon

lib/util: Some style conversion

I saw a few instances of `glnx_set_error_from_errno() + return FALSE`,
and fixed them and did a bit of style conversion.

Closes: #895
Approved by: jlebon

cmd: Use autoptr for GKeyFile

Prep for code style conversion.

Closes: #891
Approved by: jlebon

tree-wide: Add+run spatch to use glnx_throw()

I had to run a sed job to add whitespace after, but otherwise this was easy.

Closes: #890
Approved by: jlebon

lib/sysroot: Add non-failable ostree_sysroot_repo()

Having a failable accessor is annoying, since it's really common
to reference both. Instead, open the repo once when we load
the sysroot, and provide a non-failable accessor.

This is also prep for `ostree_repo_open_at()`, which collapses the separation
between `ostree_repo_new()` and `ostree_repo_open()`.

Closes: #886
Approved by: jlebon

lib: Add an "is_system" member to OstreeRepo

This is prep for introducing a fd-relative `ostree_repo_new_at()`.
Previously, `ostree_repo_is_system()` compared `GFile` paths, but
there's a much simpler check we can do first - if this repository
was created via `OstreeSysroot`, it must be a system repo.

Closes: #886
Approved by: jlebon

lib/fsutil: Port to new code style

Pretty trivial.

Closes: #889
Approved by: jlebon

lib/fsutil: Delete unused GFile ioctl method

All the deployment code uses fds.

Closes: #889
Approved by: jlebon

pull-test: Add some 404 tests

See: https://github.com/flatpak/flatpak/issues/816

Closes: #887
Approved by: jlebon

PAPR: migrate to the new name

The redhat-ci service has been renamed to PAPR. Previous values are
still supported though should be considered deprecated.

Closes: #885
Approved by: cgwalters

tests: Add some C tests for object writing

Prep for https://github.com/ostreedev/ostree/pull/881

Closes: #884
Approved by: jlebon

lib/deploy: Port config merge logic to new code style

This is a de-scoping of work I did in preparation for
rpm-ostree [live updates](https://github.com/projectatomic/rpm-ostree/pull/652).
Originally I was going to expose this as a public API.

However, I decided to do things differently, but the cleanup here for new code
style and fd-relative is nice to have anyways.

We rework things to use `OstreeDeployment*`, which the caller is expected to
already have, rather than `GFile*`s pointing to the config directories.

Closes: #741
Approved by: jlebon

fetcher: Send Accept-Encoding: gzip when downloading summary

The summary file can get large, but it compresses well (something
which is not true of other files in the ostree repo which are
already compressed). By sending Accept-Encoding: gzip (and
handling the compressed results) we send a lot less data.

I set up the flathub repo (http://flathub.org/repo) to enable
gzip for the summary file (only), and the result is that the
331514 byte large summary was transferred in 122889 bytes.
On my (fast) network this decreased the time i took to do
"flatpak remote-ls flathub" by about 100msec.

This fixes https://github.com/ostreedev/ostree/issues/802

Closes: #882
Approved by: cgwalters

build: Use AM_TESTS_ENVIRONMENT rather than TESTS_ENVIRONMENT

TESTS_ENVIRONMENT is reserved for the user to be able to set when
running the tests. AM_TESTS_ENVIRONMENT is for the tests’ Makefile to
set itself.

https://www.gnu.org/software/automake/manual/html_node/Scripts_002dbased-Testsuites.html

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #880
Approved by: cgwalters

Add stub for new libglnx tmpfile API, port simpler callers to it

It's hard right now to do a full port to the new libglnx tmpfile
API since there are complex cases in the commit path which deal
with symlinks as well.

Let's make things more gradual by introducing the important part (struct with
autocleanup) here in libotutil, port what we can. This will make a future
complete port easier.

Closes: #871
Approved by: jlebon

bin/cookies: Delete dead tmpfile code in cookie list command

This was a copy-paste-o.

Closes: #871
Approved by: jlebon

Allow commits to mark refs as EOL, replaced by others

A commit can now include a "ostree.endoflife-rebase" metadata key
pointing to a new ref.

When updating, the sysroot upgrader will see this and proceed to
pull and deploy the new ref instead. The origin file in the new
deployment will point to the new ref.

This functionality is planned to be used in Endless OS. We will create
a lesser tested branch for brand new, cutting edge hardware support,
and ship that on hardware platforms that require the latest drivers.
However, once our slower-moving official release is later updated to
support the new hardware, we will use this functionality to migrate
those bleeding-edge users over to the official release.

Closes: #874
Approved by: cgwalters

libtest: allow committing to alternative branches

This will be used by the upcoming test-admin-upgrade-endoflife.sh

Closes: #874
Approved by: cgwalters

tests/libtest-core: Copy rpm-ostree changes, clean up

I want to keep this a "pure copy-able" file into various projects
like rpm-ostree, bwrap, and flatpak. Pull in changes from rpm-ostree
to prep for that.

While we have the patient open, dedup the code for file matching a bit.

Closes: #877
Approved by: jlebon

ci: Add unit case for --enable-experimental-api

We're starting to get a lot of contexts, and this is likely going to drive some
requirements for consolidation and improvements like not testing *every* context
on every PR, etc.

But for now since experimental is new, and under development, let's test it.

Closes: #875
Approved by: cgwalters

tests/test-symbols.sh: Fix with --enable-experimental-api

We missed a `--no-filename` for grep with the documentation.

Closes: #875
Approved by: cgwalters

lib/remote: Fix compilation with --enable-experimental-api

The whole ostree-remote.h file is only included in the public ostree.h
header if OSTREE_ENABLE_EXPERIMENTAL_API is defined, so there’s no need
to change the set of methods defined in it according to whether we’re
compiling with experimental API.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #875
Approved by: cgwalters

lib/repo: Make ost_repo_remove_remote() available internally

Make it an internal, not static, API; like _ostree_repo_add_remote(). It
will be used in many the same situations.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #875
Approved by: cgwalters

lib/repo: Add return value to _ostree_repo_add_remote()

Return whether the remote already existed. This is an internal API, so
it’s not an API break. The return value will be useful in upcoming
commits for working out whether to later remove a remote again.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #875
Approved by: cgwalters

lib/remote: Add arguments to internal OstreeRemote constructor

Add a name argument to the internal OstreeRemote constructor,
since this member (and several derived from it) is non-nullable,
and hence must always be set at construction time.

This changes the only call sites of the constructor to use the new API,
which is internal.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #875
Approved by: cgwalters

lib/remote: Add internal annotations to OstreeRemote

Just for internal documentation; g-ir-scanner doesn’t read or understand
them.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #875
Approved by: cgwalters

lib/remote: Add a getter for OstreeRemote.name

Now that we’ve got a public, sealed OstreeRemote structure, we can start
carefully exposing members of it as API.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #875
Approved by: cgwalters

pull: complete detached meta fetch before scanning

If somehow a repo has gpg verification on but doesn't have signatures
present for the existing commit, ostree would error out if it needs to
scan the commit object (e.g. if there are no updates available).

An instance of this is currently happening in Fedora AH, in which
signatures are not shipped in the ISO due to filesystem restrictions.
Another possible scenario is if a content provider switches from not
signing commits to signing them; even if older commits are retroactively
signed, clients' local commit objects would error out if they needed
scanning.

This patch adds a check to ensure that we always attempt to fetch the
detached metadata and wait for its result (whether it exists or not)
before moving on to scan their corresponding commit objects.

See also: https://github.com/projectatomic/rpm-ostree/issues/630

Closes: #873
Approved by: cgwalters

Release 2017.6

There's already a lot queued. In particular this brings some API
additions that rpm-ostree depends on.

Closes: #865
Approved by: jlebon

lib/pull: Port some functions to new code style

Porting a lot of this file would be hard since in many cases we do processing in
the `out:` section, so let's do what we can.

Closes: #870
Approved by: jlebon

switchroot/generator: Add var.mount to local-fs.target.requires

Unbreaks mounting in CentOS. Newer systemd in Fedora pulls didn't need this, I
think due to `RequiresMountsFor=`. Anyways, this is what the fstab generator
does, and it's clearly right ✓.

Closes: https://github.com/ostreedev/ostree/issues/867
Closes: #869
Approved by: jlebon

build: Use cd $(srcdir) instead of `git -C`

Since the version in CentOS is too old, and we get a spam of warnings, plus
things like detecting the git repo break.

Fixes: 50f73cbac35be97fd5895531e295d05dabaa8ed9
Closes: #868
Approved by: jlebon

lib/upgrader: Port to new code style

No surprises here. Prep for future work.

Closes: #864
Approved by: jlebon

lib: Add "open dfd iter handling noent" helper, port tree-wide

Follow up to a previous patch that addressed a double-close; I
realized we already had a helper for doing "open dfd iter, do nothing
if we get ENOENT". Raise it to libotuil, and port all consumers.

Closes: #863
Approved by: jlebon

tree-wide: Add a few missing O_CLOEXEC

I noticed an instance of this while working on https://github.com/ostreedev/ostree/pull/861
Which apparently I cargo-culted into the new system generator bits.
Let's break this out as a small concise change.

Closes: #866
Approved by: jlebon

Switch to using a systemd generator for /var

If one wants to set up a mount for `/var` in `/etc/fstab`, it
won't be mounted since `ostree-prepare-root` set up a bind mount for
`/var` to `/sysroot/ostree/$stateroot/var`, and systemd will take
the already extant mount over what's in `/etc/fstab`.

There are a few options to fix this, but what I settled on is parsing
`/etc/fstab` in a generator (exactly like `systemd-fstab-generator` does),
except here we look for an explicit mount for `/var`, and if one *isn't* found,
synthesize the default ostree mount to the stateroot. Another nice property is
that if an admin creates a `var.mount` unit in `/etc` for example, that will
also override our mount.

Note that today ostree doesn't hard depend on systemd, so this behavior only
kicks in if we're built with systemd *and* libmount support (for parsing
`/etc/fstab`). I didn't really test that case though.

Initially I started writing this as a "pure libc" program, but at one point
decided to use `libostree.so` to find the booted deployment. That didn't work
out because `/boot` wasn't necessarily mounted and hence we couldn't find the
bootloader config. A leftover artifact from this is that the generator code
calls into libostree via the "cmd private" infrastructure. But it's an easy way
to share code, and doesn't hurt.

Closes: #859
Approved by: jlebon

switchroot/remount: Check mount status before remounting, be verbose

By checking the mount status, we avoid remounting things if we don't
need to. And printing a single line per mount helps debugging when
things go wrong.

Closes: #859
Approved by: jlebon

switchroot/remount: Trim set of remounted filesystems

I really have no idea what I was thinking with that list of mount points. It
seems arbitrary. Sadly `git log` doesn't help, and there's no comments.

Basically, the only mounts we should care about are those that libostree
creates. Which are just `/sysroot` and `/var`. Systemd will handle the other
things like `/tmp`, it's not our job, and we shouldn't touch them.

Closes: #859
Approved by: jlebon

lib/repo: Fix double close()

Should probably change `_take_fd()` to take a pointer and set to `-1`
at some point.

Regression from 8d58ab1002cbc4a1ecafe3d1a80984f8a60f41e9

Closes: #862
Approved by: jlebon

lib/remote: Box OstreeRemote if experimental-api

To avoid an introspection warning. Otherwise, don't box it.

Closes: #858
Approved by: pwithnall

remount: Drop support for auto-tmpfs-on-var; use systemd.volatile=state

In current systemd, there is:
[systemd-volatile-root](https://www.freedesktop.org/software/systemd/man/systemd-volatile-root.service.html)
which was introduced by [this commit](https://github.com/systemd/systemd/commit/91214a37ef4eb8042d2598aa89bae52b410d11a7).

I'd like to make further changes to how we handle `/var`, and I don't
want to reason about the interaction of our "tmpfs var" with too many
other things.

The comment about having "all /var handling in one place" was always inaccurate
given that we rely on systemd for mounting. And in general, I don't want to
duplicate too many things systemd does - it does them well, documents them, etc.

As far as I know, it was basically just Owen who was using this for the GNOME
hardware testing effort, and I'm sure he could easily switch over to
`systemd.volatile=state`.

Closes: #856
Approved by: owtaylor

libglnx: bump and use new helper methods

Update submodule: libglnx

Closes: #857
Approved by: cgwalters

tests/ci-commitmessage-submodules.sh: fix for RHCI

Special-case when this script is run under RHCI, which will try to fetch
the merge commit if possible. Use RHCI_COMMIT instead to refer to the
actual PR/branch HEAD being evaluated.

Use realpath to workaround the developer's git dir being in a symbolic
link.

Closes: #857
Approved by: cgwalters

lib/checkout: Fix regression in subpath for regular files

This is what caused the merge of
https://github.com/projectatomic/rpm-ostree/pull/652
to blow up, since https://github.com/ostreedev/ostree/pull/848
landed right before we tried to merge it.

When I was writing that PR I remember having an uncertain feeling
since we were doing a `mkdirat` above, but at the time I thought
we'd have test suite coverage...turns out we didn't.

For backwards compatibility, we need to continue to do a `mkdirat` here of the
parent. However...I can't think of a reason anyone would *want* that behavior.
Hence, let's add a special trick - if the destination name is `.`, we skip
`mkdirat()`. That way rpm-ostree for example can open a dfd for `/etc` and avoid
the `mkdir`.

Fold the subpath tests into `test-basic.sh` since it's not worth a separate
file. Add a test case for checking out a file.

Closes: #854
Approved by: jlebon

tree-wide: Switch tabs ⭾ in various files over to spaces ␠

As $DEITY intended.

I was reading the `prepare-root.c` code and the indentation damage was
distracting. Squash tabs that have leaked into various places in the code. I
didn't yet touch the `src/libostree` bits as that has higher potential for
conflict.

Closes: #852
Approved by: jlebon

checkout: Plug a memleak of the state stringbuf

A struct without a cleanup macro is a struct likely to leak.

Closes: #850
Approved by: jlebon

lib/repo: Port more of GPG and summary functions to new code style

These ones were pretty easy, not sure why I didn't do them in an earlier pass.

Closes: #849
Approved by: jlebon

repo: Fix double close() in summary generation

Happened to notice this while doing a style port.

Closes: #849
Approved by: jlebon

lib/checkout: Optimize checkout by avoiding OstreeRepoFile recusion

Looking at `perf record ostree checkout`, some things stand out; e.g.:

```
+   27.63%     0.07%  ostree   libgio-2.0.so.0.5000.3      [.] g_file_enumerator_iterate
+   22.74%     0.28%  ostree   libostree-1.so.1.0.0        [.] ostree_repo_file_tree_query_child
+   13.74%     0.08%  ostree   libostree-1.so.1.0.0        [.] ot_variant_bsearch_str
```

The GIO abstractions are already fairly heavyweight, and `OstreeRepoFile` mallocs
a lot too.

Make things more efficient here by dropping the GIO bits for reading ostree data -
we just read from the variants directly and iterate over them.  The end result
here is that according to perf we go from ~40% of our time in the kernel to
~70%, and things like `g_file_enumerator_iterate()` drop entirely out of the
hot set.

Closes: #848
Approved by: jlebon

lib/checkout: Move special case for subpath of file to toplevel

Since we now have a cleaner separation of "toplevel checkout prep"
versus "recursive checkout", handle the special case of checking out
a single file at first rather than later.

Prep for future work in optimizing this function more.

Closes: #848
Approved by: jlebon

lib/prune: Complete porting to new code style

Only non-mechanical bit here was creating a local autoptr for a bit
where we'd previously done an unref for a struct member.

Closes: #847
Approved by: jlebon

checkout/commit: Use glnx_regfile_copy_bytes() if possible

Rather than `g_output_stream_splice()`, where the input is a regular
file.

See https://github.com/GNOME/libglnx/pull/44 for some more information.

I didn't try to measure the performance difference, but seeing the
read()/write() to/from userspace mixed in with the pointless `poll()` annoyed me
when reading strace.

As a bonus, we will again start using reflinks (if available) for `/etc`,
which is a regression from the https://github.com/ostreedev/ostree/pull/797
changes (which before used `glnx_file_copy_at()`).

Also, for the first time we'll use reflinks when doing commits from file-backed
content. This happens in `rpm-ostree compose tree` today for example.

Update submodule: libglnx

Closes: #817
Approved by: jlebon

sysroot: More porting to new code style

This isn't all of this file yet, just doing another chunk.

Closes: #845
Approved by: jlebon

diff: Port some to new code style

Continuing to chip away at this. Using `g_file_enumerator_iterate()`
here helps notably.

I started on the much bigger `ostree_diff_dirs_with_options()` but
it's a lot messier - for later.

Closes: #844
Approved by: jlebon

ci: Move travis scripts from tests/ → ci/

I think tests/ should be just that, ci/ is separate. Also rename
the files to include "travis" since that's what we use them
for right now.

Closes: #843
Approved by: jlebon

ci: More flatpak ci fixes

We need our `make install` to override the ostree RPM, so do it all in one txn.
This sort of thing is where a more rigorous model like rdgo/gcontinuous use
becomes better, but we'll hack it with shell for now.

Closes: #824
Approved by: jlebon

ci: Extend FAH rootfs for installed tests

These at the moment aren't in a container, and may need space. In the future
overlay2 will help here, we can more easily extend the rootfs.

Closes: #840
Approved by: jlebon