dgit.raspbian.org Git - ostree.git/log

lib/repo-finder-avahi: Fix a leak in a GVariantIter loop

Use g_variant_iter_loop() rather than next(), since it automatically
handles freeing the child memory each iteration. Previously, we leaked
it for all but the last iteration.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1293
Approved by: cgwalters

Disallow refs starting with a non-letter or digit

Change the regexp for validating refs to require at least one letter or digit
before allowing the other special chars in the set `[.-_]`. Names that start
with `.` are traditionally Unix hidden files; let's ignore them under the
assumption they're metadata for some other tool, and we don't want to
potentially conflict with the special `.` and `..` Unix directory entries.
Further, names starting with `-` are problematic for Unix cmdline option
processing; there's no good reason to support that. Finally, disallow `_` just
on general principle - it's simpler to say that ref identifiers must start with
a letter or digit.

We also ignore any existing files (that might be previously created refs) that
start with `.` in the `refs/` directory - there's a Red Hat tool for content
management that injects `.rsync` files, which is why this patch was first
written.

V1: Update to ban all refs starting with a non-letter/digit, and
also add another call to `ostree_validate_rev` in the pull
code.

Closes: https://github.com/ostreedev/ostree/issues/1285
Closes: #1286
Approved by: jlebon

build: Do *.am.inc substitutions from make correctly

The string needs to be escaped with a $ since we want to replace the
literal string $(path). Without this make will run the command with the
value of the variable, which won't match anything in the input Makefile
stub.

Closes: #1291
Approved by: smcv

lib/commit: fix checking flag with bitwise OR

Caught by Coverity.

Coverity CID: 1458339

Closes: #1290
Approved by: cgwalters

lib/commit: (refactor) Clean up delta bare write API

The way `_ostree_repo_open_content_bare()` did both looking for the object and
possibly creating a new fd was just weird and inconsistent with e.g. the pull
code where we always call `has_object()` first.

Just call `has_object()` in the delta paths that used this too, making the
implementation right now a thin wrapper around
`glnx_open_tmpfile_linkable_at()`, but this is prep for a later patch which does
more.

Closes: #1283
Approved by: jlebon

lib/repo: Update summary code to use newer hashing API

And drop the unnecessary wrapper.

Closes: #1287
Approved by: jlebon

lib/pull: Update summary checksum code to use new checksum API

This is another case where making an input stream out of a memory buffer is a
bit silly; just hash the `GBytes` directly.

Closes: #1287
Approved by: jlebon

docs: mention the $OSTREE_REPO environment variable

$OSTREE_REPO may be set to override the default location
of the repository.

Link: https://mail.gnome.org/archives/ostree-list/2017-October/msg00003.html
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Closes: #1282
Approved by: cgwalters

syntax-check: Add a rule to enforce glnx_autofd over glnx_fd_close

And fix the one final use.

Closes: #1280
Approved by: jlebon

lib/commit: Use direct fd xattr operations again on regular files

A side effect of commit 8fe45362578a43260876134d6547ebd0bb2485c3 is that
we started listing all xattrs even for files with device/inode matches;
further, we did that using the dfd/name which means we went through
the `/proc` path, which is slower and uglier.

Noticed this in strace while looking at adoption code.

Closes: #1280
Approved by: jlebon

lib/commit: Fix indentation in file commit code

No functional changes; the indentation was off here and it was
confusing me working on another patch.

Closes: #1280
Approved by: jlebon

lib/commit: Avoid trying to delete `.` with _CONSUME flag

This helps port rpm-ostree.

Closes: #1278
Approved by: jlebon

lib/deltas: Use pread() instead of lseek()+read()

That's why the syscall was invented, so let's use it. Just noticed while reading
the code while working on another patch.

Closes: #1270
Approved by: jlebon

lib/deltas: Use fastpath for regfile writes for bare-user-only

Noticed this omission while looking at the code while working on another patch.

Closes: #1270
Approved by: jlebon

tests: Add test-pull-bareuseronly

I was going to fix a bug in the static deltas code and I noticed
we were missing `pull-test.sh` coverage for bareuseronly 🙈.

Obviously fixing this requires duplicating some of the bits we have in
`basic-test.sh`; need to hoist that into `libtest.sh`. For now though let's get
the coverage.

Closes: #1270
Approved by: jlebon

lib/sysroot: Fix error handling when mounting overlayfs fails

This isn't perfect, but at least we fix an error-overwrite error, and in
practice `ostree admin unlock` isn't wrapped by `rpm-ostree` yet, so spew to
stderr is OK.

Closes: https://github.com/ostreedev/ostree/issues/1273
Closes: #1279
Approved by: guyshapiro

lib: Use a common helper function to compare checksums

So we get a consistent error message; came up in a PR review.

Closes: #1277
Approved by: jlebon

lib/commit: Implement "adoption" with CONSUME flag

For checkouts that are on the same device, for regular files we can simply
"adopt" existing files. This is useful in the "build from subtrees" pattern that
happens with e.g. `rpm-ostree install` as well as flatpak and gnome-continuous.

New files are things like an updated `ldconfig` cache, etc. And particularly for
`rpm-ostree` we always regenerate the rpmdb, which for e.g. this workstation is
`61MB`.

We probably should have done this from the start, and instead had a `--copy`
flag to commit, but obviously we have to be backwards compatible.

There's more to do here - the biggest gap is probably for `bare-user` repos,
which are often used with things like `rpm-ostree compose tree` for host
systems. But we can do that later.

Closes: #1272
Approved by: jlebon

tests/basic: Add missing ${COMMIT_ARGS} for bare-user-only

I was working on "adopt" and hit corruption; turns out we were missing the
`--canonical-permissions` arg in this existing test.

(Need to abstract all of this more)

Closes: #1272
Approved by: jlebon

build: Fix bsdiff Makefile circular dependency

The intended use was to have the .am.inc generated from the .am like the
libglnx one. Without this, make was detecting a circular dependency and
dropping the rule:

make: Circular bsdiff/Makefile-bsdiff.am.inc <- bsdiff/Makefile-bsdiff.am.inc dependency dropped.

Closes: #1276
Approved by: jlebon

lib/pull: Also do commit GPG verification before writing

I was working on a patch to do build on the work done to
import content objects async to do the same for metadata, but right
now we basically rely on writing them first to do the GPG verification
when scanning.

Things will be cleaner for that if we can pass the commit object directly into
`scan_commit_object()` and consistently use `gpg_verify_unwritten_commit()`.

We're careful here to continue to do it both ways (but at most one time), to
account for the case where a bad commit has been pulled and written - we need to
keep failing GPG verification there.

Closes: #1269
Approved by: jlebon

lib/pull: Drop duplicate/different error for GPG but no detached meta

Prep for a later patch to do GPG verification before writing commit objects;
`_ostree_repo_gpg_verify_with_metadata()` already handles this, and so dropping
this gives us consistent error messages.

Closes: #1269
Approved by: jlebon

Make sure *.am.inc are up to date before `make dist`

v2017.12 didn't include test-libglnx-shutil.c, but if you re-run
autogen.sh (as we do in Debian, to update the Autotools build system)
it will try to build it.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1274
Approved by: cgwalters

Cope with xattr syscalls raising EOPNOTSUPP

ENOTSUP and EOPNOTSUPP are numerically equal on most Linux ports,
but inexplicably differ on PA-RISC (hppa) and possibly other
rare architectures.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1275
Approved by: cgwalters

lib/checkout: fallback to checksum for UNION_IDENTICAL

There's a subtle issue going on with the way we use `UNION_IDENTICAL`
now in rpm-ostree. Basically, the crux of the issue is that we checkout
the whole tree from the system repo, but then overlay packages by
checking out from the pkgcache repo. This is an easy way to break the
assumption that we will be merging hardlinks from the same repo.

This ends up causing issues like:
https://github.com/projectatomic/rpm-ostree/issues/1047

There, `vim-minimal` is already part of the host and has an object for
`/usr/share/man/man1/ex.1.gz`. `vim-common` has that same file, but
because it's unpacked in the pkgcache repo first, the hardlinks are not
the same.

There are a few ways we *could* work around this in rpm-ostree itself,
e.g. by re-establishing hardlinks when we do the content pull into the
system repo, but it still felt somewhat hacky. Let's just do this the
proper way and fall back to checksumming the target file if needed,
which is what librpm does as well in this case. Note that we only
checksum if they're not hard links, but they're the same size.

Closes: #1258
Approved by: cgwalters

lib/utils: Check for invalid UTF-8 in filenames

In case a filename contains invalid UTF-8 characters, libostree will
pass it to g_variant_builder_add() in create_tree_variant_from_hashes()
anyway, which leads to a critical warning from glib and an invalid
commit. This commit makes ostree print a useful error and exit instead.

Closes: #1271
Approved by: cgwalters

lib/deltas: Check cancellable during processing

Let's react to `Ctrl-C` faster here. Noticed while I was doing an update on my
desktop and playing with cancellation.

Closes: #1266
Approved by: jlebon

lib/core: add ostree_checksum_file_at API

This is like `ostree_checksum_file` but fd-relative. This will be used
by https://github.com/ostreedev/ostree/pull/1258.

AFAICT, we actually didn't have any tests that check the `checksum` CLI.
Add a basic one here to test the old code as well as the new code.

Closes: #1263
Approved by: cgwalters

ostree/checksum: port to new decl style

No functional changes, prep for patch. (Well, I did add a new `success`
member in the async struct so that we return `FALSE` if we failed).

Closes: #1263
Approved by: cgwalters

tests: drop unused variable

Closes: #1263
Approved by: cgwalters

lib/deploy: Use _exit() for FIFREEZE watchdog

This works around an (IMO) SpiderMonkey bug - it tries to
clean up in a shared library destructor, but doesn't install a
`pthread_atfork()` handler to unset its state.

Closes: https://github.com/ostreedev/ostree/issues/1262
Closes: #1264
Approved by: dbnicholson

tree-wide: Update to new libglnx fd APIs

This ends up a lot better IMO.  This commit is *mostly* just
`s/glnx_close_fd/glnx_autofd`, but there's also a number of hunks like:

```
-  if (self->sysroot_fd != -1)
-    {
-      (void) close (self->sysroot_fd);
-      self->sysroot_fd = -1;
-    }
+  glnx_close_fd (&self->sysroot_fd);
```

Update submodule: libglnx

Closes: #1259
Approved by: jlebon

lib/commit: Make -path commit helper API private

It's no longer called directly by the pull code, so make it static.

The goal here is to have the pull and local-fs commit paths use higher level
more efficient APIs, and eventually make those APIs public.

Closes: #1257
Approved by: jlebon

lib/core: Use GBytes for file headers

This simplifies a lot of code; the header function was structured
to write to an input stream, but many callers only wanted the checksum,
so it's simpler (and error-free) to simply allocate a whole buffer
and checksum that.

For the callers that want to write it, it's also still simpler to allocate the
buffer and write the whole thing rather than having this function do the
writing.

A lot of the complexity here again is a legacy of the packfile code, which is
dead.

This is prep for faster regfile commits where we can avoid `G{In,Out}putStream`.

Closes: #1257
Approved by: jlebon

lib/core: Port a few functions to decl-after-stmt

No functional changes, just prep for more work.

Closes: #1257
Approved by: jlebon

lib/core: (refactor) Drop wrapper and unneeded args for variant writing

Nothing was using the `bytes_written` data (we always discard partially written
tmpfiles), so simplify everything by dropping it. Further, we always passed an
offset of `0`, so drop that argument too. (I believe that this was previously
used by the "pack files" code that we deleted long ago)

Second, we had an unnecessary internal wrapper for this function; drop that too.

Closes: #1257
Approved by: jlebon

ci: compile f26/c7-primary with libcurl/openssl

This is how ostree is shipped in those distros. We already have
alternative testsuites for testing other HTTP & crypto backends.

Closes: #1261
Approved by: cgwalters

libotutil/checksum-utils: fix openssl compilation

Closes: #1261
Approved by: cgwalters

lib/deploy: Ignore FIFREEZE/FITHAW errors when already in state

If the filesystem is already frozen, FIFREEZE returns EBUSY, and if the
filesystem is already thawed, FITHAW returns EINVAL. It's very unlikely
these issues would arise on a real ostree system since the sysroot would
be locked during the freeze/thaw cycle.

However, when multiple fake sysroots are used during the test suite (run
as root), the tests could race to run the freeze/thaw cycle without
locking. Furthermore, there's no reason why an independent process might
be trying to freeze the filesystem while ostree was deploying. Ignore
but warn for these errors since there's not much ostree can do about it,
anyways.

Closes: #1260
Approved by: cgwalters

lib: Add a lighter weight internal checksum wrapper

The faster (OpenSSL/GnuTLS) code lived in a `GInputStream` wrapper, and that
adds a lot of weight (GObject + vtable calls). Move it into a simple
autoptr-struct wrapper, and use it in the metadata path, so we're
now using the faster checksums there too.

This also drops a malloc there as the new API does hexdigest in place to a
buffer.

Prep for more work in the commit path to avoid `GInputStream` for local file
commits, and ["adopting" files](https://github.com/ostreedev/ostree/pull/1255).

Closes: #1256
Approved by: jlebon

commit: Add _CONSUME modifier flag

For many cases of commit, we can actually optimize things by simply "adopting"
the object rather than writing a new copy. For example, in rpm-ostree package
layering.

We can only make that optimization though if we take ownership of the file. This
commit hence adds an API where a caller tells us to do so. For now, that just
means we `unlink()` the files/dirs as we go, but we can now later add the
"adopt" optimization.

Closes: #1255
Approved by: jlebon

lib/deltas: Move variant read helper into the deltas code

What the deltas code is doing is weird/unfortunate. The name
`ot_variant_read()` conflicts too much with `ot_variant_read_fd()`.
Since nothing else uses it, move it into the deltas code.

Closes: #1254
Approved by: jlebon

lib/util: Delete some unused functions

Hooray, dead code.

Closes: #1254
Approved by: jlebon

lib/pull: Change fetcher to return O_TMPFILE

A lot of the libostree code is honestly too complex for its
own good (this is mostly my fault). The way we do HTTP writes
is still one of those. The way the fetcher writes tempfiles,
then reads them back in is definitely one of those.

Now that we've dropped the "partial object" bits in:
https://github.com/ostreedev/ostree/pull/1176 i.e. commit
https://github.com/ostreedev/ostree/commit/0488b4870e80ef575d8b0edf6f2a9e5ad54bf4df
we can simplify things a lot more by having the fetcher
return an `O_TMPFILE` rather than a filename.

For trusted archive mirroring, we need to enable linking
in the tmpfiles directly.

Otherwise for at least content objects they're compressed, so we couldn't link
them in. For metadata, we need to do similar logic to what we have around
`mmap()` to only grab a tmpfile if the size is large enough.

Closes: #1252
Approved by: jlebon

lib/utils: Port a bit to decl-after-stmt style

Add add some more comments.

Closes: #1247
Approved by: jlebon

lib/repo: Clarify that ostree_repo_remote_fetch_summary() doesn’t verify

Make that a bit clearer in the documentation.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1253
Approved by: cgwalters

Deduplicate and fix up our use of mmap()

Buried in this large patch is a logical fix:

```
-  if (!map)
-    return glnx_throw_errno_prefix (error, "mmap");
+  if (map == (void*)-1)
+    return glnx_null_throw_errno_prefix (error, "mmap");
```

Which would have helped me debug another patch I was working
on.  But it turns out that actually correctly checking for
errors from `mmap()` triggers lots of other bugs - basically
because we sometimes handle zero-length variants (in detached
metadata).  When we start actually returning errors due to
this, things break.  (It wasn't a problem in practice before
because most things looked at the zero size, not the data).

Anyways there's a bigger picture issue here - a while ago
we made a fix to only use `mmap()` for reading metadata from disk
only if it was large enough (i.e. `>16k`).  But that didn't
help various other paths in the pull code and others that were
directly doing the `mmap()`.

Fix this by having a proper low level fs helper that does "read all data from
fd+offset into GBytes", which handles the size check. Then the `GVariant` bits
are just a clean layer on top of this. (At the small cost of an additional
allocation)

Side note: I had to remind myself, but the reason we can't just use
`GMappedFile` here is it doesn't support passing an offset into `mmap()`.

Closes: #1251
Approved by: jlebon

lib/commit: minor coverity fix

Appease Coverity by using the same condition for both the ternary check
and the if-condition later on. It should be smart enough to figure out
that `dir_enum == NULL` implies that `dfd_iter != NULL` from the
assertion at the top of the function.

Coverity CID: #1457318

Closes: #1250
Approved by: cgwalters

lib/sysroot: Fix pointer going out of scope in unlock code

Fixes Coverity CID #1457317

Closes: #1249
Approved by: jlebon

lib/core: Init struct stat buffer

Regression from d57410a7e62dcb89321807dcb2d91c85f9d26df7

Fixes Coverity CID #1457316

Closes: #1249
Approved by: jlebon

tree: fix compiler warnings

Mostly innocuous warnings, except for -Wtautological-compare, which
caught a shady guint64 subtraction.

Closes: #1245
Approved by: cgwalters

ci: really turn on warnings

We didn't have `-Wall` in our `CFLAGS`. It's normally injected by
`configure.ac`, but because we *did* have `-Werror`, it was skipped.
Now, we just turn it on unconditionally directly in `build.sh`.

Closes: #1245
Approved by: cgwalters

docs: Clarify %NULL argument to ostree_sysroot_new()

It’s equivalent to ostree_sysroot_new_default().

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1246
Approved by: cgwalters

app/main: use HAVE_LIBCURL_OR_LIBSOUP for pull CLI

We want `pull` to be included as long as we have at least either
`libcurl` or `libsoup` to back it. Of course, this is a moot point for
now since `libsoup` is currently a build requirement.

Closes: #1244
Approved by: cgwalters

lib/repo-commit: Import detached metadata even if hardlink exists

Spotted while reading through the code, it looks like the
copy_detached_metadata() call is accidentally omitted if a hardlink
already exists for the .commit object.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1242
Approved by: cgwalters

lib/gpg: Print debug info when reading GPG keys

This commit adds debug output whenever libostree reads GPG keys, which
can come from different locations in the file system. This is especially
helpful in debugging "GPG signatures found, but none are in trusted
keyring" errors, which in my case was caused by OSTree looking in
/usr/local/share/ostree/trusted.gpg.d/ rather than
/usr/share/ostree/trusted.gpg.d/.

Closes: #1241
Approved by: cgwalters

lib/pull: Minor cleanup to metadata scanning function, add docs

I'm regretting a bit having the `guint8*csum` variant of checksums
except for the serialized form. Once we start doing processing
it's easier to just have it remain hex.

Do an on-stack conversion for the metadata scanning function; this
drops a malloc and also just looks nicer.

Also add some long-awaited function comments to the two.

Closes: #1240
Approved by: jlebon

lib/bloom: Add some missing preconditions on n_bytes

These shouldn’t change the bloom filter’s behaviour at all, but make it
a bit more obvious what the programmatical limitations are on the sizes
it can deal with.

In reality, those sizes should never be reached because they won’t fit
in a DNS-SD record.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1239
Approved by: cgwalters

lib/uboot: Port to fd-relative

Prep for `ostree_sysroot_new_at()`.

Closes: #1237
Approved by: jlebon

lib/syslinux: Port to fd-relative

Prep for `ostree_sysroot_new_at()`. Also just generally nicer.

Closes: #1237
Approved by: jlebon

lib/pull: Fix regression with pull-local for nonexistent refs

I was reading the pull code for the last release, and spotted
a bug in commit f923c2e1eaebe0c781f07d34ae1a03f94357bccd - in
the case where the ref doesn't exist, we don't set an error,
tripping an assertion in the main code.

The previous code wanted the ref to always exist, so just flip back the boolean
for "ignore noent". I moved the `g_strchomp()` just into the HTTP path - if a
local repo is corrupted in this way it's something to fix in that repo.

Closes: #1238
Approved by: pwithnall

lib/sysroot: Add some more comments

Also avoid gtk-doc style for private functions, as it tries to parse them and
complains since they aren't public.

Closes: #1230
Approved by: jlebon

lib/commit: Add some gtk-doc and internal doc comments

Just making more of an effort for this for obvious reasons. We had a few public
APIs not documented too.

Closes: #1230
Approved by: jlebon

build-sys: Post-release version bump

Closes: #1236
Approved by: cgwalters

Release 2017.12

Closes: #1234
Approved by: jlebon

ostree/summary: Generate an ostree-metadata ref when updating summary

This is the new way of publishing repository metadata, rather than as
additional-metadata in the summary file. The use of an ostree-metadata
ref means that the metadata from multiple upstream collections is not
conflated when doing P2P mirroring of many repositories.

The new ref is only generated if the repository has a collection ID set.
The old summary file continues to be generated for backwards
compatibility (and because it continues to be the canonical ref →
checksum map for the repository).

The new code is only used if configured with --enable-experimental-api.

Includes unit tests.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1158
Approved by: cgwalters

ostree/summary: Eliminate redundant gotos from error handling path

There is no error handling to do, so just return everywhere instead.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1158
Approved by: cgwalters

man: Fix a copypasta error in ostree-summary.xml

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1158
Approved by: cgwalters

lib/bloom: Fix a -Wconversion warning in OstreeBloom

Compiling with -Wconversion warns on this line, as the conversion from
guint64 to guint8 is implicit (but safe: there is no bug here, since the
implicit cast is applied after the modulus arithmetic).

Make the cast explicit to silence -Wconversion.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1231
Approved by: cgwalters

lib/bloom: Fix bloom hashing on 32-bit architectures

There was an implicit cast from guint64 to gsize (which is 32-bit on
armhf, for example) before the modulus arithmetic which safely narrows
the index.

Fix that by using a guint64 intermediate variable and making the cast
explicit.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1231
Approved by: cgwalters

tests/installed: also run test-basic-c

Since we now have a subtest there that needs full xattr support.

Closes: #1170
Approved by: cgwalters

tests: check for relabeling rather than overlay

Instead of checking for overlayfs, let's explicitly check for our
ability to relabel files since we now have a `libtest` function to do
this. Also port that logic to `libostreetest`.

Note that overlayfs *does* allow manipulating user xattrs. So ideally,
we should break down `OSTREE_NO_XATTRS` further to distinguish between
tests that use bare repos from other modes.

We check the current directory instead of `/` so that developers can
just point `TEST_TMPDIR` to a non-overlayfs mount point when hacking
from a container.

Closes: #1170
Approved by: cgwalters

lib/commit: don't query devino cache for modified files

We can't use the cache if the file we want to commit has been modified
by the client through the file info or xattr modifiers. We would
prematurely look into the cache in `write_dfd_iter_to_mtree_internal`,
regardless of whether any filtering applied.

We remove that path there, and make sure that we only use the cache if
there were no modifications. We rename the `get_modified_xattrs` to
`get_final_xattrs` to reflect the fact that the xattrs may not be
modified.

One tricky bit that took me some time was that we now need to store the
st_dev & st_ino values in the GFileInfo because the cache lookup relies
on it. I'm guessing we regressed on this at some point.

This patch does slightly change the semantics of the xattr callback.
Previously, returning NULL from the cb meant no xattrs at all. Now, it
means to default to the on-disk state. We might want to consider putting
that behind a flag instead. Though it seems like a more useful behaviour
so that callers can only override the files they want to without losing
original on-disk state (and if they don't want that, just return an
empty GVariant).

Closes: #1165
Closes: #1170
Approved by: cgwalters

tests/libtest.sh: always nuke repo and files

This allows users to easily re-initialize the test repo.

Closes: #1170
Approved by: cgwalters

libarchive: Fix assertion error if used with CANONICAL_PERMISSIONS

I was trying to do a change for rpm-ostree to use
`OSTREE_REPO_COMMIT_MODIFIER_FLAGS_CANONICAL_PERMISSIONS`
for container builds with `bare-user-only,` but hit an assertion here
ultimtely because we weren't setting `standard::type`.

Rather than hand-rolling `GFileInfo` creation, use the stat buffer conversion
code which is more robust and used in multiple places already.

Closes: #1227
Approved by: jlebon

tests/repo: Drop modeline from top of file

As per commit 6e4146a3.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1203
Approved by: cgwalters

tests: Update some tests to use OSTREE_REPO_MODE_ARCHIVE not ARCHIVE_Z2

The latter is deprecated now.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1203
Approved by: cgwalters

tests: Add a manual integration test for OstreeRepoFinderMount

Test an end-to-end flow of pulling refs from an online
repository → local OS repository → create a USB stick of
them → pull to a local OS repository on another machine.

This is a manual test, as it requires a throwaway USB stick which the
test can format as ext4 or vfat to test the flow works with both file
systems.

Run it as:

MOUNT_INTEGRATION_DEV=/dev/sdb1 make check \
TESTS=tests/test-repo-finder-mount-integration.sh

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1203
Approved by: cgwalters

tests: Add 404 tests for dirtree objects too

I now believe the flatpak issue we were hitting was
https://github.com/ostreedev/ostree/pull/1185
but let's add these tests anyways for more coverage.

Closes: #888
Approved by: jlebon

tree-wide: Bump libglnx, port to new lockfile init

In particular I'd like to get the copy fix in, since it might affect users for
the keyring bits.

Update submodule: libglnx

Closes: #1225
Approved by: jlebon

lib/pull: Don't request deltas for unchanged commits

I noticed this while debugging why I was seeing "2 metadata objects" fetched for
a different PR. I knew 1 was detached meta, but the other turned out to be this.

There's no reason to request a delta if the ref is unchanged.

Closes: #1220
Approved by: jlebon

tests/commit-sign: Update a bit to more modern style

I was trying to debug this while working on another PR. Add `echo ok` lines and
also use `assert_file_has_content` more directly; there's no reason to use an
intermediate `grep` since if it fails it won't print the original file.

Closes: #1220
Approved by: jlebon

lib/diff: Add compile-time ABI check on 64 bit arches

Like what was done for most of the `ostree-repo.h` values. Prep
for adding a new option.

Closes: #1223
Approved by: jlebon

ci: Record primary context results using g-d-t-r --log-directory

So the output isn't all intermingled. I just pushed a commit
to add `--log-directory`, so we need to build it from git master
for now.

Closes: #1218
Approved by: jlebon

lib/repo-pull: Fix remote names in refspecs from non-mirror P2P pulls

Propagate the refspec_name from the OstreeRemote returned by an
OstreeRepoFinder through to the set_ref() call.

This changes ostree_repo_pull_with_options() to accept the
previously-disallowed combination of passing override-remote-name in
options and also setting a remote name in remote_name_or_baseurl.
ostree_repo_pull_with_options() will continue to pull using the remote
config named in remote_name_or_baseurl as before; but will now use the
remote name from override-remote-name when it’s setting the refs at the
end of the pull. This is consistent with the documentation for
override-remote-name.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1202
Approved by: cgwalters

lib/remote: Store name of remote providing keyring for dynamic remotes

When pulling from a dynamic (peer to peer) remote, the remote’s name is
set to a unique, generated string which doesn’t exist in repo/config. If
doing a non-mirror pull, however, we don’t want to use this name in the
refspecs for newly created or updated refs — we want to use the name of
the remote which provided the keyring for the pull (this will be a
remote from repo/config whose collection ID matches that being used for
the peer to peer pull).

Store both names in OstreeRemote. The name to use for refspecs is stored
as refspec_name, and is typically NULL unless it differs from name.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1202
Approved by: cgwalters

lib/repo: Change resolve_keyring_for_collection() to return a remote

Instead of returning just the keyring filename, return the entire
OstreeRemote, which has the keyring filename as one of its members. This
will simplify some upcoming changes, and allows slightly improved debug
logging.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1202
Approved by: cgwalters

lib/repo-pull: Fix a potential minor leak

If override-remote-name is specified in the options to
ostree_repo_pull_with_options(), but the remote_name_or_baseurl argument
is also set to a remote name, the override-remote-name would be leaked.

Note that this is currently an invalid configuration, so this leak is
basically never hit.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1202
Approved by: cgwalters

lib/pull: Add status for imported objects

Followup for recent work in commits:

- 8a7a35970928331a028ccddd04590ac300dbd26e
- 1a9a473580e9066f5d4a969932d703b5b104b2b7

Keep track of how many objects we imported, and print that for `ostree
pull-local` (also do this even if noninteractive, like we did for `pull`).

In implementing this at first I used separate variables for import
from repo vs import from localcache, but that broke some of the
tests that checked those values.

It's easier to just merge them; we know from looking at whether or not
`remote_repo_local` is set whether or not we were doing a "HTTP pull with
localcache" versus a true `pull-local` and can use that when rendering status.

Closes: #1219
Approved by: jlebon

lib/repo-pull: Use resolve() instead of list() in fetch_ref_contents()

This is more efficient in the non-collection case; in the collection
case, the implementation of ostree_repo_resolve_collection_ref() needs
to be rewritten to improve efficiency.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1182
Approved by: cgwalters

lib/repo-refs: Add first version of ostree_repo_resolve_collection_ref()

This is a parallel for ostree_repo_resolve_rev_ext() which works on
collection–refs. At the moment, the implementation is simple and uses
ostree_repo_list_collection_refs(). In future, it could be rewritten to
check the checksum directly rather than enumerating all
potentially-relevant checksums.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1182
Approved by: cgwalters

create-usb: Add a create-usb command to complement OstreeRepoFinderMount

This can be used to put OSTree repositories on USB sticks in a format
recognised by OstreeRepoFinderMount.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1182
Approved by: cgwalters

src/pull: Support local pulls for collection–refs

Previously, collection–refs could only be pulled from a repository if it
had a summary file (which listed them). There was no way to pull from a
local repository which doesn’t have a summary file, and where the refs
were stored as refs/remotes/$remote/$ref, with a config section linking
that $remote to the queried collection ID.

Fix that by explicitly supporting pull_data->remote_repo_local in
fetch_ref_contents().

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1182
Approved by: cgwalters

tests,ci: Move "test-basic" (bare mode) to installed test

Our CI uses default Docker, which has SELinux labeling but is rather
evil in returning `EOPNOTSUPP` to any attempts to set `security.selinux`,
even if to the same value.

The previous fire 🔥 for this was: https://github.com/ostreedev/ostree/pull/759

The `bare` repo mode really only makes sense as uid 0, so our installed
test framework is a good match for this. However, the unit tests *do*
work in a privileged container even as non-root, and *also* should
work on SELinux-disabled systems. So let's teach the test framework
how to skip in those situations.

I tested this both in a priv container (my default builder) and an unpriv
container (like our CI).

At the same time, start executing the `test-basic.sh` from an installed test,
so we get better coverage than before.

This is just the start - all of the sysroot tests really need the
same treatment.

Closes: #1217
Approved by: jlebon

lib/pull: Default checksum for archive mirror, add TRUSTED_HTTP flag

I now think commit fab1e113db558cb7d6754e243919558df92d4864 was a mistake;
because it breaks the mental model that at least I'd built up that "local repos
don't have checksums verified, HTTP does".

For example, a problem with this is (with that mental model in place) it's easy
for people who set up mirrors like this to then do local pulls, and at that
point we've done a deployment with no checksum verification.

Further, since then we did PR #671 AKA commit 3d38f03 which is really most of
the speed hit.

So let's switch the default even for this case to doing checksum verification,
and add `ostree pull --http-trusted`. People who are in situations where they
know they want this can find it and turn it on.

Closes: https://github.com/ostreedev/ostree/issues/1211
Closes: #1212
Approved by: jlebon

lib/pull: Refactor to use OstreeRepoImportFlags internally

Rather than carrying two booleans, just convert `OstreeRepoPullFlags`
into `OstreeRepoImportFlags`. This allows us to drop an internal
wrapper function and just directly call `_ostree_repo_import_object()`.

This though reveals that our mirroring import path doesn't check the
`OSTREE_REPO_PULL_FLAGS_UNTRUSTED` flag...it probably should.

Prep for further work.

Closes: #1212
Approved by: jlebon

lib/pull: Minor refactoring of metadata scanning function

Make the "local repo" processing conditional the same as the "localcache" bits;
this is really just a de-indent. Also add some comments. Prep for further work.

Closes: #1212
Approved by: jlebon

bin/pull: Fix description of --untrusted

It means *do* verify for local.

Closes: #1212
Approved by: jlebon

lib/commit: fix using uninitialized var

Noticed this while reading the code. The `child` var hasn't been
initialized yet at the time we throw this error (and even then, it's
only conditionally initialized). To be nice, let's just always calculate
the child path and pass that along.

Also do some minor style porting to decl near use.

Closes: #1216
Approved by: cgwalters

lib/commit: add comments to explain dir commit path

Add a few comments for each of the central functions used for committing
data from a directory. Took me a bit to understand the relationship
between those functions.

Closes: #1216
Approved by: cgwalters