| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
I've deprecated sh-inline; in the end I think it is better
to minimize the amount of bash code we have. xshell solves
the core convenience problem of taking local variables and mapping
them to command arguments.
A full port would be nontrivial; this just starts the ball
rolling.
|
| |
|
|
|
| |
This is a one-time tree wide reformatting to ensure consistency
going forward.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the early design of FCOS and RHCOS, we chose a value of 384M
for the boot partition. This turned out to be too small: some arches
other than x86_64 have larger initrds, kernel binaries, or additional
artifacts (like device tree blobs). We'll likely bump the boot partition
size in the future, but we don't want to abandon all the nodes deployed
with the current size.[[1]]
Because stale entries in `/boot` are cleaned up after new entries are
written, there is a window in the update process during which the bootfs
temporarily must host all the `(kernel, initrd)` pairs for the union of
current and new deployments.
This patch determines if the bootfs is capable of holding all the
pairs. If it can't but it could hold all the pairs from just the new
deployments, the outgoing deployments (e.g. rollbacks) are deleted
*before* new deployments are written. This is done by updating the
bootloader in two steps to maintain atomicity.
Since this is a lot of new logic in an important section of the
code, this feature is gated for now behind an environment variable
(`OSTREE_ENABLE_AUTO_EARLY_PRUNE`). Once we gain more experience with
it, we can consider turning it on by default.
This strategy increases the fallibility of the update system since one
would no longer be able to rollback to the previous deployment if a bug
is present in the bootloader update logic after auto-pruning (see [[2]]
and following). This is however mitigated by the fact that the heuristic
is opportunistic: the rollback is pruned *only if* it's the only way for
the system to update.
[1]: https://github.com/coreos/fedora-coreos-tracker/issues/1247
[2]: https://github.com/ostreedev/ostree/issues/2670#issuecomment-1179341883
Closes: #2670
|
| |
|
|
|
|
|
|
| |
When hacking and testing locally with `cosa build-fast` and `kola run`,
I prefer to leave testing framework stuff within the work directory
rather than installed in my pet container. Add a `localinstall` target
for this which puts the tests in `tests/kola`. Then a simple `kola run`
will pick it up.
|
| |
|
|
|
|
| |
AFAICT, I don't see how `runkola.sh` or the Makefile in `tests/kolainst`
can create files in `tests/kola` since it's geared towards installing
under `/usr`.
|
| |
|
|
|
| |
Since a later assertion would otherwise trigger. We saw
this happen in CI.
|
| |\
| |
| | |
Use g_steal_fd() in preference to glnx_steal_fd()
|
| | |
| |
| |
| |
| |
| |
| | |
g_steal_fd() exists in GLib since 2.70, and libglnx has a backport for
older GLib versions, equivalent to the libglnx-specific glnx_steal_fd().
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \
| | |
| | | |
Add `sysroot.bootprefix` option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a follow up to
https://github.com/ostreedev/ostree/pull/2149/commits/0ced9fde7649271d9458ca424aa8c41908634b02
"sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot"
What we should have done at the time is changed our bootloader entries
to be prefixed with `/boot`. This means that the GRUB2 BLS support
will Just Work.
For now, I'm making this option default to off out of a lot of
conservatism. I think in the future we should flip this on by default.
|
| | | |
| | |
| | |
| | | |
Closes: https://github.com/ostreedev/ostree/issues/2827
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
XFS now seems to want filesystems larger than 300MB, so switch
to ext4. Also use `20MiB` so we align to 512b sectors to squash
a `losetup` warning.
Also tweak some of the numbers to still work.
|
| | |/
|/|
| |
| |
| |
| | |
On Debian systems, by default only root has /{usr/,}sbin in PATH.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| | | |
|
| |\ \
| | |
| | | |
ostree-metadata commit API
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
My editor started following the configuration in .editorconfig and is
applying this rule to many files I'm editing. Let's just get this over
with and strip everything. This was done like so:
git ls-files | grep '\.[ch]$' | xargs sed -ri 's/\s+$//'
|
| |\ \ \
| | | |
| | | | |
Various CLI improvements
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
While `--print-metadata-key` is very useful, it's not that helpful if
you don't know what the keys are.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The only other way to get the remote ref revision from the CLI is to
scrape the output of `ostree remote summary` or pull the commit. The
revision is already there in the summary's ref map, so might as well add
an option to show it.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow printing the revision along with the ref. This is very convenient
for looping over the refs in a shell as well as for quickly seeing which
refs are pointed to the same commit.
|
| | |/ /
| | |
| | |
| | |
| | | |
The output is much more readable sorted. I can't think of any reason
you'd want it unsorted (which is essentially dentry order).
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we calculate the reachability set in `ostree prune`, we do this
without any locking. This means that between the time we build the set
and when we call `ostree_repo_prune_from_reachable`, new content
might've been added. This then causes us to immediately prune that
content since it's not in the now outdated set.
Fix this by calculating the set under an exclusive lock.
I think this is what happened in
https://github.com/fedora-silverblue/issue-tracker/issues/405. While
the pruner was running, the `new-updates-sync` script[1] was importing
content into the repo. The newly imported commits were immediately
deleted by the many `ostree prune --commit-only` calls the pruner does,
breaking the refs.
[1] https://pagure.io/fedora-infra/ansible/blob/35b35127e444/f/roles/bodhi2/backend/files/new-updates-sync#_18
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Due to some vulnerabilities[1][2], all versions prior to 0.9.4 have been
yanked from crates.io. There have been some API changes since 0.6.0, but
none of them affect the simple `hyper_staticfile::Static` usage here.
1. https://rustsec.org/advisories/RUSTSEC-2022-0069.html
2. https://rustsec.org/advisories/RUSTSEC-2022-0072.html
|
| | |
| |
| |
| |
| |
| |
| | |
musl uses "Result not representable" for ERANGE, support this in
addition to glibc's "Numerical result out of range".
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
It has various semver bumps and we were literally just using
it to duplicate what's already in `libc`.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
IMO, tools invoking `sudo` automatically is a huge anti-pattern.
Require this to be opt-in.
In practice also...these tests really want to be *integration*
and not unit tests because involving `sudo` alongside uninstalled
binaries just creates a giant mess.
Closes: https://github.com/ostreedev/ostree/issues/2761
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
g_memdup() is subject to an integer overflow on 64-bit machines if the
object being copied is larger than UINT_MAX bytes. I suspect none of
these objects can actually be that large in practice, but it's easier
to replace all the calls than it is to assess whether we need to
replace them.
A backport in libglnx is used on systems where GLib is older than 2.68.x.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |\ \
| | |
| | | |
Remove readdir-rand
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This was only there to reproduce a bug we hit long ago
with bootloader file ordering. We're extremely unlikely
to reintroduce such a bug, and it's not worth carrying around
this code.
|
| |\ \ \
| |/ /
|/| | |
Enabling retry for HTTP 500 internal server error
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Ricardo Noriega <rnoriega@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
As noted in readdir(3), in the presence of long filenames it is
possible for a directory entry to be larger than `sizeof (struct dirent)`.
Copy the full length instead.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
Introduces an intermediate format for overlayfs storage, where
.wh-ostree. prefixed files will be converted into char 0:0
whiteout devices used by overlayfs to mark deletions across layers.
The CI scripts now uses a volume for the scratch directories
previously in /var/tmp otherwise we cannot create whiteout
devices into an overlayfs mounted filesystem.
Related-Issue: #2712
|
| |\
| |
| | |
finalize-staged: Ensure /boot and /sysroot automounts don't expire
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If `/boot` is an automount, then the unit will be stopped as soon as the
automount expires. That's would defeat the purpose of using systemd to
delay finalizing the deployment until shutdown. This is not uncommon as
`systemd-gpt-auto-generator` will create an automount unit for `/boot`
when it's the EFI System Partition and there's no fstab entry.
To ensure that systemd doesn't stop the service early when the `/boot`
automount expires, introduce a new unit that holds `/boot` open until
it's sent `SIGTERM`. This uses a new `--hold` option for
`finalize-staged` that loads but doesn't lock the sysroot. A separate
unit is used since we want the process to remain active throughout the
finalization run in `ExecStop`. That wouldn't work if it was specified
in `ExecStart` in the same unit since it would be killed before the
`ExecStop` action was run.
Fixes: #2543
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
are pending
This is to support pending deployments instead of rasing assertion.
For example:
```
$ sudo rpm-ostree kargs --append=foo=bar
$ sudo ostree admin kargs edit-in-place --append-if-missing=foobar
```
After reboot we get both `foo=bar foobar`.
Fix https://github.com/ostreedev/ostree/issues/2679
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the current "ostree native container" flow, we're inserting
a commit object into the repo but with no refs.
We have hacks in a few places to find the commit digest via e.g.
`find repo/objects -name *.commit` but that's a horrible hack.
Add `ostree rev-parse --single` which will print the single commit,
and error out if there is not exactly one commit.
Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
|
| |
|
|
|
|
|
|
|
| |
Don't parse `rpm-ostree status` output, it's not meant for that. Use
`--json` output instead.
While we're here, fix an obsolete reference to Ansible.
Related: https://github.com/coreos/rpm-ostree/pull/3938
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Part of an ongoing effort.
|
| |
|
|
|
|
|
|
|
| |
https://github.com/coreos/coreos-assembler/pull/2921 broke this
test which is intentionally causing a systemd unit to fail.
As they say, necessity is the mother of invention. They don't
say though that need always causes particularly *beautiful* things
to be invented...
|
