commit: Add --base argument

I was trying to followup the `--selinux-policy-from-base` work
to add a `cosa build --fast=overlay` for coreos-assembler,
but hit on the fact that using e.g. `--owner-uid` disables
commit optimizations.

A while ago, https://github.com/ostreedev/ostree/pull/1643 landed
which optimized this for the case where no modifications are provided.
But, we really need the SELinux policy bits, and it's super convenient
to run `ostree commit` as non-root.

It's fairly surprising actually that it's taken us so long to
iterate on a good interface for this "commit changes on top of a base"
model.  In practice, many nontrivial cases really end up needing
to do a (hardlink) checkout, and that case is optimized.

But for this coreos-assembler work I want to directly overlay onto
a commit object another commit object.

That previous PR above added exactly the API we need, so let's
expose it in the CLI.

What you can see happening in the test is that we provide
`--owner-uid 42`, but that only applies to directories/files
that were added in the commit.

And now that I look at this, I think what we really want here
is to avoid changing directories that exist in the base, but
eh; in practice the main use here is for `--owner-uid 0` while
committing as non-root; and that works fine with this since
the baseline uid will be zero as well.

diff --git a/man/ostree-commit.xml b/man/ostree-commit.xml
index 2c821fc114e36c02db5c57634b7be0a7a2880e57..b0c5b3355df01d1905b5c5a30a7f4772ae1fede3 100644 (file)
--- a/man/ostree-commit.xml
+++ b/man/ostree-commit.xml
@@ -106,6 +106,15 @@ Boston, MA 02111-1307, USA.
                 </para></listitem>
             </varlistentry>
 
+            <varlistentry>
+                <term><option>--base</option>="REV"</term>
+
+                <listitem><para>
+                    Start from the content in a commit.  This differs from <literal>--tree=ref=REV</literal> in that no commit modifiers are applied.  This is usually what you want when
+                    creating a derived commit.  This is also used for <literal>--selinux-policy-from-base</literal>.
+                </para></listitem>
+            </varlistentry>
+
             <varlistentry>
                 <term><option>--add-metadata-string</option>="KEY=VALUE"</term>
 

diff --git a/src/ostree/ot-builtin-commit.c b/src/ostree/ot-builtin-commit.c
index 606af2be2d6560aa33d9e1e8f63f73226d10856a..72fa2841b52898e12c93cc038087c9a0fb73792a 100644 (file)
--- a/src/ostree/ot-builtin-commit.c
+++ b/src/ostree/ot-builtin-commit.c
@@ -58,6 +58,7 @@ static gboolean opt_selinux_policy_from_base;
 static gboolean opt_canonical_permissions;
 static gboolean opt_consume;
 static gboolean opt_devino_canonical;
+static char *opt_base;
 static char **opt_trees;
 static gint opt_owner_uid = -1;
 static gint opt_owner_gid = -1;
@@ -101,6 +102,7 @@ static GOptionEntry options[] = {
   { "orphan", 0, 0, G_OPTION_ARG_NONE, &opt_orphan, "Create a commit without writing a ref", NULL },
   { "no-bindings", 0, 0, G_OPTION_ARG_NONE, &opt_no_bindings, "Do not write any ref bindings", NULL },
   { "bind-ref", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_bind_refs, "Add a ref to ref binding commit metadata", "BRANCH" },
+  { "base", 0, 0, G_OPTION_ARG_STRING, &opt_base, "Start from the given commit as a base (no modifiers apply)" },
   { "tree", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_trees, "Overlay the given argument as a tree", "dir=PATH or tar=TARFILE or ref=COMMIT" },
   { "add-metadata-string", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_strings, "Add a key/value pair to metadata", "KEY=VALUE" },
   { "add-metadata", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_variants, "Add a key/value pair to metadata, where the KEY is a string, an VALUE is g_variant_parse() formatted", "KEY=VALUE" },
@@ -600,7 +602,32 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio
   if (opt_link_checkout_speedup && !ostree_repo_scan_hardlinks (repo, cancellable, error))
     goto out;
 
-  mtree = ostree_mutable_tree_new ();
+  if (opt_base)
+    {
+      g_autofree char *base_commit = NULL;
+      g_autoptr(GFile) root = NULL;
+      if (!ostree_repo_read_commit (repo, opt_base, &root, &base_commit, cancellable, error))
+        goto out;
+      OstreeRepoFile *rootf = (OstreeRepoFile*) root;
+
+      mtree = ostree_mutable_tree_new_from_checksum (repo,
+                                                     ostree_repo_file_tree_get_contents_checksum (rootf),
+                                                     ostree_repo_file_tree_get_metadata_checksum (rootf));
+
+      if (opt_selinux_policy_from_base)
+        {
+          g_assert (modifier);
+          if (!ostree_repo_commit_modifier_set_sepolicy_from_commit (modifier, repo, base_commit, cancellable, error))
+            goto out;
+          /* Don't try to handle it twice */
+          opt_selinux_policy_from_base = FALSE;
+        }
+    }
+  else
+    {
+      mtree = ostree_mutable_tree_new ();
+    }
+
 
   /* Convert implicit . or explicit path via argv into
    * --tree=dir= so that we only have one primary code path below.

diff --git a/tests/archive-test.sh b/tests/archive-test.sh
index 42b232bf07594a71efcc34492f5f49c0589a5bac..1e63a35bdc18d92f1dad8000ab7668dc7e88b312 100644 (file)
--- a/tests/archive-test.sh
+++ b/tests/archive-test.sh
@@ -68,3 +68,11 @@ echo "ok cat-file"
 cd ${test_tmpdir}
 $OSTREE fsck
 echo "ok fsck"
+
+mkdir -p test-overlays
+date > test-overlays/overlaid-file
+$OSTREE commit ${COMMIT_ARGS} -b test-base --base test2 --owner-uid 42 --owner-gid 42 test-overlays/
+$OSTREE ls -R test-base > ls.txt
+assert_streq "$(wc -l < ls.txt)" 14
+assert_streq "$(grep '42.*42' ls.txt | wc -l)" 2
+echo "ok commit overlay base"

diff --git a/tests/test-archivez.sh b/tests/test-archivez.sh
index 0dccd7370803b184d56b5617f766db1b56f63dff..c27ce03f14dc75351fe534fcaeedee4b7a816e27 100755 (executable)
--- a/tests/test-archivez.sh
+++ b/tests/test-archivez.sh
@@ -23,7 +23,7 @@ set -euo pipefail
 
 . $(dirname $0)/libtest.sh
 
-echo '1..12'
+echo '1..13'
 
 setup_test_repository "archive"