diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 65295c9bb3..884d29a4e7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -26,270 +26,285 @@ jobs: run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Test style run: ./ci/ci-commitmessage-submodules.sh - build-integration: + clang-format: + name: "clang-format" runs-on: ubuntu-latest - container: quay.io/coreos-assembler/fcos-buildroot:testing-devel - steps: - - uses: actions/checkout@v3 - - name: Cache Dependencies - uses: Swatinem/rust-cache@ce325b60658c1b38465c06cc965b79baf32c1e72 - with: - key: "integration" - - name: Build - run: cd tests/inst && cargo build --verbose --release - - name: Upload binary - uses: actions/upload-artifact@v2 - with: - name: ostree-test - path: tests/inst/target/release/ostree-test - minimal: - name: "Build - FCOS minimal" - runs-on: ubuntu-latest - container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel steps: - name: Checkout repository - uses: actions/checkout@v2 - # https://github.com/actions/checkout/issues/760 - - name: Mark git checkout as safe - run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Build - run: | - env NOCONFIGURE=1 ./autogen.sh && - ./configure --without-curl --without-soup --disable-gtk-doc --disable-man \ - --disable-rust --without-libarchive --without-selinux --without-smack \ - --without-openssl --without-avahi --without-libmount --disable-rofiles-fuse \ - --without-libsodium && - make - build-c: - name: "Build (Fedora)" - runs-on: ubuntu-latest - container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel - steps: - - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: true # https://github.com/actions/checkout/issues/760 - name: Mark git checkout as safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Build - run: | - env NOCONFIGURE=1 ./autogen.sh && - ./configure --with-curl --with-selinux --with-dracut=yesbutnoconf --with-composefs && - make -j 4 && make install DESTDIR=$(pwd)/install && tar -c -C install --zstd -f inst.tar.zst . - - name: Upload binary - uses: actions/upload-artifact@v2 - with: - name: inst.tar.zst - path: inst.tar.zst - privtest: - name: "Privileged testing" - needs: [build-c, build-integration] - runs-on: ubuntu-latest - container: - image: quay.io/fedora/fedora-coreos:testing-devel - options: "--privileged --pid=host -v /run/systemd:/run/systemd -v /:/run/host" - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Download install tree - uses: actions/download-artifact@v2 - with: - name: inst.tar.zst - - name: Install - run: tar -C / -xvf inst.tar.zst && rm -f inst.tar.zst - - name: Download test binary - uses: actions/download-artifact@v2 - with: - name: ostree-test - - name: Install - run: install ostree-test /usr/bin - - name: Setup - # https://github.com/ostreedev/ostree-rs-ext/issues/417 - run: mkdir -p /var/tmp - - name: Integration tests (unit) - run: ostree-test - tests: - # Distro configuration matrix - # - # Each build is run in a Docker container specific to the distro. - # When adding a new distro, handle the dependency installation in - # `ci/gh-install.sh`. The matrix configuration options are: - # - # name: A friendly name to use for the job. - # - # image: The Docker image to use. - # - # container-options: Additional Docker command line options. - # - # pre-checkout-setup: Commands to run before the git repo checkout. - # If git is not in the Docker image, it must be installed here. - # Otherwise, the checkout action uses the GitHub REST API, which - # doesn't result in an actual git repo. A real git repo is - # required to checkout the submodules. - # - # extra-packages: Packages to install in addition to those in - # `ci/gh-install.sh`. This can be used to support features from - # additional `configure` options. - # - # configure-options: Options to pass to `configure`. - strategy: - # Let other configurations continue if one fails. - fail-fast: false + - run: sudo apt install clang-format + - name: Test style + run: ./ci/clang-format.sh + # build-integration: + # runs-on: ubuntu-latest + # container: quay.io/coreos-assembler/fcos-buildroot:testing-devel + # steps: + # - uses: actions/checkout@v3 + # - name: Cache Dependencies + # uses: Swatinem/rust-cache@ce325b60658c1b38465c06cc965b79baf32c1e72 + # with: + # key: "integration" + # - name: Build + # run: cd tests/inst && cargo build --verbose --release + # - name: Upload binary + # uses: actions/upload-artifact@v2 + # with: + # name: ostree-test + # path: tests/inst/target/release/ostree-test + # minimal: + # name: "Build - FCOS minimal" + # runs-on: ubuntu-latest + # container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel + # steps: + # - name: Checkout repository + # uses: actions/checkout@v2 + # # https://github.com/actions/checkout/issues/760 + # - name: Mark git checkout as safe + # run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + # - name: Build + # run: | + # env NOCONFIGURE=1 ./autogen.sh && + # ./configure --without-curl --without-soup --disable-gtk-doc --disable-man \ + # --disable-rust --without-libarchive --without-selinux --without-smack \ + # --without-openssl --without-avahi --without-libmount --disable-rofiles-fuse \ + # --without-libsodium && + # make + # build-c: + # name: "Build (Fedora)" + # runs-on: ubuntu-latest + # container: registry.ci.openshift.org/coreos/fcos-buildroot:testing-devel + # steps: + # - name: Checkout repository + # uses: actions/checkout@v3 + # # https://github.com/actions/checkout/issues/760 + # - name: Mark git checkout as safe + # run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + # - name: Build + # run: | + # env NOCONFIGURE=1 ./autogen.sh && + # ./configure --with-curl --with-selinux --with-dracut=yesbutnoconf --with-composefs && + # make -j 4 && make install DESTDIR=$(pwd)/install && tar -c -C install --zstd -f inst.tar.zst . + # - name: Upload binary + # uses: actions/upload-artifact@v2 + # with: + # name: inst.tar.zst + # path: inst.tar.zst + # privtest: + # name: "Privileged testing" + # needs: [build-c, build-integration] + # runs-on: ubuntu-latest + # container: + # image: quay.io/fedora/fedora-coreos:testing-devel + # options: "--privileged --pid=host -v /run/systemd:/run/systemd -v /:/run/host" + # steps: + # - name: Checkout repository + # uses: actions/checkout@v3 + # - name: Download install tree + # uses: actions/download-artifact@v2 + # with: + # name: inst.tar.zst + # - name: Install + # run: tar -C / -xvf inst.tar.zst && rm -f inst.tar.zst + # - name: Download test binary + # uses: actions/download-artifact@v2 + # with: + # name: ostree-test + # - name: Install + # run: install ostree-test /usr/bin + # - name: Setup + # # https://github.com/ostreedev/ostree-rs-ext/issues/417 + # run: mkdir -p /var/tmp + # - name: Integration tests (unit) + # run: ostree-test + # tests: + # # Distro configuration matrix + # # + # # Each build is run in a Docker container specific to the distro. + # # When adding a new distro, handle the dependency installation in + # # `ci/gh-install.sh`. The matrix configuration options are: + # # + # # name: A friendly name to use for the job. + # # + # # image: The Docker image to use. + # # + # # container-options: Additional Docker command line options. + # # + # # pre-checkout-setup: Commands to run before the git repo checkout. + # # If git is not in the Docker image, it must be installed here. + # # Otherwise, the checkout action uses the GitHub REST API, which + # # doesn't result in an actual git repo. A real git repo is + # # required to checkout the submodules. + # # + # # extra-packages: Packages to install in addition to those in + # # `ci/gh-install.sh`. This can be used to support features from + # # additional `configure` options. + # # + # # configure-options: Options to pass to `configure`. + # strategy: + # # Let other configurations continue if one fails. + # fail-fast: false - matrix: - include: - # Debian builds. Currently stable and testing are tested. - # Other options would be stable-backports, oldstable, - # oldstable-backports and unstable. - # - # https://hub.docker.com/_/debian - - name: Debian Stable with sign-ed25519 and FUSE 2 - image: debian:stable-slim - pre-checkout-setup: | - apt-get update - apt-get install -y git - extra-packages: >- - libfuse-dev - libsodium-dev - configure-options: >- - --with-ed25519-libsodium + # matrix: + # include: + # # Debian builds. Currently stable and testing are tested. + # # Other options would be stable-backports, oldstable, + # # oldstable-backports and unstable. + # # + # # https://hub.docker.com/_/debian + # - name: Debian Stable with sign-ed25519 and FUSE 2 + # image: debian:stable-slim + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git + # extra-packages: >- + # libfuse-dev + # libsodium-dev + # configure-options: >- + # --with-ed25519-libsodium - - name: Debian Stable with curl, sign-ed25519, no gpgme, FUSE 3 - image: debian:stable-slim - pre-checkout-setup: | - apt-get update - apt-get install -y git - extra-packages: >- - libfuse3-dev - libsodium-dev - configure-options: >- - --with-curl - --with-ed25519-libsodium - --without-gpgme + # - name: Debian Stable with curl, sign-ed25519, no gpgme, FUSE 3 + # image: debian:stable-slim + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git + # extra-packages: >- + # libfuse3-dev + # libsodium-dev + # configure-options: >- + # --with-curl + # --with-ed25519-libsodium + # --without-gpgme - # A 32 bit build to act as a proxy for frequently deployed 32 - # bit armv7 - - name: Debian Stable 32 bit - image: i386/debian:stable-slim - # This is pretty nasty. The checkout action uses an x86_64 - # node binary in the container, so we need to provide an - # x86_64 ld.so and libstdc++. - pre-checkout-setup: | - dpkg --add-architecture amd64 - apt-get update - apt-get install -y git libc6:amd64 libstdc++6:amd64 + # # A 32 bit build to act as a proxy for frequently deployed 32 + # # bit armv7 + # - name: Debian Stable 32 bit + # image: i386/debian:stable-slim + # # This is pretty nasty. The checkout action uses an x86_64 + # # node binary in the container, so we need to provide an + # # x86_64 ld.so and libstdc++. + # pre-checkout-setup: | + # dpkg --add-architecture amd64 + # apt-get update + # apt-get install -y git libc6:amd64 libstdc++6:amd64 - # A build without libsystemd support, similar to what flatpak-builder does. - - name: Debian Stable without libsystemd - image: debian:stable-slim - pre-checkout-setup: | - apt-get update - apt-get install -y git - configure-options: >- - --without-libsystemd + # # A build without libsystemd support, similar to what flatpak-builder does. + # - name: Debian Stable without libsystemd + # image: debian:stable-slim + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git + # configure-options: >- + # --without-libsystemd - - name: Debian Testing - image: debian:testing-slim - container-options: --security-opt seccomp=unconfined - pre-checkout-setup: | - apt-get update - apt-get install -y git - extra-packages: >- - libssl-dev - configure-options: >- - --with-crypto=openssl + # - name: Debian Testing + # image: debian:testing-slim + # container-options: --security-opt seccomp=unconfined + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git + # extra-packages: >- + # libssl-dev + # configure-options: >- + # --with-crypto=openssl - # A build using libsoup3. After bookworm is released, this can - # be switched to Debian Stable. - - name: Debian Testing with libsoup3 - image: debian:testing-slim - container-options: --security-opt seccomp=unconfined - pre-checkout-setup: | - apt-get update - apt-get install -y git - extra-packages: >- - libsoup-3.0-dev - configure-options: >- - --with-soup3 + # # A build using libsoup3. After bookworm is released, this can + # # be switched to Debian Stable. + # - name: Debian Testing with libsoup3 + # image: debian:testing-slim + # container-options: --security-opt seccomp=unconfined + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git + # extra-packages: >- + # libsoup-3.0-dev + # configure-options: >- + # --with-soup3 - # A build using static prepareorot - - name: Debian stable + static-prepareroot - image: debian:stable-slim - container-options: --security-opt seccomp=unconfined - pre-checkout-setup: | - apt-get update - apt-get install -y git - configure-options: >- - --with-static-compiler="gcc" + # # A build using static prepareorot + # - name: Debian stable + static-prepareroot + # image: debian:stable-slim + # container-options: --security-opt seccomp=unconfined + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git + # configure-options: >- + # --with-static-compiler="gcc" - # Ubuntu builds. Unfortunately, when the latest release is - # also the latest LTS, latest and rolling are the same. Other - # options would be to test the previous LTS by name or to test - # the devel tag, which is the unreleased version. - # - # https://hub.docker.com/_/ubuntu - # For now, this is disabled because its glib version is too old. - # - name: Ubuntu Latest LTS - # image: ubuntu:latest - # pre-checkout-setup: | - # apt-get update - # apt-get install -y git + # # Ubuntu builds. Unfortunately, when the latest release is + # # also the latest LTS, latest and rolling are the same. Other + # # options would be to test the previous LTS by name or to test + # # the devel tag, which is the unreleased version. + # # + # # https://hub.docker.com/_/ubuntu + # # For now, this is disabled because its glib version is too old. + # # - name: Ubuntu Latest LTS + # # image: ubuntu:latest + # # pre-checkout-setup: | + # # apt-get update + # # apt-get install -y git - - name: Ubuntu Latest Release - image: ubuntu:rolling - # FIXME: The ubuntu-latest VMs are currently based on 20.04 - # (focal). In focal, libseccomp2 doesn't know about the - # close_range syscall, but g_spawn_sync in impish tries to - # use close_range since it's defined in glibc. That causes - # libseccomp2 to return EPERM as it does for any unknown - # syscalls. g_spawn_sync carries on silently instead of - # falling back to other means of setting CLOEXEC on open - # FDs. Eventually it causes some tests to hang since once - # side of a pipe is never closed. Remove this when - # libseccomp2 in focal is updated or glib in impish handles - # the EPERM better. - # - # https://github.com/ostreedev/ostree/issues/2495 - # https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436 - container-options: --security-opt seccomp=unconfined - pre-checkout-setup: | - apt-get update - apt-get install -y git + # - name: Ubuntu Latest Release + # image: ubuntu:rolling + # # FIXME: The ubuntu-latest VMs are currently based on 20.04 + # # (focal). In focal, libseccomp2 doesn't know about the + # # close_range syscall, but g_spawn_sync in impish tries to + # # use close_range since it's defined in glibc. That causes + # # libseccomp2 to return EPERM as it does for any unknown + # # syscalls. g_spawn_sync carries on silently instead of + # # falling back to other means of setting CLOEXEC on open + # # FDs. Eventually it causes some tests to hang since once + # # side of a pipe is never closed. Remove this when + # # libseccomp2 in focal is updated or glib in impish handles + # # the EPERM better. + # # + # # https://github.com/ostreedev/ostree/issues/2495 + # # https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1944436 + # container-options: --security-opt seccomp=unconfined + # pre-checkout-setup: | + # apt-get update + # apt-get install -y git - name: ${{ matrix.name }} - runs-on: ubuntu-latest - container: - image: ${{ matrix.image }} - # An empty string isn't valid, so a dummy --label option is always - # added. - options: --label ostree ${{ matrix.container-options }} - # make sure tests are performed on a non-overlayfs filesystem - volumes: - - tmp_dir:/test-tmp - env: - TEST_TMPDIR: /test-tmp + # name: ${{ matrix.name }} + # runs-on: ubuntu-latest + # container: + # image: ${{ matrix.image }} + # # An empty string isn't valid, so a dummy --label option is always + # # added. + # options: --label ostree ${{ matrix.container-options }} + # # make sure tests are performed on a non-overlayfs filesystem + # volumes: + # - tmp_dir:/test-tmp + # env: + # TEST_TMPDIR: /test-tmp - steps: + # steps: - - name: Pre-checkout setup - run: ${{ matrix.pre-checkout-setup }} - if: ${{ matrix.pre-checkout-setup }} + # - name: Pre-checkout setup + # run: ${{ matrix.pre-checkout-setup }} + # if: ${{ matrix.pre-checkout-setup }} - - name: Checkout repository - uses: actions/checkout@v2 - with: - submodules: true + # - name: Checkout repository + # uses: actions/checkout@v2 + # with: + # submodules: true - - name: Install dependencies - run: ./ci/gh-install.sh ${{ matrix.extra-packages }} + # - name: Install dependencies + # run: ./ci/gh-install.sh ${{ matrix.extra-packages }} - - name: Add non-root user - run: "useradd builder && chown -R -h builder: . $TEST_TMPDIR" + # - name: Add non-root user + # run: "useradd builder && chown -R -h builder: . $TEST_TMPDIR" - - name: Build and test - run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }} - env: - # GitHub hosted runners currently have 2 CPUs, so run 2 - # parallel make jobs. - # - # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners - MAKEFLAGS: -j2 + # - name: Build and test + # run: runuser -u builder -- ./ci/gh-build.sh ${{ matrix.configure-options }} + # env: + # # GitHub hosted runners currently have 2 CPUs, so run 2 + # # parallel make jobs. + # # + # # https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners + # MAKEFLAGS: -j2 diff --git a/ci/clang-format.sh b/ci/clang-format.sh new file mode 100755 index 0000000000..5bb3394bbe --- /dev/null +++ b/ci/clang-format.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# Tests that validate structure of the source code; +# can be run without building it. +set -euo pipefail + +clang_ver=$(clang-format --version) +clang_min_ver=15 +version_re=" version ([0-9]+)." +if [[ $clang_ver =~ $version_re ]]; then + if test "${BASH_REMATCH[1]}" -ge "${clang_min_ver}"; then + echo -n "checking clang-format... " + git ls-files '**.c' '**.cxx' '**.h' '**.hpp' | xargs clang-format --Werror --dry-run + echo "ok" + else + echo "notice: clang-format ${clang_ver}" is too old + fi +else + echo "failed to parse clang-format version ${clang_ver}" 1>&2 + exit 1 +fi diff --git a/ci/codestyle.sh b/ci/codestyle.sh index 1db6c1f855..1cf0a23c64 100755 --- a/ci/codestyle.sh +++ b/ci/codestyle.sh @@ -15,24 +15,6 @@ done echo "ok" fi -if command -v clang-format; then - clang_ver=$(clang-format --version) - clang_min_ver=15 - version_re=" version ([0-9]+)." - if [[ $clang_ver =~ $version_re ]]; then - if test "${BASH_REMATCH[1]}" -ge "${clang_min_ver}"; then - echo -n "checking clang-format... " - git ls-files '**.c' '**.cxx' '**.h' '**.hpp' | xargs clang-format --Werror --dry-run - echo "ok" - else - echo "notice: clang-format ${clang_ver}" is too old - fi - else - echo "failed to parse clang-format version ${clang_ver}" 1>&2 - exit 1 - fi -fi - echo -n 'grep-based static analysis... ' patterns=(glnx_fd_close) for pat in "${patterns[@]}"; do diff --git a/src/libostree/ostree-sysroot.c b/src/libostree/ostree-sysroot.c index a25d0b20e1..78741b7526 100644 --- a/src/libostree/ostree-sysroot.c +++ b/src/libostree/ostree-sysroot.c @@ -2239,9 +2239,9 @@ ostree_sysroot_deployment_unlock (OstreeSysroot *self, OstreeDeployment *deploym g_autofree char *devpath = unlocked_state == OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT ? _ostree_sysroot_get_runstate_path ( - deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_DEVELOPMENT) + deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_DEVELOPMENT) : _ostree_sysroot_get_runstate_path ( - deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_TRANSIENT); + deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_TRANSIENT); g_autofree char *devpath_parent = dirname (g_strdup (devpath)); if (!glnx_shutil_mkdir_p_at (AT_FDCWD, devpath_parent, 0755, cancellable, error))