Hello community, here is the log from the commit of package ostree for openSUSE:Factory checked in at 2016-10-18 10:29:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ostree (Old) and /work/SRC/openSUSE:Factory/.ostree.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ostree" Changes: -------- --- /work/SRC/openSUSE:Factory/ostree/ostree.changes 2016-09-23 11:36:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ostree.new/ostree.changes 2016-10-18 10:29:35.000000000 +0200 @@ -1,0 +2,24 @@ +Mon Oct 10 17:34:47 UTC 2016 - [email protected] + +- Update to version 2016.11: + + static-delta: add some error handling. + + pull: Do allow executing deltas when mirroring into + bare{,-user}. + + ostree-repo.c: Fix file descriptor cleanup. + + ostree_sysroot.c: Don't close sysroot_fd twice. + + sysroot: Port some small cleanup code to fd-relative. + + sysroot: Port origin writing code to fd-relative. + + sysroot: Drop an fsync for origin file when writing + deployments. + + sysroot: Drop an unnecessary fsync. + + boot: Ensure we remount /var writable before systemd does + journal flush. + + ostree_sysroot_init_osname: also create /var/log. + + docs: add mention of rpm-ostree package layering. + + admin: Allow running status unlocked. + + Fix spelling of "repository". + + checkout: Fix fsync defaults for new API to be off for real. + + trivial-httpd: Port mostly to fd-relative. + + libglnx: Update to latest. + +------------------------------------------------------------------- Old: ---- ostree-2016.10.tar.xz New: ---- ostree-2016.11.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ostree.spec ++++++ --- /var/tmp/diff_new_pack.rQDz6w/_old 2016-10-18 10:29:36.000000000 +0200 +++ /var/tmp/diff_new_pack.rQDz6w/_new 2016-10-18 10:29:36.000000000 +0200 @@ -17,7 +17,7 @@ Name: ostree -Version: 2016.10 +Version: 2016.11 Release: 0 Summary: Git for operating system binaries License: GPL-2.0+ ++++++ _service ++++++ --- /var/tmp/diff_new_pack.rQDz6w/_old 2016-10-18 10:29:36.000000000 +0200 +++ /var/tmp/diff_new_pack.rQDz6w/_new 2016-10-18 10:29:36.000000000 +0200 @@ -2,9 +2,9 @@ <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/ostreedev/ostree.git</param> <param name="scm">git</param> - <param name="versionformat">2016.10</param> + <param name="versionformat">2016.11</param> <param name="changesgenerate">enable</param> - <param name="revision">refs/tags/v2016.10</param> + <param name="revision">refs/tags/v2016.11</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.rQDz6w/_old 2016-10-18 10:29:36.000000000 +0200 +++ /var/tmp/diff_new_pack.rQDz6w/_new 2016-10-18 10:29:36.000000000 +0200 @@ -3,5 +3,4 @@ <param name="url">git://git.gnome.org/ostree</param> <param name="changesrevision">bfa23bdc1f13a646f1c91f8a2724022eef2d5656</param></service><service name="tar_scm"> <param name="url">https://github.com/ostreedev/ostree.git</param> - <param name="changesrevision">36e8ba124e1f133db47237f3fa873efc9fb42ae1</param></service></servicedata> - + <param name="changesrevision">a0e1344cf80f2b3f3d0501d7f3559ad67c32dac4</param></service></servicedata> \ No newline at end of file ++++++ ostree-2016.10.tar.xz -> ostree-2016.11.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/configure.ac new/ostree-2016.11/configure.ac --- old/ostree-2016.10/configure.ac 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/configure.ac 2016-10-07 21:21:41.000000000 +0200 @@ -1,6 +1,6 @@ AC_PREREQ([2.63]) dnl If incrementing the version here, remember to update libostree.sym too -AC_INIT([ostree], [2016.10], [[email protected]]) +AC_INIT([ostree], [2016.11], [[email protected]]) AC_CONFIG_HEADER([config.h]) AC_CONFIG_MACRO_DIR([buildutil]) AC_CONFIG_AUX_DIR([build-aux]) @@ -335,6 +335,7 @@ libarchive (parse tar files directly): $with_libarchive static deltas: yes (always enabled now) O_TMPFILE: $enable_otmpfile + wrpseudo-compat: $enable_wrpseudo_compat man pages (xsltproc): $enable_man api docs (gtk-doc): $enable_gtk_doc gjs-based tests: $have_gjs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/docs/manual/adapting-existing.md new/ostree-2016.11/docs/manual/adapting-existing.md --- old/ostree-2016.10/docs/manual/adapting-existing.md 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/docs/manual/adapting-existing.md 2016-10-07 21:21:41.000000000 +0200 @@ -157,3 +157,6 @@ Then to actually deploy this tree for the next boot: `ostree admin deploy $osname/$releasename/$description` + +This is essentially what [rpm-ostree](https://github.com/projectatomic/rpm-ostree/) +does to support its [package layering model](https://rpm-ostree.readthedocs.io/en/latest/manual/administrator-handbook/#package-layering). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/Makefile-libglnx.am new/ostree-2016.11/libglnx/Makefile-libglnx.am --- old/ostree-2016.10/libglnx/Makefile-libglnx.am 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/Makefile-libglnx.am 2016-10-07 21:21:41.000000000 +0200 @@ -15,7 +15,11 @@ # Free Software Foundation, Inc., 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. -EXTRA_DIST += $(libglnx_srcpath)/README.md $(libglnx_srcpath)/COPYING +EXTRA_DIST += \ + $(libglnx_srcpath)/README.md \ + $(libglnx_srcpath)/COPYING \ + $(libglnx_srcpath)/libglnx.m4 \ + $(NULL) libglnx_la_SOURCES = \ $(libglnx_srcpath)/glnx-alloca.h \ @@ -35,8 +39,6 @@ $(libglnx_srcpath)/glnx-fdio.c \ $(libglnx_srcpath)/glnx-lockfile.h \ $(libglnx_srcpath)/glnx-lockfile.c \ - $(libglnx_srcpath)/glnx-libcontainer.h \ - $(libglnx_srcpath)/glnx-libcontainer.c \ $(libglnx_srcpath)/glnx-missing-syscall.h \ $(libglnx_srcpath)/glnx-missing.h \ $(libglnx_srcpath)/glnx-xattrs.h \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/README.md new/ostree-2016.11/libglnx/README.md --- old/ostree-2016.10/libglnx/README.md 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/README.md 2016-10-07 21:21:41.000000000 +0200 @@ -10,7 +10,6 @@ - APIs also have a `GError` parameter - High level "shutil", somewhat inspired by Python's - A "console" API for tty output - - Some basic container utility functions - A backport of the GLib cleanup macros for projects which can't yet take a dependency on 2.40. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/glnx-fdio.c new/ostree-2016.11/libglnx/glnx-fdio.c --- old/ostree-2016.10/libglnx/glnx-fdio.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/glnx-fdio.c 2016-10-07 21:21:41.000000000 +0200 @@ -60,6 +60,7 @@ gboolean ignore_eexist, GError **error) { +#ifndef ENABLE_WRPSEUDO_COMPAT if (renameat2 (olddirfd, oldpath, newdirfd, newpath, RENAME_NOREPLACE) < 0) { if (errno == EINVAL || errno == ENOSYS) @@ -80,6 +81,7 @@ } else return TRUE; +#endif if (linkat (olddirfd, oldpath, newdirfd, newpath, 0) < 0) { @@ -122,7 +124,7 @@ * tempoary path name used is returned in "ret_path". Use * link_tmpfile() below to rename the result after writing the file * in full. */ -#if defined(O_TMPFILE) && !defined(DISABLE_OTMPFILE) +#if defined(O_TMPFILE) && !defined(DISABLE_OTMPFILE) && !defined(ENABLE_WRPSEUDO_COMPAT) fd = openat (dfd, subpath, O_TMPFILE|flags, 0600); if (fd == -1 && !(errno == ENOSYS || errno == EISDIR || errno == EOPNOTSUPP)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/glnx-libcontainer.c new/ostree-2016.11/libglnx/glnx-libcontainer.c --- old/ostree-2016.10/libglnx/glnx-libcontainer.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/glnx-libcontainer.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,313 +0,0 @@ -/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- - * - * Portions derived from src/nspawn/nspawn.c: - * Copyright 2010 Lennart Poettering - * - * Copyright (C) 2014,2015 Colin Walters <[email protected]> - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published - * by the Free Software Foundation; either version 2 of the licence or (at - * your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - */ - -#include "config.h" - -#include <string.h> -#include <glib-unix.h> -#include <sys/mount.h> -#include <errno.h> -#include <fcntl.h> -#include <sys/stat.h> -#include <stdio.h> -#include <gio/gunixoutputstream.h> - -#include "glnx-libcontainer.h" -#include "glnx-dirfd.h" - -#include "glnx-backport-autocleanups.h" -#include "glnx-local-alloc.h" - -static void _perror_fatal (const char *message) __attribute__ ((noreturn)); - -static void -_perror_fatal (const char *message) -{ - perror (message); - exit (1); -} - -typedef enum { - CONTAINER_UNINIT = 0, - CONTAINER_YES = 1, - CONTAINER_NO = 2 -} ContainerDetectionState; - -static gboolean -currently_in_container (void) -{ - static gsize container_detected = CONTAINER_UNINIT; - - if (g_once_init_enter (&container_detected)) - { - ContainerDetectionState tmp_state = CONTAINER_NO; - struct stat stbuf; - - /* http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ */ - if (getenv ("container") != NULL - || stat ("/.dockerinit", &stbuf) == 0) - tmp_state = CONTAINER_YES; - /* But since Docker isn't on board, yet, so... - http://stackoverflow.com/questions/23513045/how-to-check-if-a-process-is-running-inside-docker-container */ - g_once_init_leave (&container_detected, tmp_state); - } - return container_detected == CONTAINER_YES; -} - -#if 0 -static gboolean -glnx_libcontainer_bind_mount_readonly (const char *path, GError **error) -{ - gboolean ret = FALSE; - - if (mount (path, path, NULL, MS_BIND | MS_PRIVATE, NULL) != 0) - { - int errsv = errno; - g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "mount(%s, MS_BIND): %s", - path, - g_strerror (errsv)); - goto out; - } - if (mount (path, path, NULL, MS_BIND | MS_PRIVATE | MS_REMOUNT | MS_RDONLY, NULL) != 0) - { - int errsv = errno; - g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "mount(%s, MS_BIND | MS_RDONLY): %s", - path, - g_strerror (errsv)); - goto out; - } - - ret = TRUE; - out: - return ret; -} -#endif - -/* Based on code from nspawn.c; assumes process cwd is the target */ -static int -glnx_libcontainer_make_api_mounts (void) -{ - typedef struct MountPoint { - const char *what; - const char *where; - const char *type; - const char *options; - unsigned long flags; - gboolean fatal; - } MountPoint; - - static const MountPoint mount_table[] = { - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, TRUE }, - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND, TRUE }, /* Bind mount first */ - { NULL, "/proc/sys", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, TRUE }, /* Then, make it r/o */ - { "sysfs", "/sys", "sysfs", NULL, MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV, TRUE }, - { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, TRUE }, - { "devpts", "/dev/pts", "devpts","newinstance,ptmxmode=0666,mode=620,gid=5", MS_NOSUID|MS_NOEXEC, TRUE }, - { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, TRUE }, - { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, TRUE }, - { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, FALSE }, /* Bind mount first */ - { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_REMOUNT, FALSE }, /* Then, make it r/o */ - }; - - unsigned k; - - for (k = 0; k < G_N_ELEMENTS(mount_table); k++) - { - const char *where = mount_table[k].where; - int t; - - g_assert (where[0] == '/'); - where++; - - t = mkdir (where, 0755); - if (t < 0 && errno != EEXIST) - { - if (!mount_table[k].fatal) - continue; - return -1; - } - - if (mount (mount_table[k].what, - where, - mount_table[k].type, - mount_table[k].flags, - mount_table[k].options) < 0) - { - if (errno == ENOENT && !mount_table[k].fatal) - continue; - return -1; - } - } - - return 0; -} - -static int -glnx_libcontainer_prep_dev (const char *dest_devdir) -{ - glnx_fd_close int src_fd = -1; - glnx_fd_close int dest_fd = -1; - struct stat stbuf; - guint i; - static const char *const devnodes[] = { "null", "zero", "full", "random", "urandom", "tty" }; - - src_fd = openat (AT_FDCWD, "/dev", O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOCTTY); - if (src_fd == -1) - return -1; - - dest_fd = openat (AT_FDCWD, dest_devdir, O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC | O_NOCTTY); - if (dest_fd == -1) - return -1; - - for (i = 0; i < G_N_ELEMENTS (devnodes); i++) - { - const char *nodename = devnodes[i]; - - if (fstatat (src_fd, nodename, &stbuf, 0) == -1) - { - if (errno == ENOENT) - continue; - else - return -1; - } - - if (mknodat (dest_fd, nodename, stbuf.st_mode, stbuf.st_rdev) != 0) - return -1; - if (fchmodat (dest_fd, nodename, stbuf.st_mode, 0) != 0) - return -1; - } - - return 0; -} - -pid_t -glnx_libcontainer_run_chroot_at_private (int dfd, - const char *binary, - char **argv) -{ - /* Make most new namespaces; note our use of CLONE_NEWNET means we - * have no networking in the container root. - */ - const int cloneflags = - SIGCHLD | CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWNET | CLONE_SYSVSEM | CLONE_NEWUTS; - pid_t child; - gboolean in_container = currently_in_container (); - - if (!in_container) - { - if ((child = syscall (__NR_clone, cloneflags, NULL)) < 0) - return -1; - } - else - { - if ((child = fork ()) < 0) - return -1; - } - - if (child != 0) - return child; - - if (!in_container) - { - if (mount (NULL, "/", "none", MS_PRIVATE | MS_REC, NULL) != 0) - { - if (errno == EINVAL) - { - /* Ok, we may be inside a mock chroot or the like. In - * that case, let's just fall back to not - * containerizing. - */ - in_container = TRUE; - } - else - _perror_fatal ("mount: "); - } - - if (!in_container) - { - if (mount (NULL, "/", "none", MS_PRIVATE | MS_REMOUNT | MS_NOSUID, NULL) != 0) - _perror_fatal ("mount (MS_NOSUID): "); - } - } - - if (fchdir (dfd) != 0) - _perror_fatal ("fchdir: "); - - if (!in_container) - { - if (glnx_libcontainer_make_api_mounts () != 0) - _perror_fatal ("preparing api mounts: "); - - if (glnx_libcontainer_prep_dev ("dev") != 0) - _perror_fatal ("preparing /dev: "); - - if (mount (".", ".", NULL, MS_BIND | MS_PRIVATE, NULL) != 0) - _perror_fatal ("mount (MS_BIND)"); - - if (mount (".", "/", NULL, MS_MOVE, NULL) != 0) - _perror_fatal ("mount (MS_MOVE)"); - } - - if (chroot (".") != 0) - _perror_fatal ("chroot: "); - - if (chdir ("/") != 0) - _perror_fatal ("chdir: "); - - /* Environment variables like PATH in the end are distribution - * specific. The most correct thing would be to run through PAM, - * but that's a huge level of pain. We'd like to drive towards a - * standard /usr/bin (i.e. unified sbin too), but for now this is - * pretty compatible. - */ - setenv ("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 1); - - if (binary[0] == '/') - { - if (execv (binary, argv) != 0) - _perror_fatal ("execv: "); - } - else - { - if (execvp (binary, argv) != 0) - _perror_fatal ("execvp: "); - } - - g_assert_not_reached (); -} - -pid_t -glnx_libcontainer_run_chroot_private (const char *dest, - const char *binary, - char **argv) -{ - glnx_fd_close int dfd = -1; - - dfd = glnx_opendirat_with_errno (AT_FDCWD, dest, TRUE); - if (dfd < 0) - return -1; - - return glnx_libcontainer_run_chroot_at_private (dfd, binary, argv); -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/glnx-libcontainer.h new/ostree-2016.11/libglnx/glnx-libcontainer.h --- old/ostree-2016.10/libglnx/glnx-libcontainer.h 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/glnx-libcontainer.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- - * - * Copyright (C) 2014,2015 Colin Walters <[email protected]> - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published - * by the Free Software Foundation; either version 2 of the licence or (at - * your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - */ - -#pragma once - -#include <gio/gio.h> -#include <sched.h> -#include <sys/mount.h> -#include <sys/types.h> -#include <sys/prctl.h> -#include <sys/fsuid.h> -#include <sys/syscall.h> -#include <sys/wait.h> -#include <sys/capability.h> -#include <sched.h> - -pid_t glnx_libcontainer_run_chroot_at_private (int root_dfd, - const char *binary, - char **argv); - -pid_t glnx_libcontainer_run_chroot_private (const char *dest, - const char *binary, - char **argv); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/libglnx.h new/ostree-2016.11/libglnx/libglnx.h --- old/ostree-2016.10/libglnx/libglnx.h 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/libglnx.h 2016-10-07 21:21:41.000000000 +0200 @@ -33,7 +33,6 @@ #include <glnx-dirfd.h> #include <glnx-shutil.h> #include <glnx-xattrs.h> -#include <glnx-libcontainer.h> #include <glnx-console.h> #include <glnx-fdio.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/libglnx/libglnx.m4 new/ostree-2016.11/libglnx/libglnx.m4 --- old/ostree-2016.10/libglnx/libglnx.m4 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/libglnx/libglnx.m4 2016-10-07 21:21:41.000000000 +0200 @@ -20,5 +20,12 @@ AS_IF([test $enable_otmpfile = yes], [], [ AC_DEFINE([DISABLE_OTMPFILE], 1, [Define if we should avoid using O_TMPFILE])]) -]) +AC_ARG_ENABLE(wrpseudo-compat, + [AS_HELP_STRING([--enable-wrpseudo-compat], + [Disable use syscall() and filesystem calls to for compatibility with wrpseudo [default=no]])],, + [enable_wrpseudo_compat=no]) +AS_IF([test $enable_wrpseudo_compat = no], [], [ + AC_DEFINE([ENABLE_WRPSEUDO_COMPAT], 1, [Define if we should be compatible with wrpseudo])]) +dnl end LIBGLNX_CONFIGURE +]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/man/ostree-remote.xml new/ostree-2016.11/man/ostree-remote.xml --- old/ostree-2016.10/man/ostree-remote.xml 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/man/ostree-remote.xml 2016-10-07 21:21:41.000000000 +0200 @@ -75,10 +75,10 @@ <title>Description</title> <para> - Changes remote respository configurations. The NAME refers to the name of the remote. + Changes remote repository configurations. The NAME refers to the name of the remote. </para> <para> - The <command>gpg-import</command> subcommand can associate GPG keys to a specific remote respository for use when pulling signed commits from that repository (if GPG verification is enabled). + The <command>gpg-import</command> subcommand can associate GPG keys to a specific remote repository for use when pulling signed commits from that repository (if GPG verification is enabled). </para> <para> The GPG keys to import may be in binary OpenPGP format or ASCII armored. The optional <arg>KEY-ID</arg> list can restrict which keys are imported from a keyring file or input stream. All keys are imported if this list is omitted. If neither <option>--keyring</option> nor <option>--stdin</option> options are given, then keys are imported from the user's personal GPG keyring. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/boot/ostree-remount.service new/ostree-2016.11/src/boot/ostree-remount.service --- old/ostree-2016.10/src/boot/ostree-remount.service 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/boot/ostree-remount.service 2016-10-07 21:21:41.000000000 +0200 @@ -25,7 +25,7 @@ After=systemd-remount-fs.service Before=local-fs.target umount.target # Other early boot units that need to write to /var -Before=systemd-random-seed.service plymouth-read-write.service +Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service # tmpfiles.d usually needs write access to a few places Before=systemd-tmpfiles-setup.service diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/libostree.sym new/ostree-2016.11/src/libostree/libostree.sym --- old/ostree-2016.10/src/libostree/libostree.sym 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/libostree.sym 2016-10-07 21:21:41.000000000 +0200 @@ -355,6 +355,7 @@ /* No new symbols in 2016.9 */ /* No new symbols in 2016.10 */ +/* No new symbols in 2016.11 */ /* NOTE NOTE NOTE * Versions above here are released. Only add symbols below this line. @@ -362,7 +363,7 @@ */ /* Remove comment when first new symbol is added -LIBOSTREE_2016.11 +LIBOSTREE_2016.12 global: someostree_symbol_deleteme; } LIBOSTREE_2016.8; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-core-private.h new/ostree-2016.11/src/libostree/ostree-core-private.h --- old/ostree-2016.10/src/libostree/ostree-core-private.h 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-core-private.h 2016-10-07 21:21:41.000000000 +0200 @@ -121,10 +121,11 @@ return g_strconcat ("state/", checksum, ".commitpartial", NULL); } -void +gboolean _ostree_parse_delta_name (const char *delta_name, char **out_from, - char **out_to); + char **out_to, + GError **error); void _ostree_loose_path (char *buf, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-core.c new/ostree-2016.11/src/libostree/ostree-core.c --- old/ostree-2016.10/src/libostree/ostree-core.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-core.c 2016-10-07 21:21:41.000000000 +0200 @@ -1584,12 +1584,26 @@ return _ostree_get_relative_static_delta_path (from, to, partstr); } -void -_ostree_parse_delta_name (const char *delta_name, +gboolean +_ostree_parse_delta_name (const char *delta_name, char **out_from, - char **out_to) + char **out_to, + GError **error) { - g_auto(GStrv) parts = g_strsplit (delta_name, "-", 2); + g_auto(GStrv) parts = NULL; + g_return_val_if_fail (delta_name != NULL, FALSE); + + parts = g_strsplit (delta_name, "-", 2); + + /* NB: if delta_name is "", parts[0] is NULL, but the error + * validate_checksum_string() gives for "" is nice enough, + * so we just coerce it here */ + if (!ostree_validate_checksum_string (parts[0] ?: "", error)) + return FALSE; + + if (parts[0] && parts[1] && + !ostree_validate_checksum_string (parts[1], error)) + return FALSE; *out_from = *out_to = NULL; if (parts[0] && parts[1]) @@ -1601,6 +1615,8 @@ { ot_transfer_out_value (out_to, &parts[0]); } + + return TRUE; } /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-repo-checkout.c new/ostree-2016.11/src/libostree/ostree-repo-checkout.c --- old/ostree-2016.10/src/libostree/ostree-repo-checkout.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-repo-checkout.c 2016-10-07 21:21:41.000000000 +0200 @@ -106,7 +106,7 @@ fsync_is_enabled (OstreeRepo *self, OstreeRepoCheckoutAtOptions *options) { - return options->enable_fsync || !self->disable_fsync; + return options->enable_fsync; } static gboolean @@ -860,7 +860,7 @@ new_opts.mode = options->mode; new_opts.overwrite_mode = options->overwrite_mode; new_opts.enable_uncompressed_cache = options->enable_uncompressed_cache; - new_opts.enable_fsync = !options->disable_fsync; + new_opts.enable_fsync = options->disable_fsync ? FALSE : self->disable_fsync; new_opts.process_whiteouts = options->process_whiteouts; new_opts.no_copy_fallback = options->no_copy_fallback; new_opts.subpath = options->subpath; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-repo-pull.c new/ostree-2016.11/src/libostree/ostree-repo-pull.c --- old/ostree-2016.10/src/libostree/ostree-repo-pull.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-repo-pull.c 2016-10-07 21:21:41.000000000 +0200 @@ -2272,6 +2272,7 @@ const char *url_override = NULL; g_autofree char *base_meta_url = NULL; g_autofree char *base_content_url = NULL; + gboolean mirroring_into_archive; if (options) { @@ -2312,6 +2313,8 @@ pull_data->is_untrusted = (flags & OSTREE_REPO_PULL_FLAGS_UNTRUSTED) > 0; pull_data->cancellable = cancellable ? g_object_ref (cancellable) : NULL; + mirroring_into_archive = pull_data->is_mirror && self->mode == OSTREE_REPO_MODE_ARCHIVE_Z2; + if (error) pull_data->async_error = &pull_data->cached_async_error; else @@ -2845,7 +2848,7 @@ &from_revision, error)) goto out; - if (!disable_static_deltas && !pull_data->is_mirror && + if (!disable_static_deltas && !mirroring_into_archive && (from_revision == NULL || g_strcmp0 (from_revision, to_revision) != 0)) { if (!request_static_delta_superblock_sync (pull_data, from_revision, to_revision, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-repo-static-delta-core.c new/ostree-2016.11/src/libostree/ostree-repo-static-delta-core.c --- old/ostree-2016.10/src/libostree/ostree-repo-static-delta-core.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-repo-static-delta-core.c 2016-10-07 21:21:41.000000000 +0200 @@ -795,7 +795,9 @@ g_autofree char *deltadir = NULL; struct stat buf; - _ostree_parse_delta_name (delta_id, &from, &to); + if (!_ostree_parse_delta_name (delta_id, &from, &to, error)) + goto out; + deltadir = _ostree_get_relative_static_delta_path (from, to, NULL); if (fstatat (self->repo_dir_fd, deltadir, &buf, 0) != 0) @@ -830,7 +832,9 @@ g_autofree char *superblock_path = NULL; struct stat stbuf; - _ostree_parse_delta_name (delta_id, &from, &to); + if (!_ostree_parse_delta_name (delta_id, &from, &to, error)) + return FALSE; + superblock_path = _ostree_get_relative_static_delta_superblock_path (from, to); if (fstatat (self->repo_dir_fd, superblock_path, &stbuf, 0) < 0) @@ -854,7 +858,7 @@ _ostree_repo_static_delta_dump (OstreeRepo *self, const char *delta_id, GCancellable *cancellable, - GError **error) + GError **error) { gboolean ret = FALSE; g_autofree char *from = NULL; @@ -868,7 +872,9 @@ OstreeDeltaEndianness endianness; gboolean swap_endian = FALSE; - _ostree_parse_delta_name (delta_id, &from, &to); + if (!_ostree_parse_delta_name (delta_id, &from, &to, error)) + goto out; + superblock_path = _ostree_get_relative_static_delta_superblock_path (from, to); if (!ot_util_variant_map_at (self->repo_dir_fd, superblock_path, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-repo.c new/ostree-2016.11/src/libostree/ostree-repo.c --- old/ostree-2016.10/src/libostree/ostree-repo.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-repo.c 2016-10-07 21:21:41.000000000 +0200 @@ -516,9 +516,9 @@ g_free (self->commit_stagedir_name); glnx_release_lock_file (&self->commit_stagedir_lock); g_clear_object (&self->tmp_dir); - if (self->tmp_dir_fd) + if (self->tmp_dir_fd != -1) (void) close (self->tmp_dir_fd); - if (self->cache_dir_fd) + if (self->cache_dir_fd != -1) (void) close (self->cache_dir_fd); if (self->objects_dir_fd != -1) (void) close (self->objects_dir_fd); @@ -702,6 +702,7 @@ self->repo_dir_fd = -1; self->cache_dir_fd = -1; + self->tmp_dir_fd = -1; self->commit_stagedir_fd = -1; self->objects_dir_fd = -1; self->uncompressed_objects_dir_fd = -1; @@ -4701,7 +4702,9 @@ glnx_fd_close int superblock_file_fd = -1; g_autoptr(GInputStream) in_stream = NULL; - _ostree_parse_delta_name (delta_names->pdata[i], &from, &to); + if (!_ostree_parse_delta_name (delta_names->pdata[i], &from, &to, error)) + goto out; + superblock = _ostree_get_relative_static_delta_superblock_path ((from && from[0]) ? from : NULL, to); superblock_file_fd = openat (self->repo_dir_fd, superblock, O_RDONLY | O_CLOEXEC); if (superblock_file_fd == -1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-sysroot-deploy.c new/ostree-2016.11/src/libostree/ostree-sysroot-deploy.c --- old/ostree-2016.10/src/libostree/ostree-sysroot-deploy.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-sysroot-deploy.c 2016-10-07 21:21:41.000000000 +0200 @@ -894,6 +894,42 @@ return ret; } +static gboolean +write_origin_file_internal (OstreeSysroot *sysroot, + OstreeDeployment *deployment, + GKeyFile *new_origin, + GLnxFileReplaceFlags flags, + GCancellable *cancellable, + GError **error) +{ + GKeyFile *origin = + new_origin ? new_origin : ostree_deployment_get_origin (deployment); + + if (origin) + { + g_autofree char *origin_path = NULL; + g_autofree char *contents = NULL; + gsize len; + + origin_path = g_strdup_printf ("ostree/deploy/%s/deploy/%s.%d.origin", + ostree_deployment_get_osname (deployment), + ostree_deployment_get_csum (deployment), + ostree_deployment_get_deployserial (deployment)); + + contents = g_key_file_to_data (origin, &len, error); + if (!contents) + return FALSE; + + if (!glnx_file_replace_contents_at (sysroot->sysroot_fd, + origin_path, (guint8*)contents, len, + flags, + cancellable, error)) + return FALSE; + } + + return TRUE; +} + /** * ostree_sysroot_write_origin_file: * @sysroot: System root @@ -913,35 +949,9 @@ GCancellable *cancellable, GError **error) { - gboolean ret = FALSE; - GKeyFile *origin = - new_origin ? new_origin : ostree_deployment_get_origin (deployment); - - if (origin) - { - g_autoptr(GFile) deployment_path = ostree_sysroot_get_deployment_directory (sysroot, deployment); - g_autoptr(GFile) origin_path = ostree_sysroot_get_deployment_origin_path (deployment_path); - g_autoptr(GFile) origin_parent = g_file_get_parent (origin_path); - g_autofree char *contents = NULL; - gsize len; - g_autoptr(GBytes) contents_bytes = NULL; - - contents = g_key_file_to_data (origin, &len, error); - if (!contents) - goto out; - contents_bytes = g_bytes_new_static (contents, len); - - if (!ot_gfile_replace_contents_fsync (origin_path, contents_bytes, - cancellable, error)) - goto out; - - if (!ot_util_fsync_directory (origin_parent, cancellable, error)) - goto out; - } - - ret = TRUE; - out: - return ret; + return write_origin_file_internal (sysroot, deployment, new_origin, + GLNX_FILE_REPLACE_DATASYNC_NEW, + cancellable, error); } static gboolean @@ -1635,25 +1645,28 @@ GCancellable *cancellable, GError **error) { - gboolean ret = FALSE; guint i; - g_autoptr(GHashTable) created_current_for_osname = - g_hash_table_new (g_str_hash, g_str_equal); + g_autoptr(GString) buf = g_string_new (""); for (i = 0; i < self->deployments->len; i++) { OstreeDeployment *deployment = self->deployments->pdata[i]; const char *osname = ostree_deployment_get_osname (deployment); - g_autoptr(GFile) osdir = ot_gfile_resolve_path_printf (self->path, "ostree/deploy/%s", osname); - g_autoptr(GFile) legacy_link = g_file_get_child (osdir, "current"); - if (!ot_gfile_ensure_unlinked (legacy_link, cancellable, error)) - goto out; + g_string_truncate (buf, 0); + g_string_append_printf (buf, "ostree/deploy/%s/current", osname); + + if (unlinkat (self->sysroot_fd, buf->str, 0) < 0) + { + if (errno != ENOENT) + { + glnx_set_error_from_errno (error); + return FALSE; + } + } } - ret = TRUE; - out: - return ret; + return TRUE; } static gboolean @@ -1814,7 +1827,7 @@ { int new_bootversion = self->bootversion ? 0 : 1; glnx_unref_object OstreeBootloader *bootloader = NULL; - g_autoptr(GFile) new_loader_entries_dir = NULL; + g_autofree char* new_loader_entries_dir = NULL; glnx_unref_object OstreeRepo *repo = NULL; gboolean show_osname = FALSE; @@ -1835,11 +1848,11 @@ if (!_ostree_sysroot_query_bootloader (self, &bootloader, cancellable, error)) goto out; - new_loader_entries_dir = ot_gfile_resolve_path_printf (self->path, "boot/loader.%d/entries", - new_bootversion); - if (!glnx_shutil_rm_rf_at (AT_FDCWD, gs_file_get_path_cached (new_loader_entries_dir), cancellable, error)) + new_loader_entries_dir = g_strdup_printf ("boot/loader.%d/entries", new_bootversion); + if (!glnx_shutil_rm_rf_at (self->sysroot_fd, new_loader_entries_dir, cancellable, error)) goto out; - if (!ot_util_ensure_directory_and_fsync (new_loader_entries_dir, cancellable, error)) + if (!glnx_shutil_mkdir_p_at (self->sysroot_fd, new_loader_entries_dir, 0755, + cancellable, error)) goto out; /* Need the repo to try and extract the versions for deployments. @@ -2152,8 +2165,12 @@ goto out; } - if (!ostree_sysroot_write_origin_file (self, new_deployment, NULL, - cancellable, error)) + /* Don't fsync here, as we assume that's all done in + * ostree_sysroot_write_deployments(). + */ + if (!write_origin_file_internal (self, new_deployment, NULL, + GLNX_FILE_REPLACE_NODATASYNC, + cancellable, error)) { g_prefix_error (error, "Writing out origin file: "); goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libostree/ostree-sysroot.c new/ostree-2016.11/src/libostree/ostree-sysroot.c --- old/ostree-2016.10/src/libostree/ostree-sysroot.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libostree/ostree-sysroot.c 2016-10-07 21:21:41.000000000 +0200 @@ -21,6 +21,8 @@ #include "config.h" #include "otutil.h" +#include <sys/mount.h> +#include <sys/wait.h> #include "ostree-core-private.h" #include "ostree-sysroot-private.h" @@ -260,7 +262,10 @@ ostree_sysroot_unload (OstreeSysroot *self) { if (self->sysroot_fd != -1) - (void) close (self->sysroot_fd); + { + (void) close (self->sysroot_fd); + self->sysroot_fd = -1; + } } /** @@ -1484,6 +1489,16 @@ goto out; } + /* This needs to be available and properly labeled early during the boot + * process (before tmpfiles.d kicks in), so that journald can flush logs from + * the first boot there. https://bugzilla.redhat.com/show_bug.cgi?id=1265295 + * */ + if (mkdirat (dfd, "var/log", 0755) < 0) + { + glnx_set_prefix_error_from_errno (error, "Creating %s", "var/log"); + goto out; + } + if (symlinkat ("../run", dfd, "var/run") < 0) { glnx_set_prefix_error_from_errno (error, "Symlinking %s", "var/run"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libotutil/ot-gio-utils.c new/ostree-2016.11/src/libotutil/ot-gio-utils.c --- old/ostree-2016.10/src/libotutil/ot-gio-utils.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libotutil/ot-gio-utils.c 2016-10-07 21:21:41.000000000 +0200 @@ -314,104 +314,6 @@ return TRUE; } -/** - * ot_util_fsync_directory: - * @dir: Path to a directory - * @cancellable: Cancellable - * @error: Error - * - * Ensure that all entries in directory @dir are on disk. - */ -gboolean -ot_util_fsync_directory (GFile *dir, - GCancellable *cancellable, - GError **error) -{ - gboolean ret = FALSE; - glnx_fd_close int dfd = -1; - - if (!glnx_opendirat (AT_FDCWD, gs_file_get_path_cached (dir), TRUE, - &dfd, error)) - goto out; - - if (fsync (dfd) != 0) - { - glnx_set_error_from_errno (error); - goto out; - } - - ret = TRUE; - out: - return ret; -} - -/** - * ot_util_ensure_directory_and_fsync: - * @dir: Path to a directory - * @cancellable: Cancellable - * @error: Error - * - * Create @dir (and all intermediate parent directories), ensuring - * that all entries are on disk. - */ -gboolean -ot_util_ensure_directory_and_fsync (GFile *dir, - GCancellable *cancellable, - GError **error) -{ - gboolean ret = FALSE; - glnx_fd_close int parentfd = -1; - const char *basename = glnx_basename (gs_file_get_path_cached (dir)); - g_autoptr(GFile) parent = g_file_get_parent (dir); - - again: - parentfd = open (gs_file_get_path_cached (parent), - O_RDONLY | O_NONBLOCK | O_DIRECTORY | O_CLOEXEC); - if (parentfd == -1) - { - if (errno == ENOENT) - { - if (!ot_util_ensure_directory_and_fsync (parent, cancellable, error)) - goto out; - goto again; - } - else - { - int errsv = errno; - g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv), - "opendir: %s", g_strerror (errsv)); - goto out; - } - } - - if (mkdirat (parentfd, basename, 0777) == -1) - { - if (errno == EEXIST) - { - ; - } - else - { - int errsv = errno; - g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv), - "mkdirat: %s", g_strerror (errsv)); - goto out; - } - } - - if (fsync (parentfd) == -1) - { - int errsv = errno; - g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv), - "fsync: %s", g_strerror (errsv)); - goto out; - } - - ret = TRUE; - out: - return ret; -} - #if !GLIB_CHECK_VERSION(2, 44, 0) gboolean diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/libotutil/ot-gio-utils.h new/ostree-2016.11/src/libotutil/ot-gio-utils.h --- old/ostree-2016.10/src/libotutil/ot-gio-utils.h 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/libotutil/ot-gio-utils.h 2016-10-07 21:21:41.000000000 +0200 @@ -85,14 +85,6 @@ GCancellable *cancellable, GError **error); -gboolean ot_util_ensure_directory_and_fsync (GFile *dir, - GCancellable *cancellable, - GError **error); - -gboolean ot_util_fsync_directory (GFile *dir, - GCancellable *cancellable, - GError **error); - #if !GLIB_CHECK_VERSION(2, 44, 0) gboolean ot_file_enumerator_iterate (GFileEnumerator *direnum, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/ostree/ot-admin-builtin-status.c new/ostree-2016.11/src/ostree/ot-admin-builtin-status.c --- old/ostree-2016.10/src/ostree/ot-admin-builtin-status.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/ostree/ot-admin-builtin-status.c 2016-10-07 21:21:41.000000000 +0200 @@ -97,7 +97,7 @@ context = g_option_context_new ("List deployments"); if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, + OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED, &sysroot, cancellable, error)) goto out; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/src/ostree/ot-builtin-trivial-httpd.c new/ostree-2016.11/src/ostree/ot-builtin-trivial-httpd.c --- old/ostree-2016.10/src/ostree/ot-builtin-trivial-httpd.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/src/ostree/ot-builtin-trivial-httpd.c 2016-10-07 21:21:41.000000000 +0200 @@ -47,7 +47,7 @@ static guint emitted_random_500s_count = 0; typedef struct { - GFile *root; + int root_dfd; gboolean running; GOutputStream *log; } OtTrivialHttpd; @@ -101,34 +101,38 @@ } static GString * -get_directory_listing (const char *path) +get_directory_listing (int dfd, + const char *path) { - GPtrArray *entries; - GString *listing; + g_autoptr(GPtrArray) entries = g_ptr_array_new_with_free_func (g_free); + g_auto(GLnxDirFdIterator) dfd_iter = { 0, }; + g_autoptr(GError) local_error = NULL; + GError **error = &local_error; + guint i; char *escaped; - DIR *dir; - struct dirent *dent; - int i; - - entries = g_ptr_array_new (); - dir = opendir (path); - if (dir) - { - while ((dent = readdir (dir))) - { - if (!strcmp (dent->d_name, ".") || - (!strcmp (dent->d_name, "..") && - !strcmp (path, "./"))) - continue; - escaped = g_markup_escape_text (dent->d_name, -1); - g_ptr_array_add (entries, escaped); - } - closedir (dir); + GString *listing; + + listing = g_string_new ("<html>\r\n"); + + if (!glnx_dirfd_iterator_init_at (dfd, path, FALSE, &dfd_iter, error)) + goto out; + + while (TRUE) + { + struct dirent *dent; + + if (!glnx_dirfd_iterator_next_dent (&dfd_iter, &dent, NULL, error)) + goto out; + + if (dent == NULL) + break; + + escaped = g_markup_escape_text (dent->d_name, -1); + g_ptr_array_add (entries, escaped); } g_ptr_array_sort (entries, (GCompareFunc)compare_strings); - listing = g_string_new ("<html>\r\n"); escaped = g_markup_escape_text (strchr (path, '/'), -1); g_string_append_printf (listing, "<head><title>Index of %s</title></head>\r\n", escaped); g_string_append_printf (listing, "<body><h1>Index of %s</h1>\r\n<p>\r\n", escaped); @@ -138,11 +142,12 @@ g_string_append_printf (listing, "<a href=\"%s\">%s</a><br>\r\n", (char *)entries->pdata[i], (char *)entries->pdata[i]); - g_free (entries->pdata[i]); + g_free (g_steal_pointer (&entries->pdata[i])); } g_string_append (listing, "</body>\r\n</html>\r\n"); - - g_ptr_array_free (entries, TRUE); + out: + if (local_error) + g_printerr ("%s\n", local_error->message); return listing; } @@ -192,7 +197,6 @@ char *slash; int ret; struct stat stbuf; - g_autofree char *safepath = NULL; httpd_log (self, "serving %s\n", path); if (strstr (path, "../") != NULL) @@ -210,13 +214,11 @@ goto out; } - if (path[0] == '/') + while (path[0] == '/') path++; - safepath = g_build_filename (gs_file_get_path_cached (self->root), path, NULL); - do - ret = stat (safepath, &stbuf); + ret = fstatat (self->root_dfd, path, &stbuf, 0); while (ret == -1 && errno == EINTR); if (ret == -1) { @@ -237,7 +239,7 @@ if (S_ISDIR (stbuf.st_mode)) { - slash = strrchr (safepath, '/'); + slash = strrchr (path, '/'); if (!slash || slash[1]) { g_autofree char *redir_uri = NULL; @@ -248,15 +250,15 @@ } else { - g_autofree char *index_realpath = g_strconcat (safepath, "/index.html", NULL); - if (stat (index_realpath, &stbuf) != -1) + g_autofree char *index_realpath = g_strconcat (path, "/index.html", NULL); + if (fstatat (self->root_dfd, index_realpath, &stbuf, 0) != -1) { g_autofree char *index_path = g_strconcat (path, "/index.html", NULL); do_get (self, server, msg, index_path, context); } else { - GString *listing = get_directory_listing (safepath); + GString *listing = get_directory_listing (self->root_dfd, path); soup_message_set_response (msg, "text/html", SOUP_MEMORY_TAKE, listing->str, listing->len); @@ -275,18 +277,27 @@ if (msg->method == SOUP_METHOD_GET) { + glnx_fd_close int fd = -1; g_autoptr(GMappedFile) mapping = NULL; gsize buffer_length, file_size; SoupRange *ranges; int ranges_length; gboolean have_ranges; - mapping = g_mapped_file_new (safepath, FALSE, NULL); + fd = openat (self->root_dfd, path, O_RDONLY | O_CLOEXEC); + if (fd < 0) + { + soup_message_set_status (msg, SOUP_STATUS_INTERNAL_SERVER_ERROR); + goto out; + } + + mapping = g_mapped_file_new_from_fd (fd, FALSE, NULL); if (!mapping) { soup_message_set_status (msg, SOUP_STATUS_INTERNAL_SERVER_ERROR); goto out; } + (void) close (fd); fd = -1; file_size = g_mapped_file_get_length (mapping); have_ranges = soup_message_headers_get_ranges(msg->request_headers, file_size, &ranges, &ranges_length); @@ -401,6 +412,8 @@ context = g_option_context_new ("[DIR] - Simple webserver"); + app->root_dfd = -1; + if (!ostree_option_context_parse (context, options, &argc, &argv, OSTREE_BUILTIN_FLAG_NO_REPO, NULL, cancellable, error)) goto out; @@ -409,7 +422,8 @@ else dirpath = "."; - app->root = g_file_new_for_path (dirpath); + if (!glnx_opendirat (AT_FDCWD, dirpath, TRUE, &app->root_dfd, error)) + goto out; if (!(opt_random_500s_percentage >= 0 && opt_random_500s_percentage <= 99)) { @@ -534,9 +548,11 @@ if (opt_autoexit) { gboolean is_symlink = FALSE; + g_autoptr(GFile) root = NULL; g_autoptr(GFileInfo) info = NULL; - info = g_file_query_info (app->root, + root = g_file_new_for_path (dirpath); + info = g_file_query_info (root, G_FILE_ATTRIBUTE_STANDARD_IS_SYMLINK, G_FILE_QUERY_INFO_NOFOLLOW_SYMLINKS, cancellable, error); @@ -546,24 +562,22 @@ is_symlink = g_file_info_get_is_symlink (info); if (is_symlink) - dirmon = g_file_monitor_file (app->root, 0, cancellable, error); + dirmon = g_file_monitor_file (root, 0, cancellable, error); else - dirmon = g_file_monitor_directory (app->root, 0, cancellable, error); + dirmon = g_file_monitor_directory (root, 0, cancellable, error); if (!dirmon) goto out; g_signal_connect (dirmon, "changed", G_CALLBACK (on_dir_changed), app); } - { - g_autofree gchar *path = g_file_get_path (app->root); - httpd_log (app, "serving at root %s\n", path); - } + httpd_log (app, "serving at root %s\n", dirpath); while (app->running) g_main_context_iteration (NULL, TRUE); ret = TRUE; out: - g_clear_object (&app->root); + if (app->root_dfd != -1) + (void) close (app->root_dfd); g_clear_object (&app->log); return ret; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/tests/test-checksum.c new/ostree-2016.11/tests/test-checksum.c --- old/ostree-2016.10/tests/test-checksum.c 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/tests/test-checksum.c 2016-10-07 21:21:41.000000000 +0200 @@ -31,25 +31,49 @@ test_ostree_parse_delta_name (void) { { - g_autofree char *from; - g_autofree char *to; - _ostree_parse_delta_name ("30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d", &from, &to); + g_autofree char *from = NULL; + g_autofree char *to = NULL; + g_assert (_ostree_parse_delta_name ("30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d", &from, &to, NULL)); g_assert_cmpstr (to, ==, "30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d"); g_assert_null (from); } { - g_autofree char *from; - g_autofree char *to; - _ostree_parse_delta_name ("30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d-5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", &from, &to); + g_autofree char *from = NULL; + g_autofree char *to = NULL; + g_assert (_ostree_parse_delta_name ("30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d-5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", &from, &to, NULL)); g_assert_cmpstr (from, ==, "30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d"); g_assert_cmpstr (to, ==, "5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03"); } { - g_autofree char *from; - g_autofree char *to; - _ostree_parse_delta_name ("", &from, &to); + g_autofree char *from = NULL; + g_autofree char *to = NULL; + g_assert (!_ostree_parse_delta_name ("", &from, &to, NULL)); + g_assert_null (from); + g_assert_null (to); + } + + { + g_autofree char *from = NULL; + g_autofree char *to = NULL; + g_assert (!_ostree_parse_delta_name ("GARBAGE", &from, &to, NULL)); + g_assert_null (from); + g_assert_null (to); + } + + { + g_autofree char *from = NULL; + g_autofree char *to = NULL; + g_assert (!_ostree_parse_delta_name ("GARBAGE-5891b5b522d5df086d0ff0b110fbd9d21bb4fc7163af34d08286a2e846f6be03", &from, &to, NULL)); + g_assert_null (from); + g_assert_null (to); + } + + { + g_autofree char *from = NULL; + g_autofree char *to = NULL; + g_assert (!_ostree_parse_delta_name ("30d13b73cfe1e6988ffc345eac905f82a18def8ef1f0666fc392019e9eac388d-GARBAGE", &from, &to, NULL)); g_assert_null (from); g_assert_null (to); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ostree-2016.10/tests/test-delta.sh new/ostree-2016.11/tests/test-delta.sh --- old/ostree-2016.10/tests/test-delta.sh 2016-09-09 02:28:02.000000000 +0200 +++ new/ostree-2016.11/tests/test-delta.sh 2016-10-07 21:21:41.000000000 +0200 @@ -26,7 +26,7 @@ bindatafiles="bash true ostree" morebindatafiles="false ls" -echo '1..10' +echo '1..11' mkdir repo ${CMD_PREFIX} ostree --repo=repo init --mode=archive-z2 @@ -235,3 +235,10 @@ ${CMD_PREFIX} ostree --repo=repo2 ls ${samerev} >/dev/null echo 'ok pull empty delta part' + +if ${CMD_PREFIX} ostree --repo=repo static-delta show GARBAGE 2> err.txt; then + assert_not_reached "static-delta show GARBAGE unexpectedly succeeded" +fi +assert_file_has_content err.txt "Invalid rev 'GARBAGE'" + +echo 'ok handle bad delta name'
