dgit.raspbian.org Git - ostree.git/log

repo: Add a checkout option to not hardlink zero-sized files

In rpm-ostree we've hit a few cases where hardlinking zero-sized
files causes us problems.  The most prominent is lock files in
`/usr/etc`, such as `/usr/etc/selinux/semanage.LOCK`.  If there
are two zero-sized lock files to grab, but they're hardlinked,
then locking will fail.

Another case here is if one is using ostree inside a container
and don't have access to FUSE (i.e. `rofiles-fuse`), then the
ostree hardlinking can cause files that aren't ordinarily hardlinked
to become so, and mutation of one mutates all.  An example where
this is concerning is Python `__init__.py` files.

Now, these lock files should clearly not be in the tree to begin
with, but - we're not gaining a huge amount by hardlinking these
files either, so let's add an option to disable it.

Closes: #1752
Approved by: jlebon

src/ostree: Don't delete refs having aliases

Deleting a ref with aliases makes them dangling. In such
cases, display an error message to the user.

Fixes #1597

Signed-off-by: Sinny Kumari <sinny@redhat.com>
Closes: #1749
Approved by: cgwalters

lib/sysroot-deploy: Write to journal when finalizing

Write to the journal when starting to finalize a staged deployment.
Combined with the "Transaction completed" message we already emit, this
makes it easy later on to determine whether the operation was successful
by inspecting the journal. This will be used by `rpm-ostree status`.

Closes: #1750
Approved by: cgwalters

boot: Add Documentation= lines to services

It's a neat way to point folks to the documentation (of course, better
would be to have man pages for each of those services). Also
consistently use Title Case everywhere.

Closes: #1750
Approved by: cgwalters

boot: Remove [Install] from ostree-finalize-staged

Let's just make this service not installable anymore. It should only be
activated manually.

Closes: #1750
Approved by: cgwalters

man/create-usb: Don't recommend summary updates

This commit removes the recommendation in the create-usb man page for
the user to update the summary in the source repo before using the
create-usb command. I'm not sure where I got the idea that create-usb
depends on a summary in the source repo. I went back to the first commit
that introduced the create-usb command and even using that a summary
isn't required, so it seems unlikely that this changed recently.

This is good news because the exclusive lock that's taken for summary
updates has been causing problems on Endless (due to other processes
having a lock for the duration of the 30 second acquire time out
period).

Closes: #1746
Approved by: cgwalters

Only verify OSTREE_MAX_METADATA_SIZE for HTTP fetches

There are use cases for libostree as a local content store
for content derived or delivered via other mechanisms (e.g. OCI
images, RPMs, etc.). rpm-ostree today imports RPMs into OSTree
branches, and puts the RPM header value as commit metadata.
Some of these can be quite large because the header includes
permissions for each file. Similarly, some OCI metadata is large.

Since there's no security issues with this, support committing
such content.

We still by default limit the size of metadata fetches, although
for good measure we make this configurable too via a new
`max-metadata-size` value.

Closes: https://github.com/ostreedev/ostree/issues/1721
Closes: #1744
Approved by: jlebon

bash-completion: Fix --repo autocomplete

This commit fixes the bash tab completion handling of the "--repo"
argument. Before this commit, the completion only works if "--repo"
comes after the main command. After this commit, you can use "--repo"
directly after "ostree" in the command line, as is natural.

Closes: #1745
Approved by: jlebon

lib/mutable-tree: Port to new style

Some therapeutic style conversion to finish off the week. Pretty
straightforward overall.

Closes: #1742
Approved by: cgwalters

lib/progress: Fix leak of GSource

Closes: https://github.com/ostreedev/ostree/issues/1738
Closes: #1741
Approved by: jlebon

ci: Bump rpm-ostree tag to 2018.8

2018.7 started failing `test-ucontainer.sh`. I don't have the cycles to
look more deeply into what was going on there, but bumping to 2018.8
fixes it at least. (And of course, it's passing in rpm-ostree too.)

Closes: #1728
Approved by: cgwalters

man/ostree.repo-config: Document locking options

This commit documents the "locking" and "lock-timeout-secs" options
which have been around for a few releases.

Closes: #1737
Approved by: jlebon

lib/repo: Fix minor mistake in locking docs

The config option is "lock-timeout-secs" not "lock-timeout".

Closes: #1737
Approved by: jlebon

lib/repo: Allow disabling lock timeout

Currently the locking code checks if the value -1 was set for the config
key "lock-timeout-secs" and if so, a thread trying to acquire a lock
will block indefinitely. Positive values specify how long to attempt to
acquire a lock in a non-blocking way (the attempt is made once every
second). But when the value is read from the config file,
g_ascii_strtoull() is used, which converts it to an unsigned integer.
This commit makes libostree use g_ascii_strtoll() instead, so that it's
possible to set that key to -1 as intended.

Closes: #1737
Approved by: jlebon

create-usb: Add a --commit option

Currently on Endless OS, the OSTree ref for the operating system is
something like os/eos/amd64/eos3, so that's what gets passed to `ostree
create-usb` when copying the OS to a USB drive (for offline updates).
However, when eos-updater checks for updates it pulls the metadata for a
candidate commit and in so doing updates that eos3 ref to point to the
partial commit being examined as a potential update rather than the
deployed commit. This causes `ostree create-usb` to fail with an error
like "No such metadata object
7fb045cb2d1f1f3a81bfc157c6128ff443eb56350315b9536bdb56aee0659863.dirtree".

OSTree creates deployment refs that look like "ostree/1/1/0" to maintain
a pointer to the deployed commit, but create-usb can't use these because
it shows up in the summary as just a ref, not a collection-ref.

So this commit adds a --commit option to the create-usb command, so we
can use the appropriate ref but copy the deployed commit rather than a
(potentially partial) update commit.

Closes: #1735
Approved by: cgwalters

lib/commit: Don't copy xattrs for metadata objects

Copying the xattrs on metadata objects is wrong in general, we
don't "own" them. Notably this would fail in the situation of
doing a pull from e.g. a `bare-user` source to a destination
that was on a different mount point (so we couldn't hardlink),
and the source had e.g. a `security.selinux` attribute.

Closes: #1734
Closes: #1736
Approved by: jlebon

create-usb: Always use archive mode

Change the create-usb command so that it always creates the destination
repository using the "archive" mode, rather than using archive mode when
xattrs aren't supported and bare-user otherwise. This has a few
advantages:

1. The archive mode works with FAT filesystems, which is what most
USB drives are, and which doesn't support xattrs.

2. At least in some quick testing I did, archive mode is about
twice as performant as bare-user mode, in terms of how long it takes for
the create-usb command to complete.

3. This ensures that a tool can safely change the permissions on
".ostree/repo" and subdirectories after create-usb completes, which is
important for Endless since otherwise you can't use `ostree create-usb`
as root and then `flatpak create-usb` as a non-root user on the same USB
drive (or in other words copy OS updates and apps to the same USB).

Closes: #1733
Approved by: cgwalters

lib/fetcher-curl: Prefix fatal errors with full URL

Just include the whole URL that failed if libcurl failed with something
elementary like CURLE_COULDNT_CONNECT or CURLE_COULDNT_RESOLVE_HOST.

Closes: #1731
Closes: #1732
Approved by: cgwalters

lib/fetcher-curl: Drop unnecessary check

`_ostree_fetcher_journal_failure()` already checks that we only log
messages which have remotes.

Closes: #1732
Approved by: cgwalters

lib/fetcher-util: Mark journaled msgs as LOG_ERR

E.g. for filtering, and so it shows up in red.

Closes: #1732
Approved by: cgwalters

deploy: Fix removing /var/.updated with separate /var mount

There's some subtlety to this, we don't handle all cases.
But the 99% cases are using `--sysroot deploy` to create an
initial deployment, and then doing upgrades from inside
a booted deployment.

It was only the latter case that didn't work with a separate `/var`.
Fixing all of them would probably require libostree to learn
how to e.g. look at `/etc/fstab` (or worse, systemd mount units?)
and handle the mounting. I don't think we want to do anything
like that right now, since there are no active drivers for the
use case.

Closes: https://github.com/ostreedev/ostree/issues/1729
Closes: #1730
Approved by: akiernan

tests: Update tests for ostree_repo_get_min_free_space_bytes()

https://github.com/ostreedev/ostree/issues/1720

Closes: #1722
Approved by: pwithnall

lib/repo: Separate min-free-space-* calculation from transaction codepath

Earlier, the actual reserved space (in blocks) were calculated inside the
transaction codepath ostree_repo_prepare_transaction(). However, while
reworking on ostree_repo_get_min_free_space_bytes() API, it was realized that
this calculation can be done independently from the transaction's codepaths, hence
enabling the usage for ostree_repo_get_min_free_space_bytes() API irrespective
of whether there is an ongoing transaction or not.

https://github.com/ostreedev/ostree/issues/1720

Closes: #1722
Approved by: pwithnall

lib/repo: Define a metadata key, ostree.deploy-collection-id

This commit defines a metadata key that tells clients to update their
remote config to add a collection ID. This functionality is currently
implemented in Flatpak for the key "xa.collection-id", but there are two
good reasons for moving the key to OSTree:

1) Servers such as Flathub shouldn't set xa.collection-id in their
metadata now or in the medium term future, because many users are still
using old versions of Flatpak and OSTree[1] which would hit various
bugs[2][3][4] on the P2P code paths that are enabled by collection IDs.
Defining a new key means that only clients running recent
(as-yet-unreleased) versions of Flatpak and OSTree will pay attention to
it and deploy the collection ID, leaving the users on old versions
unaffected.

2) OSTree is as "invested" in collection IDs as Flatpak, so there's no
reason the key should be defined in Flatpak rather than here. According
to Philip Withnall, the reason the key was put in Flatpak originally was
that at the time there was uncertainty about tying OSTree to collection
IDs.

[1] https://ahayzen.com/direct/flathub.html#downloadsbyflatpakstacked
[2] https://github.com/ostreedev/ostree/commit/e4e6d85ea
[3] https://github.com/flatpak/flatpak/commit/5813639f
[4] https://github.com/flatpak/flatpak/commit/5b21a5b7

Closes: #1726
Approved by: pwithnall

OstreeMutableTree: add _remove method

There is no API method to remove a file or subdirectory from a MutableTree
besides directly manipulating the GHashTable returned by _get_files or
_get_subdirs. This isn't possible from an introspection binding that transforms
the returned GHashTable, and may also leave the tree checksum in an invalid
state. Introduce a new method so that removing files or subdirectories is
safe, and possible from bindings.

Closes: #1724
Approved by: jlebon

lib/repo: Clean up OstreeRepo docs

This fixes typos and grammar in the docs for OstreeRepo, and copies the
information about OSTREE_REPO_MODE_BARE_USER_ONLY from ostree-core.h

Closes: #1725
Approved by: jlebon

ci: Disable f28-rpmostree for now

It started failing with:

```
ERROR: tests/check/test-ucontainer.sh - too few tests run (expected 2, got 0)
tap-driver.sh: internal error getting exit status
tap-driver.sh: fatal: I/O or internal error
make[4]: *** [Makefile:4353: tests/check/test-ucontainer.sh.log] Error 1
make[4]: *** Waiting for unfinished jobs....
```

And the artifacts are not being saved for some reason:

```
+ cleanup
+ mv test-suite.log /var/tmp/checkout
mv: cannot stat 'test-suite.log': No such file or directory
+ true
+ mv vmcheck /var/tmp/checkout
mv: cannot stat 'vmcheck': No such file or directory
+ true
```

Let's just disable this for now so that some other pending patches can
go in while we investigate.

Closes: #1727
Approved by: cgwalters

avahi: Be robust to missing refs in peer summaries

In the OstreeRepoFinderAvahi implementation,
ostree_avahi_service_build_repo_finder_result() is where the DNS-SD
records are processed and turned into OstreeRepoFinderResult objects.
Each result object is supposed to have a hash table mapping refs to
checksums, so this is accomplished by first adding a placeholder (a ref
mapping to a NULL checksum) for each ref matched by the bloom filter,
and later filling in the checksums using the remote's summary file,
which happens in get_checksums(). The problem is that there's no
guarantee all the checksums will be resolved (non-NULL), so the
ostree_repo_finder_result_new() call then hits an assertion failure in
is_valid_collection_ref_map() leading to a crash (in the case that one
or more refs had NULL checksums).

There are at least two situations where the ref checksum might not be
found in the peer remote's summary file:
1) The bloom filter match was a false positive. This is going to happen
sometimes by design.
2) The peer remote's summary is out of sync with its DNS-SD records.
This shouldn't normally happen but it's still good to be robust to the
possibility; in Endless OS nothing guarantees the atomicity of updating
the summary and DNS-SD records.

This commit changes libostree to be robust to the possibility of refs
missing from the peer remote's summary, by removing any that still have
a NULL checksum associated with them after the summary has been fetched
and processed.

The other OstreeRepoFinder implementations don't have this issue because
they use summary files directly and therefore always have access to the
checksum.

Closes: #1717
Approved by: pwithnall

Add tests for ostree_repo_get_min_free_space_bytes

https://phabricator.endlessm.com/T23694

Closes: #1715
Approved by: cgwalters

lib/repo: Add an API to get min-free-space-* reserved bytes

https://phabricator.endlessm.com/T23694

Closes: #1715
Approved by: cgwalters

lib/repo: Ensure min-free-space* config value doesn't overflow
when converted to bytes

In a subsequent commit, we add a public API to read the value of
min-free-space-* value in bytes. The value for free space check
is enforced in terms of block size instead of bytes. Therefore,
for consistency we check while preparing the transaction that the
value doesn't overflow when converted to bytes.

https://phabricator.endlessm.com/T23694

Closes: #1715
Approved by: cgwalters

lib/grub2: Support Debian-style grub.cfg path

Debian and Debian-derived systems have their GRUB configuration file in
/boot/grub/grub.cfg, rather than /boot/grub2/grub.cfg. Detecting this
file is necessary to correctly generate GRUB boot configuration on
Debian systems.

Closes: #1714
Approved by: cgwalters

lib/fetcher: Fix some memory leaks in curl fetcher

Closes: #1716
Approved by: cgwalters

Post-release version bump

Closes: #1705
Approved by: jlebon

Release 2018.8

Closes: #1705
Approved by: jlebon

docs: Add Contributing Tutorial to Mkdocs pages

This adds the Contributing Tutorial (contributing-tutorial.md) to
the pages setting of Mkdocs, so that the tutorial will render
in the readthedocs.io documentation.

Closes: #1711
Approved by: jlebon

ostree/config: Delete rogue printf and tweak help

Minor tweak to the new `--group` flag help string. Also drop an
extraneous `printf`.

Closes: #1710
Approved by: sinnykumari

man/config: Keep cmdsynopsis for GROUP.KEY version

It's nice to still show the previous usage since it's easier to type in
trivial cases like `core.mode`.

Closes: #1710
Approved by: sinnykumari

docs: Add detail to CONTRIBUTING.md and link to tutorial

This adds detailed information on commit message guidelines, a link to the contributing tutorial, and minor typo fixes.

Closes: #1694
Approved by: cgwalters

docs: Add contributing tutorial

This adds a tutorial for developing/contributing to OSTree. The following information is included:
- Installing build dependencies for OSTree
- Building OSTree, and running in a container and VM
- Adding a basic command to OSTree, and testing the command
- Suggested git workflows for working with the upstream repo

This is helpful to give new contributors a more detailed introduction to developing OSTree, and an idea of what the workflow looks like.

Closes: #1694
Approved by: cgwalters

src/ostree: Add --group option to ostree config

Fetching value from a repo config using 'ostree config
get SECTIONNAME.KEYNAME' didn't work in some cases like
when having dots in Group Name entry.
As per Desktop entry file specification, Group Name
may contain all ASCII characters except for [ and ]
and control characters.
Link - https://specifications.freedesktop.org/desktop-entry-spec/desktop-entry-spec-1.1.html

Having --group option will help user to clearly specify
Group Name and get desired result.

It also adds test for ostree config get|set and bash
completion for --group option

Fixes https://github.com/ostreedev/ostree/issues/1565

Closes: #1696
Approved by: cgwalters

lib/repo-pull: Prefer object pull over from-scratch delta if ref exists

If a ref already exists, we are likely only a few commits behind the
current head of the ref, so it is probably better for bandwidth
consumption to pull the individual objects rather than the from-scratch
delta.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1709
Approved by: cgwalters

repo: remove outdated note from write_config() docs

Since 9dc6ddce0848cf04b76fc1c673c8fc1a0f6f425a it has not been true that
'new_config' was simply ref'd: it's serialized, and then re-parsed into
a new GKeyFile.

Closes: #1707
Approved by: jlebon

man/ostree.repo-config: improve min-free-space-* docs

0 is not a valid value (the units are required), and 1MB is taken to
mean 1048576 bytes, not 1000000 bytes (unlike other human-readable sizes
in libostree, which are formatted by g_format_size(), and hence use
power-of-10 units). It's probably a bit late to change this latter
point, but the documentation should mention it.

Define 'MB' etc. more precisely; include the byte counts in the
examples; and improve the formatting of the min-free-space-* paragraphs.

Signed-off-by: Will Thompson <wjt@endlessm.com>
Closes: #1706
Approved by: mwleeds

ci: Bump rpm-ostree tag we build for tests

The latest rpm-ostree release no longer requires `python3-devel` so `dnf
builddep` here is no longer pulling it in, subsequently causing issues
when building an older rpm-ostree release. Let's just bump the release
tag so we don't have to also start keeping track of older dependencies.

Closes: #1708
Approved by: cgwalters

repo: Add OSTREE_REPO_TEST_ERROR=invalid-cache env var

Add an invalid-cache test error flag to ensure that the code that checks
for and recovers from a corrupted summary cache is hit. This helps make
sure that the recovery path is actually used without resorting to
G_MESSAGES_DEBUG.

Closes: #1698
Approved by: cgwalters

tests: Test for recovery from corrupted summary cache

Check that recovery from a corrupted summary cache (cached summary
doesn't match cached signature) works.

Closes: #1698
Approved by: cgwalters

lib/pull: Fetch summary if cached version doesn't match signature

If for some reason the cached summary doesn't match the cached signature
then fetch the remote summary and verify again. Since commit c4c2b5eb
this is unlikely to happen since the summary will only be cached if it
matches the signature. However, if the summary cache has been corrupted
for any other reason then it's best to be safe and fetch the remote
summary again.

This is essentially the corollary to c4c2b5eb. Where that commit helps
you from getting into the corrupted summary cache in the first place,
this helps you get out of it. Without this the client can get wedged
until a prune or the remote server republishes the summary.

Closes: #1698
Approved by: cgwalters

lib/pull: Add debug message when loading summary from cache

This helps when debugging issues with the cached summary handling.

Closes: #1698
Approved by: cgwalters

tests: Add tests for remote summary update races

There have been subtle bugs in the past when a client pulls while the
remote server is updating the summary. The client may get the old
summary and new signature or vice versa. Add tests to simulate this
behavior to make sure there aren't regressions in the future.

Closes: #1698
Approved by: cgwalters

Avoid race condition in case tests directory does not exist

Make sure the tests directory exists before symlinking files
into it.

Closes: #1703
Closes: #1704
Approved by: cgwalters

ostree_repo_pull_from_remotes_async: Fix leak of options

copy_option() unnecessarily passed ownership of the value
to g_variant_dict_insert_value, but that already refs, so it was leaked.

Closes: #1702
Approved by: cgwalters

ostree_repo_static_delta_generate: Fix leak

There is no need to ref the argument of g_variant_builder_add_value

Closes: #1701
Approved by: jlebon

Fix leak in ostree_repo_list_collection_refs

We need to have the g_auto(GLnxDirFdIterator) inside the loop, or
we don't correctly clean up when iterating several times.

Closes: #1700
Approved by: cgwalters

lib/commit: Only auto-update summary if refs were written

Closes: #1693
Approved by: mwleeds

lib/config: Deprecate commit-update-summary option

Now that we have `auto-update-summary`, there is no point in having
`commit-update-summary`. The latter also only had an effect through
the `commit` CLI command, whereas the former is embedded directly in
libostree.

There is one corner case that slips through: `commit` would update the
summary file even if orphan commits were created, which we no longer do
here. I can't imagine anyone relying on this, so it seems safe to drop.

Closes: #1689
Closes: #1693
Approved by: mwleeds

lib/config: Rename change-update-summary to auto-...

Mildly bikeshed, though I find the name `auto-update-summary` to be
easier to grok than `change-update-summary`. I think it's because it can
be read as "verb-verb-noun" rather than "noun-verb-noun".

Closes: #1693
Approved by: mwleeds

lib/refs: Use GLNX_HASH_TABLE_FOREACH_KV helper

Closes: #1693
Approved by: mwleeds

lib/repo-pull: Use correct keyring for dynamic remotes

Normally, a configured remote will only serve refs with one associated
collection ID, but temporary remotes such as USB drives or LAN peers can
serve refs from multiple collection IDs which may use different GPG
keyrings. So the OstreeRepoFinderMount and OstreeRepoFinderAvahi classes
create dynamic OstreeRemote objects for each (uri, keyring) pair. So if
for example the USB mounted at /mnt/usb serves content from the
configured remotes "eos-apps" and "eos-sdk", the OstreeRepoFinderResult
array returned by ostree_repo_find_remotes_async() will have one result
with a remote called something like
file_mnt_usb_eos-apps.trustedkeys.gpg and the list of refs on the USB
that came from eos-apps, and another result with a remote
file_mnt_usb_eos-sdk.trustedkeys.gpg and the list of refs from eos-sdk.

Unfortunately while OstreeRepoFinderMount and OstreeRepoFinderAvahi
correctly only include refs in a result if the ref uses the associated
keyring, the find_remotes_cb() function used to clean up the set of
results looks at the remote summary file and includes every ref that's
in the intersection with the requested refs, regardless of whether it
uses a different remote's keyring. This leads to an error when you try
to pull from a USB containing refs from different collection IDs: the
pull using the wrong collection ID will error out with "Refspec not
found" and the result with the correct keyring will then be ignored "as
it has no relevant refs or they have already been pulled." So the pull
ultimately fails.

This commit fixes the issue by filtering refs coming from a dynamic
remote, so that only ones with the collection ID associated with the
keyring remote are examined. This only needs to be done for dynamic
remotes because you should be able to pull any ref from a configured
remote using its keyring. It's also only done when looking at the
collection map in the summary file, because LAN/USB remotes won't have a
"main" collection ID set (OSTREE_SUMMARY_COLLECTION_ID).

Closes: #1695
Approved by: pwithnall

ostree-remount.service: RemainAfterExit=yes

This is standard practice for units like this; e.g. it's what
`systemd-remount-fs.service` does. I think it may be part of
or the whole cause for
https://github.com/projectatomic/rpm-ostree/issues/1471

I haven't reproduced the problem exactly but it seems to me that
if the unit starts and is GC'd, then when systemd goes to execute
a later unit it might end up restarting it.

A noticeable side effect of this is that `systemctl status ostree-remount`
exits with code `0` as expected.

Closes: #1697
Approved by: jlebon

bin/refs: Clarify --create error message

Fix ref create error when existing rev not specified.

Closes: #1690
Approved by: jlebon

config: Add a core/change-update-summary option

This commits adds and implements a boolean repo config option called
"change-update-summary" which updates the summary file every time a ref
changes (additions, updates, and deletions).

The main impetus for this feature is that the `ostree create-usb` and
`flatpak create-usb` commands depend on the repo summary being up to
date. On the command line you can work around this by asking the user to
run `ostree summary --update` but in the case of GNOME Software calling
out to `flatpak create-usb` this wouldn't work because it's running as a
user and the repo is owned by root. That strategy also means flatpak
can't update the repo metadata refs for fear of invalidating the
summary.

Another use case for this relates to LAN updates. Specifically, the
component of eos-updater that generates DNS-SD records advertising ostree
refs depends on the repo summary being up to date.

Since ostree_repo_regenerate_summary() now takes an exclusive lock, this
should be safe to enable. However it's not enabled by default because of
the performance cost, and because it's more useful on clients than
servers (which likely have another mechanism for updating the summary).

Fixes https://github.com/ostreedev/ostree/issues/1664

Closes: #1681
Approved by: jlebon

lib/repo: Take exclusive lock while generating summary

This ensures that commits aren't deleted and refs aren't added, removed,
or updated while the summary is being generated. This is in preparation
for adding a repo config option that will automatically regenerate the
summary on every ref change.

Closes: #1681
Approved by: jlebon

lib: Fix some logic/error-checking code

Using `MAX(0, $x)` here is useless since we're comparing against an
unsigned integer. Just unpack this and only subtract if it's safe to do
so.

Also, explicitly check for `fd >= 0` rather than just `!= -1` to be sure
it's a valid fd. And finally, explicitly check the return value of
`g_input_stream_read_all` as is done everywhere else in the tree and
make it clear that we're purposely ignoring the return value of `_flush`
here, but not in other places.

Discovered by Coverity.

Closes: #1692
Approved by: cgwalters

lib: Fix some minor memory leaks

I initially was going to add a `G_DEFINE_AUTOPTR_CLEANUP_FUNC` for
`FetchStaticDeltaData`, but it honestly didn't seem worth mucking around
ownership everywhere and potentially getting it wrong.

Discovered by Coverity.

Closes: #1692
Approved by: cgwalters

lib: Check for NULL pointers in some more places

In `write_metadata_object()`, make sure when creating tombstone commits
that we're actually passed an expected checksum to use.

In `write_dir_entry_to_mtree_internal()`, sanity check that `dfd_iter`
is indeed not `NULL` before trying to dereference it.

Discovered by Coverity.

Closes: #1692
Approved by: cgwalters

man/ostree.repo-config: Update min-free-space-* docs

Now that it's possible to have both min-free-space-size and
min-free-space-percent set in a repo config, update the docs to make
the behavior clear in that case.

Closes: #1687
Approved by: jlebon

lib/repo-commit: Fix min-free-space error message

Since min_free_space_size_mb is considered before min_free_space_percent
in min_free_space_calculate_reserved_blocks(), it has to be considered
first when generating the error message in order for it to be accurate.

Closes: #1691
Approved by: jlebon

lib/pull: Fix minor memleak in error path

Spotted by a downstream Coverity build.

Closes: #1684
Approved by: jlebon

Post-release version bump

Closes: #1683
Approved by: cgwalters

Release 2018.7

Request via flatpak: mainly to port min-free-space-size

Closes: #1683
Approved by: cgwalters

ci: Mark insttests as not required

The reliablity has just not been what we need, and they haven't
yet caught any real bugs. Until I can carve off some time to
truly make this reliable let's just mark it as not required.
I'd like to gather more statistics on the failure scenarios.

Closes: #1686
Approved by: jlebon

lib/repo: Allow min-free-space-size and -percent to co-exist

Previously, we would error out if both of the options were mentioned
in the config file (even if one of them is disabled with 0). There
were few suggestions that this behavior was not quite right.

Therefore, instead of throwing error and exiting, it's preferred to
warn the user. Hence, the solution that worked out is:
* Allow both options to exist simulateneously
* Check each config's value and decide:
  * If both are present and are non-zero, warn the user. Also, prefer
    to use min-free-space-size over the another.
  * If both are absent, then use -percent=3% as fallback
  * Every other case is valid hence, no warning

https://phabricator.endlessm.com/T13698
(cherry picked from commit be68991cf80f0aa1da7d36ab6e1d2c4d6c7cd3fb)
Signed-off-by: Robert McQueen <rob@endlessm.com>
Closes: #1685
Approved by: cgwalters

Add a check for gpg-error via pkg-config

Some downstreams — namely, the Yocto Project — ship gpg-error with a
pkg-config file, and modify gpg-error-config to error out when you try
using it instead of pkg-config.

We can check for gpg-error via pkg-config, and if it's not available,
fall back to gpg-error-config.

Signed-off-by: Emmanuele Bassi <ebassi@gnome.org>
Closes: #1682
Approved by: cgwalters

Update libglnx

For `renameat2()` fix to build with latest glibc (e.g. Fedora rawhide).

Update submodule: libglnx

Closes: #1680
Approved by: jlebon

build-sys: Link with gpg-error directly

We use the API, and not linking breaks the build with e.g.
`-fuse-ld=gold` in a Fedora 28 buildroot as gold doesn't do the
"search indirect dependencies" thing.

Closes: #1679
Approved by: jlebon

deploy: Fix overriding kernel args for staged deployments

This is the inverse of https://github.com/ostreedev/ostree/pull/1558
aka commits cadece6c4f398ca61d21e497bd6e3fbb549f9cf6 and
3358698c86d80821d81443c906621c92672f99fb

Needed to fix `rpm-ostree kargs` test suite with default staging; skipping
a test here for now as eventually what we'll do is turn on the rpm-ostree
suite fully here.

Closes: #1677
Approved by: jlebon

ostree repo commit: Speed up composing trees with `--tree=ref`

Running `ostree commit --tree=ref=a --tree=dir=b` involves reading the
whole of a into an `OstreeMutableTree` before composing `b` on top.  This
is inefficient if a is a complete rootfs and b is just touching one file.
We process O(size of a + size of b) directories rather than
O(number of touched dirs).

This commit makes `ostree commit` more efficient at composing multiple
directories together.  With `ostree_mutable_tree_fill_empty_from_dirtree`
we create a lazy `OstreeMutableTree` which only reads the underlying
information from disk when needed.  We don't need to read all the
subdirectories just to get the checksum of a tree already checked into the
repo.

This provides great speedups when composing a rootfs out of multiple other
rootfs as we do in our build system.  We compose multiple containers
together with:

    ostree commit --tree=ref=base-rootfs --tree=ref=container1 --tree=ref=container2

and it is much faster now.

As a test I ran

    time ostree --repo=... commit --orphan --tree=ref=big-rootfs --tree=dir=modified_etc

Where modified_etc contained a modified sudoers file under /etc.  I used
`strace` to count syscalls and I seperatly took timing measurements.  To
test with a cold cache I ran

    sync && echo 3 | sudo tee /proc/sys/vm/drop_caches

Results:

|                      | Before | After |
| -------------------- | ------ | ----- |
| Time (cold cache)    |   8.1s | 0.12s |
| Time (warm cache)    |   3.7s | 0.08s |
| `openat` calls       |  53589 |   246 |
| `fgetxattr` calls    |  78916 |     0 |

I'm not sure if this will have some negative interaction with the
`_ostree_repo_commit_modifier_apply` which is short-circuited here.  I
think it was disabled for `--tree=ref=` anyway, but I'm not certain.  All
the tests pass anyway.

I originally implemented this in terms of the `OstreeRepoFile` APIs, but
it was *way* less efficient, opening and reading many files unnecessarily.

Closes: #1643
Approved by: cgwalters

switchroot: Move late /run/ostree-booted creation to ostree-system-generator

When ostree-prepare-root is pid 1, ostree-prepare-boot defers creation of
/run/ostree-booted, which happens in ostree-remount, but that's too late
if we need ostree-system-generator to bind /var. Add the creation of the
/run/ostree-booted marker to ostree-system-generator based on the
existence of the ostree= kernel command line argument (which matches the
condition that ostree-remount uses).

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Closes: #1675
Approved by: cgwalters

switchroot: Fix typo in comment ENINVAL => EINVAL

Closes: #1676
Approved by: cgwalters

repo: Reword min-free-space-size option's error strings

It is important that we use user-friendly error strings. The reason
being error strings are seen by users such as in GNOME Software's
error banner.

Closes: #1671
Approved by: jlebon

lib/repo-commit: Factor out min-free-space-size error reporting

Improves code readability.

Closes: #1671
Approved by: jlebon

deploy: Retain staged by default

For `rpm-ostree ex livefs` we have a use case of pushing a rollback
deployment.  There's no reason this should require deleting the staged
deployment (and doing so actually breaks livefs which tries to access
it as a data source).

I was initially very conservative here, but I think it ends up
being fairly easy to retain the staged deployment.  We need to handle
two cases:

First, when the staged is *intentionally* deleted; here, we just need
to unlink the `/run` file, and then everything will be sync'd up after
reloading.

Second, (as in the livefs case) where we're retaining it,
e.g. adding a deployment to the end.  What I realized here is that
we can have the code keep `new_deployments` as view without staged,
and then when we do the final reload we'll end up re-reading it from
disk anyways.

Closes: #1672
Approved by: jlebon

tests: Run network retries test for many retries directly

This runs a test involving many retries for the --network-retries
option directly rather than inside a conditional statement, so that
the command does not silently fail and allow the test to continue
running.

Closes: #1673
Approved by: jlebon

ostree/pull: Add network-retries command line option

This exposes a way to specify from the command line the number
of times to retry each download after a network error. If a negative
value is given, then the default number of retries (5) is used. If 0
is given, then errors are returned without retrying.

closes #1659

Closes: #1669
Approved by: jlebon

tests: Move assert_fail function to tests/libtest.sh

This moves the assert_fail function definition which was defined
and called in tests/test-remote-headers.sh. Done in preparation
for use of the assert_fail function in other test files.

Closes: #1669
Approved by: jlebon

build: Use ostree_prepare_root_CPPFLAGS for ostree-prepare-root

Swap from AM_CPPFLAGS to ostree_prepare_root_CPPFLAGS when compiling
ostree-prepare-root statically. This fixes a problem when you have
systemd and libmount, but only ostree_prepare_root_CPPFLAGS includes
-DHAVE_SYSTEMD_AND_LIBMOUNT=1.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Closes: #1670
Approved by: jlebon

tests/installed: Add NOTE when re-using RPMs

One gotcha here is that we don't invalidate the RPMs if we're not
sitting on the same commit anymore. Shouldn't be too hard to fix, though
let's at least make a note of it for now.

Closes: #1668
Approved by: cgwalters

tests/installed: Add var-mount.yml destructive test

Closes: #1668
Approved by: cgwalters

switchroot: Fix regression for separately mounted /var

I made a logical error in #1617 which resulted in the exact *opposite*
behaviour we want when `/var` is a separate mount.

Split this out and lower the number of negations to make it more obvious
that it's correct.

Closes: #1667
Closes: #1668
Approved by: cgwalters

build: add ostree-soup-* to build process when configured with avahi

Avoid getting these link errors:
    ./.libs/libostree-1.so: undefined reference to `soup_uri_set_path'
    ./.libs/libostree-1.so: undefined reference to `soup_uri_new'
    ./.libs/libostree-1.so: undefined reference to `soup_uri_free'
    ./.libs/libostree-1.so: undefined reference to `soup_uri_set_scheme'
    ./.libs/libostree-1.so: undefined reference to `soup_uri_to_string'
    ./.libs/libostree-1.so: undefined reference to `soup_uri_set_host'
    ./.libs/libostree-1.so: undefined reference to `soup_uri_set_port'
    collect2: error: ld returned 1 exit status

Reproduce with:
    ./configure --with-avahi --without-soup

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Closes: #1666
Approved by: cgwalters

boot: Use emergency.target, not emergency.service

Follow systemd units in using emergency.target, not emergency.service
(which is the sole unit, by default, in emergency.target) so we can
easily reconfigure the units which are actived when entering
emergency mode.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Closes: #1665
Approved by: cgwalters

lib/repo: Minor fixes around min-free-space

Summary:
* Remove a useless if condition in prepare_transaction()
* Fix glnx_throw error propagation
* Integer overflow check while parsing min-free-space-size config
* Documentation fixes

Closes: #1663
Approved by: jlebon

OstreeMutableTree: Invalidate parent contents checksum when metadata changes

This bug has existed before the previous commit, but thanks to the previous
commit it is now easy to fix.

Closes: #1655
Approved by: cgwalters

OstreeMutableTree: Refactor: Add `parent` pointer

This implements a TODO item from
`ostree_mutable_tree_get_contents_checksum`.  We now no-longer invalidate
the dirtree contents checksum at `get_contents_checksum` time - we
invalidate it when the mtree is modified.  This is implemented by keeping
a pointer to the parent directory in each `OstreeMutableTree`.  This gives
us stronger invariants on `contents_checksum`.

For even stronger guarantees about invariants we could make
`ostree_repo_write_mtree` or similar a member of `OstreeMutableTree` and
remove `ostree_mutable_tree_set_metadata_checksum`.

I think I've fixed a bug here too.  We now invalidate parent's contents
checksum when our metadata checksum changes, whereas we didn't before.

Closes: #1655
Approved by: cgwalters

ci/flatpak: Fix to use built ostree version

Noticed as part of a random failure in this PR:
https://github.com/ostreedev/ostree/pull/1655
that we weren't actually testing the version of ostree
we built in git. Probably we should be generating RPMs but...later.

Closes: #1662
Approved by: jlebon

lib/repo-commit: Abort a transaction if preparing it fails

If ostree_repo_prepare_transaction() fails, we should reset the
repository’s state so that the failed call was essentially idempotent.
Do that by calling ostree_repo_abort_transaction() on the failure path.

Typically, the way for preparing a transaction to fail is for its
GCancellable to be triggered, rather than because any of the operations
involved in preparing a transaction are particularly failure prone.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1647
Approved by: cgwalters

ci: exclude 'lib' from libsoup configure option

The option used by configure script is actually
--with-soup/--without-soup.

Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Closes: #1661
Approved by: jlebon

sysroot: Reject attempts to pin the staged deployment

From https://github.com/projectatomic/rpm-ostree/pull/1434#discussion_r198936674

To support it we'd have to actually write it to disk, which...let's
not try that right now.

Closes: #1660
Approved by: jlebon

tests: Save corefiles back to tests/ directory if one exists

Makes it easier to debug failures from the tests.

Closes: #1657
Approved by: cgwalters