├── .cci.jenkinsfile ├── .clang-format ├── .copr └── Makefile ├── .dir-locals.el ├── .dockerignore ├── .editorconfig ├── .git-blame-ignore-revs ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ └── bug-report.yml ├── PULL_REQUEST_TEMPLATE ├── dependabot.yml └── workflows │ ├── autovendor.yml │ ├── ci.yaml │ └── scorecard.yml ├── .gitignore ├── .gitmodules ├── .vimrc ├── CONTRIBUTING.md ├── COPYING.GPL ├── COPYING.LGPL ├── Cargo.lock ├── Cargo.toml ├── HACKING.md ├── LICENSE ├── Makefile-bash.am ├── Makefile-daemon.am ├── Makefile-decls.am ├── Makefile-extra.inc ├── Makefile-lib-defines.am ├── Makefile-lib.am ├── Makefile-libpriv.am ├── Makefile-man.am ├── Makefile-rpm-ostree.am ├── Makefile-tests.am ├── Makefile.am ├── Makefile.bindings ├── README.md ├── RELEASE.md ├── api-doc ├── Makefile.am ├── overview.xml ├── rpmostree-docs.xml.in ├── rpmostree-sections.txt └── treefile-examples │ ├── fedora-rawhide-base.json │ ├── fedora-rawhide-docker.json │ └── fedora-rawhide.repo ├── autogen.sh ├── build.rs ├── buildutil ├── .gitignore ├── attributes.m4 ├── glib-tap.mk ├── glibtests.m4 ├── tap-driver.sh └── tap-test ├── ci ├── build-check.sh ├── build.sh ├── ci-commitmessage-submodules.sh ├── clang-analyzer.sh ├── clang-build-check.sh ├── codestyle.sh ├── commit-validation.sh ├── composepost-checks.sh ├── container-build-integration.sh ├── coreosci-rpmbuild.sh ├── cosa-build.sh ├── cosa-overrides.sh ├── install-cxx.sh ├── install-test-deps.sh ├── installdeps.sh ├── libbuild.sh ├── prow │ ├── Dockerfile │ ├── Dockerfile.buildroot │ ├── Dockerfile.ci-updates │ ├── Dockerfile.fcos │ ├── Dockerfile.fcos2 │ ├── e2e-upgrades.sh │ ├── fcos-e2e.sh │ └── kola │ │ └── upgrades ├── ridiculous-rhel-devel-workaround.sh ├── test-container.sh ├── testdeps.txt ├── unit.sh ├── verify-cxx.sh └── vmcheck-provision.sh ├── completion └── rpm-ostree ├── configure.ac ├── deny.toml ├── docs ├── CONTRIBUTING.md ├── HACKING.md ├── RELEASE.md ├── _config.yml ├── _sass │ └── color_schemes │ │ └── coreos.scss ├── administrator-handbook.md ├── apply-live.md ├── architecture-core.md ├── architecture-daemon.md ├── architecture.md ├── background.md ├── build-chunked-oci.md ├── building-rpm-ostree-and-autosd.md ├── cliwrap.md ├── compose-server.md ├── compose.md ├── container.md ├── countme.md ├── debug.md ├── ex-rebuild.md ├── ex-replace.md ├── experimental.md ├── extensions.md ├── favicon.ico ├── index.md ├── layering.md ├── repo_structure.md └── treefile.md ├── experiments-and-demos └── skopeo2ostree │ └── Dockerfile ├── man ├── rpm-ostree-countme.xml ├── rpm-ostree.xml ├── rpm-ostreed-automatic.xml └── rpm-ostreed.conf.xml ├── packaging ├── .gitignore ├── Makefile.dist-packaging ├── make-git-snapshot.sh ├── rpm-ostree.spec └── rpmbuild-cwd ├── rpmostree-cxxrs.cxx ├── rpmostree-cxxrs.h ├── rust ├── .gitignore ├── LICENSE-APACHE ├── LICENSE-MIT ├── cxx.h ├── libdnf-sys │ ├── Cargo.toml │ ├── build.rs │ ├── cxx │ │ ├── libdnf.cxx │ │ └── libdnf.hpp │ └── lib.rs ├── rpmostree-client │ ├── Cargo.toml │ ├── src │ │ └── lib.rs │ └── tests │ │ ├── fixtures │ │ └── workstation-status.json │ │ └── parse.rs ├── src │ ├── builtins │ │ ├── apply_live.rs │ │ ├── compose │ │ │ ├── commit.rs │ │ │ └── mod.rs │ │ ├── mod.rs │ │ ├── scriptlet_intercept │ │ │ ├── common.rs │ │ │ ├── groupadd.rs │ │ │ ├── mod.rs │ │ │ ├── useradd.rs │ │ │ └── usermod.rs │ │ └── usroverlay.rs │ ├── bwrap.rs │ ├── capstdext.rs │ ├── cli_experimental.rs │ ├── client.rs │ ├── cliwrap.rs │ ├── cliwrap │ │ ├── cliutil.rs │ │ ├── dracut.rs │ │ ├── grubby.rs │ │ ├── kernel_install_wrap.rs │ │ ├── rpm.rs │ │ └── yumdnf.rs │ ├── cmdutils.rs │ ├── compose.rs │ ├── composepost.rs │ ├── console_progress.rs │ ├── container.rs │ ├── containers_storage.rs │ ├── core.rs │ ├── countme.rs │ ├── countme │ │ ├── cookie.rs │ │ └── repo.rs │ ├── cxxrsutil.rs │ ├── daemon.rs │ ├── deployment_utils.rs │ ├── dirdiff.rs │ ├── extensions.rs │ ├── failpoints.rs │ ├── fedora_integration.rs │ ├── ffiutil.rs │ ├── ffiwrappers.rs │ ├── fsutil.rs │ ├── history.rs │ ├── importer.rs │ ├── initramfs.rs │ ├── isolation.rs │ ├── journal.rs │ ├── kernel_install.rs │ ├── kickstart.rs │ ├── lib.rs │ ├── live.rs │ ├── lockfile.rs │ ├── main.rs │ ├── nameservice │ │ ├── group.rs │ │ ├── mod.rs │ │ ├── passwd.rs │ │ └── shadow.rs │ ├── normalization.rs │ ├── origin.rs │ ├── ostree_prepareroot.rs │ ├── passwd.rs │ ├── progress.rs │ ├── reexec.rs │ ├── rpmutils.rs │ ├── scripts.rs │ ├── sysroot_upgrade.rs │ ├── testutils.rs │ ├── tmpfiles.rs │ ├── tokio_ffi.rs │ ├── treefile.rs │ ├── utils.rs │ └── variant_utils.rs └── test │ ├── dummy-rpm-database.bin │ ├── manifest1.json │ └── manifest2.json ├── src ├── app │ ├── libmain.cxx │ ├── rpm-ostree-0-integration-opt-usrlocal-compat.conf │ ├── rpm-ostree-0-integration-opt-usrlocal.conf │ ├── rpm-ostree-0-integration.conf │ ├── rpmostree-builtin-applylive.cxx │ ├── rpmostree-builtin-cancel.cxx │ ├── rpmostree-builtin-cleanup.cxx │ ├── rpmostree-builtin-compose.cxx │ ├── rpmostree-builtin-db.cxx │ ├── rpmostree-builtin-deploy.cxx │ ├── rpmostree-builtin-ex.cxx │ ├── rpmostree-builtin-finalize-deployment.cxx │ ├── rpmostree-builtin-initramfs-etc.cxx │ ├── rpmostree-builtin-initramfs.cxx │ ├── rpmostree-builtin-kargs.cxx │ ├── rpmostree-builtin-override.cxx │ ├── rpmostree-builtin-rebase.cxx │ ├── rpmostree-builtin-rebuild.cxx │ ├── rpmostree-builtin-refresh-md.cxx │ ├── rpmostree-builtin-reload.cxx │ ├── rpmostree-builtin-reset.cxx │ ├── rpmostree-builtin-rollback.cxx │ ├── rpmostree-builtin-shlib-backend.cxx │ ├── rpmostree-builtin-start-daemon.cxx │ ├── rpmostree-builtin-status.cxx │ ├── rpmostree-builtin-testutils.cxx │ ├── rpmostree-builtin-types.h │ ├── rpmostree-builtin-upgrade.cxx │ ├── rpmostree-builtins.h │ ├── rpmostree-clientlib.cxx │ ├── rpmostree-clientlib.h │ ├── rpmostree-compose-builtin-tree.cxx │ ├── rpmostree-compose-builtins.h │ ├── rpmostree-composeutil.cxx │ ├── rpmostree-composeutil.h │ ├── rpmostree-db-builtin-diff.cxx │ ├── rpmostree-db-builtin-list.cxx │ ├── rpmostree-db-builtin-version.cxx │ ├── rpmostree-db-builtins.h │ ├── rpmostree-ex-builtins.h │ ├── rpmostree-libbuiltin.cxx │ ├── rpmostree-libbuiltin.h │ ├── rpmostree-override-builtins.cxx │ ├── rpmostree-override-builtins.h │ ├── rpmostree-pkg-builtins.cxx │ ├── rpmostree-polkit-agent.cxx │ ├── rpmostree-polkit-agent.h │ └── rpmostreemain.h ├── daemon │ ├── org.projectatomic.rpmostree1.conf │ ├── org.projectatomic.rpmostree1.policy │ ├── org.projectatomic.rpmostree1.service.in │ ├── org.projectatomic.rpmostree1.xml │ ├── rpm-ostree-bootstatus.service │ ├── rpm-ostree-countme.service │ ├── rpm-ostree-countme.timer │ ├── rpm-ostree-fix-shadow-mode.service │ ├── rpm-ostreed-automatic.service │ ├── rpm-ostreed-automatic.timer │ ├── rpm-ostreed-stub.sh.in │ ├── rpm-ostreed.conf │ ├── rpm-ostreed.service │ ├── rpmostree-package-variants.cxx │ ├── rpmostree-package-variants.h │ ├── rpmostree-sysroot-core.cxx │ ├── rpmostree-sysroot-core.h │ ├── rpmostree-sysroot-upgrader.cxx │ ├── rpmostree-sysroot-upgrader.h │ ├── rpmostreed-daemon.cxx │ ├── rpmostreed-daemon.h │ ├── rpmostreed-deployment-utils.cxx │ ├── rpmostreed-deployment-utils.h │ ├── rpmostreed-errors.cxx │ ├── rpmostreed-errors.h │ ├── rpmostreed-os-experimental.cxx │ ├── rpmostreed-os-experimental.h │ ├── rpmostreed-os.cxx │ ├── rpmostreed-os.h │ ├── rpmostreed-sysroot.cxx │ ├── rpmostreed-sysroot.h │ ├── rpmostreed-transaction-applylive.cxx │ ├── rpmostreed-transaction-types.cxx │ ├── rpmostreed-transaction-types.h │ ├── rpmostreed-transaction.cxx │ ├── rpmostreed-transaction.h │ ├── rpmostreed-types.h │ ├── rpmostreed-utils.cxx │ └── rpmostreed-utils.h ├── lib │ ├── rpm-ostree-1.pc.in │ ├── rpmostree-db.c │ ├── rpmostree-db.h │ ├── rpmostree-package-priv.h │ ├── rpmostree-package.c │ ├── rpmostree-package.h │ ├── rpmostree-shlib-ipc-private.h │ ├── rpmostree-version.h.in │ ├── rpmostree.c │ └── rpmostree.h └── libpriv │ ├── 05-rpmostree.install │ ├── dracut-random.cpio.gz │ ├── groupadd-wrapper.sh │ ├── kernel-install-wrapper.sh │ ├── libdnf │ └── dnf-version.h │ ├── libsd-locale-util.c │ ├── libsd-locale-util.h │ ├── libsd-time-util.c │ ├── libsd-time-util.h │ ├── rpmostree-container.cxx │ ├── rpmostree-container.h │ ├── rpmostree-container.hpp │ ├── rpmostree-core-private.h │ ├── rpmostree-core.cxx │ ├── rpmostree-core.h │ ├── rpmostree-cxxrs-prelude.h │ ├── rpmostree-cxxrsutil.hpp │ ├── rpmostree-diff.cxx │ ├── rpmostree-diff.hpp │ ├── rpmostree-editor.cxx │ ├── rpmostree-editor.h │ ├── rpmostree-importer.cxx │ ├── rpmostree-importer.h │ ├── rpmostree-kernel.cxx │ ├── rpmostree-kernel.h │ ├── rpmostree-origin.cxx │ ├── rpmostree-origin.h │ ├── rpmostree-output.cxx │ ├── rpmostree-output.h │ ├── rpmostree-postprocess.cxx │ ├── rpmostree-postprocess.h │ ├── rpmostree-refsack.cxx │ ├── rpmostree-refsack.h │ ├── rpmostree-refts.cxx │ ├── rpmostree-refts.h │ ├── rpmostree-rpm-util.cxx │ ├── rpmostree-rpm-util.h │ ├── rpmostree-scripts.cxx │ ├── rpmostree-scripts.h │ ├── rpmostree-types.h │ ├── rpmostree-unpacker-core.cxx │ ├── rpmostree-unpacker-core.h │ ├── rpmostree-util.cxx │ ├── rpmostree-util.h │ ├── systemctl-wrapper.sh │ ├── useradd-wrapper.sh │ └── usermod-wrapper.sh └── tests ├── README.md ├── build-chunked-oci ├── Containerfile.builder ├── Containerfile.test └── test.sh ├── check └── test-lib-introspection.sh ├── common ├── libtest-core.sh ├── libtest.cxx ├── libtest.h ├── libtest.sh ├── libtestrepos.sh └── libvm.sh ├── compose-image.sh ├── compose-rootfs ├── Containerfile └── manifest.yaml ├── compose.sh ├── compose ├── disabled-test-boot-location-new.sh ├── libbasic-test.sh ├── libcomposetest.sh ├── runtest.sh ├── test-basic-unified.sh ├── test-basic.sh.disabled ├── test-container.sh ├── test-excludes.sh ├── test-ima.sh.disabled ├── test-install-langs.sh ├── test-installroot.sh ├── test-lockfile.sh ├── test-machineid-compat.sh ├── test-misc-tweaks.sh ├── test-mutate-os-release.sh ├── test-repo-metadata.sh ├── test-rootfs-transient.sh ├── test-state-overlays.sh └── test-write-commitid.sh ├── encapsulate.sh ├── gpghome ├── key1.asc ├── key2.asc ├── key3.asc ├── pubring.gpg ├── secring.gpg ├── trustdb.gpg └── trusted │ └── pubring.gpg ├── kolainst ├── .gitignore ├── Makefile ├── destructive │ ├── apply-live │ ├── cached-sigs │ ├── client-layering-upgrade │ ├── cliwrap │ ├── container-image │ ├── container-rebase-upgrade │ ├── container-update-check │ ├── container-update-inplace │ ├── filelists │ ├── initramfs-etc │ ├── initramfs-padding │ ├── layering-local │ ├── layering-useradd │ ├── override-pinning │ ├── override-replace-repo │ ├── shadow │ └── state-overlays ├── kolainst-build.sh └── nondestructive │ └── misc.sh ├── manual └── test-dbquery.py ├── runkola ├── utils └── updateinfo ├── vm.sh ├── vmcheck.sh └── vmcheck ├── install.sh ├── overlay.sh ├── runtest.sh ├── sync.sh ├── test-autoupdate-check.sh ├── test-autoupdate-stage.sh ├── test-cached-rpm-diffs.sh ├── test-db.sh ├── test-download-only.sh ├── test-history.sh ├── test-initramfs.sh ├── test-kernel-args.sh ├── test-layering-basic-1.sh ├── test-layering-basic-2.sh ├── test-layering-gpg.sh ├── test-layering-non-root-caps.sh ├── test-layering-relabel.sh ├── test-layering-relayer.sh ├── test-layering-rpmdb.sh ├── test-layering-scripts.sh ├── test-layering-unified.sh ├── test-misc-2.sh ├── test-override-local-replace.sh ├── test-override-remove.sh ├── test-override-replace-2.sh ├── test-pinned-commit.sh ├── test-reset.sh └── test-upgrades.sh /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | BasedOnStyle: GNU 4 | ColumnLimit: 100 5 | ForEachMacros: ['GLNX_HASH_TABLE_FOREACH', 'GLNX_HASH_TABLE_FOREACH_V', 'GLNX_HASH_TABLE_FOREACH_KV', 'GLNX_HASH_TABLE_FOREACH_IT'] 6 | -------------------------------------------------------------------------------- /.copr/Makefile: -------------------------------------------------------------------------------- 1 | srpm: 2 | ./ci/installdeps.sh 3 | # similar to https://github.com/actions/checkout/issues/760, but for COPR 4 | git config --global --add safe.directory '*' 5 | # if we have a git repo with remotes, fetch tags so `git describe` gives a nice NEVRA when 6 | # building the RPM 7 | if git remote | grep origin; then git fetch origin --tags; fi 8 | git submodule update --init --recursive 9 | # Our primary CI build goes via RPM rather than direct to binaries 10 | # to better test that path, including our vendored spec file, etc. 11 | make -C packaging -f Makefile.dist-packaging srpm 12 | if test -n "$$outdir"; then mv packaging/*.src.rpm $$outdir; fi 13 | 14 | -------------------------------------------------------------------------------- /.dir-locals.el: -------------------------------------------------------------------------------- 1 | ((c-mode . ((indent-tabs-mode . nil) (c-file-style . "gnu")))) 2 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .cosa 2 | target 3 | compose-cache/ 4 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | [*.[ch] *.cxx] 2 | indent_style = space 3 | indent_size = 2 4 | trim_trailing_whitespace = true 5 | indent_brace_style = gnu 6 | max_line_length = 100 7 | -------------------------------------------------------------------------------- /.git-blame-ignore-revs: -------------------------------------------------------------------------------- 1 | # Run through `clang-format`: 2 | # https://github.com/coreos/rpm-ostree/pull/3475 3 | be45a74d0802c764d04cdfc6f3bcc12872b3bb33 4 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | rpmostree-cxxrs.{h,cxx} linguist-generated=true 2 | rust/cxx.h linguist-generated=true 3 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report.yml: -------------------------------------------------------------------------------- 1 | name: Report a bug 2 | description: Report an issue with rpm-ostree 3 | labels: ["kind/bug"] 4 | assignees: [] 5 | body: 6 | - type: textarea 7 | id: bug-description 8 | attributes: 9 | label: Describe the bug 10 | description: A clear and concise description of what the bug is. 11 | placeholder: I'm trying to layer foo but it fails with bar. 12 | validations: 13 | required: true 14 | 15 | - type: textarea 16 | id: bug-reproduction 17 | attributes: 18 | label: Reproduction steps 19 | description: Steps to reproduce the behavior. 20 | placeholder: | 21 | 1. 22 | 2. 23 | 3. 24 | validations: 25 | required: true 26 | 27 | - type: textarea 28 | id: bug-expected 29 | attributes: 30 | label: Expected behavior 31 | description: A clear and concise description of what you expected to happen. 32 | placeholder: Foo should succeed without errors. 33 | validations: 34 | required: true 35 | 36 | - type: textarea 37 | id: bug-actual 38 | attributes: 39 | label: Actual behavior 40 | description: A clear and concise description of what actually happened. 41 | placeholder: Foo failed with ... 42 | validations: 43 | required: true 44 | 45 | - type: textarea 46 | id: bug-system 47 | attributes: 48 | label: System details 49 | description: The version of rpm-ostree and the client system 50 | placeholder: | 51 | - `rpm-ostree --version` 52 | - If the issue is client-side, `rpm-ostree status -b` 53 | validations: 54 | required: true 55 | 56 | - type: textarea 57 | id: bug-additional 58 | attributes: 59 | label: Additional information 60 | description: Add any other information about the problem here. 61 | validations: 62 | required: false 63 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE: -------------------------------------------------------------------------------- 1 | Thank you for contributing to rpm-ostree. 2 | 3 | If you are adding functionality to tree composes, please add 4 | a corresponding test to the compose-test suite. Similarly, 5 | if adding a client-facing feature, consider the vmcheck 6 | suite. Regressions fixes are also great candidates for new 7 | tests. 8 | 9 | If you're not sure where or how to add tests, don't hesitate 10 | to ask for help from the maintainers. 11 | 12 | Cheers! 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: cargo 4 | directory: "/rust/libdnf-sys" 5 | schedule: 6 | interval: weekly 7 | open-pull-requests-limit: 3 8 | - package-ecosystem: cargo 9 | directory: "/" 10 | schedule: 11 | interval: weekly 12 | open-pull-requests-limit: 6 13 | groups: 14 | minor: 15 | update-types: 16 | - minor 17 | - patch 18 | - package-ecosystem: gitsubmodule 19 | directory: "/" 20 | schedule: 21 | interval: weekly 22 | open-pull-requests-limit: 3 23 | -------------------------------------------------------------------------------- /.github/workflows/autovendor.yml: -------------------------------------------------------------------------------- 1 | # Automatically generate a vendor.tar.zstd on pushes to git main. 2 | name: Auto-vendor artifact 3 | 4 | permissions: 5 | actions: read 6 | 7 | on: 8 | push: 9 | branches: [main] 10 | 11 | jobs: 12 | vendor: 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v3 16 | - uses: dtolnay/rust-toolchain@stable 17 | - name: Install vendor tool 18 | run: cargo install --locked cargo-vendor-filterer 19 | - name: Run 20 | run: mkdir -p target && cargo vendor-filterer --format=tar.zstd --prefix=vendor/ target/vendor.tar.zst 21 | - uses: actions/upload-artifact@v4 22 | with: 23 | name: vendor.tar.zst 24 | path: target/vendor.tar.zst 25 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "libglnx"] 2 | path = libglnx 3 | url = https://github.com/GNOME/libglnx.git 4 | [submodule "libdnf"] 5 | path = libdnf 6 | url = https://github.com/rpm-software-management/libdnf 7 | -------------------------------------------------------------------------------- /.vimrc: -------------------------------------------------------------------------------- 1 | set expandtab 2 | set tabstop=8 3 | set softtabstop=2 4 | set shiftwidth=2 5 | 6 | autocmd BufNewFile,BufRead *.c,*.cxx,*.h set textwidth=100 7 | 8 | " This is the same as the default minus 0{, which is really annoying otherwise 9 | " with our coding style. 10 | set cinkeys=0},0),:,0#,!^F,o,O,e 11 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | docs/CONTRIBUTING.md -------------------------------------------------------------------------------- /HACKING.md: -------------------------------------------------------------------------------- 1 | docs/HACKING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | rpm-ostree includes code licensed under GPLv2+, LGPLv2+, (Apache 2.0 OR MIT). 2 | More specifically, the code in `rust/` is under `Apache 2.0 or MIT`, and 3 | the C code (in `src/` mostly) is under a mix of GPLv2+ or LGPLv2+. 4 | See these license files: 5 | 6 | - COPYING.GPL 7 | - COPYING.LGPL 8 | - rust/LICENSE-APACHE 9 | - rust/LICENSE-MIT 10 | 11 | Most of our source files have either a license header or a SPDX license identifier. 12 | 13 | The original intention for rpm-ostree was to match libostree as being LGPLv2+; 14 | this would ensure code could be easily shared between the two, as well as other 15 | LGPLv2+ projects like glib. 16 | 17 | However [due to an accident](https://github.com/projectatomic/rpm-ostree/issues/1890), 18 | some GPLv2+ code was imported, and we're unlikely to easily change that now. 19 | 20 | The rationale for having the Rust code be `Apache 2.0 OR MIT` is to match 21 | most of the Rust ecosystem, so we can easily share it there. 22 | 23 | -------------------------------------------------------------------------------- /Makefile-bash.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2019 Red Hat Inc. 2 | # 3 | # This library is free software; you can redistribute it and/or 4 | # modify it under the terms of the GNU Lesser General Public 5 | # License as published by the Free Software Foundation; either 6 | # version 2 of the License, or (at your option) any later version. 7 | # 8 | # This library is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # Lesser General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU Lesser General Public 14 | # License along with this library; if not, write to the 15 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 16 | # Boston, MA 02111-1307, USA. 17 | 18 | completionsdir = @BASH_COMPLETIONSDIR@ 19 | dist_completions_DATA = completion/rpm-ostree 20 | -------------------------------------------------------------------------------- /Makefile-decls.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2011,2014 Colin Walters 2 | # 3 | # This library is free software; you can redistribute it and/or 4 | # modify it under the terms of the GNU Lesser General Public 5 | # License as published by the Free Software Foundation; either 6 | # version 2 of the License, or (at your option) any later version. 7 | # 8 | # This library is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # Lesser General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU Lesser General Public 14 | # License along with this library; if not, write to the 15 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 16 | # Boston, MA 02111-1307, USA. 17 | 18 | # Common variables 19 | ACLOCAL_AMFLAGS = 20 | AM_CPPFLAGS = 21 | AM_CFLAGS = 22 | AM_CXXFLAGS = 23 | AM_LDFLAGS = 24 | DISTCHECK_CONFIGURE_FLAGS = 25 | SUBDIRS = 26 | NULL = 27 | BUILT_SOURCES = 28 | MANPAGES = 29 | CLEANFILES = 30 | EXTRA_DIST = 31 | bin_PROGRAMS = 32 | sbin_PROGRAMS = 33 | bin_SCRIPTS = 34 | lib_LTLIBRARIES = 35 | libexec_PROGRAMS = 36 | noinst_LTLIBRARIES = 37 | noinst_PROGRAMS = 38 | privlibdir = $(pkglibdir) 39 | privlib_LTLIBRARIES = 40 | pkgconfigdir = $(libdir)/pkgconfig 41 | pkgconfig_DATA = 42 | sysconf_DATA = 43 | INTROSPECTION_GIRS = 44 | girdir = $(datadir)/gir-1.0 45 | gir_DATA = 46 | typelibdir = $(libdir)/girepository-1.0 47 | typelib_DATA = 48 | gsettings_SCHEMAS = 49 | # git.mk 50 | 51 | # This initializes some more variables 52 | include $(top_srcdir)/buildutil/glib-tap.mk 53 | 54 | # This is a special facility to chain together hooks easily 55 | INSTALL_DATA_HOOKS = 56 | install-data-hook: $(INSTALL_DATA_HOOKS) 57 | INSTALL_EXEC_HOOKS = 58 | install-exec-hook: $(INSTALL_EXEC_HOOKS) 59 | 60 | ALL_LOCAL_HOOKS = 61 | all-local: $(ALL_LOCAL_HOOKS) 62 | 63 | CHECK_LOCAL_HOOKS = 64 | check-local: $(CHECK_LOCAL_HOOKS) 65 | 66 | CLEAN_LOCAL_HOOKS = 67 | clean-local: $(CLEAN_LOCAL_HOOKS) 68 | 69 | DIST_HOOKS = 70 | dist-hook: $(DIST_HOOKS) 71 | -------------------------------------------------------------------------------- /Makefile-extra.inc: -------------------------------------------------------------------------------- 1 | # -*- mode: makefile -*- 2 | # This file defines rules that don't depend on Automake. 3 | # The main idea here is some things we may want to execute 4 | # from CI before we've even run automake, and secondly 5 | # one can avoid rerunning Automake when these rules change. 6 | # 7 | # Specifically right now one can invoke e.g. 8 | # `make -f Makefile-extra.inc rustfmt` directly. 9 | 10 | rustfmt: 11 | rustfmt rust/src/*.rs 12 | .PHONY: rustfmt 13 | 14 | -------------------------------------------------------------------------------- /Makefile-lib-defines.am: -------------------------------------------------------------------------------- 1 | # Shared variables between toplevel Makefile.am and doc/Makefile.am 2 | # ...since gtk-doc forces use of recursive make =( 3 | # 4 | # Copyright (C) 2013 Colin Walters 5 | # 6 | # This library is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU Lesser General Public 8 | # License as published by the Free Software Foundation; either 9 | # version 2 of the License, or (at your option) any later version. 10 | # 11 | # This library is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | # Lesser General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU Lesser General Public 17 | # License along with this library; if not, write to the 18 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 19 | # Boston, MA 02111-1307, USA. 20 | 21 | librpmostree_public_headers = \ 22 | src/lib/rpmostree.h \ 23 | src/lib/rpmostree-version.h \ 24 | src/lib/rpmostree-db.h \ 25 | src/lib/rpmostree-package.h \ 26 | $(NULL) 27 | -------------------------------------------------------------------------------- /Makefile-libpriv.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2015 Colin Walters 2 | # 3 | # This library is free software; you can redistribute it and/or 4 | # modify it under the terms of the GNU Lesser General Public 5 | # License as published by the Free Software Foundation; either 6 | # version 2 of the License, or (at your option) any later version. 7 | # 8 | # This library is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # Lesser General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU Lesser General Public 14 | # License along with this library; if not, write to the 15 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 16 | # Boston, MA 02111-1307, USA. 17 | 18 | librpmostreepriv_sources = \ 19 | src/libpriv/rpmostree-postprocess.cxx \ 20 | src/libpriv/rpmostree-postprocess.h \ 21 | src/libpriv/rpmostree-util.cxx \ 22 | src/libpriv/rpmostree-util.h \ 23 | src/libpriv/rpmostree-types.h \ 24 | src/libpriv/rpmostree-refts.h \ 25 | src/libpriv/rpmostree-refts.cxx \ 26 | src/libpriv/rpmostree-container.cxx \ 27 | src/libpriv/rpmostree-container.h \ 28 | src/libpriv/rpmostree-core.cxx \ 29 | src/libpriv/rpmostree-core.h \ 30 | src/libpriv/rpmostree-core-private.h \ 31 | src/libpriv/rpmostree-kernel.cxx \ 32 | src/libpriv/rpmostree-kernel.h \ 33 | src/libpriv/rpmostree-origin.cxx \ 34 | src/libpriv/rpmostree-origin.h \ 35 | src/libpriv/rpmostree-scripts.cxx \ 36 | src/libpriv/rpmostree-scripts.h \ 37 | src/libpriv/rpmostree-refsack.h \ 38 | src/libpriv/rpmostree-refsack.cxx \ 39 | src/libpriv/rpmostree-rpm-util.cxx \ 40 | src/libpriv/rpmostree-rpm-util.h \ 41 | src/libpriv/rpmostree-diff.cxx \ 42 | src/libpriv/rpmostree-importer.cxx \ 43 | src/libpriv/rpmostree-importer.h \ 44 | src/libpriv/rpmostree-unpacker-core.cxx \ 45 | src/libpriv/rpmostree-unpacker-core.h \ 46 | src/libpriv/rpmostree-output.cxx \ 47 | src/libpriv/rpmostree-output.h \ 48 | src/libpriv/rpmostree-editor.cxx \ 49 | src/libpriv/rpmostree-editor.h \ 50 | src/libpriv/libsd-locale-util.c \ 51 | src/libpriv/libsd-locale-util.h \ 52 | src/libpriv/libsd-time-util.c \ 53 | src/libpriv/libsd-time-util.h \ 54 | $(NULL) 55 | -------------------------------------------------------------------------------- /Makefile-man.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2014 Colin Walters 2 | # 3 | # This library is free software; you can redistribute it and/or 4 | # modify it under the terms of the GNU Lesser General Public 5 | # License as published by the Free Software Foundation; either 6 | # version 2 of the License, or (at your option) any later version. 7 | # 8 | # This library is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # Lesser General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU Lesser General Public 14 | # License along with this library; if not, write to the 15 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 16 | # Boston, MA 02111-1307, USA. 17 | 18 | man1_MANS = rpm-ostree.1 19 | man5_MANS = rpm-ostreed.conf.5 20 | man8_MANS = rpm-ostreed-automatic.service.8 \ 21 | rpm-ostreed-automatic.timer.8 \ 22 | rpm-ostree-countme.service.8 \ 23 | rpm-ostree-countme.timer.8 24 | 25 | 26 | XSLTPROC_FLAGS = \ 27 | --nonet \ 28 | --stringparam man.output.quietly 1 \ 29 | --stringparam funcsynopsis.style ansi \ 30 | --stringparam man.th.extra1.suppress 1 \ 31 | --stringparam man.authors.section.enabled 0 \ 32 | --stringparam man.copyright.section.enabled 0 33 | 34 | XSLTPROC_FLAGS_MAN = \ 35 | $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl 36 | 37 | rpm-ostree.1: man/rpm-ostree.xml Makefile 38 | $(AM_V_GEN) $(XSLTPROC) $(XSLTPROC_FLAGS_MAN) $< 39 | 40 | rpm-ostreed.conf.5: man/rpm-ostreed.conf.xml Makefile 41 | $(AM_V_GEN) $(XSLTPROC) $(XSLTPROC_FLAGS_MAN) $< 42 | 43 | rpm-ostreed-automatic.service.8 rpm-ostreed-automatic.timer.8: man/rpm-ostreed-automatic.xml Makefile 44 | $(AM_V_GEN) $(XSLTPROC) $(XSLTPROC_FLAGS_MAN) $< 45 | 46 | rpm-ostree-countme.service.8 rpm-ostree-countme.timer.8: man/rpm-ostree-countme.xml Makefile 47 | $(AM_V_GEN) $(XSLTPROC) $(XSLTPROC_FLAGS_MAN) $< 48 | 49 | CLEANFILES += $(man1_MANS) $(man5_MANS) $(man8_MANS) 50 | -------------------------------------------------------------------------------- /Makefile-tests.am: -------------------------------------------------------------------------------- 1 | BASE_TESTS_ENVIRONMENT = \ 2 | builddir=$(abs_builddir) \ 3 | topsrcdir=$(abs_top_srcdir) \ 4 | commondir=$(abs_top_srcdir)/tests/common 5 | 6 | 7 | AM_TESTS_ENVIRONMENT = \ 8 | UNINSTALLEDTESTS=1 \ 9 | $(BASE_TESTS_ENVIRONMENT) 10 | 11 | # we consume libdnf as a submodule, but we may not have installed it yet (and we 12 | # don't want it to fall back to the system libhif if it's also installed) 13 | AM_TESTS_ENVIRONMENT += \ 14 | LD_LIBRARY_PATH=$(abs_builddir)/libdnf-build/libdnf:$$(cd $(top_builddir)/.libs && pwd)$${LD_LIBRARY_PATH:+:$${LD_LIBRARY_PATH}} \ 15 | GI_TYPELIB_PATH=$$(cd $(top_builddir) && pwd)$${GI_TYPELIB_PATH:+:$$GI_TYPELIB_PATH} \ 16 | $(NULL) 17 | if BUILDOPT_ASAN 18 | AM_TESTS_ENVIRONMENT += BUILDOPT_ASAN=yes ASAN_OPTIONS=detect_leaks=false 19 | endif 20 | 21 | uninstalled_test_scripts = \ 22 | $(NULL) 23 | 24 | uninstalled_test_extra_programs = \ 25 | $(NULL) 26 | 27 | check-local: 28 | @echo " *** NOTE ***" 29 | @echo " \"make check\" only runs unit tests, which have limited coverage currently." 30 | @echo " See HACKING.md for more information about VM-based integration testing." 31 | @echo " *** NOTE ***" 32 | ./rpm-ostree testutils c-units 33 | 34 | .PHONY: vmsync vmoverlay vmcheck testenv 35 | 36 | vmsync: 37 | @set -e; if [ -z "$(SKIP_INSTALL)" ]; then \ 38 | env $(BASE_TESTS_ENVIRONMENT) ./tests/vmcheck/install.sh; \ 39 | fi; \ 40 | env $(BASE_TESTS_ENVIRONMENT) ./tests/vmcheck/sync.sh 41 | 42 | vmoverlay: 43 | @set -e; \ 44 | if [ -z "$(SKIP_INSTALL)" ] && [ -z "$(SKIP_VMOVERLAY)" ]; then \ 45 | env $(BASE_TESTS_ENVIRONMENT) ./tests/vmcheck/install.sh; \ 46 | fi; \ 47 | env $(BASE_TESTS_ENVIRONMENT) ./tests/vmcheck/overlay.sh; 48 | 49 | # One can run the vmcheck.sh script directly. The make target is useful for local 50 | # development so that e.g. we automatically overlay. 51 | vmcheck: vmoverlay 52 | @tests/vmcheck.sh 53 | -------------------------------------------------------------------------------- /Makefile.bindings: -------------------------------------------------------------------------------- 1 | # This is duplicated with LIBRPMOSTREE_RUST_SRCS because this 2 | # Makefile needs to be independent 3 | binding_rust_sources = $(shell find rust/src/ -name '*.rs') Cargo.toml Cargo.lock 4 | 5 | all: rpmostree-cxxrs.h rpmostree-cxxrs.cxx rust/cxx.h 6 | .PHONY: all 7 | 8 | rust/cxx.h: Makefile.bindings 9 | ./target/cxxbridge/bin/cxxbridge --header | clang-format --assume-filename=$@ >$@.tmp && mv $@.tmp $@ 10 | 11 | rpmostree-cxxrs.h: $(binding_rust_sources) rust/cxx.h ./target/cxxbridge/bin/cxxbridge 12 | $(AM_V_GEN) if ./target/cxxbridge/bin/cxxbridge rust/src/lib.rs --header | clang-format --assume-filename=$@ > $@.tmp; then \ 13 | if test -f $@ && cmp $@.tmp $@ 2>/dev/null; then rm -f $@.tmp; else \ 14 | mv $@.tmp $@; \ 15 | fi; \ 16 | else \ 17 | echo cxxbridge failed; exit 1; \ 18 | fi 19 | rpmostree-cxxrs.cxx: $(binding_rust_sources) rpmostree-cxxrs.h 20 | $(AM_V_GEN) if ./target/cxxbridge/bin/cxxbridge --include rpmostree-cxxrs.h rust/src/lib.rs | clang-format --assume-filename=$@ > $@.tmp; then \ 21 | if test -f $@ && cmp $@.tmp $@ 2>/dev/null; then rm -f $@.tmp; else \ 22 | mv $@.tmp $@; \ 23 | fi; \ 24 | else \ 25 | echo cxxbridge failed; exit 1; \ 26 | fi 27 | -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- 1 | docs/RELEASE.md -------------------------------------------------------------------------------- /api-doc/overview.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | ]> 6 | 7 | rpm-ostree Overview 8 | 9 | Introduction 10 | 11 | The project aims to bring together a hybrid of image-like upgrade 12 | features (reliable replication, atomicity), with package-like 13 | flexibility (seeing package sets inside trees, layering, partial live 14 | updates). For more information, see the README.md 15 | in the upstream project. This manual covers the gtk-doc. 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /api-doc/rpmostree-docs.xml.in: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | ]> 8 | 9 | 10 | rpm-ostree Manual 11 | for &version; 12 | 13 | 14 | 15 | API Reference 16 | 17 | 18 | 19 | API Index 20 | 21 | 22 | 23 | 24 | 25 | 26 | D-Bus Interfaces 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /api-doc/rpmostree-sections.txt: -------------------------------------------------------------------------------- 1 |
2 | librpmostree-core 3 | rpm_ostree_get_basearch 4 | rpm_ostree_varsubst_basearch 5 |
6 | 7 |
8 | librpmostree-dbquery 9 | rpm_ostree_db_query 10 |
11 | 12 |
13 | librpmostree-package 14 | RpmOstreePackage 15 | rpm_ostree_package_get_type 16 | rpm_ostree_package_get_name 17 | rpm_ostree_package_get_evr 18 | rpm_ostree_package_get_arch 19 | rpm_ostree_package_get_nevra 20 | rpm_ostree_package_cmp 21 |
22 | -------------------------------------------------------------------------------- /api-doc/treefile-examples/fedora-rawhide-base.json: -------------------------------------------------------------------------------- 1 | { 2 | "ref": "fedora-atomic/rawhide/x86_64/base/core", 3 | 4 | "gpg-key": "", 5 | 6 | "repos": ["fedora-rawhide"], 7 | 8 | "selinux": true, 9 | 10 | "packages": ["kernel", "ostree", "lvm2", 11 | "btrfs-progs", "e2fsprogs", "xfsprogs", 12 | "gnupg2", "selinux-policy-targeted", 13 | "openssh-server", "openssh-clients", 14 | "NetworkManager", "vim-minimal", "nano", "sudo"] 15 | } 16 | -------------------------------------------------------------------------------- /api-doc/treefile-examples/fedora-rawhide-docker.json: -------------------------------------------------------------------------------- 1 | { 2 | "ref": "fedora-atomic/rawhide/x86_64/server/docker", 3 | 4 | "include": "fedora-rawhide-base.json", 5 | 6 | "packages": ["docker-io"], 7 | 8 | "units": ["docker.service", "docker.socket"] 9 | } 10 | -------------------------------------------------------------------------------- /api-doc/treefile-examples/fedora-rawhide.repo: -------------------------------------------------------------------------------- 1 | [fedora-rawhide] 2 | name=Fedora - Rawhide - Developmental packages for the next Fedora release 3 | failovermethod=priority 4 | #baseurl=http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/$basearch/os/ 5 | metalink=https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=$basearch 6 | enabled=1 7 | gpgcheck=0 8 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch 9 | skip_if_unavailable=False 10 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | test -n "$srcdir" || srcdir=`dirname "$0"` 5 | test -n "$srcdir" || srcdir=. 6 | 7 | olddir=`pwd` 8 | cd $srcdir 9 | 10 | if ! which autoreconf 2>/dev/null; then 11 | echo "*** No autoreconf found, please install it ***" 12 | exit 1 13 | fi 14 | 15 | mkdir -p m4 16 | 17 | if ! which gtkdocize 2>/dev/null; then 18 | echo "You don't have gtk-doc installed, and thus won't be able to generate the documentation." 19 | rm -f gtk-doc.make 20 | cat > gtk-doc.make <libglnx/Makefile-libglnx.am.inc 33 | 34 | # FIXME - figure out how to get aclocal to find this by default 35 | ln -sf ../libglnx/libglnx.m4 buildutil/libglnx.m4 36 | 37 | autoreconf --force --install --verbose 38 | 39 | cd $olddir 40 | test -n "$NOCONFIGURE" || "$srcdir/configure" "$@" 41 | -------------------------------------------------------------------------------- /build.rs: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 OR MIT 2 | use anyhow::Result; 3 | 4 | fn detect_fedora_feature() -> Result<()> { 5 | if !std::path::Path::new("/usr/lib/os-release").exists() { 6 | return Ok(()); 7 | } 8 | let p = std::process::Command::new("sh") 9 | .args(["-c", ". /usr/lib/os-release && echo ${ID}"]) 10 | .stdout(std::process::Stdio::piped()) 11 | .output()?; 12 | let out = std::str::from_utf8(&p.stdout).ok().map(|s| s.trim()); 13 | if out == Some("fedora") { 14 | println!(r#"cargo:rustc-cfg=feature="fedora-integration""#) 15 | } 16 | Ok(()) 17 | } 18 | 19 | fn main() -> Result<()> { 20 | if std::env::var("CARGO_FEATURE_SANITIZERS").is_ok() { 21 | // Force these on 22 | println!("cargo:rustc-link-lib=ubsan"); 23 | println!("cargo:rustc-link-lib=asan"); 24 | } 25 | let cwd = std::env::current_dir()?; 26 | let cwd = cwd.to_str().expect("utf8 pwd"); 27 | println!("cargo:rustc-link-search={}/.libs", cwd); 28 | println!("cargo:rustc-link-lib=static=rpmostreeinternals"); 29 | println!( 30 | "cargo:rerun-if-changed={}/.libs/librpmostreeinternals.a", 31 | cwd 32 | ); 33 | println!("cargo:rustc-link-lib=cap"); 34 | println!("cargo:rustc-link-lib=rt"); 35 | println!("cargo:rustc-link-lib=stdc++"); 36 | // https://github.com/ostreedev/ostree/commit/1f832597fc83fda6cb8daf48c4495a9e1590774c 37 | // https://github.com/rust-lang/rust/issues/47714 38 | println!("cargo:rustc-link-lib=dl"); 39 | println!("cargo:rustc-link-lib=m"); 40 | system_deps::Config::new().probe()?; 41 | detect_fedora_feature()?; 42 | Ok(()) 43 | } 44 | -------------------------------------------------------------------------------- /buildutil/.gitignore: -------------------------------------------------------------------------------- 1 | gtk-doc.m4 2 | libtool.m4 3 | ltoptions.m4 4 | ltsugar.m4 5 | ltversion.m4 6 | lt~obsolete.m4 7 | libglnx.m4 8 | -------------------------------------------------------------------------------- /buildutil/glibtests.m4: -------------------------------------------------------------------------------- 1 | dnl GLIB_TESTS 2 | dnl 3 | 4 | AC_DEFUN([GLIB_TESTS], 5 | [ 6 | AC_ARG_ENABLE(installed-tests, 7 | AS_HELP_STRING([--enable-installed-tests], 8 | [Enable installation of some test cases]), 9 | [case ${enableval} in 10 | yes) ENABLE_INSTALLED_TESTS="1" ;; 11 | no) ENABLE_INSTALLED_TESTS="" ;; 12 | *) AC_MSG_ERROR([bad value ${enableval} for --enable-installed-tests]) ;; 13 | esac]) 14 | AM_CONDITIONAL([ENABLE_INSTALLED_TESTS], test "$ENABLE_INSTALLED_TESTS" = "1") 15 | AC_ARG_ENABLE(always-build-tests, 16 | AS_HELP_STRING([--enable-always-build-tests], 17 | [Enable always building tests during 'make all']), 18 | [case ${enableval} in 19 | yes) ENABLE_ALWAYS_BUILD_TESTS="1" ;; 20 | no) ENABLE_ALWAYS_BUILD_TESTS="" ;; 21 | *) AC_MSG_ERROR([bad value ${enableval} for --enable-always-build-tests]) ;; 22 | esac]) 23 | AM_CONDITIONAL([ENABLE_ALWAYS_BUILD_TESTS], test "$ENABLE_ALWAYS_BUILD_TESTS" = "1") 24 | if test "$ENABLE_INSTALLED_TESTS" == "1"; then 25 | AC_SUBST(installed_test_metadir, [${datadir}/installed-tests/]AC_PACKAGE_NAME) 26 | AC_SUBST(installed_testdir, [${libexecdir}/installed-tests/]AC_PACKAGE_NAME) 27 | fi 28 | ]) 29 | -------------------------------------------------------------------------------- /buildutil/tap-test: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | set -euo pipefail 3 | 4 | # run a GTest in tap mode. The test binary is passed as $1 5 | # use /var/tmp so we can use xattrs in case /tmp is on tmpfs 6 | 7 | srcd=$(cd $(dirname $1) && pwd) 8 | bn=$(basename $1) 9 | test_tmpdir=$(mktemp -d /var/tmp/tap-test.XXXXXX) 10 | function cleanup () { 11 | if test -z "${TEST_SKIP_CLEANUP:-}"; then 12 | if test -f ${test_tmpdir}/.test; then 13 | rm "${test_tmpdir}" -rf 14 | fi 15 | else 16 | echo "Skipping cleanup of ${test_tmpdir}" 17 | fi 18 | } 19 | trap cleanup EXIT 20 | cd ${test_tmpdir} 21 | touch .test 22 | ${srcd}/${bn} -k --tap 23 | -------------------------------------------------------------------------------- /ci/build-check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Install build dependencies, run unit tests and installed tests. 4 | 5 | # This script is what Prow runs. 6 | 7 | set -xeuo pipefail 8 | 9 | dn=$(dirname $0) 10 | . ${dn}/libbuild.sh 11 | # Hard fail on compiler warnings in CI. We control our compiler 12 | # version as part of the coreos-assembler buildroot and expect 13 | # that to be clean. 14 | CONFIGOPTS="--enable-werror --enable-bin-unit-tests" ${dn}/build.sh 15 | make check 16 | -------------------------------------------------------------------------------- /ci/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Install build dependencies and then build. 4 | 5 | set -xeuo pipefail 6 | 7 | dn=$(dirname $0) 8 | . ${dn}/libbuild.sh 9 | 10 | ${dn}/installdeps.sh 11 | # make it clear what rustc version we're compiling with (this is grepped in CI) 12 | rustc --version 13 | 14 | export LSAN_OPTIONS=verbosity=1:log_threads=1 15 | # And now the build 16 | build --enable-installed-tests --enable-gtk-doc ${CONFIGOPTS:-} 17 | -------------------------------------------------------------------------------- /ci/clang-analyzer.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Use the clang static analyzer 4 | 5 | set -xeuo pipefail 6 | 7 | dn=$(dirname $0) 8 | . ${dn}/libbuild.sh 9 | ${dn}/installdeps.sh 10 | env NOCONFIGURE=1 ./autogen.sh 11 | scan-build ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc 12 | scan-build ${ARTIFACT_DIR:+-o ${ARTIFACT_DIR}} make 13 | -------------------------------------------------------------------------------- /ci/clang-build-check.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Install build dependencies, run unit tests and installed tests. 4 | 5 | # This script is what Prow runs. 6 | 7 | set -xeuo pipefail 8 | 9 | dn=$(dirname $0) 10 | . ${dn}/libbuild.sh 11 | export CC=clang CXX=clang++ 12 | ${dn}/build-check.sh 13 | -------------------------------------------------------------------------------- /ci/codestyle.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Tests that validate structure of the source code; 4 | # can be run without building it. 5 | set -euo pipefail 6 | 7 | echo -n "checking for tabs... " 8 | (git grep -E '^ +' -- '*.[ch]' || true) > tabdamage.txt 9 | if test -s tabdamage.txt; then 10 | echo "Error: tabs in .[ch] files:" 1>&2 11 | cat tabdamage.txt 1>&2 12 | exit 1 13 | fi 14 | rm tabdamage.txt 15 | echo "ok" 16 | 17 | echo -n "checking clang-format... " 18 | git ls-files '**.c' '**.cxx' '**.h' '**.hpp' | xargs clang-format --Werror --dry-run 19 | echo "ok" 20 | 21 | echo -n "checking rustfmt... " 22 | for crate in $(find -iname Cargo.toml); do 23 | if ! cargo fmt --manifest-path ${crate} -- --check; then 24 | echo "cargo fmt failed; run: cd $(dirname ${crate}) && cargo fmt" 1>&2 25 | exit 1 26 | fi 27 | done 28 | echo "ok" 29 | 30 | ident='SPDX-License-Identifier:' 31 | echo -n "checking \"$ident\"... " 32 | git ls-files '*.rs' | while read f; do 33 | if ! grep -qF "$ident" $f; then 34 | echo "error: File $f: Missing $ident" 1>&2 35 | exit 1 36 | fi 37 | done 38 | echo "ok" 39 | 40 | echo 'checking for goto...' 41 | if git grep 'goto [a-z]*;' '*.c' '*.cxx'; then 42 | echo "error: found goto usage" 1>&2 43 | exit 1 44 | fi 45 | echo "ok" 46 | -------------------------------------------------------------------------------- /ci/commit-validation.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | set -xeuo pipefail 4 | # Add cheap (non-building) checks here 5 | dn=$(dirname $0) 6 | . ${dn}/libbuild.sh 7 | ${dn}/codestyle.sh 8 | ${dn}/ci-commitmessage-submodules.sh 9 | -------------------------------------------------------------------------------- /ci/composepost-checks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # This script expects a coreos-assembler working directory 4 | # and will validate parts of the generated ostree commit. 5 | 6 | set -xeuo pipefail 7 | 8 | dn=$(cd "$(dirname "$0")" && pwd) 9 | commondir=$(cd "$dn/../tests/common" && pwd) 10 | . "${commondir}/libtest-core.sh" 11 | 12 | repo=tmp/repo 13 | ref=$(cosa meta --get-value ref) 14 | 15 | # Nothing in /boot (but it should exist) 16 | ostree --repo="${repo}" ls -R "${ref}" /boot > tmp/bootls.txt 17 | cat >tmp/bootls-expected.txt < tmp/bootls.txt 23 | assert_not_file_has_content tmp/bootls.txt vmlinuz- 24 | assert_not_file_has_content tmp/bootls.txt initramfs- 25 | # And use the kver to find the kernel in /usr/lib/modules 26 | ostree --repo="${repo}" ls -R "${ref}" /usr/lib/modules > tmp/modules-lsr.txt 27 | assert_file_has_content tmp/modules-lsr.txt '/vmlinuz$' 28 | assert_file_has_content tmp/modules-lsr.txt '/initramfs.img$' 29 | echo "ok boot location modules" 30 | 31 | ostree --repo="${repo}" show --print-metadata-key=ostree.bootable "${ref}" >out.txt 32 | assert_file_has_content_literal out.txt 'true' 33 | echo "ok bootable metadata" 34 | -------------------------------------------------------------------------------- /ci/container-build-integration.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Verify container build flows 4 | set -euo pipefail 5 | 6 | examples=(tailscale replace-kernel) 7 | set -x 8 | 9 | workdir=${PWD} 10 | for example in "${examples[@]}"; do 11 | cd coreos-layering-examples/${example} 12 | # Inject our code 13 | tar xvf ${workdir}/install.tar 14 | sed -ie 's,^\(FROM .*\),\1\nADD usr/ /usr/,' Containerfile 15 | git diff 16 | 17 | # Our built binaries are using testing-devel, which might be a different 18 | # Fedora major version for example 19 | podman build --from quay.io/fedora/fedora-coreos:testing-devel -t localhost/fcos-$example . 20 | cd ${workdir} 21 | done 22 | 23 | echo ok container image integration 24 | -------------------------------------------------------------------------------- /ci/coreosci-rpmbuild.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | set -euo pipefail 4 | 5 | dn=$(dirname $0) 6 | . ${dn}/libbuild.sh 7 | 8 | set -x 9 | make -f .copr/Makefile srpm 10 | ./packaging/rpmbuild-cwd --with bin-unit-tests --rebuild packaging/*.src.rpm 11 | mv $(arch)/*.rpm . 12 | -------------------------------------------------------------------------------- /ci/cosa-build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Build rpm-ostree, using cosa as a buildroot and then 4 | # override the version inside cosa, then build FCOS 5 | set -xeuo pipefail 6 | 7 | cosaimg=registry.ci.openshift.org/coreos/coreos-assembler:latest 8 | podman pull "${cosaimg}" 9 | 10 | # Build rpm-ostree using cosa as a buildroot, and extract the result 11 | podman run --security-opt label=disable --rm \ 12 | -v $(pwd):/srv/code -w /srv/code \ 13 | --entrypoint bash --user root \ 14 | "${cosaimg}" \ 15 | -c 'yum -y swap fedora-release-container fedora-release && ./ci/build.sh && make install DESTDIR=$(pwd)/installroot' 16 | 17 | codedir=$(pwd) 18 | mkdir fcos 19 | cd fcos 20 | cat >script.sh <<'EOF' 21 | #!/usr/bin/bash 22 | set -xeuo pipefail 23 | # Overlay the built binaries 24 | rsync -rlv /code/installroot/usr/ /usr/ 25 | coreos-assembler init --force https://github.com/coreos/fedora-coreos-config 26 | coreos-assembler build ostree 27 | EOF 28 | chmod a+x script.sh 29 | podman run --privileged --rm -ti \ 30 | -v ${codedir}:/code -v $(pwd):/srv -w /srv \ 31 | --entrypoint bash \ 32 | --privileged ${cosaimg} \ 33 | ./script.sh 34 | -------------------------------------------------------------------------------- /ci/cosa-overrides.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Inject ideally temporary overrides into our cosa build 4 | # skopeo for containers https://github.com/containers/skopeo/pull/1476 5 | cd overrides/rpm 6 | -------------------------------------------------------------------------------- /ci/install-cxx.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # We use https://cxx.rs to generate C++ and Rust bridge code. If you change 4 | # rust/src/lib.rs, you will need to install the tool. 5 | set -xeuo pipefail 6 | CXX_VER=$(cargo metadata --format-version 1 | jq -r '.packages[]|select(.name == "cxx").version') 7 | mkdir -p target 8 | time cargo install --root=target/cxxbridge cxxbridge-cmd --version "${CXX_VER}" 9 | -------------------------------------------------------------------------------- /ci/install-test-deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | set -euo pipefail 4 | dn=$(dirname $0) 5 | . ${dn}/libbuild.sh 6 | deps=$(grep -v '^#' "${dn}"/testdeps.txt) 7 | pkg_install ${deps} 8 | -------------------------------------------------------------------------------- /ci/installdeps.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Install build dependencies 4 | 5 | set -xeuo pipefail 6 | 7 | dn=$(dirname $0) 8 | . ${dn}/libbuild.sh 9 | 10 | if [ -z "${SKIP_INSTALLDEPS:-}" ] && test $(id -u) -eq 0; then 11 | dnf -y install dnf-plugins-core 12 | # we have the canonical spec file handy so just builddep from that 13 | # XXX: use --allowerasing as a temporary hack to ease the migration to libmodulemd2 14 | pkg_builddep_spec --allowerasing packaging/rpm-ostree.spec 15 | 16 | osid="$(. /etc/os-release && echo $ID)" 17 | if [ "${osid}" == centos ]; then 18 | dnf -y update https://kojihub.stream.centos.org/kojifiles/packages/ostree/2023.7/2.el9/$(arch)/ostree-{,libs-,devel-}2023.7-2.el9.$(arch).rpm 19 | fi 20 | fi 21 | 22 | mkdir -p target 23 | time cargo install --locked --root=target/cargo-vendor-filterer cargo-vendor-filterer --version ^0.5 24 | -------------------------------------------------------------------------------- /ci/libbuild.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | 4 | # OpenShift Prow jobs don't set $HOME, but we need 5 | # one for cargo right now. 6 | if test -z "$HOME" || test ! -w "$HOME"; then 7 | export HOME=$(mktemp -d -t --suffix .prowhome) 8 | fi 9 | 10 | pkg_upgrade() { 11 | echo "Running dnf -y distro-sync... $(date)" 12 | time dnf -y distro-sync 13 | echo "Done dnf -y distro-sync! $(date)" 14 | } 15 | 16 | make() { 17 | time /usr/bin/make -j ${MAKE_JOBS:-$(getconf _NPROCESSORS_ONLN)} "$@" 18 | } 19 | 20 | build() { 21 | env NOCONFIGURE=1 ./autogen.sh 22 | time ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc "$@" 23 | time make V=1 24 | } 25 | 26 | pkg_install() { 27 | echo "Running dnf -y install... $(date)" 28 | time dnf -y install "$@" 29 | echo "Done running dnf -y install! $(date)" 30 | } 31 | 32 | pkg_builddep_spec() { 33 | if test -x /usr/bin/dnf5; then 34 | # copr build dnf5 environment deps 35 | dnf install -y 'dnf5-command(builddep)' 36 | dnf builddep -y "$@" 37 | else 38 | dnf builddep -y --spec "$@" 39 | fi 40 | } 41 | 42 | pkg_builddep() { 43 | # This is sadly the only case where it's a different command 44 | if test -x /usr/bin/dnf; then 45 | time dnf builddep -y "$@" 46 | else 47 | time yum-builddep -y "$@" 48 | fi 49 | } 50 | 51 | pkg_install_builddeps() { 52 | pkg_install dnf-plugins-core 'dnf-command(builddep)' 53 | # Base buildroot (but exclude fedora-release, conflicts with -container: 54 | # https://bugzilla.redhat.com/show_bug.cgi?id=1649921) 55 | pkg_install @buildsys-build --excludepkg fedora-release 56 | # builddeps+runtime deps 57 | if [ $# -ne 0 ]; then 58 | pkg_builddep "$@" 59 | pkg_install "$@" 60 | time rpm -e "$@" 61 | fi 62 | } 63 | -------------------------------------------------------------------------------- /ci/prow/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/coreos-assembler/fcos-buildroot:testing-devel as builder 2 | WORKDIR /src 3 | COPY . . 4 | RUN ./ci/coreosci-rpmbuild.sh && mkdir -p /cosa/component-rpms && mv rpm-ostree{,-libs}-20*.rpm /cosa/component-rpms 5 | RUN make -C tests/kolainst install DESTDIR=/cosa/component-tests 6 | # Uncomment this to fake a build to test the code below 7 | #RUN mkdir -p /cosa/component-install/usr/bin && echo foo > /cosa/component-install/usr/bin/foo 8 | 9 | FROM registry.ci.openshift.org/coreos/coreos-assembler:latest 10 | WORKDIR /srv 11 | USER root 12 | # Copy binaries from the build 13 | COPY --from=builder /cosa /cosa 14 | # Merge them to the real root since we're used at compose time 15 | RUN dnf install -y /cosa/component-rpms/*.rpm 16 | # Merge installed tests 17 | RUN rsync -rlv /cosa/component-tests/ / 18 | # Grab all of our ci scripts 19 | COPY --from=builder /src/ci/ /ci/ 20 | RUN ln -sr /ci/prow/fcos-e2e.sh /usr/bin/fcos-e2e 21 | USER builder 22 | -------------------------------------------------------------------------------- /ci/prow/Dockerfile.buildroot: -------------------------------------------------------------------------------- 1 | # We don't preinstall anything additional yet, that 2 | # will be done by injected code. 3 | FROM quay.io/coreos-assembler/fcos-buildroot:testing-devel 4 | -------------------------------------------------------------------------------- /ci/prow/Dockerfile.ci-updates: -------------------------------------------------------------------------------- 1 | # This container will be executed in Prow (but could also be run elsewhere) 2 | # and spawns a VM which will verify updates work 3 | # This really just depends on `cosa run`, which we could 4 | # in theory split out separately at some point later. 5 | FROM quay.io/coreos-assembler/coreos-assembler:latest 6 | WORKDIR /srv 7 | USER root 8 | # Grab all of our ci scripts 9 | COPY /ci/ /ci/ 10 | # Install the script in /usr/bin, and put the kola test in place 11 | RUN ln -sr /ci/prow/e2e-upgrades.sh /usr/bin/e2e-upgrades && cp -a /ci/prow/kola /usr/lib/coreos-assembler/tests/kola/rpm-ostree 12 | USER builder 13 | ENTRYPOINT [] 14 | CMD ["/usr/bin/e2e-upgrades"] 15 | -------------------------------------------------------------------------------- /ci/prow/Dockerfile.fcos: -------------------------------------------------------------------------------- 1 | # This Dockerfile generates a container image that installs a build from git into 2 | # a Fedora CoreOS image. 3 | FROM quay.io/coreos-assembler/fcos-buildroot:testing-devel as builder 4 | WORKDIR /src 5 | COPY . . 6 | RUN ./ci/build.sh && make install DESTDIR=$(pwd)/install && tar -C install -czf /srv/install.tar . 7 | 8 | FROM quay.io/fedora/fedora-coreos:testing-devel 9 | COPY --from=builder /srv/install.tar /tmp 10 | RUN tar -xvf /tmp/install.tar && ostree container commit 11 | -------------------------------------------------------------------------------- /ci/prow/Dockerfile.fcos2: -------------------------------------------------------------------------------- 1 | # This Dockerfile should actually derive from the first build, 2 | # and verifies a subsequent update 3 | FROM quay.io/fedora/fedora-coreos:testing-devel 4 | RUN touch /etc/somenewfile && rpm -e moby-engine && ostree container commit 5 | -------------------------------------------------------------------------------- /ci/prow/e2e-upgrades.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | set -xeuo pipefail 4 | 5 | # Attempt to keep this script in sync with https://github.com/containers/bootc/blob/main/ci/run-kola.sh 6 | 7 | # We require the an image containing our binaries-under-test to have been injected 8 | # by an external system, e.g. Prow 9 | # https://docs.ci.openshift.org/docs/architecture/ci-operator/#referring-to-images-in-tests 10 | 11 | tmpdir="$(mktemp -d -p /var/tmp)" 12 | cd "${tmpdir}" 13 | 14 | echo "ostree-unverified-registry:$TARGET_IMAGE" > target-image 15 | echo "ostree-unverified-registry:$UPGRADE_IMAGE" > upgrade-image 16 | # Detect Prow; if we find it, assume the image requires a pull secret 17 | if test -n "${JOB_NAME_HASH:-}"; then 18 | oc registry login --to auth.json 19 | else 20 | # Default to an empty secret to exercise that path 21 | echo '{}' > auth.json 22 | fi 23 | cat > config.bu << 'EOF' 24 | variant: fcos 25 | version: 1.1.0 26 | storage: 27 | files: 28 | - path: /etc/target-image 29 | contents: 30 | local: target-image 31 | - path: /etc/upgrade-image 32 | contents: 33 | local: upgrade-image 34 | - path: /etc/ostree/auth.json 35 | contents: 36 | local: auth.json 37 | systemd: 38 | units: 39 | - name: zincati.service 40 | enable: false 41 | EOF 42 | butane -d . < config.bu > config.ign 43 | 44 | if test -z "${BASE_QEMU_IMAGE:-}"; then 45 | coreos-installer download -p qemu -f qcow2.xz --decompress 46 | BASE_QEMU_IMAGE=./"$(echo *.qcow2)" 47 | fi 48 | cosa kola run --append-ignition config.ign --oscontainer ostree-unverified-registry:${TARGET_IMAGE} --qemu-image "${BASE_QEMU_IMAGE}" ext.rpm-ostree.upgrades 49 | 50 | echo "ok kola upgrades" 51 | -------------------------------------------------------------------------------- /ci/prow/fcos-e2e.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | set -xeuo pipefail 4 | 5 | # Prow jobs don't support adding emptydir today 6 | export COSA_SKIP_OVERLAY=1 7 | # And suppress depcheck since we didn't install via RPM 8 | export COSA_SUPPRESS_DEPCHECK=1 9 | ls -al /usr/bin/rpm-ostree 10 | rpm-ostree --version 11 | cd $(mktemp -d) 12 | cosa init https://github.com/coreos/fedora-coreos-config/ 13 | cp /cosa/component-rpms/*.rpm overrides/rpm 14 | cosa fetch 15 | cosa build 16 | cosa kola run 'ext.rpm-ostree.*' 17 | -------------------------------------------------------------------------------- /ci/ridiculous-rhel-devel-workaround.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # 4 | # Builds libsmartcols-devel which libdnf depends on 5 | # 6 | # RHEL and -devel packages are just broken. Today RHEL9 doesn't ship libsmartcols-devel, 7 | # and it's not even in CRB so we need to rebuild it ourself. Which, should actually be 8 | # a normal and natural thing to do, except our RPM build process is totally 9 | # not designed to handle chained builds sanely. See also https://github.com/projectatomic/rpmdistro-gitoverlay/ 10 | # 11 | # If we had a more NixOS like model where the binaries are just a *cache of the source*, 12 | # then here we'd just add the centos "CRB" binary cache. 13 | 14 | set -xeuo pipefail 15 | 16 | dn=$(dirname $0) 17 | . ${dn}/libbuild.sh 18 | 19 | if test -f /usr/lib/os-release; then 20 | . /usr/lib/os-release 21 | if [[ "${ID_LIKE}" =~ rhel ]] && [[ ${VERSION_ID} -gt 8 ]]; then 22 | yum -y install yum-utils 23 | # https://docs.fedoraproject.org/en-US/epel/#_el9 24 | yum config-manager --set-enabled crb 25 | yum -y install epel-release 26 | yum -y install git 27 | test -d util-linux || git clone https://gitlab.com/redhat/centos-stream/rpms/util-linux 28 | cd util-linux 29 | yum -y install centpkg 30 | yum -y builddep *.spec 31 | builddir=$(arch) 32 | if test '!' -d "$builddir"; then 33 | centpkg local 34 | fi 35 | rm -vf $builddir/*debuginfo*.rpm 36 | rm -vf $builddir/*python*.rpm 37 | yum -y localinstall $builddir/*.rpm 38 | fi 39 | else 40 | echo "Unhandled OS" 1>&2 41 | exit 1 42 | fi 43 | -------------------------------------------------------------------------------- /ci/testdeps.txt: -------------------------------------------------------------------------------- 1 | # Dependencies for our test suites, i.e. ./tests/compose and 2 | # ./tests/vmcheck. 3 | createrepo_c rpm-sign 4 | python3-pyyaml 5 | libubsan libasan libtsan elfutils fuse sudo python3-gobject-base 6 | selinux-policy-devel selinux-policy-targeted python3-createrepo_c 7 | rsync python3-rpm parallel distribution-gpg-keys cpio 8 | -------------------------------------------------------------------------------- /ci/unit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | set -euo pipefail 4 | 5 | dn=$(dirname $0) 6 | . ${dn}/libbuild.sh 7 | 8 | ci/installdeps.sh 9 | ci/build.sh 10 | -------------------------------------------------------------------------------- /ci/verify-cxx.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Verify that the cxx-generated C++ code is in sync 4 | set -xeuo pipefail 5 | dn=$(dirname $0) 6 | $dn/install-cxx.sh 7 | make -f Makefile.bindings 8 | if ! git diff; then 9 | echo "Found diff in cxx-generated code; please run: make -f Makefile.bindings" 1>&2 10 | exit 1 11 | fi 12 | echo "ok: cxx generated code matches" 13 | -------------------------------------------------------------------------------- /ci/vmcheck-provision.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # SPDX-License-Identifier: Apache-2.0 OR MIT 3 | # Install build dependencies, run unit tests and installed tests. 4 | 5 | set -xeuo pipefail 6 | 7 | dn=$(dirname $0) 8 | . ${dn}/libbuild.sh 9 | pkg_install openssh-clients 10 | -------------------------------------------------------------------------------- /deny.toml: -------------------------------------------------------------------------------- 1 | [licenses] 2 | allow = ["Apache-2.0", "Apache-2.0 WITH LLVM-exception", "MIT", 3 | "BSD-3-Clause", "BSD-2-Clause", "Zlib", 4 | "Unlicense", "CC0-1.0", "BSL-1.0", 5 | "Unicode-DFS-2016", "Unicode-3.0", 6 | "LGPL-2.1 WITH GCC-exception-2.0"] 7 | private = { ignore = true } 8 | 9 | [[bans.deny]] 10 | # We want to require FIPS validation downstream, so we use openssl 11 | name = "ring" 12 | 13 | [sources] 14 | unknown-registry = "deny" 15 | unknown-git = "deny" 16 | allow-git = ["https://github.com/containers/bootc", "https://github.com/containers/composefs-rs"] 17 | -------------------------------------------------------------------------------- /docs/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | --- 2 | has_children: true 3 | has_toc: false 4 | nav_order: 7 5 | --- 6 | 7 | # Contributing 8 | {: .no_toc } 9 | 10 | 1. [Hacking on rpm-ostree](HACKING.md) 11 | 1. [Repository structure](repo_structure.md) 12 | 1. [Releasing rpm-ostree](RELEASE.md) 13 | 14 | ## Submitting patches 15 | 16 | Submit a pull request against [coreos/rpm-ostree][rpm-ostree]. 17 | 18 | Please look at `git log` and match the commit log style. 19 | 20 | ## Running the test suite 21 | 22 | There is `make check` as well as `make vmcheck`. See also what the 23 | [Jenkinsfile][jenkinsfile] file does. 24 | 25 | ## Coding style 26 | 27 | See the [OSTree CONTRIBUTING][contributing] coding style. 28 | 29 | [rpm-ostree]: https://github.com/coreos/rpm-ostree 30 | [jenkinsfile]: https://github.com/coreos/rpm-ostree/blob/main/.cci.jenkinsfile 31 | [contributing]: https://github.com/ostreedev/ostree/blob/main/docs/CONTRIBUTING.md 32 | -------------------------------------------------------------------------------- /docs/RELEASE.md: -------------------------------------------------------------------------------- 1 | --- 2 | parent: Contributing 3 | nav_order: 3 4 | --- 5 | 6 | # Releasing rpm-ostree 7 | 8 | 1. Increment the `year_version` and `release_version` macros in `configure.ac`. 9 | 2. Increment the `Version` field in `rpm-ostree.spec`. 10 | 3. Verify the libdnf deps in `rpm-ostree.spec` are up to date by copy/pasting 11 | the relevant bits from the spec in the git submodule (`libdnf/libdnf.spec`). 12 | 4. Submit as a PR and wait until reviewed *and* CI is green. 13 | 5. Once merged, do `git pull $upstream && git reset --hard $upstream/main` on 14 | your local `main` branch to make sure you're on the right commit. 15 | 6. Draft release notes by seeding a HackMD.io with `git shortlog $last_tag..` 16 | and ideally collaborating with others. Filter out the commits from 17 | `dependabot`. See previous releases for format. 18 | 7. Use [`git-evtag`](https://github.com/cgwalters/git-evtag) to create a signed 19 | tag with the release notes as its content. Make the first line be the name of 20 | the tag itself. 21 | 8. Push the tag using `git push $upstream v202X.XX`. 22 | 9. Create the xz tarball: `make -C packaging -f Makefile.dist-packaging dist-snapshot` 23 | 10. Create a GitHub release for the new release tag using its contents and 24 | attach the tarball. 25 | -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- 1 | # Template generated by https://github.com/coreos/repo-templates; do not edit downstream 2 | 3 | # To test documentation changes locally or using GitHub Pages, see: 4 | # https://github.com/coreos/fedora-coreos-tracker/blob/main/docs/testing-project-documentation-changes.md 5 | 6 | title: rpm-ostree 7 | description: rpm-ostree documentation 8 | baseurl: "/rpm-ostree" 9 | url: "https://coreos.github.io" 10 | permalink: /:title/ 11 | markdown: kramdown 12 | kramdown: 13 | typographic_symbols: 14 | ndash: "--" 15 | mdash: "---" 16 | 17 | remote_theme: just-the-docs/just-the-docs@v0.10.0 18 | plugins: 19 | - jekyll-remote-theme 20 | 21 | color_scheme: coreos 22 | 23 | # Aux links for the upper right navigation 24 | aux_links: 25 | "rpm-ostree on GitHub": 26 | - "https://github.com/coreos/rpm-ostree" 27 | 28 | footer_content: "Copyright © Red Hat, Inc. and others." 29 | 30 | # Footer last edited timestamp 31 | last_edit_timestamp: true 32 | last_edit_time_format: "%b %e %Y at %I:%M %p" 33 | 34 | # Footer "Edit this page on GitHub" link text 35 | gh_edit_link: true 36 | gh_edit_link_text: "Edit this page on GitHub" 37 | gh_edit_repository: "https://github.com/coreos/rpm-ostree" 38 | gh_edit_branch: "main" 39 | gh_edit_source: docs 40 | gh_edit_view_mode: "tree" 41 | 42 | compress_html: 43 | clippings: all 44 | comments: all 45 | endings: all 46 | startings: [] 47 | blanklines: false 48 | profile: false 49 | -------------------------------------------------------------------------------- /docs/_sass/color_schemes/coreos.scss: -------------------------------------------------------------------------------- 1 | $link-color: #53a3da; 2 | -------------------------------------------------------------------------------- /docs/architecture.md: -------------------------------------------------------------------------------- 1 | --- 2 | has_children: true 3 | has_toc: false 4 | nav_order: 6 5 | --- 6 | 7 | # Architecture 8 | {: .no_toc } 9 | 10 | 1. [RPM packages, ostree commits](architecture-core.md) 11 | 1. [Daemon model](architecture-daemon.md) 12 | 1. [Architecture of apply-live](apply-live.md) 13 | -------------------------------------------------------------------------------- /docs/compose.md: -------------------------------------------------------------------------------- 1 | --- 2 | has_children: true 3 | has_toc: false 4 | nav_order: 5 5 | --- 6 | 7 | # Composing images 8 | {: .no_toc } 9 | 10 | 1. [Compose server](compose-server.md) 11 | 1. [Treefile reference page](treefile.md) 12 | 1. [Extensions](extensions.md) 13 | -------------------------------------------------------------------------------- /docs/countme.md: -------------------------------------------------------------------------------- 1 | --- 2 | nav_order: 4 3 | --- 4 | 5 | # DNF Count Me support 6 | {: .no_toc } 7 | 8 | Classic DNF based operating systems can use the [DNF Count Me feature][countme] 9 | to anonymously report how long a system has been running without impacting the 10 | user privacy. This is implemented as an additional `countme` variable added to 11 | requests made to fetch RPM repository metadata. On those systems, this value is 12 | added randomly to requests made automatically via the `dnf-makecache.timer` or 13 | via explicit calls to `dnf update` or `dnf install`. 14 | 15 | However, this does not work for `rpm-ostree` based systems as in the default 16 | case (no package overlayed on top of the base commit), `rpm-ostree` will not 17 | fetch any RPM repository metadata at all. 18 | 19 | Thus `rpm-ostree` includes a distinct timer (`rpm-ostree-countme.timer`) that 20 | implements the [DNF Count Me functionality][countme] in a standalone way. This 21 | timer is triggered on boot after 5 minutes and bi-weekly, in both cases with a 22 | random delay. 23 | 24 | ## Disabling DNF Count Me on a system 25 | 26 | To disable this feature, you need to stop the `rpm-ostree-countme.timer` and 27 | mask the corresponding unit as a precaution: 28 | 29 | ``` 30 | $ systemctl mask --now rpm-ostree-countme.timer 31 | ``` 32 | 33 | ## References 34 | 35 | - DNF Configuration Reference: [countme option][countme] 36 | - Change Request for Fedora 32: [DNF Better Counting][change] 37 | 38 | [countme]: https://dnf.readthedocs.io/en/latest/conf_ref.html#countme-label 39 | [change]: https://fedoraproject.org/wiki/Changes/DNF_Better_Counting 40 | -------------------------------------------------------------------------------- /docs/debug.md: -------------------------------------------------------------------------------- 1 | --- 2 | parent: Contributing 3 | nav_order: 1 4 | --- 5 | 6 | # Debugging rpm-ostree 7 | {: .no_toc } 8 | 9 | 1. TOC 10 | {:toc} 11 | 12 | 13 | ## Setting verbose debug messages when using the CLI. 14 | 15 | The rpm-ostree and ostree code uses gtk's glib for the as a C library. An advantage to using glib is that to enable verbose debug messages we just need to set an environment variable: 16 | [G_MESSAGES_DEBUG=all](https://docs.gtk.org/glib/logging.html#debug-message-output). 17 | 18 | Additionally, part of rpm-ostree code is written in Rust to enable verbose logs on the Rust code the environment variable is: 19 | [RUST_LOG=debug](https://docs.rs/env_logger/latest/env_logger/). 20 | 21 | An example of how to set use the environment variables is: 22 | 23 | ``` 24 | env G_MESSAGES_DEBUG=all RUST_LOG=debug rpm-ostree status 25 | ``` 26 | 27 | Since ostree is called from rpm-ostree it will output ostree debug messages too. 28 | 29 | ## Enabling verbose debug messages when not using the CLI. 30 | 31 | If you need output from rpm-ostreed.service, another client such as Zincati or ostree-finalize-staged.service 32 | you might need to override the environment variables for those services. 33 | 34 | A way to do this is using the `sudo systemctl edit` command. 35 | 36 | For example: 37 | 38 | ``` 39 | systemctl edit rpm-ostreed 40 | ``` 41 | 42 | Then adding: 43 | ``` 44 | [Service] 45 | Environment="G_MESSAGES_DEBUG=all" 46 | ``` 47 | 48 | and restarting the service. 49 | 50 | After that a more verbose output should be seen in the journal: 51 | 52 | ``` 53 | journalctl -b -u rpm-ostreed 54 | ``` 55 | 56 | **Please note** Depending on what you are trying to debug, you may need to override the environment for multiple services or pass the environment variables in ways not specified here. 57 | -------------------------------------------------------------------------------- /docs/ex-rebuild.md: -------------------------------------------------------------------------------- 1 | --- 2 | parent: Experimental features 3 | nav_order: 1 4 | --- 5 | 6 | # Declarative system changes 7 | 8 | For historical reasons, the build side of rpm-ostree is fully declarative; it 9 | accepts [treefiles](treefile.md) as input. The client side is imperative, with a CLI and 10 | DBus API. 11 | 12 | The goal of this feature is to unify things by supporting declarative 13 | client-side changes. The current implementation just exposes treefiles. Instead of 14 | typing e.g. `rpm-ostree install foo`, you can add treefiles into 15 | `/etc/rpm-ostree/origin.d`, and invoke `rpm-ostree ex rebuild` to 16 | *declaratively* reconcile the system to that state. 17 | 18 | For more background on this, see https://github.com/coreos/rpm-ostree/issues/2326 19 | 20 | ## Example: Installing and removing packages as an atomic unit 21 | 22 | ``` 23 | $ mkdir -p /etc/rpm-ostree/origin.d 24 | $ cat > /etc/rpm-ostree/origin.d/mycustom.yaml <> /etc/systemd/journald.conf 23 | # Undo the container base changes 24 | RUN systemctl unmask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service 25 | # FIXME - not starting for some reason 26 | RUN systemctl mask firewalld 27 | # https://ostree.readthedocs.io/en/latest/manual/adapting-existing/ 28 | RUN for x in srv home media mnt opt; do mv /${x} /var/${x} && ln -sr /var/${x} /${x}; done \ 29 | && rm /root -rf && ln -sr /var/roothome /root \ 30 | && rm /usr/local -rf && ln -sr /var/usrlocal /usr/local \ 31 | && mkdir -p /sysroot && ln -sr /sysroot/ostree /ostree \ 32 | && rm /tmp -rf && ln -sr /sysroot/tmp /tmp \ 33 | && rm -rf /run/* 34 | -------------------------------------------------------------------------------- /packaging/.gitignore: -------------------------------------------------------------------------------- 1 | *.spec 2 | rpm-ostree*/ 3 | rpm-ostree*.rpm 4 | rpm-ostree*.tar.xz 5 | -------------------------------------------------------------------------------- /packaging/Makefile.dist-packaging: -------------------------------------------------------------------------------- 1 | # -*- mode: Makefile -*- 2 | 3 | GITREV = $$(git describe --always --tags) 4 | GITREV_FOR_PKG = $(shell echo "$(GITREV)" | sed -e 's,-,\.,g' -e 's,^v,,') 5 | GITTIMESTAMP = $$(git show --no-patch --format=%ci) 6 | 7 | srcdir=$(shell dirname `pwd`) 8 | PACKAGE=rpm-ostree 9 | 10 | PKG_VER = $(PACKAGE)-$(GITREV_FOR_PKG) 11 | PKG_CLIENT_VER = $(PACKAGE)-client-$(GITREV_FOR_PKG) 12 | 13 | dist-snapshot: 14 | ./make-git-snapshot.sh "$(srcdir)" "$(PKG_VER)" "$(GITREV)" "$(GITTIMESTAMP)" 15 | rm -f $(PKG_VER).tar.xz 16 | xz -T0 $(PKG_VER).tar 17 | 18 | srpm: dist-snapshot 19 | sed -e "s,^Version:.*,Version: $(GITREV_FOR_PKG)," $(PACKAGE).spec > $(PACKAGE).spec.new; \ 20 | mv $(PACKAGE).spec.new $(PACKAGE).spec; \ 21 | ./rpmbuild-cwd -bs $(PACKAGE).spec 22 | 23 | rpm: srpm 24 | ./rpmbuild-cwd --rebuild $(PKG_VER)*.src.rpm 25 | 26 | yumrepo: rpm 27 | repomanage -o . | xargs -r rm 28 | createrepo_c . 29 | -------------------------------------------------------------------------------- /packaging/make-git-snapshot.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -xeuo pipefail 3 | 4 | srcdir=$1 5 | shift 6 | PKG_VER=$1 7 | shift 8 | GITREV=$1 9 | shift 10 | GITTIMESTAMP=$1 11 | shift 12 | 13 | TARFILE=${PKG_VER}.tar 14 | TARFILE_TMP=$(pwd)/${TARFILE}.tmp 15 | 16 | test -n "${srcdir}" 17 | test -n "${PKG_VER}" 18 | test -n "${GITREV}" 19 | 20 | TOP=$(git rev-parse --show-toplevel) 21 | 22 | echo "Archiving ${PKG_VER} at ${GITREV} to ${TARFILE_TMP}" 23 | (cd ${TOP}; git archive --format=tar --prefix=${PKG_VER}/ ${GITREV}) > ${TARFILE_TMP} 24 | ls -al ${TARFILE_TMP} 25 | (cd ${TOP}; git submodule status) | while read line; do 26 | rev=$(echo ${line} | cut -f 1 -d ' '); path=$(echo ${line} | cut -f 2 -d ' ') 27 | echo "Archiving ${path} at ${rev}" 28 | (cd ${srcdir}/${path}; git archive --format=tar --prefix=${PKG_VER}/${path}/ ${rev}) > submodule.tar 29 | tar -A -f ${TARFILE_TMP} submodule.tar 30 | rm submodule.tar 31 | done 32 | disttmp=target/dist-tmp 33 | tmpd=${TOP}/$disttmp 34 | trap cleanup EXIT 35 | function cleanup () { 36 | if test -f ${tmpd}/.tmp; then 37 | rm "${tmpd}" -rf 38 | fi 39 | } 40 | # Run it now 41 | cleanup 42 | mkdir -p ${tmpd} && touch ${tmpd}/.tmp 43 | 44 | vendor_cmd="cargo vendor-filterer" 45 | target_vendor_cmd=$srcdir/target/cargo-vendor-filterer/bin/cargo-vendor-filterer 46 | if test -x "${target_vendor_cmd}"; then 47 | vendor_cmd=${target_vendor_cmd} 48 | fi 49 | 50 | (cd ${tmpd} 51 | mkdir -p .cargo 52 | (cd ${TOP} && ${vendor_cmd} ${tmpd}/vendor | sed -e "s,^directory *=.*,directory = './vendor',") > .cargo/config 53 | cp ${TOP}/Cargo.lock . 54 | tar --owner=0 --group=0 --transform="s,^,${PKG_VER}/," --mtime="${GITTIMESTAMP}" -rf ${TARFILE_TMP} * .cargo/ 55 | ) 56 | 57 | mv ${TARFILE_TMP} ${TARFILE} 58 | -------------------------------------------------------------------------------- /packaging/rpmbuild-cwd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # rpmbuild-cwd: 3 | # Run "rpmbuild", defining all RPM variables to use the current directory. 4 | # This matches Fedora's system. 5 | # 6 | # Licensed under the new-BSD license (http://www.opensource.org/licenses/bsd-license.php) 7 | # Copyright (C) 2010 Red Hat, Inc. 8 | # Written by Colin Walters 9 | 10 | pwd=$(pwd) 11 | exec rpmbuild --define "_sourcedir ${pwd}" --define "_specdir ${pwd}" --define "_builddir ${pwd}" --define "_srcrpmdir ${pwd}" --define "_rpmdir ${pwd}" --define "_buildrootdir ${pwd}/.build" "$@" 12 | -------------------------------------------------------------------------------- /rust/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | -------------------------------------------------------------------------------- /rust/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019 The rpm-ostree project developers 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | -------------------------------------------------------------------------------- /rust/libdnf-sys/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "libdnf-sys" 3 | version = "0.1.0" 4 | authors = ["Colin Walters ", "Jonathan Lebon "] 5 | edition = "2021" 6 | links = "dnf" 7 | publish = false 8 | 9 | [dependencies] 10 | cxx = "1.0.158" 11 | 12 | [lib] 13 | name = "libdnf_sys" 14 | path = "lib.rs" 15 | 16 | [build-dependencies] 17 | cmake = "0.1.54" 18 | system-deps = "7.0" 19 | anyhow = "1.0" 20 | cxx-build = "1.0.158" 21 | 22 | # This currently needs to duplicate the libraries from libdnf 23 | [package.metadata.system-deps] 24 | rpm = "4" 25 | # libdnf dependencies 26 | librepo = "1" 27 | libsolv = "0.7" 28 | libsolvext = "0.7" 29 | # Older libgpgme did not provide a pkg-config file 30 | gpgme = { version = "1", optional = true } 31 | openssl = "1" 32 | libcurl = "7" 33 | sqlite3 = "3" 34 | modulemd = { name = "modulemd-2.0", version = "2" } 35 | jsonc = { name = "json-c", version = "0" } 36 | glib = { name = "glib-2.0", version = "2" } 37 | zck = { version = "0.9", optional = true } 38 | librhsm = { version = "0.0.3", feature = "rhsm" } 39 | 40 | [features] 41 | rhsm = [] 42 | default = [] -------------------------------------------------------------------------------- /rust/libdnf-sys/cxx/libdnf.cxx: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2021 Red Hat, Inc. 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include 22 | 23 | #include "libdnf-sys/lib.rs.h" 24 | #include "libdnf.hpp" 25 | 26 | namespace dnfcxx 27 | { 28 | std::unique_ptr 29 | dnf_package_from_ptr (FFIDnfPackage *pkg) noexcept 30 | { 31 | return std::make_unique ((FFIDnfPackage *)g_object_ref (pkg)); 32 | } 33 | 34 | std::unique_ptr 35 | dnf_repo_from_ptr (FFIDnfRepo *repo) noexcept 36 | { 37 | return std::make_unique ((FFIDnfRepo *)g_object_ref (repo)); 38 | } 39 | 40 | std::unique_ptr 41 | dnf_sack_new () noexcept 42 | { 43 | return std::make_unique (::dnf_sack_new ()); 44 | } 45 | 46 | // XXX: dedupe with rpmostree_decompose_nevra 47 | Nevra 48 | hy_split_nevra (rust::Str nevra) 49 | { 50 | g_autofree char *name = NULL; 51 | int epoch; 52 | g_autofree char *version = NULL; 53 | g_autofree char *release = NULL; 54 | g_autofree char *arch = NULL; 55 | 56 | g_autofree char *nevra_c = g_strndup (nevra.data (), nevra.length ()); 57 | if (::hy_split_nevra (nevra_c, &name, &epoch, &version, &release, &arch) != 0) 58 | throw std::runtime_error (std::string ("Failed to decompose NEVRA string: ") + nevra_c); 59 | 60 | Nevra r = { 61 | rust::String (name), (guint64)epoch, rust::String (version), 62 | rust::String (release), rust::String (arch), 63 | }; 64 | // the copy here *should* get elided 65 | return r; 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /rust/rpmostree-client/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rpmostree-client" 3 | description = "Client side bindings for rpm-ostree" 4 | version = "0.1.0" 5 | edition = "2021" 6 | license = "Apache-2.0" 7 | keywords = ["ostree", "rpm-ostree"] 8 | documentation = "http://docs.rs/rpmostree-client" 9 | publish = false 10 | 11 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 12 | 13 | [dependencies] 14 | anyhow = "1.0.98" 15 | serde = { version = "1.0.219", features = ["derive"] } 16 | serde_derive = "1.0.118" 17 | serde_json = "1.0.140" 18 | -------------------------------------------------------------------------------- /rust/rpmostree-client/tests/parse.rs: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 OR MIT 2 | use anyhow::Result; 3 | use rpmostree_client; 4 | 5 | #[test] 6 | fn parse_workstation() -> Result<()> { 7 | let data = include_str!("fixtures/workstation-status.json"); 8 | let state: &rpmostree_client::Status = &serde_json::from_str(data)?; 9 | assert_eq!(state.deployments.len(), 2); 10 | let booted = state.require_booted().unwrap(); 11 | assert_eq!(booted.version.as_ref().unwrap().as_str(), "33.21"); 12 | assert_eq!( 13 | booted.get_base_commit(), 14 | "229387d3c0bb8ad698228ca5702eca72aed8b298a7c800be1dc72bab160a9f7f" 15 | ); 16 | assert!(booted.find_base_commitmeta_string("foo").is_err()); 17 | assert_eq!( 18 | booted 19 | .find_base_commitmeta_string("coreos-assembler.config-gitrev") 20 | .unwrap(), 21 | "80966f951c766846da070b4c168b9170c61513e2" 22 | ); 23 | Ok(()) 24 | } 25 | -------------------------------------------------------------------------------- /rust/src/builtins/compose/commit.rs: -------------------------------------------------------------------------------- 1 | //! CLI sub-command `compose commit`. 2 | // SPDX-License-Identifier: Apache-2.0 OR MIT 3 | 4 | use crate::cxxrsutil::{CxxResult, FFIGObjectWrapper}; 5 | use anyhow::anyhow; 6 | use fn_error_context::context; 7 | use indoc::printdoc; 8 | use std::pin::Pin; 9 | 10 | /// Print statistics related to an ostree transaction. 11 | pub fn print_ostree_txn_stats(stats: Pin<&mut crate::FFIOstreeRepoTransactionStats>) { 12 | let stats = &stats.gobj_wrap(); 13 | printdoc!( 14 | "Metadata Total: {meta_total} 15 | Metadata Written: {meta_written} 16 | Content Total: {content_total} 17 | Content Written: {content_written} 18 | Content Cache Hits: {cache_hits} 19 | Content Bytes Written: {content_bytes} 20 | ", 21 | meta_total = stats.get_metadata_objects_total(), 22 | meta_written = stats.get_metadata_objects_written(), 23 | content_total = stats.get_content_objects_total(), 24 | content_written = stats.get_content_objects_written(), 25 | cache_hits = stats.get_devino_cache_hits(), 26 | content_bytes = stats.get_content_bytes_written() 27 | ); 28 | } 29 | 30 | #[context("Writing commit-id to {}", target_path)] 31 | pub fn write_commit_id(target_path: &str, revision: &str) -> CxxResult<()> { 32 | if target_path.is_empty() { 33 | return Err(anyhow!("empty target path").into()); 34 | } 35 | if revision.is_empty() { 36 | return Err(anyhow!("empty revision content").into()); 37 | } 38 | std::fs::write(target_path, revision)?; 39 | Ok(()) 40 | } 41 | 42 | #[cfg(test)] 43 | mod tests { 44 | use super::*; 45 | 46 | #[test] 47 | fn test_write_commit_id() { 48 | write_commit_id("", "foo").unwrap_err(); 49 | write_commit_id("/foo", "").unwrap_err(); 50 | 51 | let tmpdir = tempfile::tempdir().unwrap(); 52 | let filepath = tmpdir.path().join("commit-id"); 53 | let expected_id = "my-revision-id"; 54 | write_commit_id(&filepath.to_string_lossy(), expected_id).unwrap(); 55 | let read = std::fs::read_to_string(&filepath).unwrap(); 56 | assert_eq!(read, expected_id); 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /rust/src/builtins/mod.rs: -------------------------------------------------------------------------------- 1 | //! Client CLI 2 | // SPDX-License-Identifier: Apache-2.0 OR MIT 3 | 4 | pub(crate) mod apply_live; 5 | pub(crate) mod compose; 6 | pub mod scriptlet_intercept; 7 | pub mod usroverlay; 8 | -------------------------------------------------------------------------------- /rust/src/builtins/scriptlet_intercept/common.rs: -------------------------------------------------------------------------------- 1 | //! Common helpers for intercepted commands. 2 | 3 | // SPDX-License-Identifier: Apache-2.0 OR MIT 4 | 5 | use anyhow::{Context, Result}; 6 | use cap_std::fs::Dir; 7 | 8 | /// Directory for sysusers.d fragments. 9 | pub(crate) static SYSUSERS_DIR: &str = "usr/lib/sysusers.d"; 10 | 11 | /// Create and open the `/usr/lib/sysusers.d` directory. 12 | pub(crate) fn open_create_sysusers_dir(rootdir: &Dir) -> Result { 13 | rootdir 14 | .create_dir_all(SYSUSERS_DIR) 15 | .with_context(|| format!("Creating '/{SYSUSERS_DIR}'"))?; 16 | let conf_dir = rootdir 17 | .open_dir(SYSUSERS_DIR) 18 | .with_context(|| format!("Opening '/{SYSUSERS_DIR}'"))?; 19 | Ok(conf_dir) 20 | } 21 | -------------------------------------------------------------------------------- /rust/src/builtins/scriptlet_intercept/mod.rs: -------------------------------------------------------------------------------- 1 | //! CLI handler for `rpm-ostree scriplet-intercept`. 2 | 3 | // SPDX-License-Identifier: Apache-2.0 OR MIT 4 | 5 | pub(crate) mod common; 6 | mod groupadd; 7 | mod useradd; 8 | mod usermod; 9 | use anyhow::{bail, Result}; 10 | 11 | /// Entrypoint for `rpm-ostree scriplet-intercept`. 12 | pub fn entrypoint(args: &[&str]) -> Result<()> { 13 | // Here we expect arguments that look like 14 | // `rpm-ostree scriptlet-intercept -- ` 15 | if args.len() < 4 || args[3] != "--" { 16 | bail!("Invalid arguments"); 17 | } 18 | 19 | let orig_command = args[2]; 20 | let rest = &args[4..]; 21 | match orig_command { 22 | "groupadd" => groupadd::entrypoint(rest), 23 | "useradd" => useradd::entrypoint(rest), 24 | "usermod" => usermod::entrypoint(rest), 25 | x => bail!("Unable to intercept command '{}'", x), 26 | } 27 | } 28 | 29 | #[cfg(test)] 30 | mod tests { 31 | use super::*; 32 | 33 | #[test] 34 | fn test_entrypoint_args() { 35 | // Short-circuit core logic, this test is only meant to check CLI parsing. 36 | let _guard = fail::FailScenario::setup(); 37 | fail::cfg("intercept_groupadd_ok", "return").unwrap(); 38 | fail::cfg("intercept_useradd_ok", "return").unwrap(); 39 | fail::cfg("intercept_usermod_ok", "return").unwrap(); 40 | 41 | let err_cases = [ 42 | vec![], 43 | vec!["rpm-ostree", "install"], 44 | vec!["rpm-ostree", "scriptlet-intercept", "groupadd"], 45 | vec!["rpm-ostree", "scriptlet-intercept", "useradd"], 46 | vec!["rpm-ostree", "scriptlet-intercept", "usermod"], 47 | vec!["rpm-ostree", "scriptlet-intercept", "foo", "--"], 48 | ]; 49 | for input in &err_cases { 50 | entrypoint(input).unwrap_err(); 51 | } 52 | 53 | let ok_cases = [ 54 | vec!["rpm-ostree", "scriptlet-intercept", "groupadd", "--"], 55 | vec!["rpm-ostree", "scriptlet-intercept", "useradd", "--"], 56 | vec!["rpm-ostree", "scriptlet-intercept", "usermod", "--"], 57 | ]; 58 | for input in &ok_cases { 59 | entrypoint(input).unwrap(); 60 | } 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /rust/src/builtins/usroverlay.rs: -------------------------------------------------------------------------------- 1 | //! CLI handler for `rpm-ostree usroverlay`. 2 | 3 | // SPDX-License-Identifier: Apache-2.0 OR MIT 4 | 5 | use anyhow::{Context, Result}; 6 | use std::os::unix::prelude::CommandExt; 7 | 8 | /// Directly exec(ostree admin unlock) - does not return on success. 9 | pub fn usroverlay_entrypoint(args: &Vec) -> Result<()> { 10 | let exec_err = std::process::Command::new("ostree") 11 | .args(["admin", "unlock"]) 12 | .args(args.iter().skip(1)) 13 | .exec(); 14 | // This is only reached if the `exec()` above failed; otherwise 15 | // execution got transferred to `ostree` at that point. 16 | Err(exec_err).context("Failed to execute 'ostree admin unlock'") 17 | } 18 | -------------------------------------------------------------------------------- /rust/src/capstdext.rs: -------------------------------------------------------------------------------- 1 | //! Helper functions for the [`cap-std` crate]. 2 | //! 3 | //! [`cap-std` crate]: https://crates.io/crates/cap-std 4 | // SPDX-License-Identifier: Apache-2.0 OR MIT 5 | 6 | use cap_std::fs::DirBuilder; 7 | use cap_std_ext::cap_std; 8 | use cap_std_ext::cap_std::fs::{Dir, DirBuilderExt}; 9 | use std::ffi::OsStr; 10 | use std::io::Result; 11 | use std::path::Path; 12 | 13 | pub(crate) fn dirbuilder_from_mode(m: u32) -> DirBuilder { 14 | let mut r = DirBuilder::new(); 15 | r.mode(m); 16 | r 17 | } 18 | /// Given a (possibly absolute) filename, return its parent directory and filename. 19 | pub(crate) fn open_dir_of( 20 | path: &Path, 21 | ambient_authority: cap_std::AmbientAuthority, 22 | ) -> Result<(Dir, &OsStr)> { 23 | let parent = path 24 | .parent() 25 | .filter(|v| !v.as_os_str().is_empty()) 26 | .unwrap_or_else(|| Path::new(".")); 27 | let parent = Dir::open_ambient_dir(parent, ambient_authority)?; 28 | let filename = path.file_name().ok_or_else(|| { 29 | std::io::Error::new( 30 | std::io::ErrorKind::InvalidInput, 31 | "the source path does not name a file", 32 | ) 33 | })?; 34 | Ok((parent, filename)) 35 | } 36 | -------------------------------------------------------------------------------- /rust/src/cliwrap/dracut.rs: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 OR MIT 2 | 3 | use anyhow::Result; 4 | 5 | use crate::cliwrap::cliutil; 6 | 7 | /// Primary entrypoint to running our wrapped `dracut` handling. 8 | pub(crate) fn main(argv: &[&str]) -> Result<()> { 9 | // At least kdump.service runs dracut to generate a separate initramfs. 10 | // We need to continue supporting that. 11 | if crate::utils::running_in_systemd() { 12 | return cliutil::exec_real_binary("dracut", argv); 13 | } 14 | eprintln!( 15 | "This system is rpm-ostree based; initramfs handling is 16 | integrated with the underlying ostree transaction mechanism. 17 | Use `rpm-ostree initramfs` to control client-side initramfs generation." 18 | ); 19 | if !argv.is_empty() { 20 | Ok(cliutil::run_unprivileged(true, "dracut", argv)?) 21 | } else { 22 | std::process::exit(1); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /rust/src/cliwrap/grubby.rs: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 OR MIT 2 | use anyhow::Result; 3 | 4 | /// Primary entrypoint to running our wrapped `grubby` handling. 5 | pub(crate) fn main(_argv: &[&str]) -> Result<()> { 6 | eprintln!( 7 | "This system is rpm-ostree based; grubby is not used. 8 | Use `rpm-ostree kargs` instead." 9 | ); 10 | std::process::exit(1); 11 | } 12 | -------------------------------------------------------------------------------- /rust/src/failpoints.rs: -------------------------------------------------------------------------------- 1 | //! Wrappers and utilities on top of the `fail` crate. 2 | // SPDX-License-Identifier: Apache-2.0 OR MIT 3 | 4 | use anyhow::Result; 5 | 6 | /// TODO: Use https://github.com/tikv/fail-rs/pull/68 once it merges 7 | #[macro_export] 8 | macro_rules! try_fail_point { 9 | ($name:expr) => {{ 10 | if let Some(e) = fail::eval($name, |msg| { 11 | let msg = msg.unwrap_or_else(|| "synthetic failpoint".to_string()); 12 | anyhow::Error::msg(msg) 13 | }) { 14 | return Err(From::from(e)); 15 | } 16 | }}; 17 | ($name:expr, $cond:expr) => {{ 18 | if $cond { 19 | $crate::try_fail_point!($name); 20 | } 21 | }}; 22 | } 23 | 24 | /// Expose the `fail::fail_point` macro to C++. 25 | pub fn failpoint(p: &str) -> Result<()> { 26 | ostree_ext::glib::g_debug!("rpm-ostree", "{}", p); 27 | fail::fail_point!(p, |r| { 28 | Err(match r { 29 | Some(ref msg) => anyhow::anyhow!("{}", msg), 30 | None => anyhow::anyhow!("failpoint {}", p), 31 | }) 32 | }); 33 | Ok(()) 34 | } 35 | -------------------------------------------------------------------------------- /rust/src/ffiutil.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2018 Red Hat, Inc. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 OR MIT 5 | */ 6 | 7 | //! Helper functions for FFI between C and Rust. This code 8 | //! is intended to be deprecated and replaced with cxx-rs. 9 | //! 10 | //! This code assumes that it was compiled with the system allocator: 11 | //! https://doc.rust-lang.org/beta/std/alloc/struct.System.html 12 | //! Which means that e.g. returning a Box from Rust can be safely 13 | //! freed on the C side with the C library's `free()`. 14 | //! 15 | //! Panics: As a general rule these functions will panic if provided with invalid 16 | //! input. For example, `ffi_new_string` will panic if provided invalid UTF-8, 17 | //! and `ffi_view_openat_dir` will panic if the file descriptor is invalid. The 18 | //! rationale here is that if the C state is corrupted, it's possible (likely even) 19 | //! that the Rust side is as well, since (as above) they share a heap allocator. 20 | //! 21 | //! Further, this code all assumes that it was compiled with `panic=abort` mode, 22 | //! since it's undefined behavior to panic across an FFI boundary. Best practice 23 | //! is to use this FFI code to translate to safe Rust. 24 | //! 25 | //! Naming conventions: 26 | //! 27 | //! Functions named `ffi_view_` do not take ownership of their argument; they 28 | //! should be used to "convert" input parameters from C types to Rust. Be careful 29 | //! not to store the parameters outside of the function call. 30 | //! 31 | //! Functions named `ffi_new_` create a copy of their inputs, and can safely 32 | //! outlive the function call. 33 | 34 | use cap_std_ext::cap_std; 35 | 36 | /// Create a new cap_std directory for an openat version. 37 | /// This creates a new file descriptor, because we can't guarantee they are 38 | /// interchangable; for example right now openat uses `O_PATH` 39 | pub(crate) unsafe fn ffi_dirfd(fd: libc::c_int) -> std::io::Result { 40 | let fd = unsafe { rustix::fd::BorrowedFd::borrow_raw(fd) }; 41 | cap_std::fs::Dir::reopen_dir(&fd) 42 | } 43 | -------------------------------------------------------------------------------- /rust/src/ffiwrappers.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2018 Red Hat, Inc. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 OR MIT 5 | */ 6 | 7 | //! Wrappers for stdcall imports. 8 | 9 | use anyhow::Result; 10 | use std::ffi::CString; 11 | 12 | use ostree_ext::glib::ffi::g_variant_is_object_path; 13 | 14 | // FIXME: Remove this once https://github.com/gtk-rs/gtk-rs-core/issues/622 15 | // is fixed. 16 | pub(crate) fn is_object_path(str: &str) -> Result { 17 | let str = CString::new(str)?; 18 | unsafe { Ok(g_variant_is_object_path(str.as_ptr()) != 0) } 19 | } 20 | -------------------------------------------------------------------------------- /rust/src/nameservice/mod.rs: -------------------------------------------------------------------------------- 1 | //! Linux name-service information helpers. 2 | // SPDX-License-Identifier: Apache-2.0 OR MIT 3 | // TODO(lucab): consider moving this to its own crate. 4 | 5 | pub(crate) mod group; 6 | pub(crate) mod passwd; 7 | pub(crate) mod shadow; 8 | -------------------------------------------------------------------------------- /rust/src/progress.rs: -------------------------------------------------------------------------------- 1 | //! Rust convenience APIs over our rpmostree-output.h 2 | //! progress/output APIs. 3 | 4 | // SPDX-License-Identifier: Apache-2.0 OR MIT 5 | 6 | /// Call the provided function, while displaying a "task progress" 7 | /// message. 8 | pub(crate) fn progress_task(msg: &str, f: F) -> T 9 | where 10 | F: FnOnce() -> T, 11 | { 12 | // Drop will end the task 13 | let _task = crate::ffi::progress_begin_task(msg); 14 | f() 15 | } 16 | -------------------------------------------------------------------------------- /rust/src/reexec.rs: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 OR MIT 2 | 3 | use std::os::unix::process::CommandExt; 4 | use std::process::Command; 5 | 6 | use anyhow::Result; 7 | use fn_error_context::context; 8 | 9 | /// Re-execute the current process if the provided environment variable is not set. 10 | #[context("Reexec self")] 11 | pub(crate) fn reexec_with_guardenv(k: &str, prefix_args: &[&str]) -> Result<()> { 12 | if std::env::var_os(k).is_some() { 13 | tracing::trace!("Skipping re-exec due to env var {k}"); 14 | return Ok(()); 15 | } 16 | let self_exe = std::fs::read_link("/proc/self/exe")?; 17 | let mut prefix_args = prefix_args.iter(); 18 | let mut cmd = if let Some(p) = prefix_args.next() { 19 | let mut c = Command::new(p); 20 | c.args(prefix_args); 21 | c.arg(self_exe); 22 | c 23 | } else { 24 | Command::new(self_exe) 25 | }; 26 | cmd.env(k, "1"); 27 | cmd.args(std::env::args_os().skip(1)); 28 | tracing::debug!("Re-executing current process for {k}"); 29 | Err(cmd.exec().into()) 30 | } 31 | -------------------------------------------------------------------------------- /rust/src/tokio_ffi.rs: -------------------------------------------------------------------------------- 1 | //! Helpers to bridge tokio to C++ 2 | 3 | // SPDX-License-Identifier: Apache-2.0 OR MIT 4 | 5 | pub(crate) struct TokioHandle(tokio::runtime::Handle); 6 | #[allow(dead_code)] 7 | pub(crate) struct TokioEnterGuard<'a>(tokio::runtime::EnterGuard<'a>); 8 | 9 | pub(crate) fn tokio_handle_get() -> Box { 10 | Box::new(TokioHandle(tokio::runtime::Handle::current())) 11 | } 12 | 13 | impl TokioHandle { 14 | pub(crate) fn enter(&self) -> Box { 15 | Box::new(TokioEnterGuard(self.0.enter())) 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /rust/src/variant_utils.rs: -------------------------------------------------------------------------------- 1 | //! Helpers for GVariant. Ideally, any code here is also submitted as a PR to glib-rs. 2 | // SPDX-License-Identifier: Apache-2.0 OR MIT 3 | 4 | use std::borrow::Cow; 5 | 6 | use glib::translate::*; 7 | use ostree_ext::glib; 8 | 9 | pub(crate) fn byteswap_be_to_native(v: &glib::Variant) -> Cow { 10 | if cfg!(target_endian = "big") { 11 | Cow::Borrowed(v) 12 | } else { 13 | unsafe { 14 | let r = glib::ffi::g_variant_byteswap(v.to_glib_none().0); 15 | Cow::Owned(from_glib_full(r)) 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /rust/test/dummy-rpm-database.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/coreos/rpm-ostree/18911fece32d9fa7a71282952fbb1406038cc338/rust/test/dummy-rpm-database.bin -------------------------------------------------------------------------------- /src/app/rpm-ostree-0-integration-opt-usrlocal-compat.conf: -------------------------------------------------------------------------------- 1 | # Traditionally, /usr/local has been a link to /var/usrlocal and /opt to /var/opt. 2 | # A new model now is to allow OSTree commit content in those directories. For 3 | # backwards compatibility, we keep the /var paths but flip the symlinks around. 4 | L /var/usrlocal - - - - ../usr/local 5 | L /var/opt - - - - ../usr/lib/opt 6 | -------------------------------------------------------------------------------- /src/app/rpm-ostree-0-integration-opt-usrlocal.conf: -------------------------------------------------------------------------------- 1 | # Traditionally, /usr/local has been a link to /var/usrlocal and /opt to /var/opt. 2 | # A new model now is to allow OSTree commit content in those directories. But 3 | # this dropin implements the old model. 4 | d /var/opt 0755 root root - 5 | d /var/usrlocal 0755 root root - 6 | -------------------------------------------------------------------------------- /src/app/rpm-ostree-0-integration.conf: -------------------------------------------------------------------------------- 1 | d /var/home 0755 root root - 2 | d /var/srv 0755 root root - 3 | d /var/roothome 0700 root root - 4 | d /var/mnt 0755 root root - 5 | d /run/media 0755 root root - 6 | L /var/lib/rpm - - - - ../../usr/share/rpm 7 | 8 | # this is normally owned by `filesystem`, but for multiple reasons, this doesn't 9 | # work in the rpm-ostree flow 10 | d /usr/local/bin 0755 root root - 11 | d /usr/local/etc 0755 root root - 12 | d /usr/local/games 0755 root root - 13 | d /usr/local/include 0755 root root - 14 | d /usr/local/lib 0755 root root - 15 | d /usr/local/man 0755 root root - 16 | d /usr/local/sbin 0755 root root - 17 | d /usr/local/share 0755 root root - 18 | d /usr/local/src 0755 root root - 19 | -------------------------------------------------------------------------------- /src/app/rpmostree-builtin-applylive.cxx: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2017 Colin Walters 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include 24 | #include 25 | 26 | #include "rpmostree-clientlib.h" 27 | #include "rpmostree-cxxrs.h" 28 | #include "rpmostree-ex-builtins.h" 29 | #include "rpmostree-libbuiltin.h" 30 | 31 | #include 32 | 33 | gboolean 34 | rpmostree_builtin_apply_live (int argc, char **argv, RpmOstreeCommandInvocation *invocation, 35 | GCancellable *cancellable, GError **error) 36 | { 37 | rust::Vec rustargv; 38 | for (int i = 0; i < argc; i++) 39 | rustargv.push_back (std::string (argv[i])); 40 | ROSCXX_TRY (applylive_entrypoint (rustargv), error); 41 | return TRUE; 42 | } 43 | -------------------------------------------------------------------------------- /src/app/rpmostree-builtin-override.cxx: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2017 Red Hat Inc. 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include "rpmostree-builtins.h" 24 | #include "rpmostree-override-builtins.h" 25 | 26 | static RpmOstreeCommand override_subcommands[] 27 | = { { "replace", 28 | (RpmOstreeBuiltinFlags)(RPM_OSTREE_BUILTIN_FLAG_SUPPORTS_PKG_INSTALLS 29 | | RPM_OSTREE_BUILTIN_FLAG_CONTAINER_CAPABLE), 30 | "Replace packages in the base layer", rpmostree_override_builtin_replace }, 31 | { "remove", 32 | (RpmOstreeBuiltinFlags)(RPM_OSTREE_BUILTIN_FLAG_SUPPORTS_PKG_INSTALLS 33 | | RPM_OSTREE_BUILTIN_FLAG_CONTAINER_CAPABLE), 34 | "Remove packages from the base layer", rpmostree_override_builtin_remove }, 35 | { "reset", RPM_OSTREE_BUILTIN_FLAG_SUPPORTS_PKG_INSTALLS, 36 | "Reset currently active package overrides", rpmostree_override_builtin_reset }, 37 | { NULL, (RpmOstreeBuiltinFlags)0, NULL, NULL } }; 38 | 39 | gboolean 40 | rpmostree_builtin_override (int argc, char **argv, RpmOstreeCommandInvocation *invocation, 41 | GCancellable *cancellable, GError **error) 42 | { 43 | return rpmostree_handle_subcommand (argc, argv, override_subcommands, invocation, cancellable, 44 | error); 45 | } 46 | -------------------------------------------------------------------------------- /src/app/rpmostree-builtin-rebuild.cxx: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2022 Red Hat, Inc. 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include 24 | #include 25 | 26 | #include "rpmostree-ex-builtins.h" 27 | #include "rpmostree-libbuiltin.h" 28 | 29 | #include "rpmostree-clientlib.h" 30 | #include "rpmostree-container.h" 31 | 32 | #include 33 | 34 | gboolean 35 | rpmostree_ex_builtin_rebuild (int argc, char **argv, RpmOstreeCommandInvocation *invocation, 36 | GCancellable *cancellable, GError **error) 37 | { 38 | g_autoptr (GOptionContext) context = g_option_context_new (""); 39 | 40 | if (!rpmostree_option_context_parse (context, NULL, &argc, &argv, invocation, cancellable, NULL, 41 | NULL, NULL, error)) 42 | return FALSE; 43 | 44 | auto basearch = rpmostreecxx::get_rpm_basearch (); 45 | CXX_TRY_VAR (treefile, rpmostreecxx::treefile_new_client_from_etc (basearch), error); 46 | 47 | /* Right now we only support running this in a container */ 48 | if (!rpmostree_container_rebuild (*treefile, cancellable, error)) 49 | return FALSE; 50 | 51 | /* In the container flow, we effectively "consume" the treefiles after 52 | * modifying the rootfs. */ 53 | CXX_TRY_VAR (n, rpmostreecxx::treefile_delete_client_etc (), error); 54 | if (n == 0) 55 | { 56 | g_print ("No changes to apply.\n"); 57 | } 58 | 59 | return TRUE; 60 | } 61 | -------------------------------------------------------------------------------- /src/app/rpmostree-builtin-reload.cxx: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2017 Colin Walters 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include 24 | #include 25 | #include 26 | 27 | #include "rpmostree-builtins.h" 28 | #include "rpmostree-libbuiltin.h" 29 | 30 | #include 31 | 32 | static GOptionEntry option_entries[] = { { NULL } }; 33 | 34 | gboolean 35 | rpmostree_builtin_reload (int argc, char **argv, RpmOstreeCommandInvocation *invocation, 36 | GCancellable *cancellable, GError **error) 37 | { 38 | g_autoptr (GOptionContext) context = g_option_context_new (""); 39 | glnx_unref_object RPMOSTreeSysroot *sysroot_proxy = NULL; 40 | 41 | if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, invocation, 42 | cancellable, NULL, NULL, &sysroot_proxy, error)) 43 | return FALSE; 44 | 45 | if (!rpmostree_sysroot_call_reload_config_sync (sysroot_proxy, cancellable, error)) 46 | return FALSE; 47 | 48 | return TRUE; 49 | } 50 | -------------------------------------------------------------------------------- /src/app/rpmostree-composeutil.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2014 Colin Walters 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | #include "rpmostree-core.h" 26 | #include "rpmostree-cxxrs.h" 27 | 28 | G_BEGIN_DECLS 29 | 30 | gboolean rpmostree_composeutil_read_json_metadata (JsonNode *root, GHashTable *metadata, 31 | GError **error); 32 | gboolean rpmostree_composeutil_read_json_metadata_from_file (const char *path, GHashTable *metadata, 33 | GError **error); 34 | 35 | GVariant *rpmostree_composeutil_finalize_metadata (GHashTable *metadata, int rootfs_dfd, 36 | GError **error); 37 | 38 | GVariant *rpmostree_composeutil_finalize_detached_metadata (GHashTable *detached_metadata); 39 | 40 | gboolean rpmostree_composeutil_write_composejson (OstreeRepo *repo, const char *path, 41 | const OstreeRepoTransactionStats *stats, 42 | const char *new_revision, GVariant *new_commit, 43 | const char *new_ref, GCancellable *cancellable, 44 | GError **error); 45 | 46 | G_END_DECLS 47 | -------------------------------------------------------------------------------- /src/app/rpmostree-db-builtins.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2014 Anne LoVerso 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | #include "rpmostree-builtins.h" 26 | 27 | G_BEGIN_DECLS 28 | 29 | gboolean rpmostree_db_builtin_diff (int argc, char **argv, RpmOstreeCommandInvocation *invocation, 30 | GCancellable *cancellable, GError **error); 31 | gboolean rpmostree_db_builtin_list (int argc, char **argv, RpmOstreeCommandInvocation *invocation, 32 | GCancellable *cancellable, GError **error); 33 | gboolean rpmostree_db_builtin_version (int argc, char **argv, 34 | RpmOstreeCommandInvocation *invocation, 35 | GCancellable *cancellable, GError **error); 36 | 37 | gboolean rpmostree_db_option_context_parse (GOptionContext *context, 38 | const GOptionEntry *main_entries, int *argc, 39 | char ***argv, RpmOstreeCommandInvocation *invocation, 40 | OstreeRepo **out_repo, GCancellable *cancellable, 41 | GError **error); 42 | 43 | G_END_DECLS 44 | -------------------------------------------------------------------------------- /src/app/rpmostree-ex-builtins.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Colin Walters 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | #include "rpmostree-builtins.h" 26 | 27 | G_BEGIN_DECLS 28 | 29 | #define BUILTINPROTO(name) \ 30 | gboolean rpmostree_ex_builtin_##name (int argc, char **argv, \ 31 | RpmOstreeCommandInvocation *invocation, \ 32 | GCancellable *cancellable, GError **error) 33 | 34 | BUILTINPROTO (unpack); 35 | BUILTINPROTO (history); 36 | BUILTINPROTO (initramfs_etc); 37 | BUILTINPROTO (module); 38 | BUILTINPROTO (rebuild); 39 | BUILTINPROTO (deploy_from_self); 40 | 41 | #undef BUILTINPROTO 42 | 43 | G_END_DECLS 44 | -------------------------------------------------------------------------------- /src/app/rpmostree-override-builtins.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2017 Red Hat, Inc. 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | #include "rpmostree-builtins.h" 26 | 27 | G_BEGIN_DECLS 28 | 29 | gboolean rpmostree_override_builtin_replace (int argc, char **argv, 30 | RpmOstreeCommandInvocation *invocation, 31 | GCancellable *cancellable, GError **error); 32 | gboolean rpmostree_override_builtin_remove (int argc, char **argv, 33 | RpmOstreeCommandInvocation *invocation, 34 | GCancellable *cancellable, GError **error); 35 | gboolean rpmostree_override_builtin_reset (int argc, char **argv, 36 | RpmOstreeCommandInvocation *invocation, 37 | GCancellable *cancellable, GError **error); 38 | 39 | G_END_DECLS 40 | -------------------------------------------------------------------------------- /src/app/rpmostree-polkit-agent.h: -------------------------------------------------------------------------------- 1 | /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- 2 | * 3 | * Copyright (C) 2011 Lennart Poettering 4 | * Copyright (C) 2012 Matthias Klumpp 5 | * 6 | * Licensed under the GNU Lesser General Public License Version 2.1 7 | * 8 | * This library is free software; you can redistribute it and/or 9 | * modify it under the terms of the GNU Lesser General Public 10 | * License as published by the Free Software Foundation; either 11 | * version 2.1 of the License, or (at your option) any later version. 12 | * 13 | * This library is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | * Lesser General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with systemd; If not, see . 20 | */ 21 | 22 | #pragma once 23 | 24 | G_BEGIN_DECLS 25 | 26 | int rpmostree_polkit_agent_open (void); 27 | void rpmostree_polkit_agent_close (void); 28 | 29 | G_END_DECLS 30 | -------------------------------------------------------------------------------- /src/app/rpmostreemain.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "rust/cxx.h" 4 | 5 | namespace rpmostreecxx 6 | { 7 | 8 | void early_main (); 9 | void rpmostree_process_global_teardown (); 10 | int rpmostree_main (rust::Slice args); 11 | 12 | void c_unit_tests (); 13 | 14 | } 15 | -------------------------------------------------------------------------------- /src/daemon/org.projectatomic.rpmostree1.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 19 | 20 | 22 | 23 | 25 | 26 | 29 | 30 | 33 | 34 | 36 | 37 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /src/daemon/org.projectatomic.rpmostree1.service.in: -------------------------------------------------------------------------------- 1 | [D-BUS Service] 2 | Name=org.projectatomic.rpmostree1 3 | Exec=@bindir@/rpm-ostree start-daemon 4 | User=root 5 | SystemdService=@primaryname@d.service 6 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostree-bootstatus.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Log rpm-ostree Booted Deployment Status To Journal 3 | Documentation=man:rpm-ostree(1) 4 | ConditionPathExists=/run/ostree-booted 5 | 6 | [Service] 7 | Type=oneshot 8 | ExecStart=rpm-ostree status -b 9 | RemainAfterExit=yes 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostree-countme.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Weekly rpm-ostree Count Me reporting 3 | Documentation=man:rpm-ostree-countme.service(8) 4 | ConditionPathExists=/run/ostree-booted 5 | 6 | [Service] 7 | Type=oneshot 8 | User=rpm-ostree 9 | DynamicUser=yes 10 | StateDirectory=rpm-ostree-countme 11 | StateDirectoryMode=750 12 | ExecStart=rpm-ostree countme 13 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostree-countme.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Weekly rpm-ostree Count Me timer 3 | Documentation=man:rpm-ostree-countme.timer(8) 4 | ConditionPathExists=/run/ostree-booted 5 | 6 | [Timer] 7 | # Trigger shortly after boot and bi-weekly with a random delay of one day 8 | OnBootSec=5m 9 | OnUnitInactiveSec=3d 10 | AccuracySec=1h 11 | RandomizedDelaySec=1d 12 | 13 | [Install] 14 | WantedBy=timers.target 15 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostree-fix-shadow-mode.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | # rpm-ostree v2023.6 introduced a permission issue on `/etc/[g]shadow[-]`. 3 | # This makes sure to fix permissions on systems that were deployed with the wrong permissions. 4 | Description=Update permissions for /etc/shadow 5 | Documentation=https://github.com/coreos/rpm-ostree-ghsa-2m76-cwhg-7wv6 6 | # This new stamp file is written by the Rust code, and obsoletes 7 | # the old /etc/.rpm-ostree-shadow-mode-fixed.stamp 8 | ConditionPathExists=!/etc/.rpm-ostree-shadow-mode-fixed2.stamp 9 | ConditionPathExists=/run/ostree-booted 10 | # Filter out non-traditional ostree setups (e.g. live boots) 11 | ConditionKernelCommandLine=ostree 12 | # Because we read the sysroot 13 | RequiresMountsFor=/boot 14 | # Make sure this is started before any unprivileged (interactive) user has access to the system. 15 | Before=systemd-user-sessions.service 16 | 17 | [Service] 18 | Type=oneshot 19 | ExecStart=rpm-ostree fix-shadow-perms 20 | RemainAfterExit=yes 21 | # So we can remount /sysroot writable in our own namespace 22 | MountFlags=slave 23 | 24 | [Install] 25 | WantedBy=multi-user.target 26 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostreed-automatic.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=rpm-ostree Automatic Update 3 | Documentation=man:rpm-ostree(1) man:rpm-ostreed.conf(5) 4 | ConditionPathExists=/run/ostree-booted 5 | 6 | [Service] 7 | Type=simple 8 | ExecStart=rpm-ostree upgrade --quiet --trigger-automatic-update-policy 9 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostreed-automatic.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=rpm-ostree Automatic Update Trigger 3 | Documentation=man:rpm-ostree(1) man:rpm-ostreed.conf(5) 4 | ConditionPathExists=/run/ostree-booted 5 | After=network-online.target 6 | Wants=network-online.target 7 | 8 | [Timer] 9 | OnBootSec=1h 10 | OnUnitInactiveSec=1d 11 | Persistent=true 12 | 13 | [Install] 14 | WantedBy=timers.target 15 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostreed-stub.sh.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec @bindir@/rpm-ostree start-daemon "$@" 3 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostreed.conf: -------------------------------------------------------------------------------- 1 | # Entries in this file show the compile time defaults. 2 | # You can change settings by editing this file. 3 | # For option meanings, see rpm-ostreed.conf(5). 4 | 5 | [Daemon] 6 | #AutomaticUpdatePolicy=none 7 | #IdleExitTimeout=60 8 | #LockLayering=false 9 | #Recommends=true 10 | -------------------------------------------------------------------------------- /src/daemon/rpm-ostreed.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=rpm-ostree System Management Daemon 3 | Documentation=man:rpm-ostree(1) 4 | ConditionPathExists=/ostree 5 | RequiresMountsFor=/boot 6 | 7 | [Service] 8 | # See similar code in rpm-ostree-countme.service 9 | User=rpm-ostree 10 | DynamicUser=yes 11 | # As of right now, our primary API is DBus. But see also https://github.com/coreos/rpm-ostree/issues/3850 12 | Type=dbus 13 | BusName=org.projectatomic.rpmostree1 14 | # To use the read-only sysroot bits 15 | MountFlags=slave 16 | # We have no business accessing /var/roothome or /var/home. In general 17 | # the ostree design clearly avoids touching those, but since systemd offers 18 | # us easy tools to toggle on protection, let's use them. In the future 19 | # it'd be nice to do something like using DynamicUser=yes for the main service, 20 | # and have a system rpm-ostreed-transaction.service that runs privileged 21 | # but as a subprocess. 22 | ProtectHome=true 23 | NotifyAccess=main 24 | # Significantly bump this timeout from the default because 25 | # we do a lot of stuff on daemon startup. 26 | TimeoutStartSec=5m 27 | # We start this main process with full privileges; it may spawn unprivileged processes 28 | # with the rpm-ostree user. 29 | ExecStart=+rpm-ostree start-daemon 30 | ExecReload=rpm-ostree reload 31 | # disable/enable downloading filelists 32 | Environment="DOWNLOAD_FILELISTS=false" 33 | -------------------------------------------------------------------------------- /src/daemon/rpmostree-package-variants.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Red Hat, Inc. 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | #include 25 | 26 | G_BEGIN_DECLS 27 | 28 | #define RPMOSTREE_DB_DIFF_VARIANT_FORMAT G_VARIANT_TYPE ("a(sua{sv})") 29 | 30 | typedef enum 31 | { 32 | RPM_OSTREE_PACKAGE_ADDED, 33 | RPM_OSTREE_PACKAGE_REMOVED, 34 | RPM_OSTREE_PACKAGE_UPGRADED, 35 | RPM_OSTREE_PACKAGE_DOWNGRADED 36 | } RpmOstreePackageDiffTypes; 37 | 38 | gboolean rpm_ostree_db_diff_variant (OstreeRepo *repo, const char *from_rev, const char *to_rev, 39 | gboolean allow_noent, GVariant **out_variant, 40 | GCancellable *cancellable, GError **error); 41 | 42 | G_END_DECLS 43 | 44 | #ifdef __cplusplus 45 | #include "rust/cxx.h" 46 | namespace rpmostreecxx 47 | { 48 | GVariant *package_variant_list_for_commit (const OstreeRepo &repo, rust::Str rev, 49 | const GCancellable &cancellable); 50 | } 51 | #endif 52 | -------------------------------------------------------------------------------- /src/daemon/rpmostreed-errors.cxx: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 Red Hat, Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 | */ 18 | 19 | #include "config.h" 20 | 21 | #include "rpmostreed-errors.h" 22 | #include "rpmostreed-types.h" 23 | 24 | static const GDBusErrorEntry dbus_error_entries[] = { 25 | { RPM_OSTREED_ERROR_FAILED, "org.projectatomic.rpmostreed.Error.Failed" }, 26 | { RPM_OSTREED_ERROR_INVALID_SYSROOT, "org.projectatomic.rpmostreed.Error.InvalidSysroot" }, 27 | { RPM_OSTREED_ERROR_NOT_AUTHORIZED, "org.projectatomic.rpmostreed.Error.NotAuthorized" }, 28 | { RPM_OSTREED_ERROR_UPDATE_IN_PROGRESS, "org.projectatomic.rpmostreed.Error.UpdateInProgress" }, 29 | { RPM_OSTREED_ERROR_INVALID_REFSPEC, "org.projectatomic.rpmostreed.Error.InvalidRefspec" }, 30 | }; 31 | 32 | GQuark 33 | rpmostreed_error_quark (void) 34 | { 35 | G_STATIC_ASSERT (G_N_ELEMENTS (dbus_error_entries) == RPM_OSTREED_ERROR_NUM_ENTRIES); 36 | static gsize quark = 0; 37 | g_dbus_error_register_error_domain ("rpmostreed-error-quark", &quark, dbus_error_entries, 38 | G_N_ELEMENTS (dbus_error_entries)); 39 | return (GQuark)quark; 40 | } 41 | -------------------------------------------------------------------------------- /src/daemon/rpmostreed-errors.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 Red Hat, Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 | */ 18 | 19 | #pragma once 20 | 21 | #include 22 | 23 | G_BEGIN_DECLS 24 | 25 | #define RPM_OSTREED_ERROR (rpmostreed_error_quark ()) 26 | 27 | typedef enum 28 | { 29 | RPM_OSTREED_ERROR_FAILED, 30 | RPM_OSTREED_ERROR_INVALID_SYSROOT, 31 | RPM_OSTREED_ERROR_NOT_AUTHORIZED, 32 | RPM_OSTREED_ERROR_UPDATE_IN_PROGRESS, 33 | RPM_OSTREED_ERROR_INVALID_REFSPEC, 34 | RPM_OSTREED_ERROR_NUM_ENTRIES, 35 | } RpmOstreedError; 36 | 37 | GQuark rpmostreed_error_quark (void); 38 | 39 | G_END_DECLS 40 | -------------------------------------------------------------------------------- /src/daemon/rpmostreed-os-experimental.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 Red Hat, Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 | */ 18 | 19 | #pragma once 20 | 21 | #include "rpmostreed-types.h" 22 | 23 | G_BEGIN_DECLS 24 | 25 | #define RPMOSTREED_TYPE_OSEXPERIMENTAL (rpmostreed_osexperimental_get_type ()) 26 | #define RPMOSTREED_OSEXPERIMENTAL(o) \ 27 | (G_TYPE_CHECK_INSTANCE_CAST ((o), RPMOSTREED_TYPE_OSEXPERIMENTAL, RpmostreedOSExperimental)) 28 | #define RPMOSTREED_IS_OSEXPERIMENTAL(o) \ 29 | (G_TYPE_CHECK_INSTANCE_TYPE ((o), RPMOSTREED_TYPE_OSEXPERIMENTAL)) 30 | 31 | GType rpmostreed_osexperimental_get_type (void) G_GNUC_CONST; 32 | RPMOSTreeOSExperimental *rpmostreed_osexperimental_new (OstreeSysroot *sysroot, OstreeRepo *repo, 33 | const char *name, GError **error); 34 | G_END_DECLS 35 | -------------------------------------------------------------------------------- /src/daemon/rpmostreed-os.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 Red Hat, Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 | */ 18 | 19 | #pragma once 20 | 21 | #include "rpmostreed-types.h" 22 | 23 | G_BEGIN_DECLS 24 | 25 | #define RPMOSTREED_TYPE_OS (rpmostreed_os_get_type ()) 26 | #define RPMOSTREED_OS(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), RPMOSTREED_TYPE_OS, RpmostreedOS)) 27 | #define RPMOSTREED_IS_OS(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), RPMOSTREED_TYPE_OS)) 28 | 29 | typedef GVariant RpmOstreeUpdateDeploymentModifiers; 30 | G_DEFINE_AUTOPTR_CLEANUP_FUNC (RpmOstreeUpdateDeploymentModifiers, g_variant_unref) 31 | 32 | GType rpmostreed_os_get_type (void) G_GNUC_CONST; 33 | RPMOSTreeOS *rpmostreed_os_new (OstreeSysroot *sysroot, OstreeRepo *repo, const char *name, 34 | GError **error); 35 | G_END_DECLS 36 | -------------------------------------------------------------------------------- /src/daemon/rpmostreed-types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2015 Red Hat, Inc. 3 | * 4 | * This program is free software; you can redistribute it and/or modify 5 | * it under the terms of the GNU General Public License as published by 6 | * the Free Software Foundation; either version 2 of the License, or 7 | * (at your option) any later version. 8 | * 9 | * This program is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | * GNU General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU General Public License 15 | * along with this program; if not, write to the Free Software 16 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 | */ 18 | 19 | #pragma once 20 | 21 | #include 22 | #include 23 | 24 | #include "rpm-ostreed-generated.h" 25 | 26 | #include 27 | #include 28 | 29 | G_BEGIN_DECLS 30 | 31 | struct _RpmostreedDaemon; 32 | typedef struct _RpmostreedDaemon RpmostreedDaemon; 33 | 34 | struct _RpmostreedSysroot; 35 | typedef struct _RpmostreedSysroot RpmostreedSysroot; 36 | 37 | struct _RpmostreedOS; 38 | typedef struct _RpmostreedOS RpmostreedOS; 39 | struct _RpmostreedOSExperimental; 40 | typedef struct _RpmostreedOSExperimental RpmostreedOSExperimental; 41 | 42 | struct _RpmostreedTransaction; 43 | typedef struct _RpmostreedTransaction RpmostreedTransaction; 44 | 45 | G_END_DECLS 46 | -------------------------------------------------------------------------------- /src/lib/rpm-ostree-1.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: RpmOstree 7 | Description: Hybrid package/OSTree system 8 | Version: @VERSION@ 9 | Requires: ostree-1 10 | Libs: -L${libdir} -lrpmostree-1 11 | Cflags: -I${includedir}/rpm-ostree-1 12 | -------------------------------------------------------------------------------- /src/lib/rpmostree-package-priv.h: -------------------------------------------------------------------------------- 1 | /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- 2 | * 3 | * Copyright (C) 2015 Red Hat, In.c 4 | * 5 | * Licensed under the GNU Lesser General Public License Version 2.1 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include "rpmostree-package.h" 25 | #include 26 | #ifdef __cplusplus 27 | #include "rust/cxx.h" 28 | #endif 29 | 30 | G_BEGIN_DECLS 31 | 32 | RpmOstreePackage *_rpm_ostree_package_new_from_variant (GVariant *gv_nevra); 33 | 34 | gboolean _rpm_ostree_package_variant_list_for_commit (OstreeRepo *repo, const char *rev, 35 | gboolean allow_noent, GVariant **out_pkglist, 36 | GCancellable *cancellable, GError **error); 37 | 38 | gboolean _rpm_ostree_package_list_for_commit (OstreeRepo *repo, const char *rev, 39 | gboolean allow_noent, GPtrArray **out_pkglist, 40 | GCancellable *cancellable, GError **error); 41 | gboolean _rpm_ostree_diff_package_lists (GPtrArray *a, GPtrArray *b, GPtrArray **out_unique_a, 42 | GPtrArray **out_unique_b, GPtrArray **out_modified_a, 43 | GPtrArray **out_modified_b, GPtrArray **out_common); 44 | 45 | G_END_DECLS 46 | -------------------------------------------------------------------------------- /src/lib/rpmostree-package.h: -------------------------------------------------------------------------------- 1 | /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- 2 | * 3 | * Copyright (C) 2015 Red Hat, In.c 4 | * 5 | * Licensed under the GNU Lesser General Public License Version 2.1 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | 26 | G_BEGIN_DECLS 27 | 28 | typedef struct RpmOstreePackage RpmOstreePackage; 29 | 30 | #define RPM_OSTREE_TYPE_PACKAGE (rpm_ostree_package_get_type ()) 31 | #define RPM_OSTREE_PACKAGE(inst) \ 32 | (G_TYPE_CHECK_INSTANCE_CAST ((inst), RPM_OSTREE_TYPE_PACKAGE, RpmOstreePackage)) 33 | #define RPM_OSTREE_IS_PACKAGE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), RPM_OSTREE_TYPE_PACKAGE)) 34 | 35 | _RPMOSTREE_EXTERN 36 | GType rpm_ostree_package_get_type (void); 37 | 38 | _RPMOSTREE_EXTERN 39 | const char *rpm_ostree_package_get_nevra (RpmOstreePackage *p); 40 | 41 | _RPMOSTREE_EXTERN 42 | const char *rpm_ostree_package_get_name (RpmOstreePackage *p); 43 | 44 | _RPMOSTREE_EXTERN 45 | const char *rpm_ostree_package_get_evr (RpmOstreePackage *p); 46 | 47 | _RPMOSTREE_EXTERN 48 | const char *rpm_ostree_package_get_arch (RpmOstreePackage *p); 49 | 50 | _RPMOSTREE_EXTERN 51 | int rpm_ostree_package_cmp (RpmOstreePackage *p1, RpmOstreePackage *p2); 52 | 53 | G_END_DECLS 54 | -------------------------------------------------------------------------------- /src/lib/rpmostree-shlib-ipc-private.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2020 Colin Walters 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | G_BEGIN_DECLS 26 | 27 | #define RPMOSTREE_SHLIB_IPC_FD 3 28 | #define RPMOSTREE_SHLIB_IPC_PKGLIST "a(sssss)" 29 | 30 | GVariant *_rpmostree_shlib_ipc_send (const char *variant_type, char **args, const char *wd, 31 | GError **error); 32 | 33 | G_END_DECLS 34 | -------------------------------------------------------------------------------- /src/lib/rpmostree.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Colin Walters 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #ifndef _RPMOSTREE_EXTERN 24 | #define _RPMOSTREE_EXTERN extern 25 | #endif 26 | 27 | #include 28 | #include 29 | #include 30 | 31 | G_BEGIN_DECLS 32 | 33 | _RPMOSTREE_EXTERN 34 | char *rpm_ostree_get_basearch (void); 35 | 36 | _RPMOSTREE_EXTERN 37 | char *rpm_ostree_varsubst_basearch (const char *src, GError **error); 38 | 39 | _RPMOSTREE_EXTERN 40 | gboolean rpm_ostree_check_version (guint required_year, guint required_release); 41 | 42 | G_END_DECLS 43 | -------------------------------------------------------------------------------- /src/libpriv/05-rpmostree.install: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # Check if install.conf is missing or does not include layout=ostree 3 | if [ ! -f /usr/lib/kernel/install.conf ] || ! grep -q layout=ostree /usr/lib/kernel/install.conf; then 4 | exit 0 5 | fi 6 | # This is the hook that has kernel-install call into rpm-ostree kernel-install 7 | if test -x /usr/bin/rpm-ostree; then 8 | exec /usr/bin/rpm-ostree kernel-install "$@" 9 | fi 10 | -------------------------------------------------------------------------------- /src/libpriv/dracut-random.cpio.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/coreos/rpm-ostree/18911fece32d9fa7a71282952fbb1406038cc338/src/libpriv/dracut-random.cpio.gz -------------------------------------------------------------------------------- /src/libpriv/groupadd-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # Used by rpmostree-core.c to intercept `groupadd` calls. 3 | # We want to learn about group creation and distinguish between 4 | # static and dynamic GIDs, in order to auto-generate relevant 5 | # `sysusers.d` fragments. 6 | # See also https://github.com/coreos/rpm-ostree/issues/3762 7 | 8 | if test -v RPMOSTREE_EXP_BRIDGE_SYSUSERS; then 9 | rpm-ostree scriptlet-intercept groupadd -- "$0" "$@" 10 | fi 11 | 12 | # Forward to the real `groupadd` for group creation. 13 | exec /usr/sbin/groupadd.rpmostreesave "$@" 14 | -------------------------------------------------------------------------------- /src/libpriv/kernel-install-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # Used in the container layering path to make kernel replacements Just Work 3 | # without having to enable cliwrap first. If cliwrap is enabled, then this will 4 | # technically override the cliwrap wrapper, but the script is exactly the same. 5 | # This wrapper is technically also installed when doing client-side layering, 6 | # but we already ignore kernel scriptlets there anyway. 7 | # See also https://github.com/coreos/rpm-ostree/issues/4949 8 | 9 | exec /usr/bin/rpm-ostree cliwrap kernel-install "$@" 10 | -------------------------------------------------------------------------------- /src/libpriv/libdnf/dnf-version.h: -------------------------------------------------------------------------------- 1 | // This is an awful hack necessary because this header file 2 | // is generated in the libdnf build, but we don't want to serialize 3 | // our C++ build waiting for that. Since we don't define the macros 4 | // like LIBDNF_MAJOR_VERSION, if anything depends on them it will 5 | // fail at build time. 6 | #pragma once 7 | -------------------------------------------------------------------------------- /src/libpriv/libsd-locale-util.c: -------------------------------------------------------------------------------- 1 | /*** -*- indent-tabs-mode: nil; tab-width: 8 -*- 2 | 3 | This file was originally part of systemd. 4 | 5 | Copyright 2014 Lennart Poettering 6 | Copyright 2016 Red Hat, Inc. 7 | 8 | systemd is free software; you can redistribute it and/or modify it 9 | under the terms of the GNU Lesser General Public License as published by 10 | the Free Software Foundation; either version 2.1 of the License, or 11 | (at your option) any later version. 12 | 13 | systemd is distributed in the hope that it will be useful, but 14 | WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | Lesser General Public License for more details. 17 | 18 | You should have received a copy of the GNU Lesser General Public License 19 | along with systemd; If not, see . 20 | ***/ 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | 35 | #include "libsd-locale-util.h" 36 | 37 | const char * 38 | libsd_special_glyph (SpecialGlyph code) 39 | { 40 | static const char *const draw_table_ascii[_SPECIAL_GLYPH_MAX] = { 41 | [TREE_VERTICAL] = "| ", [TREE_BRANCH] = "|-", [TREE_RIGHT] = "`-", [TREE_SPACE] = " ", 42 | [TRIANGULAR_BULLET] = ">", [BLACK_CIRCLE] = "*", [ARROW] = "->", [MDASH] = "-", 43 | }; 44 | static const char *const draw_table_utf8[_SPECIAL_GLYPH_MAX] = { 45 | [TREE_VERTICAL] = "\342\224\202 ", /* │ */ 46 | [TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */ 47 | [TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */ 48 | [TREE_SPACE] = " ", /* */ 49 | [TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */ 50 | [BLACK_CIRCLE] = "\342\227\217", /* ● */ 51 | [ARROW] = "\342\206\222", /* → */ 52 | [MDASH] = "\342\200\223", /* – */ 53 | }; 54 | 55 | gboolean locale_is_utf8 = g_get_charset (NULL); 56 | 57 | if (locale_is_utf8) 58 | return draw_table_utf8[code]; 59 | return draw_table_ascii[code]; 60 | } 61 | -------------------------------------------------------------------------------- /src/libpriv/libsd-locale-util.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | /*** 4 | This file was originally part of systemd. 5 | 6 | Copyright 2014 Lennart Poettering 7 | 8 | systemd is free software; you can redistribute it and/or modify it 9 | under the terms of the GNU Lesser General Public License as published by 10 | the Free Software Foundation; either version 2.1 of the License, or 11 | (at your option) any later version. 12 | 13 | systemd is distributed in the hope that it will be useful, but 14 | WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | Lesser General Public License for more details. 17 | 18 | You should have received a copy of the GNU Lesser General Public License 19 | along with systemd; If not, see . 20 | ***/ 21 | 22 | #include 23 | 24 | G_BEGIN_DECLS 25 | 26 | typedef enum 27 | { 28 | TREE_VERTICAL, 29 | TREE_BRANCH, 30 | TREE_RIGHT, 31 | TREE_SPACE, 32 | TRIANGULAR_BULLET, 33 | BLACK_CIRCLE, 34 | ARROW, 35 | MDASH, 36 | _SPECIAL_GLYPH_MAX 37 | } SpecialGlyph; 38 | 39 | const char *libsd_special_glyph (SpecialGlyph code) __attribute__ ((const)); 40 | 41 | G_END_DECLS 42 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-container.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2022 Red Hat, Inc. 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include 22 | 23 | #include "rpmostree-cxxrs.h" 24 | 25 | #pragma once 26 | 27 | namespace rpmostreecxx 28 | { 29 | void container_rebuild (rust::Str treefile); 30 | } 31 | 32 | G_BEGIN_DECLS 33 | 34 | gboolean rpmostree_container_rebuild (rpmostreecxx::Treefile &treefile, GCancellable *cancellable, 35 | GError **error); 36 | 37 | G_END_DECLS 38 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-container.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software: you can redistribute it and/or modify 3 | * it under the terms of the GNU Lesser General Public License as published 4 | * by the Free Software Foundation; either version 2 of the licence or (at 5 | * your option) any later version. 6 | * 7 | * This library is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | * Lesser General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU Lesser General 13 | * Public License along with this library; if not, write to the 14 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 15 | * Boston, MA 02111-1307, USA. 16 | */ 17 | 18 | #pragma once 19 | 20 | #include "rust/cxx.h" 21 | 22 | namespace rpmostreecxx 23 | { 24 | void container_rebuild (rust::Str treefile); 25 | } -------------------------------------------------------------------------------- /src/libpriv/rpmostree-cxxrs-prelude.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2020 Red Hat, Inc. 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | namespace rpmostreecxx 26 | { 27 | // Currently cxx-rs requires that external bindings are in the same namespace as 28 | // its own bindings, so we maintain typedefs. Update cxxrsutil.rs first. 29 | typedef ::OstreeDeployment OstreeDeployment; 30 | typedef ::OstreeRepo OstreeRepo; 31 | typedef ::OstreeRepoTransactionStats OstreeRepoTransactionStats; 32 | typedef ::OstreeSysroot OstreeSysroot; 33 | typedef ::OstreeSePolicy OstreeSePolicy; 34 | typedef ::GObject GObject; 35 | typedef ::GCancellable GCancellable; 36 | typedef ::GDBusConnection GDBusConnection; 37 | typedef ::GFileInfo GFileInfo; 38 | typedef ::GVariant GVariant; 39 | typedef ::GVariantDict GVariantDict; 40 | typedef ::GKeyFile GKeyFile; 41 | } 42 | 43 | // XXX: really should just include! libdnf.hpp in the bridge 44 | #include 45 | namespace dnfcxx 46 | { 47 | typedef ::DnfPackage FFIDnfPackage; 48 | typedef ::DnfRepo FFIDnfRepo; 49 | } 50 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-cxxrsutil.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software: you can redistribute it and/or modify 3 | * it under the terms of the GNU Lesser General Public License as published 4 | * by the Free Software Foundation; either version 2 of the licence or (at 5 | * your option) any later version. 6 | * 7 | * This library is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | * Lesser General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU Lesser General 13 | * Public License along with this library; if not, write to the 14 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 15 | * Boston, MA 02111-1307, USA. 16 | */ 17 | 18 | #pragma once 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #include "rust/cxx.h" 26 | 27 | // Helpers corresponding to cxxrsutil.rs 28 | namespace rpmostreecxx 29 | { 30 | 31 | // Wrapper for an array of GObjects. This is a hack until 32 | // cxx-rs gains support for either std::vector<> or Vec 33 | // with nontrivial types. 34 | class CxxGObjectArray final 35 | { 36 | public: 37 | CxxGObjectArray (GPtrArray *arr_p) : arr (arr_p) { g_ptr_array_ref (arr); }; 38 | ~CxxGObjectArray () { g_ptr_array_unref (arr); } 39 | 40 | unsigned int 41 | length () 42 | { 43 | return (unsigned int)arr->len; 44 | } 45 | 46 | ::GObject & 47 | get (unsigned int i) 48 | { 49 | g_assert_cmpuint (i, <, arr->len); 50 | return *(::GObject *)arr->pdata[i]; 51 | } 52 | GPtrArray *arr; 53 | }; 54 | 55 | } // namespace 56 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-diff.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * This program is free software: you can redistribute it and/or modify 3 | * it under the terms of the GNU Lesser General Public License as published 4 | * by the Free Software Foundation; either version 2 of the licence or (at 5 | * your option) any later version. 6 | * 7 | * This library is distributed in the hope that it will be useful, 8 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 10 | * Lesser General Public License for more details. 11 | * 12 | * You should have received a copy of the GNU Lesser General 13 | * Public License along with this library; if not, write to the 14 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 15 | * Boston, MA 02111-1307, USA. 16 | */ 17 | 18 | #pragma once 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #include 26 | 27 | #include "rust/cxx.h" 28 | 29 | namespace rpmostreecxx 30 | { 31 | 32 | class RPMDiff final 33 | { 34 | public: 35 | int 36 | n_removed () const 37 | { 38 | return removed_->len; 39 | } 40 | int 41 | n_added () const 42 | { 43 | return added_->len; 44 | } 45 | int 46 | n_modified () const 47 | { 48 | return modified_old_->len + modified_new_->len; 49 | } 50 | ~RPMDiff (); 51 | RPMDiff (GPtrArray *removed, GPtrArray *added, GPtrArray *modified_old, GPtrArray *modified_new); 52 | 53 | // TODO(cgwalters) enhance this with options 54 | void print () const; 55 | 56 | private: 57 | GPtrArray *removed_; 58 | GPtrArray *added_; 59 | GPtrArray *modified_old_; 60 | GPtrArray *modified_new_; 61 | }; 62 | 63 | std::unique_ptr rpmdb_diff (const OstreeRepo &repo, const std::string &src, 64 | const std::string &dest, bool allow_noent); 65 | 66 | } /* namespace */ 67 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-editor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2013 Stef Walter 3 | * 4 | * This library is free software; you can redistribute it and/or 5 | * modify it under the terms of the GNU Lesser General Public 6 | * License as published by the Free Software Foundation; either 7 | * version 2 of the License, or (at your option) any later version. 8 | * 9 | * This library is distributed in the hope that it will be useful, 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | * Lesser General Public License for more details. 13 | * 14 | * You should have received a copy of the GNU Lesser General Public 15 | * License along with this library; if not, write to the 16 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 17 | * Boston, MA 02111-1307, USA. 18 | * 19 | * Author: Stef Walter 20 | */ 21 | 22 | #pragma once 23 | 24 | #include 25 | 26 | #include "ostree.h" 27 | 28 | G_BEGIN_DECLS 29 | 30 | char *ot_editor_prompt (OstreeRepo *repo, const char *input, GCancellable *cancellable, 31 | GError **error); 32 | 33 | G_END_DECLS 34 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-kernel.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2013,2014,2017 Colin Walters 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | G_BEGIN_DECLS 26 | 27 | typedef enum 28 | { 29 | RPMOSTREE_FINALIZE_KERNEL_AUTO, 30 | RPMOSTREE_FINALIZE_KERNEL_USRLIB_MODULES, 31 | RPMOSTREE_FINALIZE_KERNEL_USRLIB_OSTREEBOOT, 32 | RPMOSTREE_FINALIZE_KERNEL_SLASH_BOOT, 33 | } RpmOstreeFinalizeKernelDestination; 34 | 35 | GVariant *rpmostree_find_kernel (int rootfs_dfd, GCancellable *cancellable, GError **error); 36 | 37 | gboolean rpmostree_kernel_remove (int rootfs_dfd, GCancellable *cancellable, GError **error); 38 | 39 | gboolean rpmostree_finalize_kernel (int rootfs_dfd, const char *bootdir, const char *kver, 40 | const char *kernel_path, GLnxTmpfile *initramfs_tmpf, 41 | RpmOstreeFinalizeKernelDestination dest, 42 | GCancellable *cancellable, GError **error); 43 | 44 | gboolean rpmostree_run_dracut (int rootfs_dfd, const char *const *argv, const char *kver, 45 | const char *rebuild_from_initramfs, gboolean use_root_etc, 46 | GLnxTmpDir *dracut_host_tmpdir, GLnxTmpfile *out_initramfs_tmpf, 47 | GCancellable *cancellable, GError **error); 48 | 49 | G_END_DECLS -------------------------------------------------------------------------------- /src/libpriv/rpmostree-refsack.cxx: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Colin Walters 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #include "config.h" 22 | 23 | #include "rpmostree-refsack.h" 24 | #include "rpmostree-rpm-util.h" 25 | #include 26 | 27 | RpmOstreeRefSack * 28 | rpmostree_refsack_new (DnfSack *sack, GLnxTmpDir *tmpdir) 29 | { 30 | RpmOstreeRefSack *rsack = g_new0 (RpmOstreeRefSack, 1); 31 | rsack->sack = (DnfSack *)g_object_ref (sack); 32 | rsack->refcount = 1; 33 | if (tmpdir) 34 | { 35 | rsack->tmpdir = *tmpdir; 36 | tmpdir->initialized = FALSE; /* Steal ownership */ 37 | } 38 | return rsack; 39 | } 40 | 41 | RpmOstreeRefSack * 42 | rpmostree_refsack_ref (RpmOstreeRefSack *rsack) 43 | { 44 | g_atomic_int_inc (&rsack->refcount); 45 | return rsack; 46 | } 47 | 48 | void 49 | rpmostree_refsack_unref (RpmOstreeRefSack *rsack) 50 | { 51 | if (!g_atomic_int_dec_and_test (&rsack->refcount)) 52 | return; 53 | g_object_unref (rsack->sack); 54 | 55 | /* The sack might point to a temporarily allocated rpmdb copy, if so, 56 | * prune it now. 57 | */ 58 | (void)glnx_tmpdir_delete (&rsack->tmpdir, NULL, NULL); 59 | g_free (rsack); 60 | } 61 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-refsack.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Red Hat, In.c 4 | * 5 | * Licensed under the GNU Lesser General Public License Version 2.1 6 | * 7 | * This library is free software; you can redistribute it and/or 8 | * modify it under the terms of the GNU Lesser General Public 9 | * License as published by the Free Software Foundation; either 10 | * version 2.1 of the License, or (at your option) any later version. 11 | * 12 | * This library is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | * Lesser General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU Lesser General Public 18 | * License along with this library; if not, write to the Free Software 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 20 | */ 21 | 22 | #pragma once 23 | 24 | #include "libglnx.h" 25 | #include 26 | #include 27 | 28 | G_BEGIN_DECLS 29 | 30 | typedef struct 31 | { 32 | gint refcount; /* atomic */ 33 | DnfSack *sack; 34 | GLnxTmpDir tmpdir; 35 | } RpmOstreeRefSack; 36 | 37 | RpmOstreeRefSack *rpmostree_refsack_new (DnfSack *sack, GLnxTmpDir *tmpdir); 38 | 39 | RpmOstreeRefSack *rpmostree_refsack_ref (RpmOstreeRefSack *rsack); 40 | 41 | void rpmostree_refsack_unref (RpmOstreeRefSack *rsack); 42 | 43 | G_DEFINE_AUTOPTR_CLEANUP_FUNC (RpmOstreeRefSack, rpmostree_refsack_unref); 44 | 45 | G_END_DECLS 46 | -------------------------------------------------------------------------------- /src/libpriv/rpmostree-unpacker-core.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2015 Colin Walters 4 | * 5 | * This program is free software: you can redistribute it and/or modify 6 | * it under the terms of the GNU Lesser General Public License as published 7 | * by the Free Software Foundation; either version 2 of the licence or (at 8 | * your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General 16 | * Public License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place, Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | */ 20 | 21 | #pragma once 22 | 23 | #include 24 | 25 | #include "libglnx.h" 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | G_BEGIN_DECLS 32 | 33 | G_DEFINE_AUTOPTR_CLEANUP_FUNC (archive, archive_read_free); 34 | 35 | struct archive *rpmostree_unpack_rpm2cpio (int fd, GError **error); 36 | 37 | G_END_DECLS -------------------------------------------------------------------------------- /src/libpriv/systemctl-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # Used by rpmostree-core.c to intercept `systemctl` operations. We want to 3 | # handle `preset`, and ignore everything else such as `start`/`stop` etc. 4 | # However if --root is passed, we do want to support that. 5 | # See also https://github.com/projectatomic/rpm-ostree/issues/550 6 | 7 | for arg in "$@"; do 8 | case $arg in 9 | preset | --root | --root=*) exec /usr/bin/systemctl.rpmostreesave "$@" ;; 10 | esac 11 | done 12 | echo "rpm-ostree-systemctl: Ignored non-preset command:" "$@" 13 | -------------------------------------------------------------------------------- /src/libpriv/useradd-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # Used by rpmostree-core.c to intercept `useradd` calls. 3 | # We want to learn about user creation and distinguish between 4 | # static and dynamic IDs, in order to auto-generate relevant 5 | # `sysusers.d` fragments. 6 | # See also https://github.com/coreos/rpm-ostree/issues/3762 7 | 8 | if test -v RPMOSTREE_EXP_BRIDGE_SYSUSERS; then 9 | rpm-ostree scriptlet-intercept useradd -- "$0" "$@" 10 | fi 11 | 12 | # Forward to the real `useradd` for group creation. 13 | exec /usr/sbin/useradd.rpmostreesave "$@" 14 | -------------------------------------------------------------------------------- /src/libpriv/usermod-wrapper.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | # Used by rpmostree-core.c to intercept `usermod` calls. 3 | # We want to learn about additional groups changes, in 4 | # order to auto-generate relevant `sysusers.d` fragments. 5 | # See also https://github.com/coreos/rpm-ostree/issues/3762 6 | 7 | if test -v RPMOSTREE_EXP_BRIDGE_SYSUSERS; then 8 | rpm-ostree scriptlet-intercept usermod -- "$0" "$@" 9 | fi 10 | 11 | # Forward to the real `usermod` for group changes. 12 | exec /usr/sbin/usermod.rpmostreesave "$@" 13 | -------------------------------------------------------------------------------- /tests/README.md: -------------------------------------------------------------------------------- 1 | Tests are divided into three groups: 2 | 3 | - Tests in the `check` directory are non-destructive and 4 | uninstalled. Some of the tests require root privileges. 5 | Use `make check` to run these. 6 | 7 | - The `composecheck` tests currently require uid 0 capabilities - 8 | the default in Docker, or you can run them via a user namespace. 9 | They are non-destructive, but are installed. 10 | 11 | To use them, you might do a `make && sudo make install` inside a 12 | Docker container. 13 | 14 | Then invoke `./tests/compose`. Alternatively of course, you 15 | can simply run the tests on a host system or in an existing 16 | container, without doing a build. 17 | 18 | Note: This is intentionally *not* a `Makefile` target because 19 | it doesn't require building and doesn't use uninstalled binaries. 20 | 21 | - Tests in the `vmcheck` directory are oriented around using 22 | Vagrant. Use `make vmcheck` to run them. 23 | See also `HACKING.md` in the top directory. 24 | 25 | The `common` directory contains files used by multiple 26 | tests. The `utils` directory contains helper utilities 27 | required to run the tests. 28 | -------------------------------------------------------------------------------- /tests/build-chunked-oci/Containerfile.builder: -------------------------------------------------------------------------------- 1 | # Note that the GHA flow in ci.yml injects a binary from C9S. 2 | FROM quay.io/centos-bootc/centos-bootc:stream9 3 | RUN < config.json 15 | podman rmi ${chunked_output} 16 | test $(jq -r '.Architecture' < config.json) = "ppc64le" 17 | echo "ok cross arch rechunking" 18 | 19 | # Build a custom image, then rechunk it 20 | podman build -t localhost/base -f Containerfile.test 21 | orig_created=$(podman inspect containers-storage:localhost/base | jq -r '.[0].Created') 22 | podman run --rm --privileged --security-opt=label=disable \ 23 | -v /var/lib/containers:/var/lib/containers \ 24 | -v /var/tmp:/var/tmp \ 25 | -v $(pwd):/output \ 26 | localhost/builder rpm-ostree compose build-chunked-oci --bootc --format-version=1 --max-layers 99 --from localhost/base --output containers-storage:localhost/chunked 27 | podman inspect containers-storage:localhost/chunked | jq '.[0]' > new-config.json 28 | # Verify we propagated the creation date 29 | new_created=$(jq -r .Created < new-config.json) 30 | # ostree only stores seconds, so canonialize the rfc3339 data to seconds 31 | test "$(date --date="${orig_created}" --rfc-3339=seconds)" = "$(date --date="${new_created}" --rfc-3339=seconds)" 32 | # Verify we propagated labels 33 | test $(jq -r .Labels.testlabel < new-config.json) = "1" 34 | echo "ok rechunking with labels" 35 | -------------------------------------------------------------------------------- /tests/check/test-lib-introspection.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # NOTE: This is presently disabled by default because 4 | # we don't want to drag pygobject3 into our build container 5 | # and anyways the shared library should be considered deprecated. 6 | # 7 | # Copyright (C) 2014 Colin Walters 8 | # 9 | # This library is free software; you can redistribute it and/or 10 | # modify it under the terms of the GNU Lesser General Public 11 | # License as published by the Free Software Foundation; either 12 | # version 2 of the License, or (at your option) any later version. 13 | # 14 | # This library is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 | # Lesser General Public License for more details. 18 | # 19 | # You should have received a copy of the GNU Lesser General Public 20 | # License along with this library; if not, write to the 21 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 22 | # Boston, MA 02111-1307, USA. 23 | 24 | set -e 25 | 26 | . ${commondir}/libtest.sh 27 | echo "1..2" 28 | 29 | set -x 30 | 31 | if ! skip_one_with_asan; then 32 | cat >test-rpmostree-gi-arch <test-rpmostree-gi < 22 | 23 | #include "libtest.h" 24 | 25 | /* Copied and adapted from: 26 | * https://github.com/ostreedev/ostree/blob/main/tests/libostreetest.c 27 | * 28 | * This function hovers in a quantum superposition of horrifying and 29 | * beautiful. Future generations may interpret it as modern art. 30 | */ 31 | gboolean 32 | rot_test_run_libtest (const char *cmd, GError **error) 33 | { 34 | const char *srcdir = g_getenv ("topsrcdir"); 35 | int estatus; 36 | g_autoptr (GPtrArray) argv = g_ptr_array_new (); 37 | g_autoptr (GString) cmdstr = g_string_new (""); 38 | 39 | g_ptr_array_add (argv, (char *)"bash"); 40 | g_ptr_array_add (argv, (char *)"-c"); 41 | 42 | g_string_append (cmdstr, "set -xeuo pipefail; . "); 43 | g_string_append (cmdstr, srcdir); 44 | g_string_append (cmdstr, "/tests/common/libtest.sh; "); 45 | g_string_append (cmdstr, cmd); 46 | 47 | g_ptr_array_add (argv, (char *)cmdstr->str); 48 | g_ptr_array_add (argv, NULL); 49 | 50 | if (!g_spawn_sync (NULL, (char **)argv->pdata, NULL, G_SPAWN_SEARCH_PATH, NULL, NULL, NULL, NULL, 51 | &estatus, error)) 52 | return FALSE; 53 | 54 | if (!g_spawn_check_exit_status (estatus, error)) 55 | return FALSE; 56 | 57 | return TRUE; 58 | } 59 | -------------------------------------------------------------------------------- /tests/common/libtest.h: -------------------------------------------------------------------------------- 1 | /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- 2 | * 3 | * Copyright (C) 2016 Colin Walters 4 | * 5 | * This library is free software; you can redistribute it and/or 6 | * modify it under the terms of the GNU Lesser General Public 7 | * License as published by the Free Software Foundation; either 8 | * version 2 of the License, or (at your option) any later version. 9 | * 10 | * This library is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | * Lesser General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU Lesser General Public 16 | * License along with this library; if not, write to the 17 | * Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | * Boston, MA 02111-1307, USA. 19 | * 20 | * Author: Colin Walters 21 | */ 22 | 23 | /* Copied and adapted from: 24 | * https://github.com/ostreedev/ostree/blob/main/tests/libostreetest.c 25 | */ 26 | 27 | #pragma once 28 | 29 | G_BEGIN_DECLS 30 | 31 | gboolean rot_test_run_libtest (const char *cmd, GError **error); 32 | 33 | G_END_DECLS 34 | -------------------------------------------------------------------------------- /tests/common/libtestrepos.sh: -------------------------------------------------------------------------------- 1 | # Shared functions for compose/container tests 2 | # 3 | # Copyright (C) 2017 Colin Walters 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the 17 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | # Boston, MA 02111-1307, USA. 19 | 20 | setup_rpmmd_repos() { 21 | dest=$1 22 | shift 23 | repos=${RPMOSTREE_COMPOSE_TEST_USE_REPOS:-/etc/yum.repos.d} 24 | for x in ${repos}/fedora{,-updates}.repo; do 25 | bn=$(basename ${x}) 26 | cp $x ${dest}/${bn} 27 | done 28 | } 29 | 30 | -------------------------------------------------------------------------------- /tests/compose-rootfs/Containerfile: -------------------------------------------------------------------------------- 1 | # Demonstrate skew from the builder 2 | FROM quay.io/centos/centos:stream10 as repos 3 | 4 | # You must run this build with `-v /path/to/rpm-ostree:/run/build/rpm-ostree:ro` 5 | FROM quay.io/fedora/fedora-bootc:41 as builder 6 | RUN </dev/null; then 42 | echo "found user.ostreemeta"; exit 1 43 | fi 44 | bootc container lint 45 | EORUN 46 | LABEL containers.bootc 1 47 | # https://pagure.io/fedora-kiwi-descriptions/pull-request/52 48 | ENV container=oci 49 | # Make systemd the default 50 | STOPSIGNAL SIGRTMIN+3 51 | CMD ["/sbin/init"] 52 | 53 | 54 | -------------------------------------------------------------------------------- /tests/compose-rootfs/manifest.yaml: -------------------------------------------------------------------------------- 1 | edition: "2024" 2 | packages: 3 | - bash 4 | - rpm 5 | - attr 6 | - coreutils 7 | - selinux-policy-targeted 8 | - kernel 9 | - rpm-ostree 10 | 11 | postprocess: 12 | - | 13 | #!/bin/bash 14 | cat >/usr/lib/ostree/prepare-root.conf <<'EOF' 15 | [composefs] 16 | enabled = yes 17 | EOF -------------------------------------------------------------------------------- /tests/compose/disabled-test-boot-location-new.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | treefile_set boot-location '"new"' 9 | runcompose 10 | echo "ok compose" 11 | 12 | # Nothing in /boot (but it should exist) 13 | ostree --repo="${repo}" ls -R "${treeref}" /boot > bootls.txt 14 | cat >bootls-expected.txt < bootls.txt 20 | assert_file_has_content bootls.txt vmlinuz- 21 | assert_file_has_content bootls.txt initramfs- 22 | kver=$(grep /vmlinuz bootls.txt | sed -e 's,.*/vmlinuz-\(.*\)-[0-9a-f].*$,\1,') 23 | # And use the kver to find the kernel in /usr/lib/modules 24 | ostree --repo="${repo}" ls "${treeref}" "/usr/lib/modules/${kver}"/{vmlinuz,initramfs.img} >/dev/null 25 | echo "ok boot location new" 26 | -------------------------------------------------------------------------------- /tests/compose/runtest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | if [ -n "${V:-}" ]; then 5 | set -x 6 | fi 7 | 8 | outputdir=$1; shift 9 | fixtures=$1; shift 10 | testname=$1; shift 11 | 12 | # this is used directly just by the basic test, but it also hosts the RPMs 13 | export fixtures 14 | 15 | outputdir="${outputdir}/${testname}" 16 | rm -rf "${outputdir:?}"/* 17 | mkdir -p "${outputdir}" 18 | 19 | # keep original stdout around; this propagates to the terminal 20 | exec 3>&1 21 | 22 | # but redirect everything else to a log file 23 | exec 1>"${outputdir}/output.log" 24 | exec 2>&1 25 | 26 | # seed output log with current date 27 | date 28 | 29 | if [ -n "${V:-}" ]; then 30 | setpriv --pdeathsig SIGKILL -- tail -f "${outputdir}/output.log" >&3 & 31 | fi 32 | 33 | echo "EXEC: ${testname}" >&3 34 | 35 | # this will cause libtest.sh to allocate a tmpdir and cd to it 36 | export COMPOSETESTS=1 37 | 38 | # shellcheck source=../common/libtest.sh disable=2154 39 | . "${commondir}/libtest.sh" 40 | 41 | # use `git clone` rather than a symlink; we want our own copy so that we can 42 | # modify it 43 | git clone file://${fixtures}/config 44 | ostree init --repo repo --mode=bare-user 45 | 46 | if "${topsrcdir}/tests/compose/test-${testname}.sh"; then 47 | echo "PASS: ${testname}" >&3 48 | else 49 | echo "FAIL: ${testname}" >&3 50 | if [ -z "${V:-}" ]; then 51 | tail -n20 "${outputdir}/output.log" | sed "s/^/ ${testname}: /g" >&3 52 | fi 53 | 54 | if [ -n "${COMPOSE_DEBUG:-}" ]; then 55 | echo "--- COMPOSE_DEBUG ---" >&3 56 | echo "Working directory: ${PWD}" >&3 57 | echo "Sleeping..." >&3 58 | sleep infinity 59 | fi 60 | exit 1 61 | fi 62 | -------------------------------------------------------------------------------- /tests/compose/test-container.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | jq . "$treefile" 9 | jq '{"repos", "releasever"}' < "$treefile" > manifest.json.new 10 | cat >container.json << 'EOF' 11 | { 12 | "packages": ["coreutils", "rpm"], 13 | "container": true, 14 | "selinux": false 15 | } 16 | EOF 17 | cat manifest.json.new container.json | jq -s add > "$treefile" 18 | jq . $treefile 19 | runcompose 20 | echo "ok compose container" 21 | -------------------------------------------------------------------------------- /tests/compose/test-excludes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | # Add a local rpm-md repo for recommends testing 9 | treefile_append "repos" '["test-repo"]' 10 | build_rpm foodep 11 | build_rpm foobar recommends foobar-rec requires foodep 12 | build_rpm foobar-rec 13 | 14 | echo gpgcheck=0 >> yumrepo.repo 15 | ln "$PWD/yumrepo.repo" config/yumrepo.repo 16 | # the top-level manifest doesn't have any packages, so just set it 17 | treefile_append "packages" '["foobar"]' 18 | treefile_set 'recommends' "True" 19 | 20 | runcompose --dry-run >log.txt 21 | assert_file_has_content_literal log.txt 'foobar-1.0' 22 | assert_file_has_content_literal log.txt 'foobar-rec-1.0' 23 | rm -f log.txt 24 | echo "ok no exclude" 25 | 26 | # Test exclude 27 | treefile_append "exclude-packages" '["foobar-rec"]' 28 | 29 | runcompose --dry-run >log.txt 30 | assert_file_has_content_literal log.txt 'foobar-1.0' 31 | assert_not_file_has_content_literal log.txt 'foobar-rec-1.0' 32 | rm -f log.txt 33 | echo "ok exclude recommend" 34 | 35 | treefile_append "exclude-packages" '["foodep"]' 36 | 37 | if runcompose --dry-run &>err.txt; then 38 | fatal "compose unexpectedly succeeded" 39 | fi 40 | assert_file_has_content err.txt 'package foodep.*is filtered out by exclude filtering' 41 | echo "ok exclude included" 42 | -------------------------------------------------------------------------------- /tests/compose/test-ima.sh.disabled: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | # April 2025: test disabled due to: 5 | # https://github.com/coreos/rpm-ostree/pull/5368#issuecomment-2837285125 6 | 7 | dn=$(cd "$(dirname "$0")" && pwd) 8 | # shellcheck source=libcomposetest.sh 9 | . "${dn}/libcomposetest.sh" 10 | 11 | # Add a local rpm-md repo so we can mutate local test packages 12 | treefile_append "repos" '["test-repo"]' 13 | 14 | # An IMA signed RPM 15 | build_rpm test-ima-signed \ 16 | build "echo test-ima-signed-binary > %{name}" \ 17 | install "mkdir -p %{buildroot}/usr/bin 18 | install %{name} %{buildroot}/usr/bin" \ 19 | files "/usr/bin/%{name}" 20 | cd "${test_tmpdir}" 21 | cat > genkey.config << 'EOF' 22 | [ req ] 23 | default_bits = 3048 24 | distinguished_name = req_distinguished_name 25 | prompt = no 26 | string_mask = utf8only 27 | x509_extensions = myexts 28 | [ req_distinguished_name ] 29 | O = Test 30 | CN = Test key 31 | emailAddress = example@example.com 32 | [ myexts ] 33 | basicConstraints=critical,CA:FALSE 34 | keyUsage=digitalSignature 35 | subjectKeyIdentifier=hash 36 | authorityKeyIdentifier=keyid 37 | EOF 38 | openssl req -new -nodes -utf8 -sha256 -days 36500 -batch \ 39 | -x509 -config genkey.config \ 40 | -outform DER -out ima.der -keyout privkey_ima.pem 41 | export GNUPGHOME=${commondir}/../gpghome 42 | export GPG_TTY="" 43 | rpmsign --addsign --key-id "${TEST_GPG_KEYID_1}" --signfiles --fskpath=privkey_ima.pem yumrepo/packages/$(arch)/test-ima-signed*.rpm 44 | 45 | echo gpgcheck=0 >> yumrepo.repo 46 | ln "$PWD/yumrepo.repo" config/yumrepo.repo 47 | treefile_append "packages" '["test-ima-signed"]' 48 | treefile_pyedit "tf['ima'] = True" 49 | 50 | runcompose 51 | 52 | ostree --repo="${repo}" ls -X "${treeref}" /usr/bin/test-ima-signed > ima.txt 53 | # It'd be good to also verify the file signature, try booting it etc. But 54 | # this is just a sanity check for now. 55 | assert_file_has_content_literal ima.txt "(b'security.ima', [byte 0x" 56 | echo "ok ima signature" 57 | -------------------------------------------------------------------------------- /tests/compose/test-install-langs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | treefile_set "install-langs" '["fr", "fr_FR", "en_US"]' 9 | treefile_set "postprocess-script" "'$PWD/lang-test.sh'" 10 | cat > lang-test.sh << EOF 11 | #!/bin/bash 12 | set -xeuo pipefail 13 | env LANG=fr_FR.UTF-8 date -ud @0 &> /etc/lang-test.date.txt 14 | (env LANG=fr_FR.UTF-8 touch || :) &> /etc/lang-test.touch.txt 15 | env LANG=de_DE.UTF-8 date -ud @0 &> /etc/lang-test.de.date.txt 16 | (env LANG=de_DE.UTF-8 touch || :) &> /etc/lang-test.de.touch.txt 17 | EOF 18 | chmod a+x lang-test.sh 19 | runcompose 20 | echo "ok compose" 21 | 22 | ostree --repo=${repo} cat ${treeref} /usr/etc/lang-test.date.txt > out.txt 23 | assert_file_has_content out.txt 'jeu.*janv.*1970' 24 | ostree --repo=${repo} cat ${treeref} /usr/etc/lang-test.touch.txt > out.txt 25 | assert_file_has_content out.txt 'opérande de fichier manquant' 26 | 27 | # XXX: this test doesn't currently work since glibc no longer obeys install-langs: 28 | # https://github.com/coreos/fedora-coreos-config/issues/194#issuecomment-556365516 29 | 30 | # # check that de_DE was culled 31 | # ostree --repo=${repo} cat ${treeref} /usr/etc/lang-test.de.date.txt > out.txt 32 | # assert_file_has_content out.txt 'Thu Jan 1 00:00:00 UTC 1970' 33 | # ostree --repo=${repo} cat ${treeref} /usr/etc/lang-test.de.touch.txt > out.txt 34 | # assert_file_has_content out.txt 'missing file operand' 35 | 36 | if ostree --repo=${repo} ls ${treeref} /usr/bin/rpmostree-postprocess-lang-test.sh 2>err.txt; then 37 | assert_not_reached "we failed to unlink?" 38 | fi 39 | assert_file_has_content err.txt "error:.*No such file or directory" 40 | 41 | echo "ok install-langs" 42 | -------------------------------------------------------------------------------- /tests/compose/test-machineid-compat.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | # Test that `units` and `machineid-compat: False` conflict 9 | treefile_set "units" '["tuned.service"]' 10 | 11 | # Do the compose 12 | if runcompose |& tee err.txt; then 13 | assert_not_reached err.txt "Successfully composed with units and machineid-compat=False?" 14 | fi 15 | assert_file_has_content_literal err.txt \ 16 | "'units' directive is incompatible with machineid-compat = false" 17 | echo "ok conflict with units" 18 | 19 | # Now test machineid-compat: True 20 | 21 | # Also test having no ref (XXX: move to misc or something) 22 | treefile_del 'ref' 23 | treefile_set "machineid-compat" 'True' 24 | runcompose 25 | echo "ok compose" 26 | 27 | ostree --repo="${repo}" refs > refs.txt 28 | assert_not_file_has_content refs.txt "${treeref}" 29 | echo "ok no refs written" 30 | 31 | commit=$(jq -r '.["ostree-commit"]' < compose.json) 32 | ostree --repo=${repo} ls ${commit} /usr/etc > ls.txt 33 | assert_file_has_content ls.txt 'machine-id' 34 | echo "ok machineid-compat" 35 | -------------------------------------------------------------------------------- /tests/compose/test-repo-metadata.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | treefile_set repo-metadata '"detached"' 9 | runcompose 10 | echo "ok compose detached" 11 | 12 | ostree --repo=${repo} show --print-metadata-key rpmostree.rpmmd-repos ${treeref} && \ 13 | fatal "rpmostree.rpmmd-repos present in inline metadata when should be detached" 14 | ostree --repo=${repo} show --print-detached-metadata-key rpmostree.rpmmd-repos ${treeref} > meta.txt 15 | assert_file_has_content meta.txt 'id.*cache.*timestamp' 16 | echo "ok metadata detached" 17 | 18 | treefile_set repo-metadata '"disabled"' 19 | runcompose 20 | echo "ok compose disabled" 21 | 22 | ostree --repo=${repo} show --print-metadata-key rpmostree.rpmmd-repos ${treeref} && \ 23 | fatal "rpmostree.rpmmd-repos present in inline metadata when should be disabled" 24 | ostree --repo=${repo} show --print-detached-metadata-key rpmostree.rpmmd-repos ${treeref} && \ 25 | fatal "rpmostree.rpmmd-repos present in detached metadata when should be disabled" 26 | echo "ok metadata disabled" 27 | -------------------------------------------------------------------------------- /tests/compose/test-rootfs-transient.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | # Add a local rpm-md repo so we can mutate local test packages 9 | treefile_append "repos" '["test-repo"]' 10 | build_rpm prepare-root-config \ 11 | files "/usr/lib/ostree/prepare-root.conf" \ 12 | install "mkdir -p %{buildroot}/usr/lib/ostree && echo -e '[root]\ntransient=true' > %{buildroot}/usr/lib/ostree/prepare-root.conf" 13 | 14 | echo gpgcheck=0 >> yumrepo.repo 15 | ln "$PWD/yumrepo.repo" config/yumrepo.repo 16 | # the top-level manifest doesn't have any packages, so just set it 17 | treefile_append "packages" '["prepare-root-config"]' 18 | 19 | # Do the compose 20 | runcompose 21 | echo "ok compose" 22 | 23 | ostree --repo=${repo} ls ${treeref} /opt > ls.txt 24 | assert_file_has_content ls.txt 'd00755 *0 *0 *0 */opt' 25 | echo "ok opt is directory with transient rootfs" 26 | -------------------------------------------------------------------------------- /tests/compose/test-state-overlays.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | # Add a local rpm-md repo so we can mutate local test packages 9 | treefile_append "repos" '["test-repo"]' 10 | 11 | # An RPM that installs in /opt 12 | build_rpm test-opt \ 13 | install "mkdir -p %{buildroot}/opt/megacorp/bin 14 | install %{name} %{buildroot}/opt/megacorp/bin" \ 15 | files "/opt/megacorp" 16 | 17 | # An RPM that installs in /usr/local 18 | build_rpm test-usr-local \ 19 | install "mkdir -p %{buildroot}/usr/local/bin 20 | install %{name} %{buildroot}/usr/local/bin" \ 21 | files "/usr/local/bin/%{name}" 22 | 23 | echo gpgcheck=0 >> yumrepo.repo 24 | ln "$PWD/yumrepo.repo" config/yumrepo.repo 25 | 26 | # the top-level manifest doesn't have any packages, so just set it 27 | treefile_append "packages" '["test-opt", "test-usr-local"]' 28 | 29 | # enable state overlays 30 | treefile_set "opt-usrlocal" '"stateoverlay"' 31 | 32 | runcompose 33 | 34 | # shellcheck disable=SC2154 35 | ostree --repo="${repo}" ls -R "${treeref}" /usr/lib/opt > opt.txt 36 | assert_file_has_content opt.txt "/usr/lib/opt/megacorp/bin/test-opt" 37 | 38 | ostree --repo="${repo}" ls -R "${treeref}" /usr/local > usr-local.txt 39 | assert_file_has_content usr-local.txt "/usr/local/bin/test-usr-local" 40 | 41 | ostree --repo="${repo}" ls -R "${treeref}" /usr/lib/systemd/system/local-fs.target.requires > local-fs.txt 42 | assert_file_has_content local-fs.txt "ostree-state-overlay@usr-lib-opt.service" 43 | assert_file_has_content local-fs.txt "ostree-state-overlay@usr-local.service" 44 | 45 | echo "ok /opt and /usr/local RPMs" 46 | -------------------------------------------------------------------------------- /tests/compose/test-write-commitid.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | # shellcheck source=libcomposetest.sh 6 | . "${dn}/libcomposetest.sh" 7 | 8 | runcompose --write-commitid-to $(pwd)/commitid.txt 9 | wc -c < commitid.txt > wc.txt 10 | assert_file_has_content_literal wc.txt 64 11 | echo "ok compose" 12 | 13 | # --write-commitid-to should not set the ref 14 | ostree --repo=${repo} refs > refs.txt 15 | assert_file_empty refs.txt 16 | echo "ok ref not written" 17 | 18 | commitid_txt=$(cat commitid.txt) 19 | assert_streq "$(jq -r '.["ostree-commit"]' < compose.json)" "${commitid_txt}" 20 | # And verify we have other keys 21 | for key in ostree-version rpm-ostree-inputhash ostree-content-bytes-written; do 22 | jq -r '.["'${key}'"]' compose.json >/dev/null 23 | done 24 | echo "ok composejson" 25 | -------------------------------------------------------------------------------- /tests/encapsulate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -xeuo pipefail 3 | # Pull the latest FCOS build, unpack its container image, and verify 4 | # that we can re-encapsulate it as chunked. 5 | 6 | container=quay.io/fedora/fedora-coreos:testing-devel 7 | 8 | # First, verify the legacy entrypoint still works for now 9 | rpm-ostree container-encapsulate --help >/dev/null 10 | 11 | tmpdir=$(mktemp -d) 12 | cd ${tmpdir} 13 | ostree --repo=repo init --mode=bare-user 14 | cat /etc/ostree/remotes.d/fedora.conf >> repo/config 15 | # Pull and unpack the ostree content, discarding the container wrapping 16 | ostree container unencapsulate --write-ref=testref --repo=repo ostree-remote-registry:fedora:$container 17 | # Re-pack it as a (chunked) container 18 | 19 | cat > config.json << 'EOF' 20 | { 21 | "Env": [ 22 | "container=oci" 23 | ], 24 | "Labels": { 25 | "usage": "Do not use directly. Use as a base image for daemons. Install chosen packages and 'systemctl enable' them." 26 | }, 27 | "StopSignal": "SIGRTMIN+3" 28 | } 29 | EOF 30 | 31 | rpm-ostree compose container-encapsulate --repo=repo \ 32 | --image-config=config.json \ 33 | --label=foo=bar --label baz=blah --copymeta-opt fedora-coreos.stream --copymeta-opt nonexistent.key \ 34 | testref oci:test.oci 35 | skopeo inspect oci:test.oci | jq -r .Labels > labels.json 36 | for label in foo baz 'fedora-coreos.stream' usage; do 37 | jq -re ".\"${label}\"" < labels.json 38 | done 39 | echo ok 40 | -------------------------------------------------------------------------------- /tests/gpghome/key1.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQENBFIuhBYBCADTbnocQsJgMfOELkFt3wRrAZShijoBPYZT9BrIuIKZxAbaxZJr 5 | Tbw8eIGgHZ51NCfdoikul0i82dt4hwtsACNVL5EGRmvTIKHPacb0yJMr1YBjcSwD 6 | Slo+niLPb/oVtLTbDWFt/msYKREF/lGJT9dJyXkQ5UOwWdipDaHIlwb0IKUvL7cu 7 | NpNthRFRm1M5d5M9OtqTCrCja6zckQ6OfvoStsbneHzfVWeH7vLcKBxxkfDhusVt 8 | y1iVaDk1EYT8ZxsrAWw4S7nRK/bjr86IYpFPjG2aKMd9qxyIo7hcX4r8od24jzfM 9 | v/ysOapnkTJuv8J6v7MakM1HkCz+TKF6gXxVABEBAAG0HU9zdHJlZSBUZXN0ZXIg 10 | PHRlc3RAdGVzdC5jb20+iQE5BBMBAgAjBQJSLoQWAhsDBwsJCAcDAgEGFQgCCQoL 11 | BBYCAwECHgECF4AACgkQf8oj2Ecs2vr/9wgAnme6WsWQy8CYeGH4q/5I6XFL6q1m 12 | S0+qdeGnYRmR0jJAGJ84vqDhnKxjeQzp+8Nq81DHGEJBszCkMW2o22neFi2Mo95h 13 | Dq3GWNZVldCDshjPs563AY6j7zACUN7Cy5XB3MK/vj5R/SrHBtJmSgPTx9WfmUgn 14 | n5Udg+fzSsS8z8DUtJFtexgrSnEmwH+nOmIfrsjIYL5EPg+CTTalhygROrERjINr 15 | pCYiShaFCKbuyt/XvyQ71y0JbB2yS7tDv0mL4SZjSuBQ1PkNE8ZQsymqBOJHA1Y3 16 | ppgPs1OenmtYgxaR8HQQv7uxHWZz0dmwQN93Qx8zMZwW40Odmdh1zLNQf7kBDQRS 17 | LoQWAQgA9i9QWg28qmFrPIzn90ZlNlUtFzoZy/8/lIk34awge1uO5aHydYBzkuWU 18 | jCDyBtQLWZQlwOKq8oHBbjENR2sfsmNkrYKcceQ02hSXqEJkc6jcDMCpB9eWy34K 19 | sPZmdl76Eo/vIIgRqJ9JPeGoMPaIBg2ouEz6Ft6jcX3EriYIKebCEA9wPk29z40x 20 | 7D8mBZn06WrZ3JyePfbCdNJlQANEnrk7KDMNwPhhE1wcfPkiVtqBR0/FwIoUP0jn 21 | PishIWOuFObYnXQQ2R8sxrw/V0hGqVTh+k+iNAjzEp4yPsAvB+LdMH9nCY5rU3Vo 22 | 1paEqVM1EHoBPu4NupRN0AjIJPr5UQARAQABiQEfBBgBAgAJBQJSLoQWAhsMAAoJ 23 | EH/KI9hHLNr68i4IAMdc+EgAaPZFWZcXFGBfhnOKQFC/u/W6Cu1JjqIYkGO0HxSh 24 | SfBkxArqlp37w4YVH4bUku6ja421bfGFNMtMfXjw2mU3HRdaDenP6OGv2jYmYmFt 25 | 6zi0JZZhvi8ZCcAQTStZ2Ms3hwstCMiBXPmYA7KW9Gzo4JQSKCW5haICGVSWl7kh 26 | n0OkhOTVI9uzNr7+LhYn2ib/ynSaMKeI4hZ8v1HDuY0V1E63vFPGLFBTPaoRPpnm 27 | 9yBnXMWhrbV97L6eEoe7faurSyPcF11LEFC5x8oENnbH+wtAXOayQo3lld+JRa9C 28 | JEZl8STdRU9o2NFwF8XM8BEOWntMS8aNpPoILC8= 29 | =ZNNc 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /tests/gpghome/key2.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQENBFUIM4ABCADYBuvzGgzv5nMy2wICv79l+N4bN9/o9hTdFEOzyAeCEaF5Wugc 5 | L9nfTgUS9NRHsSpGt9DeZVEzRm5XzccgHOPs7MlYH0Irhc4Hb9ycOO2vBZ7ZiBK/ 6 | jbY+R5GN4Ut9XIRexbXWddOjJpRUTCWQeXw5iqV9Puqm1ge2Vcal+NZOi2AFRKKe 7 | p/QI9EXIIx7ca6OWtH2SS/qE2p9obDYsMNrW+Dk623dbNKQiWaWyfRD+hB91UNbt 8 | vK7agokTeU0hKr9C8dHrhepgl9B/Hz8SFibZQQiTxSiVH3fUu10eQsyuDC/01KHp 9 | z0MR28Lc4VlCs6dsJBmGMBayHHVzbyXgw6uZABEBAAG0IU9zdHJlZSBUZXN0ZXIg 10 | SUkgPHRlc3QyQHRlc3QuY29tPokBOAQTAQIAIgUCVQgzgAIbAwYLCQgHAwIGFQgC 11 | CQoLBBYCAwECHgECF4AACgkQ2CKM/sqVDUFpJAgAirtYbbkvnlKtBxDsCu+A6qyl 12 | 7r+cW8IH5U1P4MqxqQwkAe1ZalfjuTSHVKYqt/K6gt0+4NvCee3A2JxXTvLq1hdR 13 | DNMUFAjkbZv3Y6VS8Qtj3edsviNEB7s8uyWgR/EBB312YSZCwzk5uSLzM5E7AmvM 14 | 0/ZPIAAxjz8TpQKc8vJx1/4nqgt0Wjv5B74vuOQJT26zoFygCQM76YeN+ULzk/hN 15 | hW7aNp/S2STasvEv7NgwqAe6eWy45xTrvxhEhQV760/toLbI0DuuBGr6Ue/G+Id4 16 | P/R604HAbMg3GdCztyoD3WTuvcsY6oXD7GlSEX4DZ0LA2TqQDZB+Pqe2yF7Gi7kB 17 | DQRVCDOAAQgAsxH2E9JeQPbcdXGyxLCa4FyMeziCrxn7tOEsRkeqZmb76mAOn67Q 18 | ZuZ6SXcAQDjKOBu7QNEcFQ+bAW/urohzD/sjr09vKqibLh6v8t81DE79GHI1UZ7F 19 | SuYDLgcGUvOCJej8iftJcudWuzCW9SvoykNcgPcIOYEXbbJVRr2xvK4z2a34DyWL 20 | jEXU2r6g1KNwtGyT6hZ7Ax99MKAzCFX3to0V51EXcrnUojwz/8i4Lal9t3d4P3lu 21 | FZw3ITWh4e9zNxp8aSxsAN/vQ1EHccMPrNmO+d+yjhH7inTxf+vLErP3Cs5rPjxl 22 | FgoLvBCSCT0jQ0xP+8Aa2TDyXDcMHg85QwARAQABiQEfBBgBAgAJBQJVCDOAAhsM 23 | AAoJENgijP7KlQ1Bc68H/RBn5PpUe8CA1CJ8eN4LIfRee3DjacwvjGsdgiMzcLhb 24 | Hp/ke42kentYjT+gF1ABPbeUERDlhnZ8BguKGZV+jOGDWRI2KFrQXL444aNznjn8 25 | aTOQY/d4LibwSaQ3qzf4Zp4CyZq2X2Vg3+B3HoUM6pkIL/r2ao5TnFqKubCE3sEo 26 | St+LV4eHktoAS1GXmxYKo4Q67yMVekTZt7C/VQ2a20qfAXBn2U8UA3tUvNqKtyyJ 27 | XrxeTJ+T4MMv60zdC/B/UPNjjHLNyB6culIzyiYFglGw3ctx2erJN2d+aQLrw78E 28 | vIuMy+JcH6y3JlzVGdByWbC7628OcWWa+NL/CXnYMyQ= 29 | =j9RC 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /tests/gpghome/key3.asc: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQENBFUIM6EBCACr57QUYEEuxvkX20yM1LVt2jyYZRKKQsqXx/xCF+Pg1MNz6mYx 5 | Qz6R6+yZZmlADsfRdnEpRvl4Dq2g3cP0DqkjnIKwI7ffEsyXlves8OMlpwT2Vh4x 6 | 8Lx92eIEeqmb+PT8m88+x+EPVaR2R5KBHFkGXGyVgw+Ry8Oa9ZtJEKSkL/EQvzWv 7 | 5q+OR1Pm8rnIPe64XPh3yAx5SBJ2m7hykH/XMVrdGqaZvpuGBx77pmmqfMMjNWMC 8 | U09hURyuyGWUsj9lFWYgpBvAzASmJNpAf7FZTjzCwLJwqpxCYm6a3sp76yyjuY7q 9 | vgJOolRHp9F/XETsSLdy6966oBxclGNaD6gnABEBAAG0Ik9zdHJlZSBUZXN0ZXIg 10 | SUlJIDx0ZXN0M0B0ZXN0LmNvbT6JATgEEwECACIFAlUIM6ECGwMGCwkIBwMCBhUI 11 | AgkKCwQWAgMBAh4BAheAAAoJEA0V+uffRE1n0n4H/0Z8bC1cdr5cMFZ6YBaJlw4c 12 | b61krhan2qCrwQupwaXi6LHt0zMwgljOcN+X2sAlZj9Jv0CabU5S1vM1fh9DZ6OY 13 | 2OQ/Pq2lXGk22JjrbPPq5o//xTzo92Uxptuxq6O4frVzuGCo1yPlrHJh+TxbXIc8 14 | XOz9C9KTfcb9OwidSSW5LlUBzQ2e3oQLSUQPsdB3TZP5zlqPIYerWn+LdETKcOTr 15 | JyoaobFqX2BN223d3vkA1/GcuB17eBnzbnS0OWLJH+E3bsCqjtCJMEc1uTq97tyF 16 | XStIk9i0gVbA+GiK/ZFMt+a5kagR5dOUwpNZ0BE+Kzf0CtkSaSWkAh1vQV/j2E65 17 | AQ0EVQgzoQEIAMeXa6sp5kdmJn/fVw0Pk5oluBXif7BiFt+T7K03RxCOKRpne6dI 18 | SS98ruwZ1B5hn0lZO0UiL5RKpBQUrI9Y7251tz+oWohU2ZkUwwP3OcBlTXtErhe0 19 | LctcJ1nUA5NICVP5brhJR94durULiM+Rrhr12Ccs+a9bV268btNLN51z7ICMwNI6 20 | xuNxLt9orVJwP82a2eelQOgkPyFpiq7UxZ1erJg4aBVfWHP+rlxyQlzawVebbQMO 21 | gwYW+gAawTxd2x7PV9CC3KsaM+HI6wBvDOtcWlbzo+TxzcVocd5oern4Mr5Y86Gt 22 | lajuO9DVsuxxIfBrvHdRut613ShhOVlfy2MAEQEAAYkBHwQYAQIACQUCVQgzoQIb 23 | DAAKCRANFfrn30RNZyPVB/9jNFOjcNCAZSrz9vylaO0xHsPhIn4osmkiU6BvodwO 24 | n+qR4eEUw7BzoWC5QqGxUPYuDneQK7N7U31SFYjmY5Y1CDMsFtcYzjPgN5qWhtaN 25 | iNTtE9pb5f97PyLSUwcdW1y/cfDfqoAY6rpRXieo7hJv1xBtlEzJIbSSTS1SUEd1 26 | 4qwPCqNWMSM6qBcaFB5Yuw0Z/E6B1JfNTUw5J5jDxbGdOzkLx2mXCldte1axq9Lp 27 | 1V17jMTvn7Ml1QdoEAqzvt4VNQci/Su/qd3XjQ46b4dFFP03+jJv7mO6tHka2luZ 28 | RX0zfsk5q8wqbtV2k0XZFRD+22ddKMf1j4wID157lNQs 29 | =Dq+d 30 | -----END PGP PUBLIC KEY BLOCK----- 31 | -------------------------------------------------------------------------------- /tests/gpghome/pubring.gpg: -------------------------------------------------------------------------------- 1 | trusted/pubring.gpg -------------------------------------------------------------------------------- /tests/gpghome/secring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/coreos/rpm-ostree/18911fece32d9fa7a71282952fbb1406038cc338/tests/gpghome/secring.gpg -------------------------------------------------------------------------------- /tests/gpghome/trustdb.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/coreos/rpm-ostree/18911fece32d9fa7a71282952fbb1406038cc338/tests/gpghome/trustdb.gpg -------------------------------------------------------------------------------- /tests/gpghome/trusted/pubring.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/coreos/rpm-ostree/18911fece32d9fa7a71282952fbb1406038cc338/tests/gpghome/trusted/pubring.gpg -------------------------------------------------------------------------------- /tests/kolainst/.gitignore: -------------------------------------------------------------------------------- 1 | rpm-repos/ 2 | -------------------------------------------------------------------------------- /tests/kolainst/Makefile: -------------------------------------------------------------------------------- 1 | DESTDIR ?= 2 | 3 | TESTDIRS := $(shell find -mindepth 1 -maxdepth 1 -type d) 4 | 5 | KOLA_TESTDIR ?= $(DESTDIR)/usr/lib/coreos-assembler/tests/kola/rpm-ostree/ 6 | 7 | rpm-repos: kolainst-build.sh 8 | ./kolainst-build.sh 9 | 10 | all: rpm-repos 11 | 12 | install: all 13 | install -d -m 0755 $(KOLA_TESTDIR) 14 | rsync -prlv ./nondestructive $(KOLA_TESTDIR)/ 15 | rsync -prlv ./destructive $(KOLA_TESTDIR)/ 16 | rsync -prlv ../common/*.sh $(KOLA_TESTDIR)/nondestructive/data/ 17 | rsync -prlv ../common/*.sh $(KOLA_TESTDIR)/destructive/data/ 18 | rsync -prlv rpm-repos/ $(KOLA_TESTDIR)/nondestructive/data/rpm-repos/ 19 | rsync -prlv ../gpghome $(KOLA_TESTDIR)/destructive/data/ 20 | rsync -prlv rpm-repos/ $(KOLA_TESTDIR)/destructive/data/rpm-repos/ 21 | 22 | localinstall: all 23 | rm -rf ../kola 24 | make install KOLA_TESTDIR=../kola 25 | -------------------------------------------------------------------------------- /tests/kolainst/destructive/cached-sigs: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | . ${KOLA_EXT_DATA}/libtest.sh 5 | 6 | set -x 7 | 8 | libtest_prepare_offline 9 | cd "$(mktemp -d)" 10 | 11 | # For this test we want a signed OSTree commit deployed. Check if a sig already 12 | # exists, otherwise let's self-sign it. 13 | rpm-ostree status --json > status.json 14 | booted_commit=$(jq -r '.deployments[0].checksum' < status.json) 15 | if ! jq -e '.deployments[0].signatures' < status.json > /dev/null; then 16 | ostree gpg-sign --gpg-homedir "${KOLA_EXT_DATA}/gpghome" "$booted_commit" "${TEST_GPG_KEYID_1}" 17 | cp "${KOLA_EXT_DATA}/gpghome/key1.asc" /etc/pki/rpm-gpg/ 18 | fi 19 | 20 | # Ensure we're always using an ostree refspec where GPG signatures are checked 21 | ostree refs --create synthetic-ref-for-test "${booted_commit}" 22 | ostree remote add dummy https://localhost 23 | # ostree admin set-origin crashes today if there's not a refspec, which there 24 | # won't be when we're booted into a container by default 25 | origin=$(ls /ostree/deploy/*/deploy/*.origin) 26 | unshare -m /bin/sh -c 'mount -o remount,rw /sysroot && echo -e "[origin]\nrefspec=dummy:synthetic-ref-for-test" > '"$origin" 27 | 28 | systemctl stop rpm-ostreed 29 | 30 | # Turn on logging 31 | mkdir -p /etc/systemd/system/rpm-ostreed.service.d 32 | cat > /etc/systemd/system/rpm-ostreed.service.d/debug.conf < out.img 17 | file out.img > out.img.file 18 | assert_not_file_has_content out.img.file "LZ4" 19 | 20 | rpm-ostree install lz4 -A 21 | rpm-ostree initramfs --enable --arg='--compress=lz4' 22 | /tmp/autopkgtest-reboot reboot 23 | ;; 24 | "reboot") 25 | new_initrd=$(ls -t /boot/ostree/*/initramfs-*.img | head -n 1) 26 | (/usr/lib/dracut/skipcpio "${new_initrd}" || :) | head -c 100 > out.new.img 27 | file out.new.img > out.new.img.file 28 | assert_file_has_content out.new.img.file "LZ4" 29 | set +x # so our grepping doesn't get a hit on itself 30 | if journalctl --grep 'Initramfs unpacking failed: Decoding failed'; then 31 | fatal "Found initramfs unpacking failure in journal" 32 | fi 33 | ;; 34 | *) echo "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}"; exit 1;; 35 | esac 36 | 37 | echo "ok" 38 | -------------------------------------------------------------------------------- /tests/kolainst/destructive/layering-useradd: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # This library is free software; you can redistribute it and/or 4 | # modify it under the terms of the GNU Lesser General Public 5 | # License as published by the Free Software Foundation; either 6 | # version 2 of the License, or (at your option) any later version. 7 | # 8 | # This library is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 11 | # Lesser General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU Lesser General Public 14 | # License along with this library; if not, write to the 15 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 16 | # Boston, MA 02111-1307, USA. 17 | 18 | set -euo pipefail 19 | 20 | . ${KOLA_EXT_DATA}/libtest.sh 21 | 22 | set -x 23 | cd $(mktemp -d) 24 | 25 | case "${AUTOPKGTEST_REBOOT_MARK:-}" in 26 | "") 27 | libtest_prepare_fully_offline 28 | 29 | rpm-ostree install ${KOLA_EXT_DATA}/rpm-repos/0/packages/x86_64/testdaemon*.rpm 30 | if grep testdaemon /etc/passwd /usr/lib/passwd; then 31 | fatal "found testdaemon in current passwd" 32 | fi 33 | 34 | /tmp/autopkgtest-reboot "1" 35 | ;; 36 | "1") 37 | rpmostree_assert_status '.deployments[0]["requested-local-packages"]|length == 1' 38 | 39 | # Verify testdaemon altfiles 40 | rpm -q testdaemon 41 | grep testdaemon /usr/lib/passwd 42 | grep testdaemon /usr/lib/group 43 | if grep testdaemon /etc/passwd; then 44 | fatal "found testdaemon in /etc/passwd" 45 | fi 46 | 47 | # Reset this 48 | rpm-ostree uninstall testdaemon 49 | 50 | /tmp/autopkgtest-reboot "2" 51 | ;; 52 | "2") 53 | if grep testdaemon /etc/passwd /usr/lib/passwd; then 54 | fatal "found testdaemon in current passwd" 55 | fi 56 | ;; 57 | *) echo "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}"; exit 1;; 58 | esac 59 | -------------------------------------------------------------------------------- /tests/manual/test-dbquery.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import sys 4 | from gi.repository import Gio, OSTree, RpmOstree 5 | 6 | repopath, ref = sys.argv[1:3] 7 | 8 | r = OSTree.Repo.new(Gio.File.new_for_path(repopath)) 9 | r.open(None) 10 | qr = RpmOstree.db_query_all(r, ref, None) 11 | print "Package list: " 12 | for p in qr: 13 | print p.get_nevra() 14 | 15 | _,removed,added,modold,modnew = RpmOstree.db_diff(r, ref + '^', ref, None) 16 | for p in removed: 17 | print "D " + p.get_nevra() 18 | for p in added: 19 | print "A " + p.get_nevra() 20 | for o,n in zip(modold, modnew): 21 | print "M {0} {1} -> {2}".format(o.get_name(), o.get_evr(), n.get_evr()) 22 | 23 | -------------------------------------------------------------------------------- /tests/runkola: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | # Use with `cosa build-fast`, e.g.: 4 | # cosa build-fast && ./tests/runkola 5 | top=$(git rev-parse --show-toplevel) 6 | cd ${top} 7 | image=$(ls fastbuild-*-qemu.qcow2 | head -1) 8 | if [ -z "${image}" ]; then 9 | echo "Must run on image from cosa build-fast" 10 | exit 1 11 | fi 12 | if [ -z "$@" ]; then 13 | set -- 'ext.*' "$@" 14 | fi 15 | set -x 16 | exec kola run -p qemu --qemu-image "${image}" -E ${top} "$@" 17 | -------------------------------------------------------------------------------- /tests/vmcheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | dn=$(cd "$(dirname "$0")" && pwd) 5 | topsrcdir=$(cd "$dn/.." && pwd) 6 | commondir=$(cd "$dn/common" && pwd) 7 | export topsrcdir commondir 8 | 9 | # shellcheck source=common/libtest-core.sh 10 | . "${commondir}/libtest-core.sh" 11 | 12 | read -r -a tests <<< "$(filter_tests "${topsrcdir}/tests/vmcheck")" 13 | if [ ${#tests[*]} -eq 0 ]; then 14 | echo "No tests selected; mistyped filter?" 15 | exit 0 16 | fi 17 | 18 | JOBS=${JOBS:-$(ncpus)} 19 | 20 | echo "Running ${#tests[*]} tests ${JOBS} at a time" 21 | 22 | outputdir="${topsrcdir}/vmcheck-logs" 23 | echo "Test results outputting to ${outputdir}/" 24 | 25 | echo -n "${tests[*]}" | parallel -d' ' -j "${JOBS}" --line-buffer \ 26 | "${topsrcdir}/tests/vmcheck/runtest.sh" "${outputdir}" 27 | -------------------------------------------------------------------------------- /tests/vmcheck/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | # This is just a small wrapper for `make install`, but with the added logic to 5 | # pull in ostree packages from the build container. We always assume development 6 | # and testing is against git main ostree and that the build container is 7 | # tracking e.g. CAHC or FAHC (see HACKING.md for more details). 8 | 9 | DESTDIR=${topsrcdir}/insttree 10 | 11 | # Chown everything to writable, due to 12 | # https://bugzilla.redhat.com/show_bug.cgi?id=517575 13 | if test -d ${DESTDIR}; then chmod -R u+w ${DESTDIR}/; fi 14 | rm -rf ${DESTDIR} 15 | mkdir -p ${DESTDIR} 16 | 17 | ostree --version 18 | # We don't want to sync all of userspace, just things 19 | # that rpm-ostree links to or uses and tend to drift 20 | # in important ways. 21 | # XXX: We add libmodulemd manually for now until it's 22 | # part of the image. 23 | pkgs="libsolv libmodulemd" 24 | if rpm -q zchunk-libs 2>/dev/null; then 25 | pkgs="${pkgs} zchunk-libs" 26 | fi 27 | if rpm -q ostree-grub2 2>/dev/null; then 28 | pkgs="${pkgs} ostree-grub2" 29 | fi 30 | for pkg in ostree{,-libs} ${pkgs}; do 31 | 32 | rpm -q $pkg 33 | 34 | # We do not have perms to read /etc/grub2 as non-root. In the prebuilt 35 | # container case, manpages are missing. Ignore that. 36 | rpm -ql $pkg | grep -vE "^/(etc|usr/share/(doc|man))/" > list.txt 37 | 38 | # See above chown https://bugzilla.redhat.com/show_bug.cgi?id=517575 39 | chmod -R u+w ${DESTDIR}/ 40 | 41 | # Note we cant use --ignore-missing-args here since it was added in 42 | # rsync 3.1.0, but CentOS7 only has rsync 3.0.9. Anyway, we expect 43 | # everything in list.txt to be present (otherwise, tweak grep above). 44 | rsync -l --files-from=list.txt / ${DESTDIR}/ 45 | 46 | rm -f list.txt 47 | done 48 | 49 | make install DESTDIR=${DESTDIR} 50 | -------------------------------------------------------------------------------- /tests/vmcheck/overlay.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | . ${commondir}/libvm.sh 5 | 6 | # Thin wrapper around `cosa dev-overlay`. 7 | 8 | # First, we need to find the image to operate on. 9 | if [ -n "${VMIMAGE:-}" ]; then 10 | src_img=${VMIMAGE} 11 | else 12 | basearch=$(cosa basearch) 13 | cosa_builds=${COSA_BUILDS:-cosa-builds} 14 | cosa_buildid=${COSA_BUILDID:-latest} 15 | cosa_builddir=${cosa_builds}/${cosa_buildid}/${basearch} 16 | if [ ! -e "${cosa_builddir}/meta.json" ]; then 17 | fatal "No image provided (use VMIMAGE, or cosa-builds/ or COSA_BUILDS)" 18 | fi 19 | 20 | cosa_qemu_path=$(jq -er '.images.qemu.path' "${cosa_builddir}/meta.json") 21 | src_img=${cosa_builddir}/${cosa_qemu_path} 22 | fi 23 | 24 | if [ -z "${SKIP_VMOVERLAY:-}" ]; then 25 | # XXX: to develop 26 | cosa dev-overlay --src-image "${src_img}" --add-tree insttree/ \ 27 | --output-dir vmoverlay/ --output-ref vmcheck 28 | target_img=vmoverlay/$(jq -er '.images.qemu.path' "vmoverlay/meta.json") 29 | else 30 | target_img=${src_img} 31 | fi 32 | 33 | ln -sf "$(realpath ${target_img})" tests/vmcheck/image.qcow2 34 | -------------------------------------------------------------------------------- /tests/vmcheck/runtest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | if [ -n "${V:-}" ]; then 5 | set -x 6 | fi 7 | 8 | outputdir=$1; shift 9 | testname=$1; shift 10 | 11 | outputdir="${outputdir}/${testname}" 12 | rm -rf "${outputdir:?}"/* 13 | mkdir -p "${outputdir}" 14 | 15 | # keep original stdout around; this propagates to the terminal 16 | exec 3>&1 17 | 18 | # but redirect everything else to a log file 19 | exec 1>"${outputdir}/output.log" 20 | exec 2>&1 21 | 22 | # seed output log with current date 23 | date 24 | 25 | if [ -n "${V:-}" ]; then 26 | setpriv --pdeathsig SIGKILL -- tail -f "${outputdir}/output.log" >&3 & 27 | fi 28 | 29 | echo "EXEC: ${testname}" >&3 30 | 31 | # this will cause libtest.sh to allocate a tmpdir and cd to it 32 | export VMTESTS=1 33 | 34 | # shellcheck source=../common/libtest.sh disable=2154 35 | . "${commondir}/libtest.sh" 36 | 37 | # shellcheck source=../common/libvm.sh 38 | . "${commondir}/libvm.sh" 39 | 40 | vm_kola_spawn "${outputdir}/kola" 41 | if "${topsrcdir}/tests/vmcheck/test-${testname}.sh"; then 42 | echo "PASS: ${testname}" >&3 43 | else 44 | echo "FAIL: ${testname}" >&3 45 | if [ -z "${V:-}" ]; then 46 | tail -n20 "${outputdir}/output.log" | sed "s/^/ ${testname}: /g" >&3 47 | fi 48 | 49 | if [ -n "${VMCHECK_DEBUG:-}" ]; then 50 | echo "--- VMCHECK_DEBUG ---" >&3 51 | echo "To try SSH:" "SSH_AUTH_SOCK=$(realpath "${SSH_AUTH_SOCK}") ${SSH:-}" >&3 52 | echo "Sleeping..." >&3 53 | sleep infinity 54 | fi 55 | exit 1 56 | fi 57 | -------------------------------------------------------------------------------- /tests/vmcheck/sync.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | 4 | if test -z "${INSIDE_VM:-}"; then 5 | 6 | # do this in the host 7 | . ${commondir}/libvm.sh 8 | vm_setup 9 | 10 | if ! vm_ssh_wait 30; then 11 | echo "ERROR: A running VM is required for 'make vmcheck'." 12 | exit 1 13 | fi 14 | 15 | vm_rsync 16 | vm_cmd env INSIDE_VM=1 /var/roothome/sync/tests/vmcheck/sync.sh 17 | exit 0 18 | fi 19 | 20 | set -x 21 | 22 | # And then this code path in the VM 23 | 24 | ostree admin unlock || : 25 | 26 | # Now, overlay our built binaries & config files 27 | INSTTREE=/var/roothome/sync/insttree 28 | rsync -rlv $INSTTREE/ / 29 | 30 | restorecon -v /usr/bin/{rpm-,}ostree /usr/libexec/rpm-ostreed 31 | 32 | overrides_dir=/etc/systemd/system/rpm-ostreed.service.d 33 | mkdir -p $overrides_dir 34 | 35 | # For our test suite at least, to catch things like 36 | # https://github.com/projectatomic/rpm-ostree/issues/826 37 | cat > $overrides_dir/fatal-warnings.conf << EOF 38 | [Service] 39 | Environment=G_DEBUG=fatal-warnings 40 | EOF 41 | 42 | # In the developer workflow, it's just not helpful to 43 | # have the daemon auto-exit. But let's keep it as a separate 44 | # override file to make it easy to drop if needed. 45 | cat > $overrides_dir/no-idle-exit.conf << EOF 46 | [Service] 47 | Environment=RPMOSTREE_DEBUG_DISABLE_DAEMON_IDLE_EXIT=1 48 | EOF 49 | 50 | systemctl daemon-reload 51 | systemctl restart rpm-ostreed 52 | -------------------------------------------------------------------------------- /tests/vmcheck/test-layering-gpg.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright (C) 2017 Red Hat, Inc. 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the 17 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | # Boston, MA 02111-1307, USA. 19 | 20 | set -euo pipefail 21 | 22 | . ${commondir}/libtest.sh 23 | . ${commondir}/libvm.sh 24 | 25 | set -x 26 | 27 | vm_clean_caches 28 | 29 | # make sure the package is not already layered 30 | vm_assert_layered_pkg foo absent 31 | 32 | vm_build_rpm_repo_mode gpgcheck foo version 4.5 release 6 33 | if vm_rpmostree pkg-add foo-4.5 2>err.txt; then 34 | assert_not_reached "Installed unsigned package" 35 | fi 36 | assert_file_has_content err.txt 'cannot be verified' 37 | echo "ok failed to install unsigned package" 38 | -------------------------------------------------------------------------------- /tests/vmcheck/test-pinned-commit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright (C) 2018 Red Hat, Inc. 4 | # 5 | # This library is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU Lesser General Public 7 | # License as published by the Free Software Foundation; either 8 | # version 2 of the License, or (at your option) any later version. 9 | # 10 | # This library is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # Lesser General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU Lesser General Public 16 | # License along with this library; if not, write to the 17 | # Free Software Foundation, Inc., 59 Temple Place - Suite 330, 18 | # Boston, MA 02111-1307, USA. 19 | 20 | set -euo pipefail 21 | 22 | . ${commondir}/libtest.sh 23 | . ${commondir}/libvm.sh 24 | 25 | set -x 26 | 27 | checksum=$(vm_get_booted_csum) 28 | vm_rpmostree rebase :${checksum} 29 | vm_assert_status_jq ".deployments[0][\"origin\"] == \"${checksum}\"" 30 | vm_rpmostree status > status.txt 31 | echo "ok pin to commit" 32 | 33 | vm_rpmostree upgrade >out.txt 34 | assert_file_has_content out.txt 'Pinned to commit; no upgrade available' 35 | if vm_rpmostree deploy 42 2>err.txt; then 36 | fatal "deployed version from commit?" 37 | fi 38 | assert_file_has_content err.txt 'Cannot look up version while pinned to commit' 39 | 40 | # And test https://github.com/coreos/rpm-ostree/issues/2603 41 | vm_cmd ostree remote add self --set=gpg-verify=false file:///ostree/repo 42 | vm_rpmostree rebase self:${checksum} 43 | vm_rpmostree upgrade 44 | echo "ok cmds" 45 | --------------------------------------------------------------------------------