dgit.raspbian.org Git - ostree.git/log

tests/test-config: Remove extra space

Closes: #1814
Approved by: jlebon

ostree-grub-generator: Comment wording fix

Closes: #1814
Approved by: jlebon

ci/rpmostree: Bump to 2019.1

Should fix the issue that CI broke due to libsolv not being sync'd.

Closes: #1806
Approved by: jlebon

ci/rpmostree: Fix use of `fatal`

We're not using libtest, just inline it.

Closes: #1806
Approved by: jlebon

ostree/config: Check for too many args

Currently it's not an error to provide too many arguments to an ostree
config command. Change it so we print usage information in that case,
and update the unit tests.

Closes: #1743
Approved by: cgwalters

man/ostree-config: Consistently use GROUPNAME placeholder

It doesn't make much sense to use SECTIONNAME in some places and
GROUPNAME in others when they mean the same thing.

Closes: #1743
Approved by: cgwalters

ostree/config: Use g_autoptr instead of goto

It seems cleaner to make the GKeyFile a g_autoptr variable and just
return rather than using the "goto out;" idiom.

Closes: #1743
Approved by: cgwalters

ostree/config: Add an "unset" operation

Currently there's a way to set a key to the empty string but there's no
way to unset it completely (remove the key from the group). This might
be helpful for instance if you want to temporarily set
"core.lock-timeout-secs" to a specific value for the duration of one
operation and then return it to the default after that operation
completes.

This commit implements an "unset" operation for the config command, adds
a unit test, and updates the man page.

Closes: #1743
Approved by: cgwalters

lib/repo-refs: Resolve collection-refs in-memory and in parent repos

Currently the behavior of ostree_repo_resolve_rev() is that it tries to
resolve a ref to a commit by checking the refs/ directories, but also by
checking for in-memory ref-checksum pairs which are part of an
in-progress transaction and also by checking the parent repo if one
exists. Currently ostree_repo_resolve_collection_ref() only checks the
refs/ directories, so this commit makes its behavior analagous since it
is the analagous API which supports collection-refs.

The impetus for this was that currently Flatpak uses
ostree_repo_resolve_rev() to load a commit after doing a P2P pull in
flatpak_dir_do_resolve_p2p_refs(), but that assumes the ref came from
the same remote that originally provided it, which might not be the case
if more than one remote has the same collection ID configured. And
changing Flatpak to use ostree_repo_resolve_collection_ref() doesn't
work without this patch.

Closes: #1821
Approved by: pwithnall

man: Document ostree --version

Closes: #1820
Approved by: rfairley

tests: Remove unused includes in libostreetest.c

Since commit a06bd82cd we no longer use OVERLAYFS_SUPER_MAGIC or
statfs() so remove the includes for linux/magic.h and sys/vfs.h

Closes: #1815
Approved by: cgwalters

tests: Update for glib 2.59.2

glib 2.59.2 uses a non-breaking space instead of a space to
separate the quantity and unit in g_format_size() so update
our test to handle both a plain space and a non-breaking space.

See https://gitlab.gnome.org/GNOME/glib/issues/1625

Closes: #1818
Approved by: cgwalters

tests: Don't skip collection-based summary test

OSTree's P2P support used to be a compile time option but is now always
enabled. One of the tests was still checking for the old feature flag,
"experimental", which has been renamed to "p2p" and skipping for that
reason. Delete the check so the test always runs.

Closes: #1804
Approved by: pwithnall

lib/repo: Fix Since: annotation for REMOTE_CHANGE_REPLACE

Closes: #1813
Approved by: jlebon

remote-add: Add --force option to add or replace remote

This uses the OSTREE_REPO_REMOTE_CHANGE_REPLACE operation to add a
remote or replace an existing one. This is roughly the opposite of
--if-not-exists and will raise an error if both options are passed.

Closes: #1166
Approved by: cgwalters

man: Document remote add --if-not-exists option

Closes: #1166
Approved by: cgwalters

repo: Add OstreeRepoRemoteChange replace operation

Add the OSTREE_REPO_REMOTE_CHANGE_REPLACE operation to the
OstreeRepoRemoteChange enum. This operation will add a remote or replace
an existing one. It respects the location of the remote configuration
file when replacing and the remotes config dir settings when adding a
new remote.

Closes: #1166
Approved by: cgwalters

lib/repo-pull: Fix docs for n-network-retries option

Add "Since: 2018.6" and copy the docs to
ostree_repo_pull_from_remotes_async() which also supports it.

Closes: #1812
Approved by: jlebon

lib/commit: Don't set user.ostreemeta for bare → bare-user-only imports

The point of `bare-user-only` is it doesn't have xattrs; it's a
special case in import handling.

Closes: #1803
Approved by: jlebon

lib/commit: Set xattr on correct fd for bare-user → bare-user imports

Another fix to https://github.com/ostreedev/ostree/pull/1771

Closes: #1803
Approved by: jlebon

lib/commit: Fix bare → bare imports

Regression from https://github.com/ostreedev/ostree/pull/1771

This broke rpmostreepayload in Anaconda where we import a bare repo:
https://openqa.fedoraproject.org/tests/345339#step/_do_install_and_reboot/4

Reported-by: Adam Williamson <adamwill@fedoraproject.org>
Closes: #1803
Approved by: jlebon

README: add note about Liri OS

Closes: #1802
Approved by: rfairley

Post-release bump

Closes: #1800
Approved by: jlebon

Release 2019.1

Closes: #1800
Approved by: jlebon

pull: If built with --disable-http2, allow enabling via http2=1

We have a `http2=[0|1]` remote config option; let's have the
`--disable-http2` build option define the default for that. This way
it's easy to still enable http2 for testing even if
we have it disabled by default.

Closes: #1798
Approved by: jlebon

fixup! admin/status: test GPG signature check

admin/status: test GPG signature check

Signed-off-by: Rafael Fonseca <r4f4rfs@gmail.com>
Closes: #1797
Approved by: cgwalters

atomic-upgrades doc: fix example url to fetch a ref checksum

Signed-off-by: Sinny Kumari <sinny@redhat.com>
Closes: #1795
Approved by: cgwalters

grub2: add support for devicetree

Similar as available for u-boot (ce2995e1dc1557c4d97ef5af807eacf3ef4a22d8)
and syslinux (c5112c25e4519835c4cd53f4350c1b2f2a477746), enable parsing
and writing devicetree filename into grub.cfg.

This is required by arm64-based devices running edk2 instead of u-boot
as the main bootloader (e.g. 96boards HiKey and HiKey960).

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Closes: #1790
Approved by: cgwalters

Fix a small leak in ostree_repo_remote_list_collection_refs

g_variant_iter_loop would free the value for us,
but not if we're returning from the middle of the
loop body.

Closes: #1788
Approved by: cgwalters

Fix a small leak in ostree_repo_pull_with_options

Spotted in a flatpak valgrind log.

Closes: #1788
Approved by: cgwalters

boot/grub2: Add some more explanation in ostree-grub-generator

Even with the previous docstring, I didn't understand at first the
relationship between the `ostree-grub-generator` script and
`ostree-bootloader-grub2.c`. Throw some more docs to clarify things a
bit.

Closes: #1791
Approved by: cgwalters

admin/status: Correctly check GPG signature

Closes: #1770
Closes: #1787
Approved by: jlebon

man/ostree.repo-config: Update min-free-space-* docs

Docs should reflect the changes done in PR:
https://github.com/ostreedev/ostree/pull/1779

Closes: #1786
Approved by: jlebon

lib/repo-commit: Relax min-free-space check in prepare_transaction()

We want a case where we can disable the min-free-space check. Initially,
it felt like to add a OSTREE_REPO_PULL_FLAGS_DISABLE_FREE_SPACE_CHECK but
the problem is prepare_transaction() does not have a OstreeRepoPullFlags
parameter which we can parse right here. On top of it, prepare_transaction()
enforces min-free-space check and won't let the transaction proceed if
the check failed.

This is pretty bad in conjunction with "inherit-transaction" as what
Flatpak uses. There is no way to disable this check unless we remove
it altogether from prepare_transaction.

This issue came out to light when flatpak wasn't able to write metadata
after fetching from remote:

[uajain@localhost ~]$ flatpak remote-info flathub org.kde.Platform//5.9
error: min-free-space-size 500MB would be exceeded

Metadata objects helps in housekeeping and restricting them means
restricting crucial UX (like search, new updates) functionalities
in clients like gnome-software. The error banners originated from
these issues are also abrupt and not much helpful to the user. This
is the specific instance of the issue this patches tries to address.

See https://github.com/flatpak/flatpak/issues/2139 for discussion.

Closes: #1779
Approved by: mwleeds

lib/kargs: allow empty-list arguments

This adds support for empty-list arguments (e.g. `acpi_osi=`), which
are semantically different from simple-keyword arguments.

Ref: https://github.com/projectatomic/rpm-ostree/issues/1706

Closes: #1785
Approved by: cgwalters

Fix leak in ostree_content_stream_parse()

We need to ref_sink new GVariants for autoptr to work

Closes: #1784
Approved by: cgwalters

ci/papr: Drop insttests

This didn't quite work out, and is now always failing because Ansible
changed.

For now we have some OK coverage via the rpm-ostree suite, let's just
drop this and revisit later.

Closes: #1783
Approved by: jlebon

bin/pull: Add URL metavar for --url switch

Otherwise it's not obvious that it takes an argument.

Closes: #1782
Approved by: cgwalters

Update libglnx

To pick up https://gitlab.gnome.org/GNOME/libglnx/merge_requests/4

Update submodule: libglnx

Closes: #1781
Approved by: jlebon

lib/commit: Try checksum+hardlink for untrusted local same-uid repos

This mainly helps flatpak for enabling a hardlink-able local pull
during deploy in the --system case. We assume the files are immutable
when owned by the same uid.

See https://github.com/ostreedev/ostree/issues/1723
and https://github.com/flatpak/flatpak/pull/2342

Closes: #1776
Approved by: uajain

lib/repo: Clarify docs for importing w/ trust

The way _ostree_repo_import_object() is written, a hardlink copy is only
attempted if the source repo is trusted, so update the docs for
ostree_repo_import_object_from_with_trust() to reflect that.

Closes: #1777
Approved by: cgwalters

lib/repo: Search a list of paths in gpgkeypath for gpg keys

This allows specifying gpgpath as list of
paths that can point to a file or a directory. If a directory path
is given, paths to all regular files in the directory are added
to the remote as gpg ascii keys. If the path is not a directory,
the file is directly added (whether regular file, empty - errors
will be reported later when verifying gpg keys e.g. when pulling).

Adding the gpgkeypath property looks like:

ostree --repo=repo remote add --set=gpgpath="/path/key1.asc,/path/keys.d" R1 https://example.com/some/remote/ostree/repo

Closes #773

Closes: #1773
Approved by: cgwalters

lib/commit: Copy user.ostreemeta only for bare-user

When falling back to copying objects when importing them into a
bare-user repo, we only actually need to transfer over the
`user.ostreemeta` xattr.

This allows the destination repo to be on a separate filesystem that
might not even support `security.selinux`. (I hit this while importing
over virtio-9p).

Closes: #1771
Approved by: cgwalters

lib/commit: Add devino_cache_hits to txn stats

I found this useful while hacking on rpm-ostree but I think it might be
useful enough to upstream. This stat is really helpful for validating
that a pipeline is hitting the devino cache sweet spot.

Closes: #1772
Approved by: cgwalters

bin/pull-local: Add --commit-metadata-only

It might be "local", but e.g. we may be crossing filesystems. So there
are valid use cases for only wanting to pull the commit metadata with
`pull-local`.

Closes: #1769
Approved by: cgwalters

bin/refs: Disallow creating broken aliases

This is the alias version of #1749. I.e. we want to make sure that one
can't even create an alias which would end up dangling.

See also: https://pagure.io/releng/issue/7891

Closes: #1768
Approved by: sinnykumari

checkout: honor opaque checkouts

if a file ".wh..wh..opq" is present in a directory, delete anything
from lower layers that is already in that directory.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1486
Approved by: cgwalters

ci: Add `dist-then-build` target to catch missing `EXTRA_DIST`

I personally am very opposed to the entire idea of `make distcheck`;
I think source code should canonically be *git* and not tarballs.
See e.g. https://github.com/cgwalters/git-evtag for some
rationale.

But anyways we are uploading classic tarballs since today that
what Debian/Fedora/etc consume sadly, so we need to test it.

We explicitly skip `make distcheck` since we don't want to rerun
the test suite.

Closes: #1766
Approved by: jlebon

build-sys: Dist ostree-finalize-staged.path

Otherwise the tarball doesn't work.

Closes: #1766
Approved by: jlebon

ostree/main: Wrap `Version` in `--version` in quotes

Wrap the `Version` key in the YAML-compatible output of
`ostree --version` with quotes so that it's parsed as a string. The
issues with the previous approach in a nutshell:

```
In [5]: yaml.load("asdf: 2018.10")
Out[5]: {'asdf': 2018.1}
```

It's treating the version number as a floating-point. Now, this is
technically a backwards incompatible change, but given that the previous
approach is inherently broken for our needs, I don't see a way around
breaking it now.

Closes: #1761
Approved by: cgwalters

Post-release version bump

Closes: #1761
Approved by: cgwalters

Release 2018.9

Closes: #1761
Approved by: cgwalters

Rename core.repo-finders to core.default-repo-finders

This renames a config key to make its semantics more obvious. Despite
what the commit message says, it only applies when a set of repo finders
is not specified (either on the command line or in a library API call).
This also renames the corresponding ostree_repo_get function. We can do
this since it hasn't been released yet.

Closes: #1763
Approved by: pwithnall

lib/repo-pull: Add an explanatory comment

Closes: #1763
Approved by: pwithnall

README: Add bindings section

Since rust-libostree now exists too, let's make sure people
know about it.

Closes: #1762
Approved by: jlebon

boot: Add ostree-finalize-staged.path

Rather than manually starting the `ostree-finalize-staged.service` unit,
we can leverage systemd's path units for this. It fits quite nicely too,
given that we already have a path we drop iif we have a staged
deployment.

To give some time for the preset to make it to systems, we don't yet
drop the explicit call to `systemctl start`. Though we do make it
conditional based on a DEBUG env var so that we can actually test it in
CI for now. Once we're sure this has propagated, we can drop the
`systemctl start` path and the env var together.

Closes: #1740
Approved by: cgwalters

remount: Refactor to helper function instead of loop

Prep for further work. It was silly to use a loop on
a static array of two elements.

Closes: #1760
Approved by: jlebon

lib/repo-pull: Disable LAN updates by default

This commit disables searching on the local network for refs, unless
explicitly requested by the user either by changing the value of the
"core.repo-finders" config option, or by passing an OstreeRepoFinderAvahi to
ostree_repo_find_remotes_async() / ostree_repo_finder_resolve_async(),
or by specifying "lan" in the --finders option of the find-remotes
command.

The primary reason for this is that ostree_repo_find_remotes_async()
takes about 40% longer to complete with the LAN finder enabled, and that
API is used widely (e.g. in every flatpak operation). It's also probable
that some users don't want ostree doing potentially unexpected traffic
on the local network, even though everything pulled from a peer is GPG
verified.

Flathub will soon deploy collection IDs to everyone[1] so these code
paths will soon see a lot more use and that's why this change is being
made now.

Endless is the only potential user of the LAN updates feature, and we
can revert this patch on our fork of ostree. For it to be used outside
Endless OS we will need to upstream eos-updater-avahi and
eos-update-server into ostree.

[1] https://github.com/flathub/flathub/issues/676

Closes: #1758
Approved by: cgwalters

Allow disabling pulling from LAN/USB/Internet

Currently libostree essentially has two modes when it's pulling refs:
the "legacy" code paths pull only from the Internet, and the code paths
that are aware of collection IDs try to pull from the Internet, the
local network, and mounted filesystems (such as USB drives). The problem
is that while we eventually want to migrate everyone to using collection
IDs, we don't want to force checking LAN and USB sources if the user
just wants to pull from the Internet, since the LAN/USB code paths can
have privacy[1], security[2], and performance[3] implications.

So this commit implements a new repo config option called "repo-finders"
which can be configured to, for example, "config;lan;mount;" to check
all three sources or "config;mount;" to disable searching the LAN. The
set of values mirror those used for the --finders option of the
find-remotes command. This configuration affects pulls in three places:
1. the ostree_repo_find_remotes_async() API, regardless of whether or
not the user of the API provided a list of OstreeRepoFinders
2. the ostree_repo_finder_resolve_async() /
ostree_repo_finder_resolve_all_async() API
3. the find-remotes command

This feature is especially important right now since we soon want to
have Flathub publish a metadata key which will have Flatpak clients
update the remote config to add a collection ID.[4]

This effectively fixes https://github.com/flatpak/flatpak/issues/1863
but I'll patch Flatpak too, so it doesn't pass finders to libostree only
to then have them be removed.

[1] https://github.com/flatpak/flatpak/issues/1863#issuecomment-404128824
[2] https://github.com/ostreedev/ostree/issues/1527
[3] Based on how long the "ostree find-remotes" command takes to
  complete, having the LAN finder enabled slows down that step of the
  pull process by about 40%. See also
  https://github.com/flatpak/flatpak/issues/1862
[4] https://github.com/flathub/flathub/issues/676

Closes: #1758
Approved by: cgwalters

ostree-prepare-root.service: Run earlier in initrd

Previously, we were preparing the root very late in the boot process;
right before we switch root. The issue with that is that most services
in the initrd that run `After=initrd-root-fs.target` expect that
`/sysroot` already points to the rootfs we'll be pivoting to. Running
this late violates that assumption.

This patch fixes this by making `ostree-prepare-root.service` instead
run right after `sysroot.mount` (the physical sysroot mounted by
systemd) but still before `initrd-root-fs.target` (which is the target
signalling that `/sysroot` is now valid and ready).

This should make it easier to integrate OSTree with other initrd
services such as Ignition.

Related: https://github.com/dustymabe/ignition-dracut/issues/20

Closes: #1759
Approved by: cgwalters

ostree-prepare-root.service: Use RemainAfterExit=yes

For the same reasons as #1697. This is especially important in services
that are likely to be used as an `After/Before=` target in other units.
`ostree-prepare-root.service` is one such service.

Closes: #1759
Approved by: cgwalters

sysroot: Add error prefixing to deployment parsing

I think this is where the bare `readlinkat` came from in
https://github.com/ostreedev/ostree/issues/1459

`Error setting up sysroot: readlinkat: No such file or directory`

Closes: #1757
Approved by: jlebon

sysroot: Update some code to use fstatat_allow_noent API

It's much easier to read and use correctly. Making this change
since I saw an unprefixed error in an issue.

Closes: #1757
Approved by: jlebon

finalize-staged: Bump timeout to 5 minutes

See https://github.com/projectatomic/rpm-ostree/issues/1568

Basically for people on e.g. rotational media, the default 90
second timeout can be too small.

We're in a tough situation here, because delaying shutdown
can be problematic too if the user is trying to shut down their
laptop to put in a backpack, etc.

There's potential optimizations here to make; I think we
could pre-copy the kernel/initramfs for example.

I suspect for some people the grub2 os-prober is a factor here too,
if that tries to e.g. inspect attached USB rotational hard drives.
But hopefully we'll get rid of that soon.

Closes: #1755
Approved by: jlebon

rofiles-fuse: Improve error message for failure to open root

I was debugging some rpm-ostree work and saw:
`openat: No such file or directory`
and it wasn't immediately obvious it was stderr from `rofiles-fuse`.

Use the `err` API which is better in many ways; in this case
it automatically prefixes with `argv0`.

Closes: #1747
Approved by: jlebon

lib/commit: Don't chown objects to repo target owner

The idea is that if the process is running as root, it can change
ownership of newly written files to match the owner of the repo.
Unfortunately, it currently applies in the other direction, too - a
non-root user writing to a root owned repository. If the repo is
writable by the user but owned by root, it can still create files and
directories there, but it can't change ownership of them.

This feature comes from
https://bugzilla.gnome.org/show_bug.cgi?id=738954. As it turns out, this
feature was never completed. It only works on content objects and not
metadata objects, refs, deltas, summaries, etc. Rather than try to fix
all of those, remove the feature until someone has interest in
completing it.

Closes: #1754
Approved by: cgwalters

checkout: Support --union-identical and --force-copy{,--zerosized}

Actually testing the patch to add `--force-copy-zerosized` to
rpm-ostree tripped over the fact that it uses `--union-identical`,
and we just hit an assertion failure with that combination.

Fix this by copying over the logic we have for the hardlink case.

Closes: #1753
Approved by: jlebon

repo: Add a checkout option to not hardlink zero-sized files

In rpm-ostree we've hit a few cases where hardlinking zero-sized
files causes us problems.  The most prominent is lock files in
`/usr/etc`, such as `/usr/etc/selinux/semanage.LOCK`.  If there
are two zero-sized lock files to grab, but they're hardlinked,
then locking will fail.

Another case here is if one is using ostree inside a container
and don't have access to FUSE (i.e. `rofiles-fuse`), then the
ostree hardlinking can cause files that aren't ordinarily hardlinked
to become so, and mutation of one mutates all.  An example where
this is concerning is Python `__init__.py` files.

Now, these lock files should clearly not be in the tree to begin
with, but - we're not gaining a huge amount by hardlinking these
files either, so let's add an option to disable it.

Closes: #1752
Approved by: jlebon

src/ostree: Don't delete refs having aliases

Deleting a ref with aliases makes them dangling. In such
cases, display an error message to the user.

Fixes #1597

Signed-off-by: Sinny Kumari <sinny@redhat.com>
Closes: #1749
Approved by: cgwalters

lib/sysroot-deploy: Write to journal when finalizing

Write to the journal when starting to finalize a staged deployment.
Combined with the "Transaction completed" message we already emit, this
makes it easy later on to determine whether the operation was successful
by inspecting the journal. This will be used by `rpm-ostree status`.

Closes: #1750
Approved by: cgwalters

boot: Add Documentation= lines to services

It's a neat way to point folks to the documentation (of course, better
would be to have man pages for each of those services). Also
consistently use Title Case everywhere.

Closes: #1750
Approved by: cgwalters

boot: Remove [Install] from ostree-finalize-staged

Let's just make this service not installable anymore. It should only be
activated manually.

Closes: #1750
Approved by: cgwalters

man/create-usb: Don't recommend summary updates

This commit removes the recommendation in the create-usb man page for
the user to update the summary in the source repo before using the
create-usb command. I'm not sure where I got the idea that create-usb
depends on a summary in the source repo. I went back to the first commit
that introduced the create-usb command and even using that a summary
isn't required, so it seems unlikely that this changed recently.

This is good news because the exclusive lock that's taken for summary
updates has been causing problems on Endless (due to other processes
having a lock for the duration of the 30 second acquire time out
period).

Closes: #1746
Approved by: cgwalters

Only verify OSTREE_MAX_METADATA_SIZE for HTTP fetches

There are use cases for libostree as a local content store
for content derived or delivered via other mechanisms (e.g. OCI
images, RPMs, etc.). rpm-ostree today imports RPMs into OSTree
branches, and puts the RPM header value as commit metadata.
Some of these can be quite large because the header includes
permissions for each file. Similarly, some OCI metadata is large.

Since there's no security issues with this, support committing
such content.

We still by default limit the size of metadata fetches, although
for good measure we make this configurable too via a new
`max-metadata-size` value.

Closes: https://github.com/ostreedev/ostree/issues/1721
Closes: #1744
Approved by: jlebon

bash-completion: Fix --repo autocomplete

This commit fixes the bash tab completion handling of the "--repo"
argument. Before this commit, the completion only works if "--repo"
comes after the main command. After this commit, you can use "--repo"
directly after "ostree" in the command line, as is natural.

Closes: #1745
Approved by: jlebon

lib/mutable-tree: Port to new style

Some therapeutic style conversion to finish off the week. Pretty
straightforward overall.

Closes: #1742
Approved by: cgwalters

lib/progress: Fix leak of GSource

Closes: https://github.com/ostreedev/ostree/issues/1738
Closes: #1741
Approved by: jlebon

ci: Bump rpm-ostree tag to 2018.8

2018.7 started failing `test-ucontainer.sh`. I don't have the cycles to
look more deeply into what was going on there, but bumping to 2018.8
fixes it at least. (And of course, it's passing in rpm-ostree too.)

Closes: #1728
Approved by: cgwalters

man/ostree.repo-config: Document locking options

This commit documents the "locking" and "lock-timeout-secs" options
which have been around for a few releases.

Closes: #1737
Approved by: jlebon

lib/repo: Fix minor mistake in locking docs

The config option is "lock-timeout-secs" not "lock-timeout".

Closes: #1737
Approved by: jlebon

lib/repo: Allow disabling lock timeout

Currently the locking code checks if the value -1 was set for the config
key "lock-timeout-secs" and if so, a thread trying to acquire a lock
will block indefinitely. Positive values specify how long to attempt to
acquire a lock in a non-blocking way (the attempt is made once every
second). But when the value is read from the config file,
g_ascii_strtoull() is used, which converts it to an unsigned integer.
This commit makes libostree use g_ascii_strtoll() instead, so that it's
possible to set that key to -1 as intended.

Closes: #1737
Approved by: jlebon

create-usb: Add a --commit option

Currently on Endless OS, the OSTree ref for the operating system is
something like os/eos/amd64/eos3, so that's what gets passed to `ostree
create-usb` when copying the OS to a USB drive (for offline updates).
However, when eos-updater checks for updates it pulls the metadata for a
candidate commit and in so doing updates that eos3 ref to point to the
partial commit being examined as a potential update rather than the
deployed commit. This causes `ostree create-usb` to fail with an error
like "No such metadata object
7fb045cb2d1f1f3a81bfc157c6128ff443eb56350315b9536bdb56aee0659863.dirtree".

OSTree creates deployment refs that look like "ostree/1/1/0" to maintain
a pointer to the deployed commit, but create-usb can't use these because
it shows up in the summary as just a ref, not a collection-ref.

So this commit adds a --commit option to the create-usb command, so we
can use the appropriate ref but copy the deployed commit rather than a
(potentially partial) update commit.

Closes: #1735
Approved by: cgwalters

lib/commit: Don't copy xattrs for metadata objects

Copying the xattrs on metadata objects is wrong in general, we
don't "own" them. Notably this would fail in the situation of
doing a pull from e.g. a `bare-user` source to a destination
that was on a different mount point (so we couldn't hardlink),
and the source had e.g. a `security.selinux` attribute.

Closes: #1734
Closes: #1736
Approved by: jlebon

create-usb: Always use archive mode

Change the create-usb command so that it always creates the destination
repository using the "archive" mode, rather than using archive mode when
xattrs aren't supported and bare-user otherwise. This has a few
advantages:

1. The archive mode works with FAT filesystems, which is what most
USB drives are, and which doesn't support xattrs.

2. At least in some quick testing I did, archive mode is about
twice as performant as bare-user mode, in terms of how long it takes for
the create-usb command to complete.

3. This ensures that a tool can safely change the permissions on
".ostree/repo" and subdirectories after create-usb completes, which is
important for Endless since otherwise you can't use `ostree create-usb`
as root and then `flatpak create-usb` as a non-root user on the same USB
drive (or in other words copy OS updates and apps to the same USB).

Closes: #1733
Approved by: cgwalters

lib/fetcher-curl: Prefix fatal errors with full URL

Just include the whole URL that failed if libcurl failed with something
elementary like CURLE_COULDNT_CONNECT or CURLE_COULDNT_RESOLVE_HOST.

Closes: #1731
Closes: #1732
Approved by: cgwalters

lib/fetcher-curl: Drop unnecessary check

`_ostree_fetcher_journal_failure()` already checks that we only log
messages which have remotes.

Closes: #1732
Approved by: cgwalters

lib/fetcher-util: Mark journaled msgs as LOG_ERR

E.g. for filtering, and so it shows up in red.

Closes: #1732
Approved by: cgwalters

deploy: Fix removing /var/.updated with separate /var mount

There's some subtlety to this, we don't handle all cases.
But the 99% cases are using `--sysroot deploy` to create an
initial deployment, and then doing upgrades from inside
a booted deployment.

It was only the latter case that didn't work with a separate `/var`.
Fixing all of them would probably require libostree to learn
how to e.g. look at `/etc/fstab` (or worse, systemd mount units?)
and handle the mounting. I don't think we want to do anything
like that right now, since there are no active drivers for the
use case.

Closes: https://github.com/ostreedev/ostree/issues/1729
Closes: #1730
Approved by: akiernan

tests: Update tests for ostree_repo_get_min_free_space_bytes()

https://github.com/ostreedev/ostree/issues/1720

Closes: #1722
Approved by: pwithnall

lib/repo: Separate min-free-space-* calculation from transaction codepath

Earlier, the actual reserved space (in blocks) were calculated inside the
transaction codepath ostree_repo_prepare_transaction(). However, while
reworking on ostree_repo_get_min_free_space_bytes() API, it was realized that
this calculation can be done independently from the transaction's codepaths, hence
enabling the usage for ostree_repo_get_min_free_space_bytes() API irrespective
of whether there is an ongoing transaction or not.

https://github.com/ostreedev/ostree/issues/1720

Closes: #1722
Approved by: pwithnall

lib/repo: Define a metadata key, ostree.deploy-collection-id

This commit defines a metadata key that tells clients to update their
remote config to add a collection ID. This functionality is currently
implemented in Flatpak for the key "xa.collection-id", but there are two
good reasons for moving the key to OSTree:

1) Servers such as Flathub shouldn't set xa.collection-id in their
metadata now or in the medium term future, because many users are still
using old versions of Flatpak and OSTree[1] which would hit various
bugs[2][3][4] on the P2P code paths that are enabled by collection IDs.
Defining a new key means that only clients running recent
(as-yet-unreleased) versions of Flatpak and OSTree will pay attention to
it and deploy the collection ID, leaving the users on old versions
unaffected.

2) OSTree is as "invested" in collection IDs as Flatpak, so there's no
reason the key should be defined in Flatpak rather than here. According
to Philip Withnall, the reason the key was put in Flatpak originally was
that at the time there was uncertainty about tying OSTree to collection
IDs.

[1] https://ahayzen.com/direct/flathub.html#downloadsbyflatpakstacked
[2] https://github.com/ostreedev/ostree/commit/e4e6d85ea
[3] https://github.com/flatpak/flatpak/commit/5813639f
[4] https://github.com/flatpak/flatpak/commit/5b21a5b7

Closes: #1726
Approved by: pwithnall

OstreeMutableTree: add _remove method

There is no API method to remove a file or subdirectory from a MutableTree
besides directly manipulating the GHashTable returned by _get_files or
_get_subdirs. This isn't possible from an introspection binding that transforms
the returned GHashTable, and may also leave the tree checksum in an invalid
state. Introduce a new method so that removing files or subdirectories is
safe, and possible from bindings.

Closes: #1724
Approved by: jlebon

lib/repo: Clean up OstreeRepo docs

This fixes typos and grammar in the docs for OstreeRepo, and copies the
information about OSTREE_REPO_MODE_BARE_USER_ONLY from ostree-core.h

Closes: #1725
Approved by: jlebon

ci: Disable f28-rpmostree for now

It started failing with:

```
ERROR: tests/check/test-ucontainer.sh - too few tests run (expected 2, got 0)
tap-driver.sh: internal error getting exit status
tap-driver.sh: fatal: I/O or internal error
make[4]: *** [Makefile:4353: tests/check/test-ucontainer.sh.log] Error 1
make[4]: *** Waiting for unfinished jobs....
```

And the artifacts are not being saved for some reason:

```
+ cleanup
+ mv test-suite.log /var/tmp/checkout
mv: cannot stat 'test-suite.log': No such file or directory
+ true
+ mv vmcheck /var/tmp/checkout
mv: cannot stat 'vmcheck': No such file or directory
+ true
```

Let's just disable this for now so that some other pending patches can
go in while we investigate.

Closes: #1727
Approved by: cgwalters

avahi: Be robust to missing refs in peer summaries

In the OstreeRepoFinderAvahi implementation,
ostree_avahi_service_build_repo_finder_result() is where the DNS-SD
records are processed and turned into OstreeRepoFinderResult objects.
Each result object is supposed to have a hash table mapping refs to
checksums, so this is accomplished by first adding a placeholder (a ref
mapping to a NULL checksum) for each ref matched by the bloom filter,
and later filling in the checksums using the remote's summary file,
which happens in get_checksums(). The problem is that there's no
guarantee all the checksums will be resolved (non-NULL), so the
ostree_repo_finder_result_new() call then hits an assertion failure in
is_valid_collection_ref_map() leading to a crash (in the case that one
or more refs had NULL checksums).

There are at least two situations where the ref checksum might not be
found in the peer remote's summary file:
1) The bloom filter match was a false positive. This is going to happen
sometimes by design.
2) The peer remote's summary is out of sync with its DNS-SD records.
This shouldn't normally happen but it's still good to be robust to the
possibility; in Endless OS nothing guarantees the atomicity of updating
the summary and DNS-SD records.

This commit changes libostree to be robust to the possibility of refs
missing from the peer remote's summary, by removing any that still have
a NULL checksum associated with them after the summary has been fetched
and processed.

The other OstreeRepoFinder implementations don't have this issue because
they use summary files directly and therefore always have access to the
checksum.

Closes: #1717
Approved by: pwithnall

Add tests for ostree_repo_get_min_free_space_bytes

https://phabricator.endlessm.com/T23694

Closes: #1715
Approved by: cgwalters

lib/repo: Add an API to get min-free-space-* reserved bytes

https://phabricator.endlessm.com/T23694

Closes: #1715
Approved by: cgwalters

lib/repo: Ensure min-free-space* config value doesn't overflow
when converted to bytes

In a subsequent commit, we add a public API to read the value of
min-free-space-* value in bytes. The value for free space check
is enforced in terms of block size instead of bytes. Therefore,
for consistency we check while preparing the transaction that the
value doesn't overflow when converted to bytes.

https://phabricator.endlessm.com/T23694

Closes: #1715
Approved by: cgwalters

lib/grub2: Support Debian-style grub.cfg path

Debian and Debian-derived systems have their GRUB configuration file in
/boot/grub/grub.cfg, rather than /boot/grub2/grub.cfg. Detecting this
file is necessary to correctly generate GRUB boot configuration on
Debian systems.

Closes: #1714
Approved by: cgwalters