/* Get a currently unique (for this host) identifier for the
* deployment; TODO - adding the deployment timestamp would make it
* persistently unique, needs API in libostree.
*/
char *
rpmostreed_deployment_generate_id (OstreeDeployment *deployment)
{
g_return_val_if_fail (OSTREE_IS_DEPLOYMENT (deployment), NULL);
return g_strdup_printf ("%s-%s.%u",
ostree_deployment_get_osname (deployment),
ostree_deployment_get_csum (deployment),
ostree_deployment_get_deployserial (deployment));
}
/**
* ostree_sysroot_get_deployment_dirpath:
* @self: Repo
* @deployment: A deployment
*
* Note this function only returns a *relative* path - if you want
* to access, it, you must either use fd-relative api such as openat(),
* or concatenate it with the full ostree_sysroot_get_path().
*
* Returns: (transfer full): Path to deployment root directory, relative to sysroot
*/
char *
ostree_sysroot_get_deployment_dirpath (OstreeSysroot *self,
OstreeDeployment *deployment)
{
return g_strdup_printf ("ostree/deploy/%s/deploy/%s.%d",
ostree_deployment_get_osname (deployment),
ostree_deployment_get_csum (deployment),
ostree_deployment_get_deployserial (deployment));
}
gboolean
ot_admin_builtin_status (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
{
const int is_tty = isatty (1);
const char *red_bold_prefix = is_tty ? "\x1b[31m\x1b[1m" : "";
const char *red_bold_suffix = is_tty ? "\x1b[22m\x1b[0m" : "";
g_autoptr(GOptionContext) context = g_option_context_new ("");
g_autoptr(OstreeSysroot) sysroot = NULL;
if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED,
invocation, &sysroot, cancellable, error))
return FALSE;
g_autoptr(OstreeRepo) repo = NULL;
if (!ostree_sysroot_get_repo (sysroot, &repo, cancellable, error))
return FALSE;
g_autoptr(GPtrArray) deployments = ostree_sysroot_get_deployments (sysroot);
OstreeDeployment *booted_deployment = ostree_sysroot_get_booted_deployment (sysroot);
g_autoptr(OstreeDeployment) pending_deployment = NULL;
g_autoptr(OstreeDeployment) rollback_deployment = NULL;
if (booted_deployment)
ostree_sysroot_query_deployments_for (sysroot, NULL, &pending_deployment,
&rollback_deployment);
if (deployments->len == 0)
{
g_print ("No deployments.\n");
}
else
{
for (guint i = 0; i < deployments->len; i++)
{
OstreeDeployment *deployment = deployments->pdata[i];
const char *ref = ostree_deployment_get_csum (deployment);
/* Load the backing commit; shouldn't normally fail, but if it does,
* we stumble on.
*/
g_autoptr(GVariant) commit = NULL;
(void)ostree_repo_load_variant (repo, OSTREE_OBJECT_TYPE_COMMIT, ref,
&commit, NULL);
g_autoptr(GVariant) commit_metadata = NULL;
if (commit)
commit_metadata = g_variant_get_child_value (commit, 0);
const char *version = NULL;
const char *source_title = NULL;
if (commit_metadata)
{
(void) g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_VERSION, "&s", &version);
(void) g_variant_lookup (commit_metadata, OSTREE_COMMIT_META_KEY_SOURCE_TITLE, "&s", &source_title);
}
GKeyFile *origin = ostree_deployment_get_origin (deployment);
const char *deployment_status = "";
if (deployment == pending_deployment)
deployment_status = " (pending)";
else if (deployment == rollback_deployment)
deployment_status = " (rollback)";
g_print ("%c %s %s.%d%s\n",
deployment == booted_deployment ? '*' : ' ',
ostree_deployment_get_osname (deployment),
ostree_deployment_get_csum (deployment),
ostree_deployment_get_deployserial (deployment),
deployment_status);
if (version)
g_print (" Version: %s\n", version);
OstreeDeploymentUnlockedState unlocked = ostree_deployment_get_unlocked (deployment);
switch (unlocked)
{
case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
break;
default:
g_print (" %sUnlocked: %s%s\n", red_bold_prefix,
ostree_deployment_unlocked_state_to_string (unlocked),
red_bold_suffix);
}
if (!origin)
g_print (" origin: none\n");
else
{
g_autofree char *origin_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (!origin_refspec)
g_print (" origin: <unknown origin type>\n");
else
g_print (" origin refspec: %s\n", origin_refspec);
if (source_title)
g_print (" `- %s\n", source_title);
}
if (deployment_get_gpg_verify (deployment, repo))
{
g_autoptr(GString) output_buffer = g_string_sized_new (256);
/* Print any digital signatures on this commit. */
g_autoptr(GError) local_error = NULL;
g_autoptr(OstreeGpgVerifyResult) result =
ostree_repo_verify_commit_ext (repo, ref, NULL, NULL,
cancellable, &local_error);
/* G_IO_ERROR_NOT_FOUND just means the commit is not signed. */
if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
g_clear_error (&local_error);
continue;
}
else if (local_error != NULL)
{
g_propagate_error (error, g_steal_pointer (&local_error));
return FALSE;
}
const guint n_signatures = ostree_gpg_verify_result_count_all (result);
for (guint jj = 0; jj < n_signatures; jj++)
{
ostree_gpg_verify_result_describe (result, jj, output_buffer, " GPG: ",
OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT);
}
g_print ("%s", output_buffer->str);
}
}
}
return TRUE;
}
GVariant *
rpmostreed_deployment_generate_variant (OstreeDeployment *deployment,
OstreeRepo *repo)
{
g_autoptr(GVariant) commit = NULL;
g_autofree gchar *origin_refspec = NULL;
g_autofree gchar *version_commit = NULL;
g_autofree gchar *id = NULL;
GVariant *sigs = NULL; /* floating variant */
GError *error = NULL;
GVariantDict dict;
guint64 timestamp = 0;
const gchar *osname = ostree_deployment_get_osname (deployment);
const gchar *csum = ostree_deployment_get_csum (deployment);
gint serial = ostree_deployment_get_deployserial (deployment);
id = rpmostreed_deployment_generate_id (deployment);
if (ostree_repo_load_variant (repo,
OSTREE_OBJECT_TYPE_COMMIT,
csum,
&commit,
&error))
{
g_autoptr(GVariant) metadata = NULL;
timestamp = ostree_commit_get_timestamp (commit);
metadata = g_variant_get_child_value (commit, 0);
if (metadata != NULL)
g_variant_lookup (metadata, "version", "s", &version_commit);
}
else
{
g_warning ("Error loading commit %s", error->message);
}
g_clear_error (&error);
origin_refspec = rpmostreed_deployment_get_refspec (deployment);
if (origin_refspec)
sigs = rpmostreed_deployment_gpg_results (repo, origin_refspec, csum);
g_variant_dict_init (&dict, NULL);
g_variant_dict_insert (&dict, "id", "s", id);
if (osname != NULL)
g_variant_dict_insert (&dict, "osname", "s", osname);
g_variant_dict_insert (&dict, "serial", "i", serial);
g_variant_dict_insert (&dict, "checksum", "s", csum);
if (version_commit != NULL)
g_variant_dict_insert (&dict, "version", "s", version_commit);
if (timestamp > 0)
g_variant_dict_insert (&dict, "timestamp", "t", timestamp);
if (origin_refspec != NULL)
g_variant_dict_insert (&dict, "origin", "s", origin_refspec);
if (sigs != NULL)
g_variant_dict_insert_value (&dict, "signatures", sigs);
return g_variant_dict_end (&dict);
}
GVariant *
rpmostreed_deployment_generate_variant (OstreeDeployment *deployment,
const char *booted_id,
OstreeRepo *repo,
GError **error)
{
g_autoptr(GVariant) commit = NULL;
g_autoptr(RpmOstreeOrigin) origin = NULL;
g_autofree gchar *id = NULL;
GVariant *sigs = NULL; /* floating variant */
GVariantDict dict;
const gchar *osname = ostree_deployment_get_osname (deployment);
const gchar *csum = ostree_deployment_get_csum (deployment);
gint serial = ostree_deployment_get_deployserial (deployment);
gboolean gpg_enabled = FALSE;
if (!ostree_repo_load_variant (repo,
OSTREE_OBJECT_TYPE_COMMIT,
csum,
&commit,
error))
return NULL;
id = rpmostreed_deployment_generate_id (deployment);
origin = rpmostree_origin_parse_deployment (deployment, error);
if (!origin)
return NULL;
g_variant_dict_init (&dict, NULL);
g_variant_dict_insert (&dict, "id", "s", id);
if (osname != NULL)
g_variant_dict_insert (&dict, "osname", "s", osname);
g_variant_dict_insert (&dict, "serial", "i", serial);
g_variant_dict_insert (&dict, "checksum", "s", csum);
if (rpmostree_origin_is_locally_assembled (origin))
{
const char *parent = ostree_commit_get_parent (commit);
g_assert (parent);
g_variant_dict_insert (&dict, "base-checksum", "s", parent);
sigs = rpmostreed_deployment_gpg_results (repo, rpmostree_origin_get_refspec (origin),
parent, &gpg_enabled);
}
else
sigs = rpmostreed_deployment_gpg_results (repo, rpmostree_origin_get_refspec (origin),
csum, &gpg_enabled);
variant_add_commit_details (&dict, commit);
g_variant_dict_insert (&dict, "origin", "s", rpmostree_origin_get_refspec (origin));
if (rpmostree_origin_get_packages (origin) != NULL)
g_variant_dict_insert (&dict, "packages", "^as", rpmostree_origin_get_packages (origin));
if (sigs != NULL)
g_variant_dict_insert_value (&dict, "signatures", sigs);
g_variant_dict_insert (&dict, "gpg-enabled", "b", gpg_enabled);
g_variant_dict_insert (&dict, "unlocked", "s",
ostree_deployment_unlocked_state_to_string (ostree_deployment_get_unlocked (deployment)));
if (booted_id != NULL)
g_variant_dict_insert (&dict, "booted", "b", g_strcmp0 (booted_id, id) == 0);
return g_variant_dict_end (&dict);
}
gboolean
ot_admin_builtin_undeploy (int argc, char **argv, GCancellable *cancellable, GError **error)
{
gboolean ret = FALSE;
GOptionContext *context;
gs_unref_object OstreeSysroot *sysroot = NULL;
const char *deploy_index_str;
int deploy_index;
gs_unref_ptrarray GPtrArray *current_deployments = NULL;
gs_unref_object OstreeDeployment *booted_deployment = NULL;
gs_unref_object OstreeDeployment *target_deployment = NULL;
context = g_option_context_new ("INDEX - Delete deployment INDEX");
if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
&sysroot, cancellable, error))
goto out;
if (argc < 2)
{
ot_util_usage_error (context, "INDEX must be specified", error);
goto out;
}
if (!ostree_sysroot_load (sysroot, cancellable, error))
goto out;
current_deployments = ostree_sysroot_get_deployments (sysroot);
deploy_index_str = argv[1];
deploy_index = atoi (deploy_index_str);
target_deployment = ot_admin_get_indexed_deployment (sysroot, deploy_index, error);
if (!target_deployment)
goto out;
if (target_deployment == ostree_sysroot_get_booted_deployment (sysroot))
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
"Cannot undeploy currently booted deployment %i", deploy_index);
goto out;
}
g_ptr_array_remove_index (current_deployments, deploy_index);
if (!ostree_sysroot_write_deployments (sysroot, current_deployments,
cancellable, error))
goto out;
g_print ("Deleted deployment %s.%d\n", ostree_deployment_get_csum (target_deployment),
ostree_deployment_get_deployserial (target_deployment));
if (!ostree_sysroot_cleanup (sysroot, cancellable, error))
{
g_prefix_error (error, "Performing final cleanup: ");
goto out;
}
ret = TRUE;
out:
if (context)
g_option_context_free (context);
return ret;
}
gboolean
rpmostree_builtin_rollback (int argc,
char **argv,
GCancellable *cancellable,
GError **error)
{
gboolean ret = FALSE;
GOptionContext *context = g_option_context_new ("- Revert to the previously booted tree");
gs_unref_object GFile *sysroot_path = NULL;
gs_unref_object OstreeSysroot *sysroot = NULL;
gs_free char *origin_description = NULL;
gs_unref_ptrarray GPtrArray *deployments = NULL;
gs_unref_ptrarray GPtrArray *new_deployments =
g_ptr_array_new_with_free_func (g_object_unref);
OstreeDeployment *booted_deployment = NULL;
guint i;
guint booted_index;
guint index_to_prepend;
if (!rpmostree_option_context_parse (context, option_entries, &argc, &argv, error))
goto out;
sysroot_path = g_file_new_for_path (opt_sysroot);
sysroot = ostree_sysroot_new (sysroot_path);
if (!ostree_sysroot_load (sysroot, cancellable, error))
goto out;
booted_deployment = ostree_sysroot_get_booted_deployment (sysroot);
if (booted_deployment == NULL)
{
g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Not currently booted into an OSTree system");
goto out;
}
deployments = ostree_sysroot_get_deployments (sysroot);
if (deployments->len < 2)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
"Found %u deployments, at least 2 required for rollback",
deployments->len);
goto out;
}
g_assert (booted_deployment != NULL);
for (booted_index = 0; booted_index < deployments->len; booted_index++)
{
if (deployments->pdata[booted_index] == booted_deployment)
break;
}
g_assert (booted_index < deployments->len);
g_assert (deployments->pdata[booted_index] == booted_deployment);
if (booted_index != 0)
{
/* There is an earlier deployment, let's assume we want to just
* insert the current one in front.
*/
/*
What this does is, if we're NOT in the default boot index, it plans to prepend
our current index (1, since we can't have more than two trees) so that it becomes index 0
(default) and the current default becomes index 1
*/
index_to_prepend = booted_index;
}
else
{
/* We're booted into the first, let's roll back to the previous */
index_to_prepend = 1;
}
g_ptr_array_add (new_deployments, g_object_ref (deployments->pdata[index_to_prepend]));
for (i = 0; i < deployments->len; i++)
{
if (i == index_to_prepend)
continue;
g_ptr_array_add (new_deployments, g_object_ref (deployments->pdata[i]));
}
g_print ("Moving '%s.%d' to be first deployment\n",
ostree_deployment_get_csum (deployments->pdata[index_to_prepend]),
ostree_deployment_get_deployserial (deployments->pdata[index_to_prepend]));
if (!ostree_sysroot_write_deployments (sysroot, new_deployments, cancellable,
error))
goto out;
if (opt_reboot)
gs_subprocess_simple_run_sync (NULL, GS_SUBPROCESS_STREAM_DISPOSITION_INHERIT,
cancellable, error,
"systemctl", "reboot", NULL);
else
{
if (!rpmostree_print_treepkg_diff (sysroot, cancellable, error))
goto out;
g_print ("Successfully reset deployment order; run \"systemctl reboot\" to start a reboot\n");
}
if (opt_reboot)
ret = TRUE;
out:
return ret;
}
gboolean
ot_admin_builtin_status (int argc, char **argv, GCancellable *cancellable, GError **error)
{
g_autoptr(GOptionContext) context = NULL;
glnx_unref_object OstreeSysroot *sysroot = NULL;
gboolean ret = FALSE;
glnx_unref_object OstreeRepo *repo = NULL;
OstreeDeployment *booted_deployment = NULL;
g_autoptr(GPtrArray) deployments = NULL;
const int is_tty = isatty (1);
const char *red_bold_prefix = is_tty ? "\x1b[31m\x1b[1m" : "";
const char *red_bold_suffix = is_tty ? "\x1b[22m\x1b[0m" : "";
guint i;
context = g_option_context_new ("List deployments");
if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED,
&sysroot, cancellable, error))
goto out;
if (!ostree_sysroot_load (sysroot, cancellable, error))
goto out;
if (!ostree_sysroot_get_repo (sysroot, &repo, cancellable, error))
goto out;
deployments = ostree_sysroot_get_deployments (sysroot);
booted_deployment = ostree_sysroot_get_booted_deployment (sysroot);
if (deployments->len == 0)
{
g_print ("No deployments.\n");
}
else
{
for (i = 0; i < deployments->len; i++)
{
OstreeDeployment *deployment = deployments->pdata[i];
GKeyFile *origin;
const char *ref = ostree_deployment_get_csum (deployment);
OstreeDeploymentUnlockedState unlocked = ostree_deployment_get_unlocked (deployment);
g_autofree char *version = version_of_commit (repo, ref);
glnx_unref_object OstreeGpgVerifyResult *result = NULL;
GString *output_buffer;
guint jj, n_signatures;
GError *local_error = NULL;
origin = ostree_deployment_get_origin (deployment);
g_print ("%c %s %s.%d\n",
deployment == booted_deployment ? '*' : ' ',
ostree_deployment_get_osname (deployment),
ostree_deployment_get_csum (deployment),
ostree_deployment_get_deployserial (deployment));
if (version)
g_print (" Version: %s\n", version);
switch (unlocked)
{
case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
break;
default:
g_print (" %sUnlocked: %s%s\n", red_bold_prefix,
ostree_deployment_unlocked_state_to_string (unlocked),
red_bold_suffix);
}
if (!origin)
g_print (" origin: none\n");
else
{
g_autofree char *origin_refspec = g_key_file_get_string (origin, "origin", "refspec", NULL);
if (!origin_refspec)
g_print (" origin: <unknown origin type>\n");
else
g_print (" origin refspec: %s\n", origin_refspec);
}
if (deployment_get_gpg_verify (deployment, repo))
{
/* Print any digital signatures on this commit. */
result = ostree_repo_verify_commit_ext (repo, ref, NULL, NULL,
cancellable, &local_error);
/* G_IO_ERROR_NOT_FOUND just means the commit is not signed. */
if (g_error_matches (local_error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND))
{
g_clear_error (&local_error);
continue;
}
else if (local_error != NULL)
{
g_propagate_error (error, local_error);
goto out;
}
output_buffer = g_string_sized_new (256);
n_signatures = ostree_gpg_verify_result_count_all (result);
for (jj = 0; jj < n_signatures; jj++)
{
ostree_gpg_verify_result_describe (result, jj, output_buffer, " GPG: ",
OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT);
}
g_print ("%s", output_buffer->str);
g_string_free (output_buffer, TRUE);
}
}
}
ret = TRUE;
out:
return ret;
}
