This moves read-only sysroot checks upfront, so that they are not
intermixed with mount operations.
It has no immediate side-effects, but allow these check to be
independent from the rest of the mounting logic (and future changes
to it).
This adds a `MS_SILENT` flag to all `mount(2)` calls, reducing the
amount of kernel logs produced on each boot.
Those messages do not contain actionable details, and in the "mount
plus read-only remount" case they can easily become highly redundant.
This reworks the var-mount destructive test in order to properly use
the datadir for the current stateroot instead of a duplicated one.
In turn, it ensures that the resulting `var.mount` after reboot is
correctly pointing to the same location which hosted `/var` on the
previous boot.
Followup to https://github.com/ostreedev/ostree/pull/2463
One thing I noticed here is we lost usage of `build-check.sh`
which also invokes `clang`, which doesn't speak `-fanalyzer`
and would be broken by this if we try to enable `build-check.sh`
again. But that can come later.
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
In general, we're probably going to need to change most of our
`g_return_if_fail` to `g_assert`. The analyzer flags that
the function can return `NULL`, but the caller isn't prepared for
this.
In practice, let's abort.
This defines `OstreeRepoAutoTransaction` as a boxed type, in order
to support auto-generating bindings for it.
That first requires adding internal reference-counting to it, to
allow freely copying/freeing references to a single transaction guard.
This rewords errors and log messages in the functions which take care
of preparing sysroot in initramfs.
Depending on the boot flow, it is possible to reach this logic
with a sysroot mounted (unexpectedly) as read-only.
In that case, let's clearly point out the problematic mountpoint.
This enhances the auto-transaction logic, augmenting the scope of a
transaction guard.
It allows committing or aborting a transaction through its guard.
It also supports tracking the completion status of a transaction
guard, avoiding double commits/aborts, while retaining the auto-cleanup
logic.
https://bugzilla.redhat.com/show_bug.cgi?id=1945274 is an issue where a privileged
kubernetes daemonset is writing a socket into `/etc`. This makes ostree upgrades barf.
Now, they should clearly move it to `/run`. However, one option is for us to
just ignore it instead of erroring out. Some brief investigation shows that
e.g. `git add somesocket` is a silent no-op, which is an argument in favor of ignoring it.
Closes: https://github.com/ostreedev/ostree/issues/2446
This is nicer than having the caller parse the commit
object, or indirect via the `OstreeRepoFile*` object of the root.
Will be used in ostree-rs-ext around tar parsing.
This is part of `OstreeCommitModifier`, but I'm not using
that in some of the ostree-ext Rust code.
It just makes more sense as a direct policy API, where it should
have been in the first place. There's already support for
setting a policy object on a commit modifier, so that's all the
old API needs to do now.
Colin Walters
Luca BRUNO
Jonathan Lebon
Timothée Ravier
Simon McVittie