dgit.raspbian.org Git - ostree.git/log

lib/repo-pull: Rename a variable

Rename from `fdata` to `fetch_data` to clarify things and make it
consistent with other similar functionality in the file.

This introduces no functional changes.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1599
Approved by: jlebon

lib/repo-pull: Factor out free function for FetchDeltaSuperData

This introduces no functional changes, but does make the code a little
cleaner.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1599
Approved by: jlebon

lib/repo-pull: Use GCC `?:` ternary shortcut where appropriate

This introduces no functional changes; just makes the code a bit shorter
in a few places.

https://gcc.gnu.org/onlinedocs/gcc/Conditionals.html

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1599
Approved by: jlebon

lib/repo-pull: Use values from struct in enqueue_one_object_request()

This introduces no functional changes, but will make some upcoming
refactoring a little easier.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1599
Approved by: jlebon

fsck: Add --all to print all corrupted object

Stopping on the first error is nice if you just want to know if everything is ok, but
if you want to figure out all that is wrong its nice to be able to continue and
print all corruptions.

Closes: #1591
Approved by: cgwalters

fsck: Include the commits that contain the corruption in errors

This makes it easier to figure out what the corruption affects.

Closes: #1591
Approved by: cgwalters

bash-completion: Don't add a space after files and directories

Currently if ostree is completing a file or directory for you it adds a
space to the end, but this is an inconvenience when it's an intermediate
directory in a tree. It's better to let the user add the space after the
final directory, so this commit changes the bash completion to avoid
adding a space when completing files or directories.

Closes: #1598
Approved by: jlebon

lib/sysroot: Add wrapper API to prune system repository

The initial motivation for this is that the "staging" code currently
didn't rewrite the deployment refs, meaning that the staged commit
could be pruned.

Hence first, this new API ensures that deployments also
hold a strong ref to their commit, without relying on the magical
"deployment refs" that we inject. That has always been a weird
artifact of the strict layering separation between OstreeSysroot
and OstreeRepo.

I also plan to change rpm-ostree to start using this API to
hold references to base layers for client-side layering; it also
today generates various refs.

That said, if we still want to support multiple processes
writing to a single repo (as happens on EndlessOS today) we
still need to write refs; perhaps later we could add a concept
of "generators" or something that create refs based on whatever
logic?

Another minor thing this fixes is that we had a printf inside
the library; this propagates the pruned data to the higher level
which can log however it likes.

Closes: #1566
Approved by: jlebon

lib: Add a public helper method for pruning to find all ref'd commits

Prep for reworking how we do sysroot cleanup. We're going to
start doing more lowlevel pruning work there, and I wanted to avoid
duplicating the ref enumeration.

Closes: #1566
Approved by: jlebon

u-boot: add support for devicetree

Likewise the corresponding support for syslinux introduced by commit
c5112c25e4519835c4cd53f4350c1b2f2a477746, this one enables writing devicetree
filename into the uEnv.txt environment file for u-boot.

Since u-boot does not strictly defines variable names, here 'fdt_file' was
chosen as it appear to be one the most frequently adopted names in u-boot
default environments. Outer boot logic should of course comply with this choice
and use $fdt_file as the device tree file name to pass to boot commands.

This was tested on a custom board booting with u-boot.

Closes: #1590
Approved by: cgwalters

docs: var/local -> var/usrlocal

Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
Closes: #1588
Approved by: jlebon

ci: Add .papr-ex.yaml

I'd like to start working towards migrating the OSTree CI towards the
new PAPR model running in PACI. In order to take it for a test drive
(pun intended) without yet replacing our current CI, the new PAPR now
knows to look for a `.papr-ex.yaml` file. So as to not conflict with the
current PAPR, no GitHub statuses will be output other than a
`required-ex` label, which plays the same role as `required`. For more
information, see:

https://github.com/projectatomic/papr/commit/85b1d0a91eba6597d01b52b674de38a876f030fe

The `.papr-ex.yaml` version is essentially the same except for:

1. the `FAH27-insttests` suite runs directly in the scheduled container
(notice the new `kvm: true` key)
2. the `host:` based contexts (rpm-ostree and flatpak) are missing since
we don't support provisioning a host just yet

Keeping them in sync could get annoying, though building confidence in
the new approach will allow us to migrate faster.

Closes: #1587
Approved by: cgwalters

Post-release version bump

Closes: #1586
Approved by: jlebon

Release 2018.5

Lots of stuff queued up.

Closes: #1585
Approved by: jlebon

lib/sysroot: Add OSTREE_EX_STAGE_DEPLOYMENTS environment variable

I feel like I'm drowning in a pile of experimental-but-almost-stable
features...

Anyways, since we made the feature opt-in in rpm-ostree in
https://github.com/projectatomic/rpm-ostree/pull/1352
let's mirror that a bit here with an environment variable so people
can play with it more easily.

The tests needed some tweaks; specifically we need to reload the
status fact after making changes. I'm still a bit uncertain
about the Ansible-as-tests.

But we add an upgrade test that uses the new environment variable.

Closes: #1583
Approved by: jlebon

tests/installed: Disable all rpmmd repos

For the same reason we do in the rpm-ostree tests. This also
made sure the test run worked when I was offline on a plane.

Closes: #1583
Approved by: jlebon

ci: Switch libgcrypt URL

Since the previous one wasn't made into an update, it got GC'd.

Closes: #1584
Approved by: jlebon

libglnx: Bump to fix F28 compilation

Pull in https://github.com/GNOME/libglnx/pull/104 to fix compiling on
F28.

Update submodule: libglnx

Closes: #1580
Approved by: cgwalters

docs: Add "Hello World" example

Let's get practical faster in the manual and have a simple "Hello World"
example right off the bat to hopefully make it easier to grok how OSTree
works.

Also some minor tweaks on wording around comparisons to git.

Closes: #1581
Approved by: cgwalters

ci: Drop str hotpatch

The change we want is in the current Fedora repos, and git master
is broken:

> qemu-system-x86_64: -vnc :1: Failed to start VNC server: Failed to bind socket: Address already in use

https://pagure.io/standard-test-roles/pull-request/186#comment-52440

Closes: #1582
Approved by: jlebon

repo: handle GPG_ERR_AMBIGUOUS_NAME in sign_data

This should give a more insightful error message if the user provides
a UID which is present on multiple keys.
This happens if you have an old key in your keyring which you are not
actively using any more, e.g. because it is too old. You still have
your old keys in your keyring, because you want to read old email
encrypted for that key, though.

The gpgme function used by ostree right now complains if a UID is found
on multiple keys:
https://www.gnupg.org/documentation/manuals/gpgme/Listing-Keys.html#index-gpgme_005fget_005fkey
The used API is too simple for that use case.

Note that it would be nicer if ostree picked the only valid signing key out
of the available keys rather than using the simplistic gpgme_get_key
function. It be nicer, of course, if there was such a gpgme function.

Closes: #1579
Approved by: cgwalters

tests: Fix installed tests more

OK so I noticed that something was failing and we were missing
`set -xeuo pipefail` in our shells. That of course revealed
the ansible tests didn't actually work - my only defense
here is spending so much time fighting to get it through CI
and trying something new.

Anyways, to make the staged-deploy tests work we need a task
that actually uses `rpm-ostree override` rather than `usroverlay`.

Let's make this a bit saner and have a clean split between
tests that are "shell-script+usroverlay" and "ansible+override".

Closes: #1577
Approved by: jlebon

lib/commit: Fix function name typo in docstring

Closes: #1575
Approved by: cgwalters

lib/deploy: Add semi-colon in post-deployment msg

Let's add a semi-colon between the "bootconfig swap" part and the
"deployment count change" to make it more clear they're separate
statements.

Closes: #1575
Approved by: cgwalters

tests: Tweak staged-deploy test to be faster

Work around https://github.com/ostreedev/ostree/issues/1569

Closes: #1573
Approved by: jlebon

README: Tweak licensing description

Basically it wasn't clear that the man pages and API doc
remain LGPLv2.

Closes: https://github.com/ostreedev/ostree/issues/1456
Closes: #1574
Approved by: smcv

deploy: Use fdatasync() for new kernel/initramfs by default

While we do a `syncfs()` plus `FIFREEZE/THAW` for `/boot`, that
only comes during deployment finalization.

The code here today generally assumes that if the file exists
it's been fully written. So let's do a `fdatasync()` before
we do the `rename()`.

This just came out of looking through the code while working
on deployment staging. In that scenario there's a much larger
window between when we copy the kernel/initramfs and when we
sync `/boot`.

Closes: #1571
Approved by: jlebon

lib: Use `Locking:` term in docs

This is easier to `git grep` etc. versus ad-hoc English. Although
we still have some English for the prepare_transaction/commit which
acquire/release in separate phases.

Closes: #1572
Approved by: jlebon

lib/deploy: Do post-ops when removing staged commit

These are further fixes based on running more of the rpm-ostree
test suite.

When dropping the staged deployment, we do need to do the
"post operations" such as bumping the sysroot mtime, so that
clients know something changed. We also need to regenerate
the deployment refs. And of course do a sysroot reload.

Also, add a "base cleanup" after creating a staged deployment
which also regenerates the refs.

Closes: #1570
Approved by: jlebon

lib/deploy: Throw an error if trying to stage when not ostree-booted

There's no reason to do this. I didn't actually hit this problem,
but it's a corner case that just occurred to me while working on
the code.

I think callers should be adapted to skip trying to use staging
if there's no booted deployment.

Closes: #1568
Approved by: jlebon

lib/sysroot: Maintain one variable for "root is ostree booted"

This was pointed out in a previous PR review; we don't have
a need for the separate variables. Prep for adding an API for
this.

Closes: #1568
Approved by: jlebon

repo: Add checksum to error message opening unreadable object

This would have debugged trying to do a pull as non-root from
a sysroot repository. See for example:
https://github.com/ostreedev/ostree/issues/1562

Closes: #1564
Approved by: jlebon

deploy: Don't prune repo at finalization time by default

Doing so can break rpm-ostree, which wants to own the cleanup process
to ensure its baselayer refs are generated.

Further, doing the cleanup at shutdown time adds latency. It's also
going to be generally unnecessary as we expect repo pruning to have
been done when writing the refs.

Closes: #1567
Approved by: jlebon

bin/admin-cleanup: Port to decl-and-initialize style

No functional changes.

Closes: #1567
Approved by: jlebon

build: Don't distribute Bison-generated parser in dist tarballs

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1563
Approved by: cgwalters

man/ostree-init: Briefly describe various modes

Closes: #1561
Closes: #1560
Approved by: cgwalters

man/ostree: Document --repo option a bit more

This new information is already mostly part of `ostree.repo(5)`, though
let's put it in `ostree(1)` as well since that's where the switch is
officially documented.

Closes: #1560
Approved by: cgwalters

lib/repo: Enable locking by default, but drop external API

The code has been sitting around for a while but since I disabled
it by default, I doubt anyone is really using it or relying on it.

This patch and turns on locking by default, and also drops the
API which was only public in the experimental API builds.
Conceptually these are two distinct things, and we
may actually want to split up the patches.

I don't think this will break anyone, but it's hard to say for sure.
It's also going to be hard to find out until we actually release
I suspect...

But anyone who is broken should be able to add `locking=false` into
their repo config. On the flip side Endless has been shipping with
this enabled and it is reported to help.

The reason to drop the APIs: I'm a bit concerned about the interactions over time
between libostree's use of the API and any apps that start using it.
For example, if an app specifies a SHARED lock in their code, then
later internally we decide to temporarily grab an `EXCLUSIVE`, but the
app had a second thread/process that was `EXCLUSIVE` already, and
that process was waiting on the first bit of code, then we could
deadlock. I can't think of a real world situation where this would happen
yet though.

We are likely to in the future have say `fsck` take an external lock,
`checkout` grab a shared one, etc.

Closes: #1555
Approved by: jlebon

README.md: Fix docs link to COPYING

Because `README.md` also gets rendered into the docs, we need
to link directly to github.

Closes: https://github.com/ostreedev/ostree/issues/1534
Closes: #1554
Approved by: jlebon

deploy: Return staged deployment

Today rpm-ostree has some code to run a "sanitycheck" on a deployment.
I had initially deleted that when adapting it to use the staging code,
but I realized it should work fine; we just won't see the merged
config, but that's OK.

When I readded that code it started crashing because we didn't
actually return the new deployment object. We'll gain some coverage
here as I'll land the code to have rpm-ostree use staging, then bump
the rpm-ostree tests here.

Closes: #1559
Approved by: jlebon

bin/deploy: Avoid loading merge deployment kargs unless necessary

The fact that `ostree admin deploy` always itself loaded the
merge kargs masked a bug in the core. Let's change our tests
to not pass any kernel arguments to ensure we cover this.

The new logic in the CLI is a bit subtle, but if you read
carefully is a lot clearer I believe. Basically we have one
of a few "starting points" in the first section, which can
then be further augmented.

Closes: #1558
Approved by: jlebon

lib/deploy: Fix staged deployments with no kargs

Testing out the staged API with rpm-ostree, ostree-prepare-root.service
in the initramfs was failing.  Turned out that was because we didn't
have a `root=` kernel argument.  Which was because we didn't have
any kernel arguments at all except `ostree=`.

That in turn was because we weren't loading the bootloader config
from the merge deployment.

The serialized deployment data holds the unique identity of
(osname, checksum, deployserial) - look for the real merge deployment
in our deployment list which has the bootloader arguments we need.

This issue was entirely masked by the `ostree admin deploy` command
which itself explicitly loads the merge deployment's kernel arguments
in every case - it never passes the `NULL` default down.  A followup
patch will fix that.

Closes: #1558
Approved by: jlebon

lib/deploy: Also compare deployment csum versions

When comparing deployments to determine whether we need a new
bootversion, we should also check whether the commit "version" metadata
is the same. Otherwise, we may end up with the a bootconfig whose
`title` includes a version that doesn't match the one from the
deployment checksum.

Closes: https://github.com/projectatomic/rpm-ostree/issues/1343
Closes: #1556
Approved by: cgwalters

lib/deploy: Factor out function to get deployment kargs

No functional change. Prep for next commit.

Closes: #1556
Approved by: cgwalters

ci: drop BDB1539 workaround

This shouldn't be an issue anymore.

Closes: #1553
Approved by: cgwalters

tests: Port the last python2 script to python3

This is not used by any test, nor is it packaged. Though let's just port
it over to py3 to certify our codebase completely py2-free. I've
manually checked that the script is still functional.

Closes: #1546
Approved by: cgwalters

tests/installed: Prefer python3 over python2

In a world progressively unapproving of python2, let's be a bit smarter
and support testing on platforms that only have python3 installed.

Closes: #1546
Approved by: cgwalters

ci: Temporary libgcrypt workaround for older kernels

I'm trying to get ostree tests to pass in OpenShift as part of our CI
move but I've been seeing lots of failures related to GPG tests. It
finally turned out to be because libgcrypt doesn't behave well on older
kernels that don't have `getrandom()` (the cluster is running on RHEL7).
Thankfully, there's a new build with a fix for this. Pull that in
manually until it gets into stable.

For more information, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1542453

Closes: #1547
Approved by: cgwalters

ci: mark some ci testsuites as required again

Follow up to #1536; we are now running all the testsuites on merges, but
we weren't actually blocking on their success!

Closes: #1552
Approved by: cgwalters

tests: Disable itest-pull.sh since it is too slow

Hopefully we'll fix this soon.

Closes: #1548
Approved by: cgwalters

tests: Lower retry timeout to 5s

No need to poll every second, there's going to be some latency
here and we want to avoid the overhead of polling.

Closes: #1548
Approved by: cgwalters

fsck: Only print "marking commit partial" once

Let's only print if the commit isn't already partial; this
addresses a spam of "marking commit partial" from fsck.

Closes: #1548
Approved by: cgwalters

tests/installed: increase async retries to 500

It seems like 240 retries is just not long enough for all the
non-destructive tests running in parallel to finish. Let's crank that up
to 500 retries.

Closes: #1548
Approved by: cgwalters

tests/installed: Make reboot task less racy

This took a whole lot of experimentation. I hit upon the idea
of doing a `systemctl stop sshd` to avoid the situation where we
might ssh back into the system while it's in the process of shutting
down.

Ultimately the other fix is disabling `ControlMaster`; see
for example: https://github.com/ansible/ansible/issues/17935

Closes: #1548
Approved by: cgwalters

man: Add man page for create-usb

Closes: #1543
Approved by: cgwalters

create-usb: Update summary in destination repo

Currently the create-usb command only generates a summary file in the
destination repo if one doesn't already exist, which means if one does
exist it becomes out of date after the new refs are pulled. This commit
makes ostree regenerate the summary regardless of whether it exists, so
that consumers such as ostree_repo_find_remotes_async() (and at a higher
level, GNOME Software) get an accurate picture of the refs available on
the mount. This commit also updates one of the unit tests to check that
the summary is accurate after a second pull into the same repo.

Since any user of the create-usb command is using collection IDs they
are new enough to be using the unsigned summary support. While it would
technically be possible to use summary signatures on a repo and use the
create-usb command on it (a scenario broken by this commit), the
create-usb command is designed for P2P distribution of refs, which
requires use of unsigned summary support. So this is a legitimate
narrowing of the tool.

Fixes https://github.com/ostreedev/ostree/issues/1465

Closes: #1543
Approved by: cgwalters

tests: Fix typo in unit test

Closes: #1543
Approved by: cgwalters

avahi: Don't complain with g_warning if the daemon wasn't running

This is a normal case when running unit tests in client code
on continuous integration infrastructure. When those tests are
running they will set G_DEBUG=fatal-warnings which will cause
the program to abort if a warning is emitted. Instead, emit
a debug message if the problem was that we couldn't connect to
the daemon.

Closes: #1542
Approved by: jlebon

lib/sysroot: Move staged into deployment list, rework handling

Followup to: https://github.com/ostreedev/ostree/pull/1503
After starting some more work on on this in rpm-ostree, it is
actually simpler if the staged deployment just shows up in the list.

It's effectively opt-in today; down the line we may make it the default,
but I worry about breaking things that e.g. assume they can mutate
the deployment before rebooting and have `/etc` already merged.

There's not that many things in libostree that iterate over the deployment
list. The biggest change here is around the
`ostree_sysroot_write_deployments_with_options` API. I initially
tried hard to support a use case like "push a rollback" while retaining
the staged deployment, but everything gets very messy because that
function truly is operating on the bootloader list.

For now what I settled on is to just discard the staged deployment;
down the line we can enhance things.

Where we then have some new gymnastics is around implementing
the finalization; we need to go to some effort to pull the staged
deployment out of the list and mark it as unstaged, and then pass
it down to `write_deployments()`.

Closes: #1539
Approved by: jlebon

ci: use gpgme scratch build to workaround issues

Temporarily work around gpgme issues until the package gets into stable.

For more information, see:
https://src.fedoraproject.org/rpms/gpgme/pull-request/3
https://github.com/ostreedev/ostree/pull/1539

Closes: #1540
Approved by: cgwalters

fsck: Mark commits with missing or deleted object partial

This means we can later use various operations to heal the repository
because ostree does not assume all objects are there.

This the begining of a fix for https://github.com/ostreedev/ostree/pull/345

Closes: #1533
Approved by: cgwalters

lib/repo: Add ostree_repo_traverse_commit_union_with_parents

This is a version of ostree_repo_traverse_commit_union that also
remembers where the objects came from, by recording the parent
relationships in a hashtable. This can be used to later find which
commits each object was from, which we want to use in fsck.

Closes: #1533
Approved by: cgwalters

commit, payload-reflink: do not write to the parent repo

reintroduce the feature that was reverted with commit:

28c7bc6d0e153a0b07bdb82d25473a490765067f

Differently than the original implementation, now we don't attempt any
test for reflinks support on the parent repository, since the test
requires write access to the repository.

Additionally, also check that the two repositories are on the same
device before attempting any reflink.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1525
Approved by: cgwalters

switchroot: Don't log if running as pid1, minor code style cleanups

If we're running as pid1, avoid printing anything in the normal
success paths as we don't want to affect the physical console by
default; the device may be using a splash screen, etc.

Also cleanup the code a bit to use a single variable
`running_as_pid1`, declare-and-initialize, use the
`bool` type, etc.

Closes: #1531
Approved by: jlebon

sysroot: Clean up origin loading function

In prep for staging work, where we'll need to load the origin
for the staged deployment too.

The function was previously trying to avoid operating on an
instantiated deployment, but the data we need is in the deployment
object at that point.

Closes: #1538
Approved by: jlebon

deploy: Silently do nothing if passed same set of deployments

Prep for handling staged deployments better; if we're not passed
the staged one back, then we just want to delete it but not
touch the bootloader config.

Closes: #1538
Approved by: jlebon

deploy: Clean up bootserial assignment function

The reason we were returning a hashtable is a bit lost to history,
there's no reason to do so now anyways. Also port to declare-and-initialize
style and add more comments.

Closes: #1538
Approved by: jlebon

Add concept of "staged" deployment

Add API to write a deployment state to `/run/ostree/staged-deployment`,
along with a systemd service which runs at shutdown time.

This is a big change to the ostree model for hosts,
but it closes a longstanding set of bugs; many, many people have
hit the "losing changes in /etc" problem. It also avoids
the other problem of racing with programs that modify `/etc`
such as LVM backups:
https://bugzilla.redhat.com/show_bug.cgi?id=1365297

We need this in particular to go to a full-on model for
automatically updated host systems where (like a dual-partition model)
everything is fully prepared and the reboot can be taken
asynchronously.

Closes: https://github.com/ostreedev/ostree/issues/545
Closes: #1503
Approved by: jlebon

ci: turn gating back on for most testsuites

Somehow, this slipped through in #1513. We weren't inheriting anymore,
so `branches` defaulted back to just `master`. This means we weren't
gating on most of the containerized builds anymore. Ouch!

It'd make sense to teach PAPR to allow some defaults across all
testsuites, even in the `inherit: false` case. Though it's tempting to
also just change the hardcoded PAPR default to those branches since our
use of Homu + PAPR at this point is pretty ubiquitous, and it doesn't
really hurt for the ones that don't use it.

Closes: #1536
Approved by: cgwalters

Don't scan uncompressed_objects_dir if it doesn't exist

A newly created archive-mode repository won't have a uncompressed-objects-cache
directory, and uncompressed_objects_dir is -1 to flag that. The special meaning of
-1 meaning "cwd" for libglnx means that the current directory was scanned as
if it was an objects directory, producing unexpected results, especially if there
were any two-letter files/subdirs in the current directory.

Closes: #1537
Approved by: jlebon

tests/installed: Move tasks into tasks/ directory

It's cleaner to separate test playbooks from their tasks.

Closes: #1535
Approved by: jlebon

tests: Better error message if target is not a symlink

I broke the code for this and ended up adding this to debug it.

Closes: #1535
Approved by: jlebon

sysroot: Split out a helper function to delete a deployment dir

Prep for staged deployments.

Closes: #1535
Approved by: jlebon

tests/installed: Move auto-build logic to playbook-run.sh

This makes it a bit more convenient to make a code change, then
`rm -rf build && ./playbook-run.sh ...`.

Closes: #1535
Approved by: jlebon

bin: Hide `admin instutil` command

Add a "hidden command" flag, and use it for `admin instutil` since
I regret adding it, and people should be using the API.

Prep for adding another hidden command as part of staging deployments.

(Down the line we should investigate deduplicating the recursive
command parsing code)

Closes: #1535
Approved by: jlebon

tests: Merge installed/ and fedora-str/ directories

Let's be opinionated now, and our installed/ test story *is*
Ansible/STR. Merge `tests/fedora-str` into `tests/installed/`.

Rework the nondestructive tests into a separate playbook run, and parallelize
them for more efficiency.

The destructive tests are also changed to use Ansible more.

Add a higher level `run.sh` entrypoint and update the `README.md`
with some useful tips.

Closes: #1513
Approved by: jlebon

lib/repo: Add timestamps to OstreeRepoFinderResult

Currently OstreeRepoFinderResult, a data structure used by pull code
that supports P2P operations, has a hash table mapping refs to checksums
but doesn't include timestamp information. This means that clients have
no way of knowing just from the OstreeRepoFinderResult information if a
commit being offered by a peer remote is an update or downgrade until
they start pulling it. The client could check the summary or the commit
metadata for the timestamps, but this requires adding the temporary
remotes to the repo config, and ostree is already checking timestamps
before returning the results, so I think it makes more sense for them to
be returned rather than leaving it to the client. This limitation is
especially important for offline computers, because for online computers
the latest commit available from any remote is the latest commit,
period.

This commit adds a "ref_to_timestamp" hash table to
OstreeRepoFinderResult that is symmetric to "ref_to_checksum" in that it
shares the same keys. This is an API break, but it's part of the
experimental API, and none of the current users of that (flatpak,
eos-updater, and gnome-software) are affected. See the documentation for
more details on "ref_to_timestamp". One thing to note is the data
structure currently gets initialized in find_remotes_cb(), so only users
of ostree_repo_find_remotes_async() will get them, not users of, say,
ostree_repo_finder_resolve_all_async(). This is because the individual
OstreeRepoFinder implementations don't currently access the timestamps
(but I think this could be changed in the future if there's a need).

This commit will allow P2P support to be added to
flatpak_installation_list_installed_refs_for_update, which will allow
GNOME Software to update apps from USB drives while offline (it's
already possible online).

Closes: #1518
Approved by: cgwalters

pull: Don't save summary to cache before validating signatures

In case of some kind of race or other weirdness we might be getting
non-matching versions of summary.sig and summary, where summary.sig
is the latest version. Currently we're saving them to the cache
directly after downloading them successfully, but they will then fail
to gpg validate. Then on the next run we'll keep using the cached files
even if they are incorrect, until summary.sig changes upstream.

This changes the order so that we verify the signatures before saving
to the cache, thus ensuring that we don't end up in a stuck state.

Fixes https://github.com/ostreedev/ostree/issues/1523

Closes: #1529
Approved by: cgwalters

ci: Drop patches when building RPM

Things fell over when downstream added a patch we had already merged
upstream.

Closes: #1530
Approved by: jlebon

lib/repo-pull: Improve error message when no summary is found

In ostree_repo_remote_fetch_summary_with_options(), if no summary is
found on the server and summary verification is enabled, the error
message implies that it's the summary signature that's missing, which is
misleading. This commit adds a more specific error message for the case
of a missing summary, which has the side effect of explicitly checking
for the case that signatures != NULL && summary == NULL after
repo_remote_fetch_summary(), even though that should never happen.

One effect of this is that if you run "flatpak remote-add" with an
incorrect URL you get a more helpful error message, and similarly for
other flatpak operations and other users of ostree.

Closes: #1522
Approved by: cgwalters

lib/repo-pull: Rename a variable for clarity

In libostree, the phrase "commit metadata" has two meanings-- one is the
first dictionary in a commit GVariant that stores metadata such as ref
bindings, and the other is the commit metadata in the summary file,
which stores the commit size, checksum, and timestamp. In
find_remotes_process_refs(), the entire commit GVariant was being
referred to as commit metadata, so this commit changes the variable
name and a comment to make things more consistent.

Closes: #1528
Approved by: cgwalters

lib: Fix a few comments

Closes: #1526
Approved by: cgwalters

Don't write to parent repo

In _try_clone_from_payload_link, don't try to do the clone in the
parent repo, because we don't want to modify that. parent repos are
typically used when you want a shared, immutable base.

For example in flatpak, the parent repo is the system repo which you
don't have write access to, so any modification to it will fail with
EACCES, making it impossible to install via the system helper.

Closes: #1524
Approved by: cgwalters

libotutil/checksum-utils: Fix memory management

Ostree uses the OtChecksum data structure as a wrapper around GChecksum
(depending on what libraries are available at compile time). According
to the docs for g_checksum_get_digest(), a GChecksum value can no longer
be updated after that function is called. Ostree enforces this by
setting "initialized" to FALSE after getting the digest, but this leads
to ot_checksum_clear() avoiding freeing any memory, leading to leaks. So
this commit adds a "closed" value that gets set when getting a digest
and checked when updating the value, so the initialized value can be
used only for memory management.

Closes: #1521
Approved by: jlebon

lib/commit: Fix a memory leak of OtChecksum

Closes: #1521
Approved by: jlebon

lib/repo-pull: Document all options in pull_from_remotes_async

ostree_repo_pull_from_remotes_async() passes along some options to
ostree_repo_pull_with_options(), so document them.

Closes: #1519
Approved by: cgwalters

tests: Fix unit test for ref-binding metadata

The `ostree show` command is currently failing due to incorrect syntax,
but we want to check that it fails because the metadata isn't there.

Closes: #1520
Approved by: cgwalters

tests/installed: Fix TESTS= being empty

I broke this in https://github.com/ostreedev/ostree/pull/1509/commits/9b55aaea6f34b7094c44932a3c2e1cf2d54634fd
I'd obviously tested *setting* it locally worked, but I didn't test that
not having it set ran all the tests.

I don't understand why we were doing the `+ ` pattern before; let's
just check if it's empty.

Closes: #1516
Approved by: jlebon

lib/deploy: Port final bootconfig writing to new style

The main blocker for doing this before was the `goto out` handling
for remounting `/boot`. Handle that by factoring out the bits that
require it to a helper function, and do the C/GError equivalent of
"try/finally".

Not prep for anything right now, just decided to do this since I had the file
open.

Closes: #1515
Approved by: jlebon

lib/deploy: Split /etc merge into two stages

For staged deploy, we want to pay the cost of creating copies from
`/usr/etc` → `/etc` at stage time, since it can be expensive. (We
want to minimize time spent during shutdown).

Split it up into two functions; the logic is also simply clearer.

Closes: #1514
Approved by: jlebon

lib/deploy: Set kargs in one place

Prep for deployment staging. We had the code to hande "explicit kargs" in one
place, but the "use merge deployment" karg bits mixed in with the "/etc merge"
logic. Those are separate things, and it's better to have karg handling in one
place.

Closes: #1514
Approved by: jlebon

lib/deltas: Some misc declare-and-initialize porting

Also some `glnx_fstatat_allow_noent()`. Not specifically prep for anything.

Closes: #1511
Approved by: jlebon

Post-release version bump

Closes: #1512
Approved by: jlebon

Release 2018.4

A quick turnaround to include one PR: https://github.com/ostreedev/ostree/pull/1508
"switchroot: Ensure /run/ostree-booted is created even without initramfs"

This fixes ostree when booting without an initramfs. Thanks to @akiernan for the
bug report and helping review the fix! I'm working on enhancing
the test suite, which will help in adding some coverage here.

Also for this release I'm going to avoid adding a "stub" symbol section
to the `-released.sym` file; I don't believe it's necessary.

Closes: #1512
Approved by: jlebon

lib/deltas: Squash some GCC maybe-uninitialized warnings

These show up in the RPM build, I didn't yet try to figure out why we're not
reproducing them outside of that.

Closes: #1510
Approved by: jlebon

switchroot: Ensure /run/ostree-booted is created even without initramfs

See https://mail.gnome.org/archives/ostree-list/2018-March/msg00012.html

If ostree-prepare-root is run as pid 1 (i.e we're not using an initramfs), then
anything we write outside the target sysroot (such as `/run/ostree-booted`) will
be lost.

Since `ostree-remount.service` runs fairly early in boot, and is triggered via
`ConditionKernelCommandLine=ostree`, we can just touch the file there in
addition.

Closes: #1508
Approved by: akiernan

tests/payload-link: Just test a single duplicate object

We were previously assuming that the host content had duplicates,
which...hopefully it doesn't! We shouldn't rely on that.

Also this test is slow in production and flaky. Let's just test
a single duplicate object.

Closes: #1509
Approved by: jlebon

tests: Small tweaks for local iteration

Support e.g. `-e tests=payload-link`, to choose specific tests for more rapid
iteration, and allow skipping tmpdir cleanup to be able to debug.

Closes: #1509
Approved by: jlebon

tests/installed: Use temporary directories more consistently

This is prep for splitting off "nondestructive" tests which
we can run in parallel from the destructive/invasive ones which
e.g. change the host refspec, do deployments.

The `cd` invocation in `prepare_tmpdir` wasn't working because we were running
it in a subshell. Fix this by dropping the subshell.

Closes: #1509
Approved by: jlebon

tests/str: Verify standard-test-roles is installed

This tripped me up when regenerating my dev container.

Closes: #1509
Approved by: jlebon