New upstream version 2020.6

apidoc/html/ostree-OstreeRepo.html

@@ -5279,6 +5279,7 @@ one to easily set up SELinux labeling from a base commit.</p>
 </tbody>
 </table></div>
 </div>
+<p class="since">Since: 2020.4</p>
 </div>
 <hr>
 <div class="refsect2">

apidoc/html/ostree-Signature-management.html

@@ -290,6 +290,11 @@ the public key(s) for verification with <a class="link" href="ostree-Signature-m
 <td class="parameter_annotations"> </td>
 </tr>
 <tr>
+<td class="parameter_name"><p>out_success_message</p></td>
+<td class="parameter_description"><p>success message returned by the signing engine. </p></td>
+<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>][<a href="http://foldoc.org/nullable"><span class="acronym">nullable</span></a>][<a href="http://foldoc.org/optional"><span class="acronym">optional</span></a>]</span></td>
+</tr>
+<tr>
 <td class="parameter_name"><p>cancellable</p></td>
 <td class="parameter_description"><p>A <span class="type">GCancellable</span></p></td>
 <td class="parameter_annotations"> </td>
@@ -346,8 +351,8 @@ the secret key with <a class="link" href="ostree-Signature-management.html#ostre
 </tr>
 <tr>
 <td class="parameter_name"><p>signature</p></td>
-<td class="parameter_description"><p>in case of success will contain signature</p></td>
-<td class="parameter_annotations"> </td>
+<td class="parameter_description"><p>in case of success will contain signature. </p></td>
+<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>]</span></td>
 </tr>
 <tr>
 <td class="parameter_name"><p>cancellable</p></td>
@@ -411,6 +416,11 @@ or <a class="link" href="ostree-Signature-management.html#ostree-sign-load-pk" t
 <td class="parameter_annotations"> </td>
 </tr>
 <tr>
+<td class="parameter_name"><p>out_success_message</p></td>
+<td class="parameter_description"><p>success message returned by the signing engine. </p></td>
+<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>][<a href="http://foldoc.org/nullable"><span class="acronym">nullable</span></a>][<a href="http://foldoc.org/optional"><span class="acronym">optional</span></a>]</span></td>
+</tr>
+<tr>
 <td class="parameter_name"><p>error</p></td>
 <td class="parameter_description"><p>a <span class="type">GError</span></p></td>
 <td class="parameter_annotations"> </td>
@@ -849,6 +859,7 @@ Based on ostree_repo_add_gpg_signature_summary implementation.</p>
 <p> <em class="parameter"><code>TRUE</code></em>
 if summary file has been signed with all provided keys</p>
 </div>
+<p class="since">Since: 2020.2</p>
 </div>
 </div>
 <div class="refsect1">

apidoc/html/ostree.devhelp2

@@ -172,7 +172,7 @@
     <keyword type="function" name="OstreeRepoCommitModifierXattrCallback ()" link="ostree-OstreeRepo.html#OstreeRepoCommitModifierXattrCallback"/>
     <keyword type="function" name="ostree_repo_commit_modifier_set_xattr_callback ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-xattr-callback"/>
     <keyword type="function" name="ostree_repo_commit_modifier_set_sepolicy ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-sepolicy"/>
-    <keyword type="function" name="ostree_repo_commit_modifier_set_sepolicy_from_commit ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-sepolicy-from-commit"/>
+    <keyword type="function" name="ostree_repo_commit_modifier_set_sepolicy_from_commit ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-sepolicy-from-commit" since="2020.4"/>
     <keyword type="function" name="ostree_repo_commit_modifier_set_devino_cache ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-devino-cache" since="2017.13"/>
     <keyword type="function" name="ostree_repo_commit_modifier_ref ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-ref"/>
     <keyword type="function" name="ostree_repo_commit_modifier_unref ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-unref"/>
@@ -378,7 +378,7 @@
     <keyword type="function" name="ostree_sign_metadata_key ()" link="ostree-Signature-management.html#ostree-sign-metadata-key" since="2020.2"/>
     <keyword type="function" name="ostree_sign_set_pk ()" link="ostree-Signature-management.html#ostree-sign-set-pk" since="2020.2"/>
     <keyword type="function" name="ostree_sign_set_sk ()" link="ostree-Signature-management.html#ostree-sign-set-sk" since="2020.2"/>
-    <keyword type="function" name="ostree_sign_summary ()" link="ostree-Signature-management.html#ostree-sign-summary"/>
+    <keyword type="function" name="ostree_sign_summary ()" link="ostree-Signature-management.html#ostree-sign-summary" since="2020.2"/>
     <keyword type="struct" name="OstreeSign" link="ostree-Signature-management.html#OstreeSign"/>
     <keyword type="function" name="ostree_bootconfig_parser_new ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-new"/>
     <keyword type="function" name="ostree_bootconfig_parser_clone ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-clone"/>

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libostree 2020.5.
+# Generated by GNU Autoconf 2.69 for libostree 2020.6.
 #
 # Report bugs to <walters@verbum.org>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libostree'
 PACKAGE_TARNAME='libostree'
-PACKAGE_VERSION='2020.5'
-PACKAGE_STRING='libostree 2020.5'
+PACKAGE_VERSION='2020.6'
+PACKAGE_STRING='libostree 2020.6'
 PACKAGE_BUGREPORT='walters@verbum.org'
 PACKAGE_URL=''
 
@@ -1561,7 +1561,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libostree 2020.5 to adapt to many kinds of systems.
+\`configure' configures libostree 2020.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1631,7 +1631,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libostree 2020.5:";;
+     short | recursive ) echo "Configuration of libostree 2020.6:";;
    esac
   cat <<\_ACEOF
 
@@ -1896,7 +1896,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libostree configure 2020.5
+libostree configure 2020.6
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2368,7 +2368,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libostree $as_me 2020.5, which was
+It was created by libostree $as_me 2020.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3236,7 +3236,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libostree'
- VERSION='2020.5'
+ VERSION='2020.6'
 
 
 # Some tools Automake needs.
@@ -5970,9 +5970,9 @@ test -n "$YACC" || YACC="yacc"
 
 YEAR_VERSION=2020
 
-RELEASE_VERSION=5
+RELEASE_VERSION=6
 
-PACKAGE_VERSION=2020.5
+PACKAGE_VERSION=2020.6
 
 
 if echo "$CFLAGS" | grep -q -E -e '-Werror($| )'; then :
@@ -19025,7 +19025,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libostree $as_me 2020.5, which was
+This file was extended by libostree $as_me 2020.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -19091,7 +19091,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libostree config.status 2020.5
+libostree config.status 2020.6
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -7,7 +7,7 @@ dnl Seed the release notes with `git-shortlog-with-prs <previous-release>..`. Th
 dnl `git-evtag` to create the tag and push it. Finally, create a GitHub release and attach
 dnl the tarball from `make dist`.
 m4_define([year_version], [2020])
-m4_define([release_version], [5])
+m4_define([release_version], [6])
 m4_define([package_version], [year_version.release_version])
 AC_INIT([libostree], [package_version], [walters@verbum.org])
 is_release_build=yes

src/boot/mkinitcpio/ostree

@@ -5,6 +5,6 @@ build() {
     add_binary /usr/lib/ostree/ostree-remount
 
     add_file /usr/lib/systemd/system/ostree-prepare-root.service
-    add_symlink /usr/lib/systemd/system/initrd-switch-root.target.wants/ostree-prepare-root.service \
+    add_symlink /usr/lib/systemd/system/initrd-root-fs.target.wants/ostree-prepare-root.service \
         /usr/lib/systemd/system/ostree-prepare-root.service
 }

src/boot/ostree-prepare-root.service

@@ -30,6 +30,6 @@ Before=initrd-root-fs.target
 Type=oneshot
 ExecStart=/usr/lib/ostree/ostree-prepare-root /sysroot
 StandardInput=null
-StandardOutput=syslog
-StandardError=syslog+console
+StandardOutput=journal
+StandardError=journal+console
 RemainAfterExit=yes

src/boot/ostree-remount.service

@@ -35,8 +35,8 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/ostree/ostree-remount
 StandardInput=null
-StandardOutput=syslog
-StandardError=syslog+console
+StandardOutput=journal
+StandardError=journal+console
 
 [Install]
 WantedBy=local-fs.target

src/libostree/ostree-bootloader-syslinux.c

@@ -89,15 +89,15 @@ append_config_from_loader_entries (OstreeBootloaderSyslinux  *self,
       val = ostree_bootconfig_parser_get (config, "linux");
       if (!val)
         return glnx_throw (error, "No \"linux\" key in bootloader config");
-      g_ptr_array_add (new_lines, g_strdup_printf ("\tKERNEL %s", val));
+      g_ptr_array_add (new_lines, g_strdup_printf ("\tKERNEL /boot%s", val));
 
       val = ostree_bootconfig_parser_get (config, "initrd");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("\tINITRD %s", val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("\tINITRD /boot%s", val));
 
       val = ostree_bootconfig_parser_get (config, "devicetree");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("\tDEVICETREE %s", val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("\tDEVICETREE /boot%s", val));
 
       val = ostree_bootconfig_parser_get (config, "options");
       if (val)
@@ -150,10 +150,13 @@ _ostree_bootloader_syslinux_write_config (OstreeBootloader  *bootloader,
           if (kernel_arg == NULL)
             return glnx_throw (error, "No KERNEL argument found after LABEL");
 
-          /* If this is a non-ostree kernel, just emit the lines
-           * we saw.
+          /* If this is a non-ostree kernel, just emit the lines we saw.
+           *
+           * We check for /ostree (without /boot prefix) as well to support
+           * upgrading ostree from <v2020.4.
            */
-          if (!g_str_has_prefix (kernel_arg, "/ostree/"))
+          if (!g_str_has_prefix (kernel_arg, "/ostree/") &&
+              !g_str_has_prefix (kernel_arg, "/boot/ostree/"))
             {
               for (guint i = 0; i < tmp_lines->len; i++)
                 {

src/libostree/ostree-bootloader-uboot.c

@@ -134,19 +134,19 @@ create_config_from_boot_loader_entries (OstreeBootloaderUboot     *self,
                        "No \"linux\" key in bootloader config");
           return FALSE;
         }
-      g_ptr_array_add (new_lines, g_strdup_printf ("kernel_image%s=%s", index_suffix, val));
+      g_ptr_array_add (new_lines, g_strdup_printf ("kernel_image%s=/boot%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "initrd");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("ramdisk_image%s=%s", index_suffix, val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("ramdisk_image%s=/boot%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "devicetree");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("fdt_file%s=%s", index_suffix, val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("fdt_file%s=/boot%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "fdtdir");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("fdtdir%s=%s", index_suffix, val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("fdtdir%s=/boot%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "options");
       if (val)

src/libostree/ostree-linuxfsutil.c

@@ -55,7 +55,7 @@ _ostree_linuxfs_fd_alter_immutable_flag (int            fd,
   if (g_atomic_int_get (&no_alter_immutable))
     return TRUE;
 
-  unsigned long flags;
+  int flags = 0;
   int r = ioctl (fd, EXT2_IOC_GETFLAGS, &flags);
   if (r == -1)
     {

src/libostree/ostree-repo-commit.c

@@ -4332,6 +4332,8 @@ ostree_repo_commit_modifier_set_sepolicy (OstreeRepoCommitModifier
  * In many cases, one wants to create a "derived" commit from base commit.
  * SELinux policy labels are part of that base commit.  This API allows
  * one to easily set up SELinux labeling from a base commit.
+ *
+ * Since: 2020.4
  */
 gboolean 
 ostree_repo_commit_modifier_set_sepolicy_from_commit (OstreeRepoCommitModifier              *modifier,

src/libostree/ostree-repo-pull.c

@@ -436,8 +436,9 @@ ensure_idle_queued (OtPullData *pull_data)
   idle_src = g_idle_source_new ();
   g_source_set_callback (idle_src, idle_worker, pull_data, NULL);
   g_source_attach (idle_src, pull_data->main_context);
-  g_source_unref (idle_src);
   pull_data->idle_src = idle_src;
+  /* Ownership is transferred to pull_data */
+  g_source_unref (idle_src);
 }
 
 typedef struct {

src/libostree/ostree-sign.c

@@ -271,7 +271,7 @@ ostree_sign_load_pk (OstreeSign *self,
  * ostree_sign_data:
  * @self: an #OstreeSign object
  * @data: the raw data to be signed with pre-loaded secret key
- * @signature: in case of success will contain signature
+ * @signature: (out): in case of success will contain signature
  * @cancellable: A #GCancellable
  * @error: a #GError
  *
@@ -305,6 +305,7 @@ ostree_sign_data (OstreeSign *self,
  * @self: an #OstreeSign object
  * @data: the raw data to check
  * @signatures: the signatures to be checked
+ * @out_success_message: (out) (nullable) (optional): success message returned by the signing engine
  * @error: a #GError
  *
  * Verify given data against signatures with pre-loaded public keys.
@@ -372,6 +373,7 @@ _sign_detached_metadata_append (OstreeSign *self,
  * @self: an #OstreeSign object
  * @repo: an #OsreeRepo object
  * @commit_checksum: SHA256 of given commit to verify
+ * @out_success_message: (out) (nullable) (optional): success message returned by the signing engine
  * @cancellable: A #GCancellable
  * @error: a #GError
  *
@@ -593,6 +595,8 @@ ostree_sign_get_by_name (const gchar *name, GError **error)
  * Based on ostree_repo_add_gpg_signature_summary implementation.
  *
  * Returns: @TRUE if summary file has been signed with all provided keys
+ *
+ * Since: 2020.2
  */
 gboolean
 ostree_sign_summary (OstreeSign    *self,

src/libostree/ostree-sign.h

@@ -52,6 +52,8 @@ G_GNUC_END_IGNORE_DEPRECATIONS
 /**
  * OSTREE_SIGN_NAME_ED25519:
  * The name of the default ed25519 signing type.
+ *
+ * Since: 2020.4
  */
 #define OSTREE_SIGN_NAME_ED25519 "ed25519"
 

src/libostree/ostree-sysroot-deploy.c

@@ -1994,6 +1994,12 @@ prepare_new_bootloader_link (OstreeSysroot  *sysroot,
   g_assert ((current_bootversion == 0 && new_bootversion == 1) ||
             (current_bootversion == 1 && new_bootversion == 0));
 
+  /* This allows us to support both /boot on a seperate filesystem to / as well
+   * as on the same filesystem. */
+  if (TEMP_FAILURE_RETRY (symlinkat (".", sysroot->sysroot_fd, "boot/boot")) < 0)
+    if (errno != EEXIST)
+      return glnx_throw_errno_prefix (error, "symlinkat");
+
   g_autofree char *new_target = g_strdup_printf ("loader.%d", new_bootversion);
 
   /* We shouldn't actually need to replace but it's easier to reuse

src/libostree/ostree-version.h

@@ -43,7 +43,7 @@
  *
  * Since: 2017.4
  */
-#define OSTREE_RELEASE_VERSION (5)
+#define OSTREE_RELEASE_VERSION (6)
 
 /**
  * OSTREE_VERSION
@@ -52,7 +52,7 @@
  *
  * Since: 2017.4
  */
-#define OSTREE_VERSION (2020.5)
+#define OSTREE_VERSION (2020.6)
 
 /**
  * OSTREE_VERSION_S:
@@ -62,7 +62,7 @@
  *
  * Since: 2017.4
  */
-#define OSTREE_VERSION_S "2020.5"
+#define OSTREE_VERSION_S "2020.6"
 
 #define OSTREE_ENCODE_VERSION(year,release) \
         ((year) << 16 | (release))

src/ostree/ot-admin-builtin-pin.c

@@ -55,7 +55,14 @@ ot_admin_builtin_pin (int argc, char **argv, OstreeCommandInvocation *invocation
   for (unsigned int i = 1; i < argc; i++)
     {
       const char *deploy_index_str = argv[i];
-      const int deploy_index = atoi (deploy_index_str);
+      char *endptr = NULL;
+
+      errno = 0;
+      const guint64 deploy_index = g_ascii_strtoull (deploy_index_str, &endptr, 10);
+      if (*endptr != '\0')
+        return glnx_throw (error, "Invalid index: %s", deploy_index_str);
+      if (errno == ERANGE)
+        return glnx_throw (error, "Index too large: %s", deploy_index_str);
 
       g_autoptr(OstreeDeployment) target_deployment = ot_admin_get_indexed_deployment (sysroot, deploy_index, error);
       if (!target_deployment)

src/switchroot/ostree-prepare-root.c

@@ -101,10 +101,9 @@ sysroot_is_configured_ro (const char *sysroot)
   bool ret = false;
   char *line = NULL;
   size_t len = 0;
-  ssize_t nread;
   /* Note getline() will reuse the previous buffer */
   bool in_sysroot = false;
-  while ((nread = getline (&line, &len, f)) != -1)
+  while (getline (&line, &len, f) != -1)
     {
       /* This is an awful hack to avoid depending on GLib in the
        * initramfs right now.
@@ -252,7 +251,7 @@ main(int argc, char *argv[])
        * sysroot, we still need a writable /etc.  And to avoid race conditions
        * we ensure it's writable in the initramfs, before we switchroot at all.
        */
-      if (mount ("/etc", "/etc", NULL, MS_BIND, NULL) < 0)
+      if (mount ("etc", "etc", NULL, MS_BIND, NULL) < 0)
         err (EXIT_FAILURE, "failed to make /etc a bind mount");
       /* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */
       int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644);

src/switchroot/ostree-remount.c

@@ -112,6 +112,11 @@ main(int argc, char *argv[])
   bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0;
   do_remount ("/sysroot", !sysroot_configured_readonly);
 
+  /* And also make sure to make /etc rw again. We make this conditional on
+   * sysroot_configured_readonly because only in that case is it a bind-mount. */
+  if (sysroot_configured_readonly)
+    do_remount ("/etc", true);
+
   /* If /var was created as as an OSTree default bind mount (instead of being a separate filesystem)
     * then remounting the root mount read-only also remounted it.
     * So just like /etc, we need to make it read-write by default.

tests/bootloader-entries-crosscheck.py

@@ -73,36 +73,56 @@ with open(syslinuxpath) as f:
     syslinux_entry = None
     syslinux_default = None
     for line in f:
-        line = line.strip()
-        if line.startswith('DEFAULT '):
+        try:
+            k, v = line.strip().split(" ", 1)
+        except ValueError:
+            continue
+        if k == 'DEFAULT':
             if syslinux_entry is not None:
-                syslinux_default = line.split(' ', 1)[1]
-        elif line.startswith('LABEL '):
+                syslinux_default = v
+        elif k == 'LABEL':
             if syslinux_entry is not None:
                 syslinux_entries.append(syslinux_entry)
             syslinux_entry = {}
-            syslinux_entry['title'] = line.split(' ', 1)[1]
-        elif line.startswith('KERNEL '):
-            syslinux_entry['linux'] = line.split(' ', 1)[1]
-        elif line.startswith('INITRD '):
-            syslinux_entry['initrd'] = line.split(' ', 1)[1]
-        elif line.startswith('APPEND '):
-            syslinux_entry['options'] = line.split(' ', 1)[1]
+            syslinux_entry['title'] = v
+        elif k == 'KERNEL':
+            syslinux_entry['linux'] = v
+        elif k == 'INITRD':
+            syslinux_entry['initrd'] = v
+        elif k == 'APPEND':
+            syslinux_entry['options'] = v
     if syslinux_entry is not None:
         syslinux_entries.append(syslinux_entry)
 
 if len(entries) != len(syslinux_entries):
     fatal("Found {0} loader entries, but {1} SYSLINUX entries\n".format(len(entries), len(syslinux_entries)))
 
-def assert_matches_key(a, b, key):
+
+def assert_eq(a, b):
+    assert a == b, "%r == %r" % (a, b)
+
+
+def assert_key_same_file(a, b, key):
     aval = a[key]
     bval = b[key]
-    if aval != bval:
-        fatal("Mismatch on {0}: {1} != {2}".format(key, aval, bval))
+    sys.stderr.write("aval: %r\nbval: %r\n" % (aval, bval))
+
+    # Paths in entries are always relative to /boot
+    entry = os.stat(sysroot + "/boot" + aval)
+
+    # Syslinux entries can be relative to /boot (if it's on another filesystem)
+    # or relative to / if /boot is on /.
+    s1 = os.stat(sysroot + bval)
+    s2 = os.stat(sysroot + "/boot" + bval)
+
+    # A symlink ensures that no matter what they point at the same file
+    assert_eq(entry, s1)
+    assert_eq(entry, s2)
+
 
 for i,(entry,syslinuxentry) in enumerate(zip(entries, syslinux_entries)):
-    assert_matches_key(entry, syslinuxentry, 'linux')
-    assert_matches_key(entry, syslinuxentry, 'initrd')
+    assert_key_same_file(entry, syslinuxentry, 'linux')
+    assert_key_same_file(entry, syslinuxentry, 'initrd')
     entry_ostree = get_ostree_option(entry['options'])
     syslinux_ostree = get_ostree_option(syslinuxentry['options'])
     if entry_ostree != syslinux_ostree:

tests/test-admin-deploy-2.sh

@@ -26,7 +26,7 @@ set -euo pipefail
 # Exports OSTREE_SYSROOT so --sysroot not needed.
 setup_os_repository "archive" "syslinux"
 
-echo "1..7"
+echo "1..8"
 
 ${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmaster/x86_64-runtime
 rev=$(${CMD_PREFIX} ostree --repo=sysroot/ostree/repo rev-parse testos/buildmaster/x86_64-runtime)
@@ -102,6 +102,13 @@ ${CMD_PREFIX} ostree admin pin -u 0
 assert_n_pinned 0
 echo "ok pin unpin"
 
+for p in medal 0medal '' 5000 9999999999999999999999999999999999999; do
+    if ${CMD_PREFIX} ostree admin pin ${p}; then
+        fatal "created invalid pin ${p}"
+    fi
+done
+echo "ok invalid pin"
+
 ${CMD_PREFIX} ostree admin pin 0 1
 assert_n_pinned 2
 assert_n_deployments 2