static gboolean
deployment_get_gpg_verify (OstreeDeployment *deployment,
OstreeRepo *repo)
{
/* XXX Something like this could be added to the OstreeDeployment
* API in libostree if the OstreeRepo parameter is acceptable. */
GKeyFile *origin = ostree_deployment_get_origin (deployment);
if (origin == NULL)
return FALSE;
g_autofree char *refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (refspec == NULL)
return FALSE;
g_autofree char *remote = NULL;
if (!ostree_parse_refspec (refspec, &remote, NULL, NULL))
return FALSE;
gboolean gpg_verify = FALSE;
if (remote)
(void) ostree_repo_remote_get_gpg_verify (repo, remote, &gpg_verify, NULL);
return gpg_verify;
}
void
rpmostreed_deployment_get_refspec_packages (OstreeDeployment *deployment,
char **out_refspec,
char ***out_packages)
{
GKeyFile *origin = NULL; /* owned by deployment */
gsize len;
g_return_if_fail (out_refspec != NULL);
origin = ostree_deployment_get_origin (deployment);
if (!origin)
{
*out_refspec = NULL;
*out_packages = NULL;
return;
}
*out_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (!*out_refspec)
*out_refspec = g_key_file_get_string (origin, "origin", "baserefspec", NULL);
if (out_packages)
*out_packages = g_key_file_get_string_list (origin, "packages", "requested", &len, NULL);
}
gboolean
get_origin_refspec (OstreeDeployment *booted_deployment,
gchar **out_refspec,
GError **error)
{
GKeyFile *origin;
g_autofree gchar *refspec = NULL;
g_return_val_if_fail (OSTREE_IS_DEPLOYMENT (booted_deployment), FALSE);
g_return_val_if_fail (out_refspec != NULL, FALSE);
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
origin = ostree_deployment_get_origin (booted_deployment);
if (origin == NULL)
{
const gchar *osname = ostree_deployment_get_osname (booted_deployment);
const gchar *booted = ostree_deployment_get_csum (booted_deployment);
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
"No origin found for %s (%s), cannot upgrade",
osname, booted);
return FALSE;
}
refspec = g_key_file_get_string (origin, "origin", "refspec", error);
if (refspec == NULL)
return FALSE;
*out_refspec = g_steal_pointer (&refspec);
return TRUE;
}
char *
rpmostreed_deployment_get_refspec (OstreeDeployment *deployment)
{
GKeyFile *origin = NULL; /* owned by deployment */
char *origin_refspec = NULL;
origin = ostree_deployment_get_origin (deployment);
if (!origin)
goto out;
origin_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
out:
return origin_refspec;
}
gboolean
ot_admin_builtin_status (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
{
const int is_tty = isatty (1);
const char *red_bold_prefix = is_tty ? "\x1b[31m\x1b[1m" : "";
const char *red_bold_suffix = is_tty ? "\x1b[22m\x1b[0m" : "";
g_autoptr(GOptionContext) context = g_option_context_new ("");
g_autoptr(OstreeSysroot) sysroot = NULL;
if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED,
invocation, &sysroot, cancellable, error))
return FALSE;
g_autoptr(OstreeRepo) repo = NULL;
if (!ostree_sysroot_get_repo (sysroot, &repo, cancellable, error))
return FALSE;
g_autoptr(GPtrArray) deployments = ostree_sysroot_get_deployments (sysroot);
OstreeDeployment *booted_deployment = ostree_sysroot_get_booted_deployment (sysroot);
g_autoptr(OstreeDeployment) pending_deployment = NULL;
g_autoptr(OstreeDeployment) rollback_deployment = NULL;
if (booted_deployment)
ostree_sysroot_query_deployments_for (sysroot, NULL, &pending_deployment,
&rollback_deployment);
if (deployments->len == 0)
{
g_print ("No deployments.\n");
}
else
{
for (guint i = 0; i < deployments->len; i++)
{
OstreeDeployment *deployment = deployments->pdata[i];
const char *ref = ostree_deployment_get_csum (deployment);
/* Load the backing commit; shouldn't normally fail, but if it does,
* we stumble on.
*/
g_autoptr(GVariant) commit = NULL;
(void)ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT, ref,
&commit, NULL);
g_autoptr(GVariant) commit_metadata = NULL;
if (commit)
commit_metadata = g_variant_get_child_value (commit, 0);
const char *version = NULL;
const char *source_title = NULL;
if (commit_metadata)
{
(void) g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_VERSION, "&s", &version);
(void) g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_SOURCE_TITLE, "&s", &source_title);
}
GKeyFile *origin = ostree_deployment_get_origin (deployment);
const char *deployment_status = "";
if (deployment == pending_deployment)
deployment_status = " (pending)";
else if (deployment == rollback_deployment)
deployment_status = " (rollback)";
g_print ("%c %s %s.%d%s\n",
deployment == booted_deployment ? '*' : ' ',
ostree_deployment_get_osname (deployment),
ostree_deployment_get_csum (deployment),
ostree_deployment_get_deployserial (deployment),
deployment_status);
if (version)
g_print (" Version: %s\n", version);
OstreeDeploymentUnlockedState unlocked = ostree_deployment_get_unlocked (deployment);
switch (unlocked)
{
case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
break;
default:
g_print (" %sUnlocked: %s%s\n", red_bold_prefix,
ostree_deployment_unlocked_state_to_string (unlocked),
red_bold_suffix);
}
if (!origin)
g_print (" origin: none\n");
else
{
g_autofree char *origin_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (!origin_refspec)
g_print (" origin: <unknown origin type>\n");
else
g_print (" origin refspec: %s\n", origin_refspec);
if (source_title)
g_print (" `- %s\n", source_title);
}
if (deployment_get_gpg_verify (deployment, repo))
{
g_autoptr(GString) output_buffer = g_string_sized_new (256);
/* Print any digital signatures on this commit. */
g_autoptr(GError) local_error = NULL;
g_autoptr(OstreeGpgVerifyResult) result =
ostree_repo_verify_commit_ext (repo, ref, NULL, NULL,
cancellable, &local_error);
/* G_IO_ERROR_NOT_FOUND just means the commit is not signed. */
if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
g_clear_error (&local_error);
continue;
}
else if (local_error != NULL)
{
g_propagate_error (error, g_steal_pointer (&local_error));
return FALSE;
}
const guint n_signatures = ostree_gpg_verify_result_count_all (result);
for (guint jj = 0; jj < n_signatures; jj++)
{
ostree_gpg_verify_result_describe (result, jj, output_buffer, " GPG: ",
OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT);
}
g_print ("%s", output_buffer->str);
}
}
}
return TRUE;
}
gboolean
ot_admin_builtin_set_origin (int argc, char **argv, GCancellable *cancellable, GError **error)
{
gboolean ret = FALSE;
GOptionContext *context;
const char *remotename = NULL;
const char *url = NULL;
const char *branch = NULL;
gs_unref_object OstreeRepo *repo = NULL;
gs_unref_object OstreeSysroot *sysroot = NULL;
OstreeDeployment *target_deployment = NULL;
context = g_option_context_new ("REMOTENAME URL [BRANCH]");
if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
&sysroot, cancellable, error))
goto out;
if (argc < 3)
{
ot_util_usage_error (context, "REMOTENAME and URL must be specified", error);
goto out;
}
remotename = argv[1];
url = argv[2];
if (argc > 3)
branch = argv[3];
if (!ostree_sysroot_load (sysroot, cancellable, error))
goto out;
if (!ostree_sysroot_get_repo (sysroot, &repo, cancellable, error))
goto out;
if (opt_index == -1)
{
target_deployment = ostree_sysroot_get_booted_deployment (sysroot);
if (target_deployment == NULL)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Not currently booted into an OSTree system");
goto out;
}
}
else
{
target_deployment = ot_admin_get_indexed_deployment (sysroot, opt_index, error);
if (!target_deployment)
goto out;
}
{ char **iter;
gs_unref_variant_builder GVariantBuilder *optbuilder =
g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
for (iter = opt_set; iter && *iter; iter++)
{
const char *keyvalue = *iter;
gs_free char *subkey = NULL;
gs_free char *subvalue = NULL;
if (!ot_parse_keyvalue (keyvalue, &subkey, &subvalue, error))
goto out;
g_variant_builder_add (optbuilder, "{s@v}",
subkey, g_variant_new_variant (g_variant_new_string (subvalue)));
}
if (!ostree_repo_remote_change (repo, NULL,
OSTREE_REPO_REMOTE_CHANGE_ADD_IF_NOT_EXISTS,
remotename, url,
g_variant_builder_end (optbuilder),
cancellable, error))
goto out;
}
{ GKeyFile *old_origin = ostree_deployment_get_origin (target_deployment);
gs_free char *origin_refspec = g_key_file_get_string (old_origin, "origin", "refspec", NULL);
gs_free char *new_refspec = NULL;
gs_free char *origin_remote = NULL;
gs_free char *origin_ref = NULL;
if (!ostree_parse_refspec (origin_refspec, &origin_remote, &origin_ref, error))
goto out;
{ gs_free char *new_refspec = g_strconcat (remotename, ":", branch ? branch : origin_ref, NULL);
gs_unref_keyfile GKeyFile *new_origin = NULL;
gs_unref_object GFile *origin_path = NULL;
new_origin = ostree_sysroot_origin_new_from_refspec (sysroot, new_refspec);
if (!ostree_sysroot_write_origin_file (sysroot, target_deployment, new_origin,
cancellable, error))
goto out;
}
}
ret = TRUE;
out:
if (context)
g_option_context_free (context);
return ret;
}
gboolean
ot_admin_builtin_status (int argc, char **argv, GCancellable *cancellable, GError **error)
{
g_autoptr(GOptionContext) context = NULL;
glnx_unref_object OstreeSysroot *sysroot = NULL;
gboolean ret = FALSE;
glnx_unref_object OstreeRepo *repo = NULL;
OstreeDeployment *booted_deployment = NULL;
g_autoptr(GPtrArray) deployments = NULL;
const int is_tty = isatty (1);
const char *red_bold_prefix = is_tty ? "\x1b[31m\x1b[1m" : "";
const char *red_bold_suffix = is_tty ? "\x1b[22m\x1b[0m" : "";
guint i;
context = g_option_context_new ("List deployments");
if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED,
&sysroot, cancellable, error))
goto out;
if (!ostree_sysroot_load (sysroot, cancellable, error))
goto out;
if (!ostree_sysroot_get_repo (sysroot, &repo, cancellable, error))
goto out;
deployments = ostree_sysroot_get_deployments (sysroot);
booted_deployment = ostree_sysroot_get_booted_deployment (sysroot);
if (deployments->len == 0)
{
g_print ("No deployments.\n");
}
else
{
for (i = 0; i < deployments->len; i++)
{
OstreeDeployment *deployment = deployments->pdata[i];
GKeyFile *origin;
const char *ref = ostree_deployment_get_csum (deployment);
OstreeDeploymentUnlockedState unlocked = ostree_deployment_get_unlocked (deployment);
g_autofree char *version = version_of_commit (repo, ref);
glnx_unref_object OstreeGpgVerifyResult *result = NULL;
GString *output_buffer;
guint jj, n_signatures;
GError *local_error = NULL;
origin = ostree_deployment_get_origin (deployment);
g_print ("%c %s %s.%d\n",
deployment == booted_deployment ? '*' : ' ',
ostree_deployment_get_osname (deployment),
ostree_deployment_get_csum (deployment),
ostree_deployment_get_deployserial (deployment));
if (version)
g_print (" Version: %s\n", version);
switch (unlocked)
{
case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
break;
default:
g_print (" %sUnlocked: %s%s\n", red_bold_prefix,
ostree_deployment_unlocked_state_to_string (unlocked),
red_bold_suffix);
}
if (!origin)
g_print (" origin: none\n");
else
{
g_autofree char *origin_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (!origin_refspec)
g_print (" origin: <unknown origin type>\n");
else
g_print (" origin refspec: %s\n", origin_refspec);
}
if (deployment_get_gpg_verify (deployment, repo))
{
/* Print any digital signatures on this commit. */
result = ostree_repo_verify_commit_ext (repo, ref, NULL, NULL,
cancellable, &local_error);
/* G_IO_ERROR_NOT_FOUND just means the commit is not signed. */
if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
g_clear_error (&local_error);
continue;
}
else if (local_error != NULL)
{
g_propagate_error (error, local_error);
goto out;
}
output_buffer = g_string_sized_new (256);
n_signatures = ostree_gpg_verify_result_count_all (result);
for (jj = 0; jj < n_signatures; jj++)
{
ostree_gpg_verify_result_describe (result, jj, output_buffer, " GPG: ",
OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT);
}
g_print ("%s", output_buffer->str);
g_string_free (output_buffer, TRUE);
}
}
}
ret = TRUE;
out:
return ret;
}
