dgit.raspbian.org Git - ostree.git/log

lib/pull: Only look for cookie files for non-local remotes

Just noticed this while reading an strace.

Closes: https://github.com/ostreedev/ostree/issues/1139
Closes: #1145
Approved by: jlebon

lib/commit: Update docs/code style for ostree_repo_scan_hardlinks()

Happened to notice this one `goto out` user, and decided to tweak the docs at
the same time.

Closes: #1144
Approved by: jlebon

tree-wide: Use helpers for unlinkat()

We have `ot_ensure_unlinked_at()` for the "ignore ENOENT" case, and
`glnx_unlinkat()` otherwise. Port all in-tree callers to one or the other as
appropriate.

Just noticed an unprefixed error in the refs case and decided to do a tree-wide
check.

Closes: #1142
Approved by: jlebon

tests/rofiles-fuse: Add tests for chmod/chown

Prep for https://github.com/ostreedev/ostree/pull/1137 where
we were incorrectly handling `chown()` on symlinks.

Closes: #1141
Approved by: jlebon

lib/gpg: Port a few misc gpg functions to new style

I'd mostly been skipping the GPG functions due to lack of autoptr for a few
things, but I noticed these bits were straightforward.

Closes: #1136
Approved by: jlebon

lib/gpg: Use nicer helper for gpg error messages

The vast majority of invocations of `ot_gpgme_error_to_gio_error()` were paired
with `g_prefix_error()`; let's combine them for the same reason we do
`glnx_throw_errno_prefix()`. For the few cases that don't we might as well add
some prefix.

I also changed it to `return FALSE` in prep for more style porting.

Closes: #1135
Approved by: jlebon

lib/sysroot: A bit more new style porting

A few things not done in the last pass; prep for `ostree_sysroot_new_at()` work.

Closes: #1131
Approved by: jlebon

bin/local-pull: Clarify docs, add more tests for corrupted local pulls

I was reading the pull-local command docs and realized it was somewhat unclear
that `--untrusted` *only* applied to local repo pulls; in other words that we
always treat non-local pulls as untrusted.

Tweak the docstring, and add tests that verify this explicitly.

Closes: #1130
Approved by: jlebon

lib/repo: Add error prefixing during hardlink object import

I happened to have a repo with a missing commit object, and got an unprefixed
error during a pull-local.

Closes: #1129
Approved by: jlebon

lib/repo: Add apidoc for repo properties

However, they weren't showing up in the output HTML and I have
no idea why; I looked at what we're doing and it looks close enough
to what's going on in `GDBusConnection` that I was using as a reference.
I'm not going to spend a lot of time to debug it right now.

Closes: #1140
Approved by: jlebon

ci: Hackaround Fedora rpm/libdb/glibc issue

Not sure I want to wait a few days for a new container, so let's
give this a shot now.

See https://bugzilla.redhat.com/show_bug.cgi?id=1483553

Closes: #1143
Approved by: jlebon

bin/admin: Check for booted sysroot for root-required commands

Drops a use of `ostree_sysroot_get_path()`, prep for `ostree_sysroot_new_at()`.

Closes: #1123
Approved by: jlebon

bin/admin: Do sysroot loading during argument parsing

Followup from previous patch - we can now centralize the sysroot loading.
Besides the obvious cleanup value, this is also prep for dropping an
`ostree_sysroot_get_path()` user.

Closes: #1123
Approved by: jlebon

bin/admin: Change init-fs to stop loading a sysroot to init one

This is exactly analogous to the `ostree init` case where
we have `OSTREE_BUILTIN_FLAG_NO_REPO` to avoid trying to load
a repo when we're creating one.

Let's avoid the pointless sysroot for `init-fs`; among other
things this will then let us do `ostree_sysroot_load()` inside
the argument parsing, and drop it from every other user.

Closes: #1123
Approved by: jlebon

bin/admin: Check for booted deployment to see if we should reboot

Rather than calling `ostree_sysroot_get_path()`, which I'd like to deprecate for
the same reason as `ostree_repo_get_path()`.

Closes: #1123
Approved by: jlebon

bin/admin: Port switch,upgrade to new style

Was pretty easy. Prep for future work.

Closes: #1123
Approved by: jlebon

bin/prune: Port to new style

No functional changes, all straightforward. Prep for
https://github.com/ostreedev/ostree/issues/1115

Closes: #1124
Approved by: jlebon

tree-wide: Replace archive-z2 with archive

In almost all places. There are just a few exceptions; one tricky bit for
example is that the repo config must still have `mode=archive-z2`, since
`archive` used to mean something else. (We could very likely just get rid of
that check, but eh, later).

I also added a test that one can still do `ostree repo init --mode=archive-z2`.

Closes: #1125
Approved by: jlebon

checkout: add an extra checkout_overwrite mode

This is for issue projectatomic/rpm-ostree#365,
an extra option of overwrite mode is added to the checkout command
so that when there is "non-directory" file already exist
during checkout, the error will be handled.

Some tests are added for regression

Closes: #1116
Approved by: cgwalters

commit: filter out selinux label before commit

The new --selinux-policy added in [0] exposed a subtle issue in the way
we handle labeling during commit. The CI system in rpm-ostree hit this
when trying to make use of it[1].

Basically, because of the way we use a GVariant to represent xattrs, if
a file to be committed already has an SELinux label, the xattr object
ends up with *two* label entries. This of course throws off fsck later
on, since the checksum will have gone over both entries, even though the
on-disk file will only have a single label (in which the second entry
wins).

I confirmed that the `fsck` added in the installed test fails without
the rest of this patch.

[0] https://github.com/ostreedev/ostree/pull/1114
[1] https://github.com/projectatomic/rpm-ostree/pull/953

Closes: #1121
Approved by: cgwalters

tests: Make the deployment mutable in test-sysroot.js

We attempt to make deployments mutable in the test suite (as opposed to
immutable which is the default) to make it easier to chmod and clean up
the tmp files after each test. This is normally accomplished by setting
OSTREE_SYSROOT_DEBUG=mutable-deployments in libtest.sh, but that only
affects the environment variables for that bash instance, not the
process running gjs. So in test-sysroot.js OSTREE_SYSROOT_DEBUG wasn't
set when sysroot.deploy_tree() was called, which means the deployment
was made immutable which eventually causes the test to fail. This only
occurs when the test is run by the root user because for non-root users
_ostree_linuxfs_fd_alter_immutable_flag() would silently fail and the
deployment would be mutable.

This commit fixes this issue by setting the environment variable in
tests/test-sysroot.js.

Closes: #1122
Approved by: cgwalters

libarchive: Add support for translating paths during commit

For rpm-ostree, I want to move RPM files in `/boot` to `/usr/lib/ostree-boot`.
This is currently impossible without forking the libarchive code. Supporting
this is pretty straightforward; we already had pathname translation in
the libarchive code, we just need to expose it as an option.

On the command line side, I chose to wrap this as a regexp. That should be good
enough for a lot of use cases; sophisticated users should as always be making
use of the API. Note that this required some new `#ifdef LIBARCHIVE` bits to use
the new API. Following previous patterns here, we use the new API only if a
relevant option is enabled, ensuring unit test coverage of both paths.

For the test cases, I ended up changing the accounting to avoid having to
multiply the test count.

Closes: #1105
Approved by: jlebon

Remove shebang from bash completions

bash completions are to be sourced. It makes little sense to
execute them.

Detected by Debian's Lintian tool, which warns about non-executable
files that appear to be #! scripts.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1119
Approved by: cgwalters

test-basic-user-only: Skip final step if no user xattrs

We don't want to skip the entire test, because the whole point of
bare-user-only is that it works in the absence of xattrs; but we do
need to skip this last stage, which explicitly uses a bare-user
repository.

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1120
Approved by: cgwalters

basic-test: Skip explicit uses of bare-user if no user xattrs

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1120
Approved by: cgwalters

libtest: Allow skipping single checks without user xattrs

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1120
Approved by: cgwalters

test-pull-bareuser.sh: This test uses bare-user, hence needs xattrs

Signed-off-by: Simon McVittie <smcv@debian.org>
Closes: #1120
Approved by: cgwalters

test-libarchive-import: Skip if extended attributes are unsupported

This is the case at build-time on some (all?) Debian autobuilders.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1120
Approved by: cgwalters

lib/repo-refs: Fix typos in last commit

This fixes a whitespace error and a mistake that made it into the last
commit, 7ed881baa, at the last minute.

Closes: #1112
Approved by: cgwalters

bin/commit: Add --selinux-policy option

This was really straightforward to implement, and is useful
for dev/test scenarios mainly like we have in rpm-ostree at least.

Closes: https://github.com/ostreedev/ostree/issues/1113
Closes: #1114
Approved by: jlebon

ostree-sysroot: make simple_write_deployment smarter

This is a follow-up to https://github.com/ostreedev/ostree/pull/1097.
We make simple_write_deployment smart enough so that it can be used for
rpm-ostree's purposes. This is mostly an upstreaming of logic that
already existed there.

Notably we correctly append NOT_DEFAULT deployments *after* the booted
deployment and we now support RETAIN_PENDING and RETAIN_ROLLBACK flags
to have more granularity on deployment pruning.

Expose these new flags on the CLI using new options (as well as expose
the previously existing NOT_DEFAULT flag as --not-as-default).

I couldn't add tests for --retain-pending because the merge deployment
is always the topmost one. Though I did check that it worked in a VM.

Closes: #1110
Approved by: cgwalters

ostree-sysroot: convert function to new style

Also convert ot-admin-builtin-deploy.c.
Prep for more work there.

Closes: #1110
Approved by: cgwalters

lib/repo-refs: Include remote refs when using collections

When working with collections it can be useful to see remote refs rather
than just local and mirrored ones. This commit changes the "ostree refs
-c" output to include remote refs, and includes remote refs with
collection IDs in summary file generation as well. The former behavior
is consistent with how "ostree refs" works, and the latter behavior is
useful in facilitating P2P updates even when mirrors haven't been
configured.

To accomplish this, OstreeRepoListRefsExtFlags was extended with an
EXCLUDE_REMOTES flag. This was done rather than an INCLUDE_REMOTES flag
so that existing calls to ostree_repo_list_refs_ext continue to have the
same behavior. This flag was added to ostree_repo_list_collection_refs
(which is an experimental API break).

Also, add unit tests for the "refs -c" and summary file behavior, and
update relevant tests.

Closes: #1069
Approved by: cgwalters

lib/repo: Add some assertions for ABI sizes

Things like https://sourceware.org/libabigail/manual/abidiff.html
look interesting but in a brief look I couldn't work out
how to conveniently use them for quick ABI sanity checking without
doing a diff from a previous build (which we could do but would be
more involved).

This way will at least catch struct ABI breaks on x86_64 which
I think we'd be most likely to do accidentally when trying
to use one of the previous unused values.

I found the hole values via gdb's `pahole` command.

Closes: #1108
Approved by: jlebon

bin/main: Remove duplicated usage output on unknown commands

It's been this way for a long time, though not forever; I went
back to v2014.11 as a random choice and it worked then. Not
going to bother doing a full archive search for this though.
Anyone who wants more context can help themselves.

Closes: https://github.com/ostreedev/ostree/issues/1096
Closes: #1106
Approved by: jlebon

build/maint.mk: Comment out setting of LC_ALL

This triggers obscure bugs; really we shouldn't be overriding
the global locale here. In practice, production build systems
will be using fixed locales anyways.

Also, we only use a small subset of this file (`make syntax-check`),
which appears to work OK without this.

I will probably try to work out where to submit this as at
least an issue report for upstream gnulib.

Closes: https://github.com/ostreedev/ostree/issues/1101
Closes: #1107
Approved by: heftig

lib/commit: Honor commit filter for libarchive --tar-autocreate-parents

This makes `ostree commit --tree=tar` honor `--owner-uid` and `--owner-gid`
for the root directory.

Prep for further commit filtering work, although mostly for the unit test cases;
this ensures we can use `ostree checkout` after autocreating a root directory.

Closes: #1104
Approved by: jlebon

lib/commit: Remove duplicated function for filter processing

The wrapping here is unnecessary, since `_ostree_repo_commit_modifier_apply()`
already does what this function did. Further, the return type was wrong.

Saw this while doing some libarchive work.

Closes: #1104
Approved by: jlebon

pull: better description for --mirror

Describe the behaviour of --mirror a bit better.

Closes: #1100
Closes: #1099
Approved by: dustymabe

build: Ensure ostree-tmpfiles.conf is distributed

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1103
Approved by: cgwalters

build: Add distcheck configure flags to fix systemd and bash-completion

When running distcheck, the systemd system-generator and bash-completion
scripts are installed in absolute paths (/usr and /lib) as looked up
from their pkg-config files. This breaks distcheck. Use a
${prefix}-relative path for both of them when configuring for distcheck.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1103
Approved by: cgwalters

tests: fix admin upgrade timestamp file check

In #1055, I tried to be helpful but that didn't work out all too well.
We need to recompute the file path since one is in archive mode and the
other in bare mode.

Closes: #1098
Approved by: cgwalters

lib/pull: Add support for timestamp-check option, use in upgrader

For both flatpak and ostree-as-host, we really want to verify up front during
pulls that we're not being downgraded. Currently both flatpak and
`OstreeSysrootUpgrader` do this before deployments, but at that point we've
already downloaded all the data, which is annoying.

Closes: https://github.com/ostreedev/ostree/issues/687
Closes: #1055
Approved by: jlebon

lib/sysroot: fix placement for not-default deployment

When using the
OSTREE_SYSROOT_SIMPLE_WRITE_DEPLOYMENT_FLAGS_NOT_DEFAULT flag, the
deployment is said to be added after the booted or merge deployment.
Fix the condition to do so instead of adding it in the second place.

Closes: #1097
Approved by: cgwalters

lib/deploy: Add .img to end of initramfs in /usr/lib/modules

Follow up to <https://github.com/ostreedev/ostree/pull/1079>; I was working on
the rpm-ostree updates for this, and I think it's more consistent if we have
`.img` here, since that's a closer match to the "remove $kver" that results in
`vmlinuz`. Also just best practice to have file suffix types where they make
sense.

The astute reader might notice this sneaks in a change where we'd crash if the
legacy bootdir didn't have an initramfs...yeah, should probably have test
coverage of that.

Closes: #1095
Approved by: jlebon

docs/build: s/libOSTree/libostree/

I find "libOSTree" awkward to type and really to look at. Let's be nicer on
people's pinky fingers and eyes and drop it all down to lowercase.

Closes: #1093
Approved by: jlebon

lib/sysroot: Support /usr/lib/modules/$kver for kernel/initramfs

This is the new Fedora kernel standard layout; it has the advantage
of being in `/usr` like `/usr/lib/ostree-boot`, but it's not OSTree
specific.

Further, I think in practice forcing tree builders to compute the checksum is an
annoying stumbling block; since we already switched to e.g. computing checksums
always when doing pulls, the cost of doing another checksum for the
kernel/initramfs is tiny. The "bootcsum" becomes more of an internal
implementation detail.

Now, there is a transition; my current thought for this is that rpm-ostree will
change to default to injecting into both `/usr/lib/ostree-boot` and
`/usr/lib/modules`, and stop doing `/boot`, then maybe next year say we drop the
`/usr/lib/ostree-boot` by default.

A twist here is that the default Fedora kernel RPM layout (and what's in
rpm-ostree today) includes a kernel but *not* an initramfs in
`/usr/lib/modules`. If we looked only there, we'd just find the kernel. So we
need to look in both, and then special case this - pick the legacy layout if we
have `/usr/lib/modules` but not an initramfs.

While here, rework the code to have an `OstreeKernelLayout` struct which makes
dealing with all of the variables nicer.

Closes: #1079
Approved by: jlebon

bin: Squash some -Wuninit warnings with porting to new style

I noticed this with a local build of an RPM:

```
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: warning: 'help' may be used uninitialized in this function [-Wmaybe-uninitialized]
   g_free (*pp);
   ^~~~~~~~~~~~
src/ostree/ot-main.c:82:20: note: 'help' was declared here
   g_autofree char *help;
                    ^~~~
```

Closes: #1091
Approved by: jlebon

boot: Add a tmpfiles.d snippet to clean up /var/tmp/ostree-ovl.XXX

This is simplest for now. Compare with similar logic from
`/usr/lib/tmpfiles.d/tmp.conf`:
```
R! /tmp/systemd-private-*
```

Closes: https://github.com/ostreedev/ostree/issues/393
Closes: #1090
Approved by: jlebon

build-sys: Post-release version bump

Closes: #1089
Approved by: jlebon

Release 2017.10

Closes: #1089
Approved by: jlebon

lib: Fix v2017.10 symbols to inherit from v2017.8

I actually don't quite know what the version inheritance really does, but let's
be safe and fix this. I'm being conservative here and fixing it to inherit from
2017.8, skipping .9 since that doesn't have a parent.

Related: https://github.com/ostreedev/ostree/issues/1087

Closes: #1088
Approved by: jlebon

docs/related-projects: Tweak client side snapshot text, add casync

The latter came up on the list.

Closes: #1086
Approved by: jlebon

lib/sysroot: Port a few functions to new style

Not sure why we didn't do this earlier. Just noticed them when looking at the
code for a different reason.

Closes: #1085
Approved by: jlebon

lib/deploy: Ignore errors from FITHAW

In the production case since we used `daemon()` our stderr is `/dev/null`¹
there's not much use in logging errors from `FITHAW` or `exit(1)`, and doing so
breaks the test suite which checks the return from `waitpid()`. There's nothing
we can really do if `FITHAW` fails, and in most of those cases `EINVAL`,
`EOPNOTSUPP`, we *shouldn't* do anything anyways.

¹ Though perhaps we should set up the systemd journal, but let's not
go there right now.

Closes: #1084
Approved by: jlebon

lib/deploy: Really close testing race condition

I added `waitpid()`, but that didn't actually help because we were
`daemon()`izing. Don't daemonize if we're testing so that we can `waitpid()`.

Note I still haven't reproduced this race locally, but I'm pretty sure this will
fix it.

While here, actually check the return value from `waitpid()` just in case
something goes wrong there.

Closes: #1084
Approved by: jlebon

build-sys: Move bash completions to /usr/share/ by default

This is in line with the "/etc is for sysadmins", "/usr is OS" model;
e.g. systemd's bash completions go there.

Making this change since I was looking at the required spec file changes.

Closes: #1083
Approved by: mbarnes

ot-main.c: fix signal callback signature

Signal callbacks take a void* as their final parameter, which we don't
use in this case.

Closes: #1082
Approved by: cgwalters

pull: mention libcurl in NOT_SUPPORTED pull path

Since it's now possible to build without libsoup but still have HTTP
functionality.

Closes: #1082
Approved by: cgwalters

ostree-deployment.c: simplify equality check

Just a random cozy patch I made while perusing the codebase. When
determining if two OstreeDeployment objects are the same, rather than
just checking for NULL, we can just directly check for equality of
pointers to also catch the trivial case.

Closes: #1082
Approved by: cgwalters

Update libglnx

This is mostly the `copy_file_range` changes plus the Coverity files.

```
Colin Walters (4):
      localalloc: Abort on EBADF from close() by default
      local-alloc: Remove almost all macros like glnx_free, glnx_unref_variant
      console: Fix Coverity NULL deref warning
      fdio: Merge systemd code to use copy_file_range(), use FICLONE

Jonathan Lebon (1):
      console: trim useless check

Matthew Leeds (1):
      dirfd: Fix typo in comment

Philip Withnall (1):
      glnx-console: Add missing NULL check before writing out text
```

Update submodule: libglnx

Closes: #1081
Approved by: jlebon

ostree: Add naggy comments to help keep options in sync

/* ATTENTION:
* Please remember to update the bash-completion script (bash/ostree) and
* man page (man/ostree-$COMMANDNAME.xml) when changing the option list.
*/

Closes: #1080
Approved by: cgwalters

bash: Add bash completion

Completes commands, options, commit checksums, ref names, remotes, and file paths.

Closes: #1077
Approved by: jlebon

repo: Introduce ostree_repo_open_at() and ostree_repo_create_at()

This essentially completes our fd-relative conversion.

While here, I cleaned up the semantics of `ostree_repo_create()` and
`ostree_repo_create_at()` to be more atomic - basically various scripts were
testing for the `objects` subdirectory, so let's formalize that.

Closes: #820
Approved by: jlebon

pull: mark commits from local cache as partial

If one of the localcache repos has the exact same commit we resolved
from the remote, then we need to make sure to mark it as partial so that
we download the full tree.

Closes: #1074
Closes: #1076
Approved by: cgwalters

lib/repo-finder-config: Add some more debug output

This makes diagnosing false negatives a little easier.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1075
Approved by: jlebon

man: document configured branches

Closes: #1072
Closes: #1073
Approved by: guyshapiro

lib/deploy: Close test suite race condition

Saw this in a PR result; we need to wait for the child to have written its
result to stderr before we exit, otherwise the test suite may not read it in
time.

Closes: #1070
Approved by: jlebon

man: Update ostree-refs manpage

Update the ostree-refs manpage to document recently added options, and
fix some minor mistakes.

Closes: #1068
Approved by: cgwalters

lib/sysroot: Add journal-msg signal

This will allow us to drop the awful hack in rpm-ostree where we watch our own
stdout. In general, libraries shouldn't write to stdout.

Also we can kill the systemd journal wrapper code. There's some duplication at
each call site now...but it's easier than trying to write a `sd_journal_send()`
wrapper.

I was originally going to have this emit all of the structured data too as a
`GVariant` but decided it wasn't worth it right now.

Closes: #1052
Approved by: jlebon

lib/gpg-verify: Add an OstreeGpgError error domain

Add a new error domain for GPG signing/verification errors, and use it
throughout libostree for describing verification errors. This replaces
various uses of G_IO_ERROR_FAILED, and one instance of
G_IO_ERROR_NOT_FOUND (for which some code in ot-builtin-show.c had to be
changed to ensure it was still handled correctly).

The use of a separate error domain allows failures in GPG operations to
be handled separately from network failures (where the summary file
could not be found to be downloaded, for example) or timeouts.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1064
Closes: #1071
Approved by: mbarnes

lib/sysroot-deploy: Refactor kernel layout parsing

I'd like to move the new canonical kernel directory to `/usr/lib/modules/$kver`,
as Fedora has done. The `get_kernel_from_tree()` function now abstracts over
parsing the data (src vs destination filenames, as well as checksum) in
preparation for adding the new case.

In preparation for this, let's change the current test suite to use the
*current* directory of `/usr/lib/ostree-boot`, and also add coverage of `/boot`.

Closes: #1053
Approved by: jlebon

lib/sysroot-deploy: Port a kernel finding logic to new style

Prep for more work here.

Closes: #1053
Approved by: jlebon

Update introduction.md

Added missing "is" in the first sentence.
Closes: #1067
Approved by: cgwalters

lib/repo-finder: Emit gpg-verify-summary=false in dynamic remote config

When returning results from finding repos, set gpg-verify-summary=false
in their configs, since any pulls from such remotes will necessarily
involve collection IDs, and hence should be using the unsigned summary
support. In the intended deployment mode for P2P transmission of OSTree
refs, summaries *cannot* be signed, so setting gpg-verify-summary=true
would cause all the pulls to fail.

The unsigned summary support is the move of repository metadata from
the summary file (not spliceable) to the well-known ostree-metadata ref
(spliceable, as it can exist for multiple collection IDs in the same
repository).

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1066
Approved by: cgwalters

lib/deploy: Use a FIFREEZE/FITHAW cycle for /boot

See: http://marc.info/?l=linux-fsdevel&m=149520244919284&w=2

XFS doesn't flush the journal on `syncfs()`. GRUB doesn't know how to follow the
XFS journal, so if the filesystem is in a dirty state (possible with xfs
`/boot`, extremely likely with `/`, if the journaled data includes content for
`/boot`, the system may be unbootable if a system crash occurs.

Fix this by doing a `FIFREEZE`+`FITHAW` cycle.  Now, most people
probably would have replaced the `syncfs()` invocation with those two
ioctls.  But this would have become (I believe) the *only* place in
libostree where we weren't safe against interruption.  The failure
mode would be ugly; nothing else would be able to write to the filesystem
until manual intervention.

The real fix here I think is to land an atomic `FIFREEZETHAW` ioctl
in the kernel.  I might try a patch.

In the meantime though, let's jump through some hoops and set up
a "watchdog" child process that acts as a fallback unfreezer.

Closes: https://github.com/ostreedev/ostree/issues/876
Closes: #1049
Approved by: jlebon

lib: Port gpg verification for remotes to fd-relative

This was the last use of `repo->repodir` internally, and will help finally add
`ostree_repo_open_at()`.

Closes: #1034
Approved by: jlebon

lib/repo: Fix handling of missing summary files when downloading

The API for downloading a summary file can legitimately return NULL for
the summary file contents when it returns TRUE (success). This indicates
an error 404 — the summary file was not found.

Two call sites were not handling that correctly, which was causing later
assertion failures.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1061
Closes: #1065
Approved by: cgwalters

ostree/parse-datetime: Ensure tm structs are initialised

Otherwise tm.tm_wday remains uninitialised and gets propagated
elsewhere.

Spotted by Coverity as issue #209265.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1059
Approved by: cgwalters

lib/sepolicy: Drop duplicate assignment

Spotted by Coverity as issue #1452619.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1059
Approved by: cgwalters

lib/repo-commit: Drop unreachable conditional branch

(remaining > 0) is asserted by the loop condition, and remaining is not
modified between that check and the G_UNLIKELY — so the condition in the
G_UNLIKELY will always be true.

Spotted by Coverity as issue #1452617.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1059
Approved by: cgwalters

lib/repo-finder-avahi: Drop redundant conditional

summary_timestamp is checked for non-NULL-ness above, and the function
bails if it’s NULL.

Fixes Coverity issue #1452616.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1059
Approved by: cgwalters

lib/repo-refs: Add ostree_repo_remote_list_collection_refs() API

This parallels ostree_repo_remote_list_refs(), but returns a map of
OstreeCollectionRef → checksum, and includes refs from collection IDs
other than the remote repository’s main collection ID.

Use this in OstreeRepoFinderConfig to ensure that refs are matched
against even if they’re stored in the repository summary file’s
collection map, rather than its main ref map. This fixes false negatives
when searching for refs in some situations.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1058
Approved by: cgwalters

lib/repo-pull: Add a missing precondition

This catches a few failure modes in the pull code a little earlier,
before the incorrectly-NULL repo makes its way into a closure and a
worker thread, where the cause of the problem is harder to track down.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1058
Approved by: cgwalters

lib/repo-finder: Avoid a potential unref-of-NULL crash

As the comment explains, it’s possible for a result to be freed while
ref_to_checksum is NULL, even though normally the data structure
guarantees it’s non-NULL. This was causing crashes when results were
filtered out of a find-remotes call. Guard against that.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1058
Approved by: cgwalters

lib/repo-pull: Fix counting of latest commits when finding repos

The intended behaviour of ostree_repo_find_remotes() is to return
results which have the latest version of at least one of the requested
refs. Results which have some of the requested refs, but don’t have the
latest version of any of them, should be ignored. The logic to do this
was broken in the case that a result contained a positive number of the
requested refs, but none of them were the latest version. (It previously
worked when the result contained none of the requested refs.)

Fix the counting to work correctly in both cases.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1058
Approved by: cgwalters

man: The min-free-space-percent item goes in [core] section

The documentation incorrectly indicates that min-free-space-percent
goes in the [remote "name"] section. It should go in [core] instead.

Closes: #1062
Approved by: cgwalters

autogen.sh: Fix running out of tree

The autogen.sh script should be runnable out of tree. It's mostly
already the case, just one little tweak to make it work.

   $ mkdir build
   $ cd build
   $ ../autogen.sh --prefix=/usr

Closes: #1063
Approved by: cgwalters

tree-wide: Remove trailing semicolon from autoptr declarations

It confuses `g-ir-scanner`, and isn't necessary.

Closes: #1056
Approved by: pwithnall

bin/pull: Fix @ override syntax when pulling multiple refs

Coverity spotted an infloop here since we were incrementing `i++`
instead of `j++`. But adding a test revealed other bugs - we need
to keep the arrays in sync.

Coverity CID: 1452204

Closes: #1041
Approved by: pwithnall

lib/deltas: Squash Coverity warning for div-by-zero in delta show

If a delta happens to have zero objects, we could end up doing
a divide-by-zero when inferring endianness. In practice,
a zero-object delta isn't possible to generate I think, but
let's make sure the code is defensive all the same.

Spotted by Coverity.

Coverity CID: 1452208

Closes: #1041
Approved by: pwithnall

Documentation: static delta default from

Document that the default behavior of `ostree static-delta generate` if to generate the delta from the parent.
Closes: #1057
Approved by: cgwalters

main: Fix subcommand usage output

This commit sets prgname correctly so that the "ostree subcommand
--help" output prints the subcommand rather than just "ostree".

This was removed in commit f0519e541f29 because it tripped the thread
sanitizer, but it's being added back conditionally so most users who
don't compile with -fsanitize=adress see proper help output.

Closes: #1054
Approved by: cgwalters

tree-wide: Fix the build with old glib (Ubuntu Trusty etc.)

This regressed with <https://github.com/ostreedev/ostree/pull/1040>
but currently the Travis builds aren't gating.

Closes: #1051
Approved by: jlebon

lib: Define and use an autoptr cleanup for gpgme_key_t

Followup for previous patch, allows porting a bit to new code style.

Closes: #1039
Approved by: jlebon

tree-wide: Use g_autoptr(Ostree*)

Part of cleaning up our usage of libglnx; we want to use what's in GLib where we
can.

Had to change a few .c files to `#include ostree.h` early on to pick up
autoptrs for the core types.

Closes: #1040
Approved by: jlebon

Documentation: README: Remove deprecated wiki link

The old wiki only contains link back to readthedocs.
The link to is useless.
Closes: #1050
Approved by: cgwalters

tests/libtest-core.sh: Add a comment that this copy is canonical

Ref: https://github.com/projectatomic/bubblewrap/pull/203

Closes: #1047
Approved by: jlebon

lib/pull: Log state of summary/commit GPG verification

Since we have both, we should clearly log the state of both of
them. Split this out of a larger patch.

Closes: #1046
Approved by: jlebon

lib/repo: Add API to create and list ref aliases

There are multiple use cases where we'd like to alias refs.

First, having a "stable" alias which gets swapped across major
versions: https://pagure.io/atomic-wg/issue/228

Another case is when a ref is obsoleted;
<https://pagure.io/atomic-wg/issue/303>
This second one could be done with endoflife rebase, but I think
this case is better on the server side, as we might later change
our minds and do actual releases there.

I initially just added some test cases for symlinks in the `refs/heads` dir to
ensure this actually works (and it did), but I think it's worth having APIs.

Closes: #1033
Approved by: jlebon