Merge pull request coreos#4287 from jlebon/pr/locked-conf

Closes coreos#4061
acidburn0zzz · Feb 6, 2023 · bc4744e · bc4744e
2 parents b3fb9c7 + 198c390
commit bc4744e
Show file tree

Hide file tree

Showing 7 changed files with 62 additions and 2 deletions.
diff --git a/man/rpm-ostreed.conf.xml b/man/rpm-ostreed.conf.xml
@@ -90,6 +90,15 @@ Boston, MA 02111-1307, USA.
         disable auto-exit. Defaults to 60.</para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><varname>LockLayering=</varname></term>
+
+        <listitem>
+        <para>Controls whether any mutation of the base OSTree commit is
+        supported (for example, package overlays or overrides, initramfs
+        overlays or regeneration). Defaults to false.</para>
+        </listitem>
+      </varlistentry>
     <!--
       <varlistentry>
         <term><varname>OptionName=</varname></term>

diff --git a/src/daemon/rpm-ostreed.conf b/src/daemon/rpm-ostreed.conf
@@ -5,3 +5,4 @@
 [Daemon]
 #AutomaticUpdatePolicy=none
 #IdleExitTimeout=60
+#LockLayering=false
diff --git a/src/daemon/rpmostree-sysroot-upgrader.cxx b/src/daemon/rpmostree-sysroot-upgrader.cxx
@@ -1011,6 +1011,9 @@ perform_local_assembly (RpmOstreeSysrootUpgrader *self, GCancellable *cancellabl
   if (self->layering_type == RPMOSTREE_SYSROOT_UPGRADER_LAYERING_NONE)
     return TRUE;
 
+  /* this should've been checked by rpmostree_sysroot_upgrader_prep_layering */
+  g_assert (!rpmostreed_get_lock_layering (rpmostreed_daemon_get ()));
+
   rpmostree_context_set_devino_cache (self->ctx, self->devino_cache);
   rpmostree_context_set_tmprootfs_dfd (self->ctx, self->tmprootfs_dfd);
 
@@ -1164,6 +1167,9 @@ rpmostree_sysroot_upgrader_prep_layering (RpmOstreeSysrootUpgrader *self,
       return TRUE;
     }
 
+  if (rpmostreed_get_lock_layering (rpmostreed_daemon_get ()))
+    return glnx_throw (error, "Cannot operate; `LockLayering=true` in configuration.");
+
   /* Do a bit more work to see whether or not we have to do assembly */
   if (!load_base_rsack (self, cancellable, error))
     return FALSE;
@@ -1362,6 +1368,8 @@ rpmostree_sysroot_upgrader_deploy (RpmOstreeSysrootUpgrader *self,
   const char *overlay_v[] = { NULL, NULL };
   if (rpmostree_origin_has_initramfs_etc_files (self->computed_origin))
     {
+      /* this should've been checked by rpmostree_sysroot_upgrader_prep_layering */
+      g_assert (!rpmostreed_get_lock_layering (rpmostreed_daemon_get ()));
       auto etc_files = rpmostree_origin_get_initramfs_etc_files (self->computed_origin);
       CXX_TRY_VAR (fdv, rpmostreecxx::initramfs_overlay_generate (etc_files, *cancellable), error);
       glnx_fd_close int fd = fdv;

diff --git a/src/daemon/rpmostreed-daemon.cxx b/src/daemon/rpmostreed-daemon.cxx
@@ -75,6 +75,7 @@ struct _RpmostreedDaemon
   /* Settings from the config file */
   guint idle_exit_timeout;
   RpmostreedAutomaticUpdatePolicy auto_update_policy;
+  gboolean lock_layering;
 
   GDBusConnection *connection;
   GDBusObjectManagerServer *object_manager;
@@ -350,6 +351,19 @@ get_config_str (GKeyFile *keyfile, const char *key, const char *default_val)
   return util::move_nullify (val) ?: g_strdup (default_val);
 }
 
+static gboolean
+get_config_bool (GKeyFile *keyfile, const char *key, gboolean default_val)
+{
+  g_autoptr (GError) local_error = NULL;
+  gboolean r = g_key_file_get_boolean (keyfile, DAEMON_CONFIG_GROUP, key, &local_error);
+  if (!local_error)
+    return r;
+  if (!g_error_matches (local_error, G_KEY_FILE_ERROR, G_KEY_FILE_ERROR_KEY_NOT_FOUND))
+    sd_journal_print (LOG_WARNING, "Reading config key '%s': %s; using compiled defaults", key,
+                      local_error->message);
+  return default_val;
+}
+
 static guint64
 get_config_uint64 (GKeyFile *keyfile, const char *key, guint64 default_val)
 {
@@ -381,6 +395,12 @@ rpmostreed_get_automatic_update_policy (RpmostreedDaemon *self)
   return self->auto_update_policy;
 }
 
+gboolean
+rpmostreed_get_lock_layering (RpmostreedDaemon *self)
+{
+  return self->lock_layering;
+}
+
 /* in-place version of g_ascii_strdown */
 static inline void
 ascii_strdown_inplace (char *str)
@@ -411,9 +431,10 @@ rpmostreed_daemon_reload_config (RpmostreedDaemon *self, gboolean *out_changed,
         return FALSE;
     }
 
-  /* don't update changed for this; it's contained to RpmostreedDaemon so no other objects
+  /* don't update changed for these; it's contained to RpmostreedDaemon so no other objects
    * need to be reloaded if it changes */
   self->idle_exit_timeout = idle_exit_timeout;
+  self->lock_layering = get_config_bool (config, "LockLayering", FALSE);
 
   gboolean changed = FALSE;
 

diff --git a/src/daemon/rpmostreed-daemon.h b/src/daemon/rpmostreed-daemon.h
@@ -61,6 +61,7 @@ gboolean rpmostreed_daemon_reload_config (RpmostreedDaemon *self, gboolean *out_
 gboolean rpmostreed_authorize_method_for_uid0 (GDBusMethodInvocation *invocation);
 
 RpmostreedAutomaticUpdatePolicy rpmostreed_get_automatic_update_policy (RpmostreedDaemon *self);
+gboolean rpmostreed_get_lock_layering (RpmostreedDaemon *self);
 
 G_END_DECLS
 

diff --git a/tests/kolainst/destructive/initramfs-etc b/tests/kolainst/destructive/initramfs-etc
@@ -25,7 +25,17 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in
     mkdir -p /etc/cmdline.d
     echo 'foobar' > /etc/cmdline.d/foobar.conf
 
-    rpm-ostree initramfs-etc --track /etc/cmdline.d/foobar.conf
+    # check that we can't overlay in locked mode
+    cp /etc/rpm-ostreed.conf{,.bak}
+    echo 'LockLayering=true' >> /etc/rpm-ostreed.conf && rpm-ostree reload
+    if rpm-ostree initramfs-etc --track /etc/cmdline.d/foobar.conf 2>out.txt; then
+      fatal "should have failed in locked mode"
+    fi
+    assert_file_has_content_literal out.txt "LockLayering=true"
+    rm out.txt
+    mv /etc/rpm-ostreed.conf{.bak,} && rpm-ostree reload
+
+    rpm-ostree initramfs-etc --track /etc/cmdline.d/foobar.conf 2>out.txt
     rpm-ostree status > status.txt
     assert_file_has_content_literal status.txt "InitramfsEtc: /etc/cmdline.d/foobar.conf"
     rpm-ostree status --json > status.json

diff --git a/tests/kolainst/destructive/layering-local b/tests/kolainst/destructive/layering-local
@@ -31,6 +31,16 @@ if rpm -q foo 2>/dev/null; then
   fatal "found foo"
 fi
 
+# check that we can't overlay in locked mode
+cp /etc/rpm-ostreed.conf{,.bak}
+echo 'LockLayering=true' >> /etc/rpm-ostreed.conf && rpm-ostree reload
+if rpm-ostree install ${KOLA_EXT_DATA}/rpm-repos/0/packages/x86_64/foo-1.2-3.x86_64.rpm 2>out.txt; then
+  fatal "should have failed in locked mode"
+fi
+assert_file_has_content_literal out.txt "LockLayering=true"
+rm out.txt
+mv /etc/rpm-ostreed.conf{.bak,} && rpm-ostree reload
+
 # Disable repos, no Internet access should be required
 rm -rf /etc/yum.repos.d/
 # Also disable zincati since we're rebasing