Introduces an intermediate format for overlayfs storage, where
.wh-ostree. prefixed files will be converted into char 0:0
whiteout devices used by overlayfs to mark deletions across layers.
The CI scripts now uses a volume for the scratch directories
previously in /var/tmp otherwise we cannot create whiteout
devices into an overlayfs mounted filesystem.
Related-Issue: #2712
This converts several invariant checks to asserts. Most of the
functions in this file were already using assertions, so this aligns
the remaining few outliers to the rest.
This enhances a bunch of helpers related to GVariant building, in
order to properly handle errors and avoid some potential cases of
unexpected NULL results.
This drops several NULL checks against filename input argument.
Those checks are both redundant (as filename validation already
checks for that) and dangerous (as they return early without
setting an error value).
are pending
This is to support pending deployments instead of rasing assertion.
For example:
```
$ sudo rpm-ostree kargs --append=foo=bar
$ sudo ostree admin kargs edit-in-place --append-if-missing=foobar
```
After reboot we get both `foo=bar foobar`.
Fix https://github.com/ostreedev/ostree/issues/2679
Commit 540e60c3 introduced _ostree_repo_auto_transaction_new(), a
private constructor to OstreeRepoAutoTransaction, by factoring out
some code from _ostree_repo_auto_transaction_start(). This factored
code increased the refcount of the 'repo' variable.
Subsequent commit 71304e854c made ostree_repo_prepare_transaction()
use ths newly introduced constructor. However, in this function, the
happy path assumed no ref was taken, and therefore did not unref it.
Commit 71304e854c didn't add the corresponding unref either.
This leaks a reference to OstreeRepo when calling
ostree_repo_prepare_transaction().
Plug this leak by using g_clear_object() to clear the repo field
of OstreeRepoAutoTransaction, instead of simply setting it to NULL.
Closes https://github.com/flatpak/flatpak/issues/4928
The ed25519 signature verification code does not
check that the signature is a minimum/correct length.
As a result, if the signature is too short, libsodium will end up
reading a few bytes out of bounds.
Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Co-authored-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Closes: https://github.com/ostreedev/ostree/security/advisories/GHSA-gqf4-p3gv-g8vw
For historical reasons we have a fair bit of distinct sysroot
initialization going on. A lot of code is calling *just* the new
`ensure_writable()` API, which does basically what you'd expect...
except if we're not using a mount namespace.
Which is the case in unit tests and legacy setups.
Change this API to also ensure the sysroot is fully initialized
even in those cases. Specifically we'll have `self->sysroot_fd`.
For now, callers that need `/boot` also need to separately
call `_ensure_boot_fd()`.
This PR is followup from https://github.com/coreos/coreos-assembler/pull/2863
Summary of changes:
- Moved bls-append-except-default parsing logic to reload_sysroot_config()
- Made sure heap allocated memory is being freed
It's falliable, and in one place we were actually ignoring
the error and leaving a `NULL` repo object which is just a trap
for people coming along later since it's rarely nullable.
Quite a while ago we switched to loading the repo at the same time
as the sysroot; convert callers in the library to use this infallible
accessor.
Prep for another patch which will use the repo object.
After landing the new --commit-only functionality, we still noticed
exceedingly long pruning times in large repos. Lets add an optimization
that will only retrieve commit objects when --commit-only flag is used.
update all existing deployments in place
Example:
$ sudo ostree admin kargs edit-in-place --append-if-missing=rw
See https://github.com/ostreedev/ostree/issues/2617
This will not add duplicate key, if there is `TESTARG=VAL1` in the
kernel arguments, `--append-if-missing=TESTARG=VAL2` will be ignored.
I messed this up; the last release should inherit from the previous
release (N-1) and not the previous to that (N-2).
I think (hope) this isn't an ABI break...
Just noticed this when I was going to add a new symbol.
In a prior change we discovered that for bad historical reasons
libostree was returning a mapping "object type+checksum" => "metadata"
but the "metadata" was redundant and pointless.
Optimize the prune API to use a (currently internal) object listing
API which returns a set, not a map. This allows `GHashTable` to
avoid allocating a separate array for the values, neatly cutting
memory usage in half (from ~13MB to ~6MB) on my test case of a
dry-run prune of a FCOS build.
I was looking at https://github.com/ostreedev/ostree/pull/2632
and confused at the usage of
`GVariant *value = g_variant_new ("(b@as)", TRUE, g_variant_new_strv (NULL, 0));`
which looked strange - why the empty strv?
It turns out that this is a historical legacy of the time when
ostree had pack files. And nothing actually cares about the values
of these variants; we should have an API that returns a proper set,
and not a hash.
But...since all of these things have exactly the same value, instead
of allocating lots of redundant copies on the heap, just have
them all hold a refcount on a shared value.
This cuts the heap usage from 20MB to 13MB on a test FCOS repository
build.
It inherently depends on the individual build, and can't
really be an official stable API for introspection users.
I've noticed the value of this flip flop when doing local builds.
I'm fairly certain no one is trying to use it from a higher level
language.
It'd probably make sense to even drop from the official C API,
but I'm trying to be conservative with that.
I was looking at our `.gir` and noticed we had the cmdprivate bits
because the pattern for excluding headers is `-private.h`, which
didn't match `cmdprivate.h`.
(nullable) and (optional) were missing on lookup()'s out parameters,
which caused the rust bindings for the function to not work. Due to the
missing (nullable), it would return a Result<(GString, MutableTree), _>,
not a Result<(Option<GString>, Option<MutableTree>), _>, which led to
panics.
We want to parse a new "bls-append-except-default" key from ostree config. The
key-value pairs specified by this key will be added to the generated
BLS fragments of non-default deployments. They must follow the format
"key1,value1;key2,value2" and so on.
This change will allow us to land GRUB password support in FCOS.
Relevant: https://github.com/coreos/fedora-coreos-tracker/issues/134
Miguel Angel Ajo
Luca BRUNO
Colin Walters
Nikita Dubrovskii
git-bruh
Huijing Hei
Georges Basile Stavracas Neto
Jonathan Lebon
Saqib Ali
Joseph Marrero Corchado
James Westman