dgit.raspbian.org Git - ostree.git/log

lib/repo-finder-mount: Fix path to flatpak repo

OstreeRepoFinderMount checks mounts for a few well-known directories
such as "ostree/repo" and ".ostree/repo" to try to find remotes. One of
the hard-coded directories is "var/lib/flatpak" but that's the flatpak
directory, not the ostree repo used by flatpak, which is at
"var/lib/flatpak/repo". So this commit changes the path so the repo can
be found.

For recent versions of Endless, flatpak uses /ostree/repo as its
repository, so this commit won't make a difference there. But it may
help on other operating systems.

Closes: #1471
Approved by: cgwalters

bash-completion: Remove `admin` completions

The `admin` commandline should be considered a demo; I just added
the `pin` command *mostly* so we could use it for unit tests, although
I can imagine other people using it.

But maintaining completions is a lot of overhead right now, let's not
do it for `admin`.

The other command line options that operate on repos we will definitely maintain
since they're used in releng contexts.

Closes: #1468
Approved by: jlebon

sysroot: Add concept of deployment "pinning" 📌

Example user story: Jane rebases her OS to a new major version N, and wants to
keep around N-1 even after a few upgrades for a while so she can easily roll
back. I plan to add `rpm-ostree rebase --pin` to opt-in to this for example.

Builds on the new `libostree-transient` group to store pinning state there.

Closes: https://github.com/ostreedev/ostree/issues/1460
Closes: #1464
Approved by: jlebon

sysroot: Add API to clean up transient keys in origin files

The `origin/unlocked` and `origin/override-commit` keys are examples of state
that's really transient; we don't want to maintain them across upgrades. Right
now there are bits for this in both `ostree admin upgrade` as well as in
rpm-ostree.

This new API will slightly clean up both cases, but it's really prep for adding
a concept of deployment "pinning" that will live in the new
`libostree-transient` group.

Closes: #1464
Approved by: jlebon

sysroot: Bump mtime when writing an origin file

This ensures that e.g. `rpm-ostreed` will get notified of the changes.

Closes: #1464
Approved by: jlebon

Use Python 3 for tests

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1463
Approved by: cgwalters

tests/bootloader-entries-crosscheck: Use Python 3-friendly sorting

This is a little clearer than a strcmp()-style negative/zero/positive
return, and also works in Python 2.

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1457
Approved by: cgwalters

test-concurrency: Explicitly use floor division

Python 3 is pickier about this. Python 2.7 has Python 3-compatible
semantics for division when the division feature is imported from the
future.

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1457
Approved by: cgwalters

test-concurrency: Replace range with xrange

range in Python 3 does what xrange did in Python 2. This still works in
Python 2, it just uses a bit more memory.

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1457
Approved by: cgwalters

test-concurrency: Use Python 3 syntax for octal

This also works in Python 2.7, and is a little clearer.

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1457
Approved by: cgwalters

build-sys: Post-release version bump

Closes: #1455
Approved by: jlebon

Release 2018.2

There are enough fixes here, and there are some potentially larger patches
incoming like wmanley's checkout speedups and the payload link that will need
soak time in master.

Closes: #1455
Approved by: jlebon

fetcher: Drop max queue size assertion in libsoup/libcurl backends

Since f4d1334e19ce3ab2f8872b1e28da52044f559401 the primary pull code maintains a
maximum queue. In that commit message I said `Note that I kept an assertion.`.
But I think this is wrong since while it covers a lot of the normal cases, if
one is e.g. trying to fetch a ton of refs, the primary pull code doesn't yet
queue those. While it'd be nice to queue those, it isn't worth carrying
extra assertions in the backends that can still trigger.

Closes: https://github.com/ostreedev/ostree/issues/1451
Closes: #1453
Approved by: dbnicholson

Fix static-compiler when CC includes args

Ensure arguments are quoted so that if you include args in CC that
they're handled as a whole.

Closes: #1454
Approved by: cgwalters

core: Add API (and standard concept for) content checksum

There are a few cases for knowing whether a commit has identical
content to another commit. Some people want to do a "promotion workflow",
where the content of a commit on a tesitng branch is then "promoted"
to a production branch with `ostree commit --tree=ref`.

Another use case I just hit in rpm-ostree deals with
[jigdo](https://github.com/projectatomic/rpm-ostree/issues/1081) where we're
importing RPMs on both the client and server, and will be using the
content checksum, since the client/server cases inject different metadata
into the commit object.

Closes: https://github.com/ostreedev/ostree/issues/1315
Closes: #1449
Approved by: jlebon

lib/pull: Properly remove temporary remotes

For P2P pulls ostree adds temporary remotes and removes them in
find_remotes_cb(). However, if an OstreeRepoFinderResult gets freed
during the course of that function, the OstreeRemote in the result is
freed but a pointer to it remains in the remotes_to_remove array. This
means that when _ostree_repo_remove_remote() gets called on it at the
end of the function it will fail. In my case the resulting error was
"OSTree-CRITICAL **: _ostree_repo_remove_remote: assertion 'remote->name
!= NULL' failed" but I think it could also seg fault.

This commit adds a reference to the remote so it can be properly removed
when we're finished with it.

Closes: #1450
Approved by: giuseppe

repo: Create uncompressed-object-cache dir dynamically

Having the `uncompressed-object-cache` directory in `archive` repos by default
is clutter; the functionality should be considered deprecated.

Now we only create the directory if we're doing a checkout with the cache
enabled.

Closes: #1446
Approved by: jlebon

lib/checkout: add filter API to skip over files

This is analogous to the filtering support for the commit API: we allow
library users to skip over checking out specific files. This is useful
in some tricky situations where we *know* that the files to be checked
out will conflict with existing files in subtle ways.

One such example is in rpm-ostree support for multilib. There, we want
to allow checking out a package onto an existing tree, but skipping over
files that are not coloured to our preferred value (e.g. not overwriting
an i686 version of `ldconfig` if we already have the `x86_64` version).
See https://github.com/projectatomic/rpm-ostree/pull/1227 for details.

Closes: #1441
Approved by: cgwalters

switchroot: Fix split source/build directory

If you have split source and build directories, then building
static ostree-prepare-root fails to find the source files.

https://github.com/ostreedev/ostree/issues/1429

Closes: #1445
Approved by: cgwalters

docs: Dual license under CC BY-SA and the GFDL

This will allow the text to be used in Wikipedia for example; it
also just makes more sense for documentation than the LGPLv2+.

Closes: #1431
Closes: #1432
Approved by: jlebon

bin/checkout: add --selinux-policy switch

This was already supported by the underlying API. Expose it so that we
can test it.

Closes: #1442
Approved by: cgwalters

tests/installed: support TESTS filter

Lifted from rpm-ostree. Makes iterating on a single test much faster.
Example use:

TESTS=label-selinux ./ostree/tests/installed/run.sh

Closes: #1442
Approved by: cgwalters

libotutil: factor out utility to parse file by line

This will be used in the checkout CLI as well.

Closes: #1442
Approved by: cgwalters

deploy: SELinux-relabel installed kernel/initramfs data

When we changed around the kernel location in rpm-ostree, we
started installing the kernel into `/boot` as `modules_object_t`,
and the current policy didn't permit that. For maximum compatibility,
relabel installed kernel/initramfs/dtb as `boot_t`.

https://bugzilla.redhat.com/show_bug.cgi?id=1536991

Closes: #1444
Approved by: jlebon

Add SPDX-License-Identifier to source files

SPDX License List is a list of (common) open source
licenses that can be referred to by a “short identifier”.
It has several advantages compared to the common "license header texts"
usually found in source files.

Some of the advantages:
* It is precise; there is no ambiguity due to variations in license header
  text
* It is language neutral
* It is easy to machine process
* It is concise
* It is simple and can be used without much cost in interpreted
  environments like java Script, etc.
* An SPDX license identifier is immutable.
* It provides simple guidance for developers who want to make sure the
  license for their code is respected

See http://spdx.org for further reading.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Closes: #1439
Approved by: cgwalters

switchroot: Ensure /sysroot is set to "private" propagation

Downstream BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1498281

This came up as a problem with `oci-umount` which was trying to ensure some host
mounts like `/var/lib/containers` don't leak into privileged containers. But
since our `/sysroot` mount wasn't private we also got a copy there.

We should have done this from the very start - it makes `findmnt` way, way less
ugly and is just the obviously right thing to do, will possibly create world
peace etc.

Closes: #1438
Approved by: rhvgoyal

lib/core: Expand documentation for ostree_parse_refspec()

The old documentation had outdated and incomplete annotations, and
didn’t make it very clear that out_remote could legitimately return
NULL.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1437
Approved by: cgwalters

ci: Bump flatpak version (and build to f27)

Just keeping this updated.

Closes: #1400
Approved by: jlebon

lib/pull: Allow specific commits in P2P updates

Currently users of the find_remotes_async()/pull_from_remotes_async()
functions have no way to specify a commit hash to use instead of the
latest one available. This commit implements an "override-commit-ids"
option analogous to the one used by ostree_repo_pull_with_options().
It's accomplished by returning OstreeRepoFinderResult objects pointing
to the given commit checksum(s) regardless of which ones were available
from the remotes, but in the future this implementation could be
improved to take into account the commits advertised by the remotes.

One effect of this is that flatpak will have the ability to downgrade
apps that use collection IDs
(https://github.com/flatpak/flatpak/issues/1309).

Closes: #1425
Approved by: pwithnall

bin/delta: Fix compilation with relative subdirs --filename

Currently we were parsing `opt_filename` twice...I dug through
the history a bit and it looks like it may have been an accident
from refactoring.

What we're fixing here concretely is that using relative subdirectories
like `--filename somesubdir/foo` broke because we were incorrectly
passing the `somesubdir/` again.

Closes: #1423
Closes: #1427
Approved by: jlebon

ci: Run a subset ⊂ of rpm-ostree's tests

This is a quick hack to get us more than unit testing, albeit indirectly.

See: https://github.com/projectatomic/rpm-ostree/issues/662

Closes: #771
Approved by: jlebon

ci/papr: Update most contexts to f27

Many of them actually already *were* because they
were inherting.

An exception is flatpak which is being worked on in
https://github.com/ostreedev/ostree/pull/1400

Closes: #1426
Approved by: jlebon

lib/pull: Port a few functions to new style

Prep for further work here. This diff is a bit noisy for the delta bits because
the identation was off originally as well.

Closes: #1424
Approved by: jlebon

Add support for devicetree files alongside the kernel and initramfs

Much like the (optional) initramfs at
`/usr/lib/ostree-boot/initramfs-<SHA256>` or
`/usr/lib/modules/$kver/initramfs` you can now optionally include a
flattened devicetree (.dtb) file alongside the kernel at
`/usr/lib/ostree-boot/devicetree-<SHA256>` or
`/usr/lib/modules/$kver/devicetree`.

This is useful for embedded ARM systems which need the devicetree file
loaded by the bootloader for the kernel to discover and initialise
hardware.  See https://en.wikipedia.org/wiki/Device_tree for more
information.

This patch was mostly produced by copy-pasting code for initramfs handling
and renaming `s/initramfs/devicetree/g`.  It's not beautiful, but it is
fairly straightforward.

It may be useful to extend device-tree support in a number ways in the
future.  Device trees dependant on many details of the hardware they
support.  This makes them unlike kernels, which may support many different
hardware variants as long as the instruction-set matches.  This means that
a ostree tree created with a device-tree in this manner will only boot on
a single model of hardware.  This is sufficient for my purposes, but may
not be for others'.

I've tested this on my NVidia Tegra TK1 device which has u-boot running
in syslinux-compatible mode.

Closes: #1411
Approved by: cgwalters

syslinux: Add support for DEVICETREE from bootloader spec

The bootloader spec says:

> `devicetree` refers to the binary device tree to use when executing the
> kernel. This also shall be a path relative to the `$BOOT` directory. This
> key is optional. Example:
> `6a9857a393724b7a981ebb5b8495b9ea/3.8.0-2.fc19.armv7hl/tegra20-paz00.dtb`

This is necessary for booting my NVidia Tegra TK1 device. It uses u-boot
with syslinux compatibility. In the syslinux files that come with the
device this is called `FDT`, but u-boot treats `FDT and `DEVICETREE` as
synonyms.

See also: [f43c401 in u-boot].

[f43c401 in u-boot]: http://git.denx.de/?p=u-boot.git;a=commit;h=f43c401b72bb0db43ab0b55c4a79e1f4889d3aa2

Closes: #1411
Approved by: cgwalters

ostree admin deploy: Add --no-prune option

If you want cleanup, but don't want to prune the repo. Pruning can
be quite expensive so ostree admin deploy can be much faster without
pruning.

Closes: #1418
Approved by: cgwalters

ostree admin deploy: Refactor bringing cleaning into `main`

In the next commit I will add --no-prune which will affect cleaning. By
doing this refactor we avoid having to add a NO_PRUNE flag.

Closes: #1418
Approved by: cgwalters

find-remotes: Minor fixes to --finders code

This introduces no functional changes, only cleanups.

Closes: #1414
Approved by: jlebon

man: Add man page for find-remotes

Closes: #1410
Approved by: pwithnall

man: Update ostree-summary.xml

Update the man page for the summary command to add the undocumented
options, make the syntax clear, and add examples.

Closes: #1416
Approved by: pwithnall

build-sys: Post-release version bump

I'm still doing release, then versionbump as separate PRs to ensure
the release commit is tested by itself.

Closes: #1417
Approved by: pwithnall

Release 2018.1

In particular I'd like to get the `--copyup` changes out for an rpm-ostree
release that will use them. But there are other good changes here, and let's
keep up a regular release train 🚄 in general.

Closes: #1413
Approved by: jlebon

lib: Validate metadata structure more consistently during pull

Previously we were doing e.g. `ot_util_filename_validate()` specifically inline
in dirtree objects, but only *after* writing them into the staging directory (by
default). In (non-default) cases such as not using a transaction, such an object
could be written directly into the repo.

A notable gap here is that `pull-local --untrusted` was *not* doing
this verification, just checksums.  We harden that (and also the
static delta writing path, really *everything* that calls
`ostree_repo_write_metadata()` to also do "structure" validation
which includes path traversal checks.  Basically, let's try hard
to avoid having badly structured objects even in the repo.

One thing that sucks in this patch is that we need to allocate a "bounce buffer"
for metadata in the static delta path, because GVariant imposes alignment
requirements, which I screwed up and didn't fulfill when designing deltas. It
actually didn't matter before because we weren't parsing them, but now we are.
In theory we could check alignment but ...eh, not worth it, at least not until
we change the delta compiler to emit aligned metadata which actually may be
quite tricky.  (Big picture I doubt this really matters much right now
but I'm not going to pull out a profiler yet for this)

The pull test was extended to check we didn't even write a dirtree
with path traversal into the staging directory.

There's a bit of code motion in extracting
`_ostree_validate_structureof_metadata()` from `fsck_metadata_object()`.

Then `_ostree_verify_metadata_object()` builds on that to do checksum
verification too.

Closes: #1412
Approved by: jlebon

lib/checkout: Validate pathnames during checkout

While we do protect against path traversal during pull, let's also validate
during checkout; it's a cheap operation and provides good last-mile protection.

Closes: #1412
Approved by: jlebon

tests: Add a test case for path traversal in a dirtree

I was reading about a recent security issue with both EMC and VMWare:
https://arstechnica.com/information-technology/2018/01/emc-vmware-security-bugs-throw-gasoline-on-cloud-security-fire/

It's a classic path traversal problem, and that made me think more about our
handling of this in libostree.  Fortunately of course, not being new to
this rodeo, long ago I *did* consider path traversal.  Inside the pull
code, we call `ot_util_filename_validate()`.  Also, `fsck` does this too.

I have further followups here, but let's add some test cases for this. I crafted
a repository with a `../` in a dirtree object by patching libostree to inject
it, and that's included as a tarball.

This patch covers the two cases where we do already have checks; pulling
via HTTP, and in `fsck`.

Closes: #1412
Approved by: jlebon

tests/libtest-core: support multiple literal checks

`grep` supports checking multiple fixed strings separated by newlines,
but it's mostly just easier to pass them as separate arguments, so let's
support that. This is now at parity with the similar
`assert_file_has_content`.

Closes: #1409
Approved by: cgwalters

lib/fetcher: Add version to USER_AGENT string

This came up in allowing Fedora infrastructure to work around a libcurl bug with
HTTP2: https://pagure.io/atomic-wg/issue/405

Closes: https://github.com/ostreedev/ostree/issues/1405
Closes: #1406
Approved by: jlebon

tests: Use --finders option for find-remotes

All the current uses of the find-remotes command in the tests use it to
find configured remotes or mounted (USB) remotes, so using
--finders=config and --finders=mount in the tests respectively shouldn't
affect the correctness of the tests. It does however allow the tests to
be run in an environment that doesn't have an Avahi daemon.

Closes: #1407
Approved by: cgwalters

find-remotes: Add --finders option

It can be helpful to be able to choose which OstreeRepoFinder instances
to use when using the find-remotes command. For example, if the tests
need to run in an environment that can't have an Avahi daemon, this
allows you to disable the Avahi (LAN) finder. This commit adds the
--finders option for this purpose.

Closes: #1407
Approved by: cgwalters

Tests: test-no-initramfs: Test both legacy and new kernel locations

Closes: #1401
Approved by: cgwalters

ostree-grub-generator: update outdated comment

Closes: #1401
Approved by: cgwalters

Support for booting without initramfs

Previously when initramfs-* was not found in a deployment's
boot directory, it was assumed that rootfs is prepared for
ostree booting by a kernel patch.

With this patch, the behaviour changes to be - if initramfs-*
is not found, assume that system is using a static
ostree-prepare-root as init process. Booting without initramfs
is a common use case on embedded systems. This approach is
also more convenient, than having to patch the kernel.

Closes: #1401
Approved by: cgwalters

deploy: add --karg-none argument

If the current deployment has "rootwait root=/dev/sda2",
but the new deployment does not need "rootwait" anymore,
there is no way to clear this arg at the moment (as opposed
to "karg=root=", which overrides any earlier argument with
the same name). With "--karg-none" users can now clear all
the previous args and set new "root=":

ostree admin deploy --karg-none --karg=root=LABEL=rootfs

Closes: #1401
Approved by: cgwalters

ostree-prepare-root: enabler for simpler kernel arg

With the current approach, when ostree-prepare-root is used
on the kernel command line as init=, it always assumes that
the next value in the argument list is a path to the sysroot.
The code for falling back to a default path (if none is provided),
would only work if init= is the last arg in the argument list.
We can not rely on that and have to explicitly provide the
path to the sysroot. Which defeats the purpose of a default
path selection code.

To keep command line neater assume that sysroot is on / when
using ostree-prepare-root as init. This probably is what most
people want anyways. Also _ostree_kernel_args* API assumes
that args are space separated list. Which is problematic for:
"init=${ostree}/usr/lib/ostree/ostree-prepare-root /" as it
gets split in two.

Closes: #1401
Approved by: cgwalters

bash/ostree: add missing --add-metadata option

Closes: #1402
Approved by: cgwalters

bin/commit: add --keep-metadata option

Clients of libostree such as rpm-ostree make extensive use of the
`ostree commit -b foo --tree=ref=foo` pattern in their tests, e.g. to
simulate an update.

What I'm trying to solve here is that it's often the case that we want
to keep metadata from the previous commit without having to be too
verbose (i.e. reading from the parent, then passing it as an argument).

The new `--keep-metadata` switch makes this really easy. I intend to use
this in the rpm-ostree testsuite to make sure we always carry over the
`source-title` metadata as well as during set up for tests that require
`rpmostree.rpmdb.pkglist` metadata.

I initially implemented this in a small wrapper script that uses the API
directly, though we make use of so many other `ostree commit` functions
that it'd require re-implementing a lot of it.

Closes: #1402
Approved by: cgwalters

bin/commit: move parent checking code higher up

No functional change. Prep for the next commit.

Closes: #1402
Approved by: cgwalters

grub2: Exit gracefully if there's no system ostree repository

Apparently there testing systems that literally install *all*
packages. Having `ostree-grub2` currently causes grub2 to fail
on a non-ostree managed system. Let's just gracefully exit
if there's no system repository.

https://bugzilla.redhat.com/show_bug.cgi?id=1532668

Closes: #1399
Approved by: jlebon

ostree-grub-generator: fix typo in comment
Closes: #1398
Approved by: jlebon

build-sys: Allow building with curl, but without libsoup

Some people (particularly embedded) may find it simpler to
drop libsoup from the build dependency side, but still use libcurl.

Note though this currently neuters almost all of the tests.

Signed-off-by: Anton Gerasimov <anton.gerasimov@openmailbox.org>
Closes: #1397
Approved by: cgwalters

bin: Fix cookie builtin build with curl but no soup

Prep for supporting `--with-curl --without-soup`.

Closes: #1397
Approved by: cgwalters

rofiles: Fix --copyup when creating a new file

This tripped up the `docbook-dtds` `%post` in my experiments
with doing rpm-ostree for buildroots.

I cloned and built [xfstests](https://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git)
but haven't yet investigated actually running it.

In the meantime let's do the obvious fix here; we need to distinguish
between "copyup enabled" and "actually did a copyup" in the open path
at least, since if we didn't do a copyup we don't need to re-open.

Closes: #1396
Approved by: jlebon

rofiles: Add --copyup option

Sadly https://sourceware.org/bugzilla/show_bug.cgi?id=22089 is I think going to
actually force us to cave here. Even if we got the glibc patch in today, we need
to support the RHEL glibc. See also discussion about fish as part of the general
Fedora tracker.

This is basically needed to unblock rpm-ostree unified core 🌐:
https://github.com/projectatomic/rpm-ostree/issues/729

Closes: https://github.com/ostreedev/ostree/issues/1377
Closes: #1382
Approved by: jlebon

tests: Assert that byte-order is swapped on LE but not BE CPUs

Closes: #1392
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1393
Approved by: cgwalters

Revert "ci: Make rust build nonblocking for now"

This reverts commit 8ef18fd850d53fa01e7a3d8fe47fdd069b276b85.

Closes: #1391
Approved by: smcv

build-sys: Link with -ldl for rust build

I didn't dive into this too much, it looks like something in rust changed that
broke our build. Probably libstd gained a dependency on `-ldl` or so, and that's
handled by cargo? Anyways linking against it isn't going to hurt.

Closes: #1391
Approved by: smcv

tests: Don't assume uid == primary gid

Nothing guarantees that each user has a group containing only
themselves. Even if they do, nothing guarantees that its group ID
equals the user ID, particularly if another user earlier in the same
range was created without a corresponding group or vice versa.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1390
Approved by: cgwalters

lib/pull: allways include ostree-repo-pull-private.h

Allways include ostree-repo-pull-private.h to get rid of the following
build error when HAVE_LIBCURL_OR_LIBSOUP is not defined:

src/libostree/ostree-repo-pull.c:1493:1: error: no previous prototype
for '_ostree_repo_verify_bindings' [-Werror=missing-prototypes]

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Closes: #1389
Approved by: cgwalters

build: Fix typo in -Wparentheses warning

GCC supports -Wparentheses, not -Wparenthesis.

https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wno-parentheses

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1388
Approved by: jlebon

build-sys: Post-release version bump

Closes: #1387
Approved by: jlebon

ci: Make rust build nonblocking for now

Will debug at some point but for now let's
unblock other things.

```
/usr/bin/ld: /var/tmp/checkout/target/release/libbupsplit_rs.a(bupsplit_rs-db7d02fa07221ce3.bupsplit_rs0.rust-cgu.o): undefined reference to symbol 'dladdr@@GLIBC_2.2.5'
```

Closes: #1387
Approved by: jlebon

Release 2017.15

Let's do a new release with the locking preview, the http2 disable options and
other misc bugfixes to close out the year.

Closes: #1386
Approved by: jlebon

Bump libglnx, use "n items" progress for fsck

Sooo much nicer. See also
https://github.com/projectatomic/rpm-ostree/pull/1143

Update submodule: libglnx

Closes: #1383
Approved by: jlebon

build-sys: Use -fno-strict-aliasing by default

See discussion in https://bugzilla.gnome.org/show_bug.cgi?id=791622

This is what e.g. systemd, the Linux kernel, and lots of other projects do. It's
astonishingly hard to reliably get right; the optimization IMO only really
matters for truly high performance inner loops, but if you're doing
that kind of stuff today you're probably doing it on a GPU anyways.

Closes: #1384
Approved by: pwithnall

bin/refs: Disallow aliases to remote refs

It can't really work in general; the client and server would
have to agree on the name of the remote.

Closes: https://github.com/ostreedev/ostree/issues/1342
Closes: #1381
Approved by: jlebon

bin/commit: Support creating "unbound" commits

We had this basically forced on in the CLI; down the line I'd really like to
make this an API option to commit or so, but given that we found a use case in
the rpm-ostree test suite for "unbound" commits, let's support creating them
from the cmdline.

See: https://github.com/ostreedev/ostree/pull/1379

Closes: #1380
Approved by: jlebon

lib/core: Optimize breaking hardlinks for regfiles

It'd all be really nice if there was some sort of `O_TMPFILE` for symlinks, but
anyways the way we were doing a generic "make temp file than rename" actually
defeats some of the point of `O_TMPFILE`. It's now fully safe to do "copy to
self", so let's do that for regfiles.

Closes: #1378
Approved by: jlebon

lib/core: Add a "break hardlink" API

This imports the code from rpm-ostree:
https://github.com/projectatomic/rpm-ostree/blob/9ff9f6c997d914cb7d97d6b59d8045ba64a1882c/src/libpriv/rpmostree-util.c#L742

I plan to use this for rofiles-fuse to implement
copyup: https://github.com/ostreedev/ostree/issues/1377

But it's just obviously generally useful for projects using
libostree I think.

Closes: #1378
Approved by: jlebon

bin/fsck: Make ref binding verification optional

Today the rpm-ostree test suite uses `refs --create` to save
commits. I think this is a legitimate use case, and other
people may be doing something similar.

On the other hand, I think we should probably be changing the rpm-ostree test
suite to create "unbound" commits. But let's be maximially compatible here since
we hit a real-world case where something needed to change.

Closes: #1379
Approved by: pwithnall

lib/repo: Add an API to mark a commit as partial

For the [rpm-ostree jigdo ♲📦](https://github.com/projectatomic/rpm-ostree/issues/1081) work.
We're basically doing "pull" via a non-libostree mechanism, and this
should be fully supported. As I mentioned earlier we should try to
have `ostree-repo-pull.c` only use public APIs; this gets us closer
to that.

Closes: #1376
Approved by: jlebon

lib/repo: Disable locking by default, add locking=true boolean

I want some time to play with this more with different callers and work through
test scenarios. Let's disable the locking by default for now, but make it easy
to enable.

Closes: #1375
Approved by: jlebon

lib/repo: Make locking timeout configurable

I want to make locking fully configurable (and probably off by default for now).
This is a prep commit for that.

Closes: #1375
Approved by: jlebon

tests: Expand fsck unit tests to cover checks on bindings

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

tests: Fix LC_ALL for systems which use .utf8 suffixes

libtest-core.sh tries to clear the locale to a UTF-8 supporting C
locale, either by setting it to C.UTF-8 (preferred) or just C.

Some systems, like Fedora 26, use the locale name C.utf8, rather than
C.UTF-8. Support that too.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

ostree/commit: Allow --orphan and --bind-ref to be specified together

Typically you’d use --branch and --bind-ref together to add additional
bindings as well as creating a main --branch for the commit. However,
you might also want to occasionally use --orphan --bind-ref to create a
commit with bindings for one or more refs, but not actually create any
of those refs pointing to the commit (you might create them as a later
step).

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

ostree/fsck: Add --verify-back-refs option

This new option verifies that the refs listed in the ref-bindings for
each commit all point to that commit (i.e. there aren’t multiple commits
listing the same ref in their ref-bindings, and there aren’t any commits
with non-empty ref-bindings which aren’t pointed at by a ref).

This is useful when generating a new repository from scratch, but not
useful when adding new commits to an existing repository (since the old
commits will still, correctly, have ref-bindings from when the refs
pointed at them). That’s why it has to be enabled explicitly using
--verify-back-refs, rather than being on by default.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

lib/repo: Clarify documentation for ostree_repo_list_refs{,_ext}()

Try and clarify what happens with the prefixes, and that they always
return refspecs.

I’m still not 100% sure this is right.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

ostree/fsck: Handle refspecs from ostree_repo_list_refs()

It seems ostree_repo_list_refs() can return refspecs as hash table keys,
as well as just ref names. Handle that by parsing them before trying to
use them as ref names.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

ostree/fsck: Verify commit bindings for each ref

Since an OSTree client will refuse to pull from a remote which it has
locally configured with a collection ID, if the commit on that remote
has incorrect or missing bindings, we’d better verify them as part of
fsck.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

lib/static-delta: Drop duplicated declaration from private header

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

lib/pull: Fix capitalisation in binding verification error messages

Make them suitable for output from fsck.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

lib/pull: Split verify_bindings() out into a cmdprivate method

It will be used by the fsck utility in future. We could expose it
publicly in future too, if needed.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

ostree/fsck: Factor out common commit checking code

This will make upcoming commits a bit cleaner.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1347
Approved by: cgwalters

build-sys: Add --disable-http2

I may punt and use this in Fedora at least for now until we have time to debug
the issues.

Closes: #1373
Approved by: jlebon

bin/show: Add --no-byteswap

rpm-ostree writes host-endian data when importing packages, so let's add support
for not byteswapping.

Closes: #1372
Approved by: jlebon

bin/commit: Add --add-metadata that accepts g_variant_print() format

Mostly adding this for use in test cases; it allows us to add e.g.
integers, and we need to deal with byteswapping those.

Someone mind also find it useful to add fully structured metadata, although most
of those users should be using a real language and not shell script.

Closes: #1372
Approved by: jlebon

lib/commit: Use more direct path for regfile commits

In the non-`CONSUME` path for regfiles (which happens currently for
`bare-user`), we go to a lot of contortions to make an "object stream",
only to immediately parse it again.

Fixing this will also enable the `G_IS_FILE_DESCRIPTOR_BASED()` fast path in
commit, since the input stream will actually reference the file descriptor and
not be an `_OstreeChainInputStream`.

There's a slight concern here in that we're no longer checksumming *literally*
the object stream passed in for the stream case, but I mention in the comment,
the data should be the same, and if it's not somehow we're not adding risk,
since the checksum is still covering the data we actually care about.

Prep for further changes to break up the `write_content_object()` path into
separate paths for archive, as well as regfile vs symlink in non-archive.

Closes: #1371
Approved by: jlebon

lib/commit: Fix memleak in bare-user devino hit path

I noticed this while chasing an entirely different issue:
https://github.com/projectatomic/rpm-ostree/pull/1139

Closes: #1370
Approved by: jlebon

tests: Change test-corruption to use fatal()

It's clearer.

Closes: #1364
Approved by: jlebon

Add public API for fsck, use it before loading metadata

A while ago I did `truncate -s 0 /path/to/repo/00/123.commit`, and expected a
checksum error, but I actually got a validation error due to us loading the
commit into a variant and trying to parse out the parent checksum, etc.

I first started by changing the `load_and_fsck_one_object()` function to
checksum before loading, but the problem is that we do a traverse of all objects
first. Fixing this is going to require an `OSTREE_REPO_COMMIT_TRAVER_FLAG_FSCK`
or something.

In the meantime at least though, let's add a public API to fsck a single object
which *does* checksum cleanly before parsing the object, and change the `fsck`
command to use it.

We then change the fsck binary to do this while iterating over the refs
and finding the commit object. This way we'll at least get a checksum
first for commit objects, even if not dirtree/dirmeta.

Closes: #1364
Approved by: jlebon