[systemd-commits] 4 commits - TODO man/machinectl.xml src/import src/machine src/shared
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Mar 2 11:25:37 PST 2015
TODO | 2 -
man/machinectl.xml | 45 +++++++++++++++++++++++++++++++++++---------
src/import/import-common.c | 21 +++++++++++++++++---
src/import/importd.c | 4 +--
src/machine/machined-dbus.c | 6 +++++
src/shared/machine-pool.c | 14 +++++++++----
src/shared/machine-pool.h | 2 -
7 files changed, 73 insertions(+), 21 deletions(-)
New commits:
commit c98a38ba0bbb7d64a9f4237157f2a08bb85615f6
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 2 20:25:32 2015 +0100
update TODO
diff --git a/TODO b/TODO
index 74a0602..e8e4800 100644
--- a/TODO
+++ b/TODO
@@ -34,8 +34,6 @@ External:
Features:
-* gpg2 compat
-
* When logging about multiple units (stopping BoundTo units, conflicts, etc.),
log both units as UNIT=, so that journalctl -u triggers on both.
commit 0acfdffe9417b4218e97b6d981c99a1a85e633c9
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 2 20:24:11 2015 +0100
import: add support for gpg2 for verifying imported images
gpg2 insists on created a trust db even if we tun off all trust db
support. Hence create a temporary home where the trust db is placed, and
remove it after use.
diff --git a/src/import/import-common.c b/src/import/import-common.c
index 2acf380..f10a453 100644
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -281,8 +281,9 @@ int import_verify(
_cleanup_free_ char *fn = NULL;
_cleanup_close_ int sig_file = -1;
const char *p, *line;
- char sig_file_path[] = "/tmp/sigXXXXXX";
+ char sig_file_path[] = "/tmp/sigXXXXXX", gpg_home[] = "/tmp/gpghomeXXXXXX";
_cleanup_sigkill_wait_ pid_t pid = 0;
+ bool gpg_home_created = false;
int r;
assert(main_job);
@@ -347,6 +348,13 @@ int import_verify(
goto finish;
}
+ if (!mkdtemp(gpg_home)) {
+ r = log_error_errno(errno, "Failed to create tempory home for gpg: %m");
+ goto finish;
+ }
+
+ gpg_home_created = true;
+
pid = fork();
if (pid < 0)
return log_error_errno(errno, "Failed to fork off gpg: %m");
@@ -359,13 +367,14 @@ int import_verify(
"--no-auto-check-trustdb",
"--batch",
"--trust-model=always",
- NULL, /* keyring to use */
+ NULL, /* --homedir= */
+ NULL, /* --keyring= */
NULL, /* --verify */
NULL, /* signature file */
NULL, /* dash */
NULL /* trailing NULL */
};
- unsigned k = ELEMENTSOF(cmd) - 5;
+ unsigned k = ELEMENTSOF(cmd) - 6;
int null_fd;
/* Child */
@@ -398,6 +407,8 @@ int import_verify(
if (null_fd != STDOUT_FILENO)
null_fd = safe_close(null_fd);
+ cmd[k++] = strjoina("--homedir=", gpg_home);
+
/* We add the user keyring only to the command line
* arguments, if it's around since gpg fails
* otherwise. */
@@ -415,6 +426,7 @@ int import_verify(
fd_cloexec(STDOUT_FILENO, false);
fd_cloexec(STDERR_FILENO, false);
+ execvp("gpg2", (char * const *) cmd);
execvp("gpg", (char * const *) cmd);
log_error_errno(errno, "Failed to execute gpg: %m");
_exit(EXIT_FAILURE);
@@ -446,6 +458,9 @@ finish:
if (sig_file >= 0)
unlink(sig_file_path);
+ if (gpg_home_created)
+ rm_rf_dangerous(gpg_home, false, true, false);
+
return r;
}
commit 7de304525deafe4eb86060321e39787138dbbadf
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 2 19:35:50 2015 +0100
man: document that machinectl set-limit creates a btrfs loopback too
diff --git a/man/machinectl.xml b/man/machinectl.xml
index b50f03f..55bb694 100644
--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@@ -508,16 +508,32 @@
<term><command>set-limit</command> [<replaceable>NAME</replaceable>] <replaceable>BYTES</replaceable></term>
<listitem><para>Sets the maximum size in bytes a specific
- container or VM image, or all images may grow up to
- (quota). Takes either one or two parameters. The first,
+ container or VM image, or all images may grow up to on disk
+ (disk quota). Takes either one or two parameters. The first,
optional parameter refers to a container or VM image name. If
- specified the size limit of the specified images is
- changed. If omitted the overall size limit of the sum of all
- images stored locally is changed. The final argument specifies
- the size limit in bytes, possibly suffixed by the usual K, M,
- G, T units. If the size limit shall be disabled, specify
- <literal>-</literal> as size. This operation is currently only
- supported on btrfs subvolume images.</para></listitem>
+ specified the size limit of the specified image is changed. If
+ omitted the overall size limit of the sum of all images stored
+ locally is changed. The final argument specifies the size
+ limit in bytes, possibly suffixed by the usual K, M, G, T
+ units. If the size limit shall be disabled, specify
+ <literal>-</literal> as size.</para>
+
+ <para>Note that per-container size limits are only supported
+ on btrfs file systems. Also note that if
+ <command>set-limit</command> is invoked without image
+ parameter, and <filename>/var/lib/machines</filename> is
+ empty, and the directory is not located on btrfs, a btrfs
+ loopback file is implicitly created as
+ <filename>/var/lib/machines.raw</filename> with the given
+ size, and mounted to
+ <filename>/var/lib/machines</filename>. The size of the
+ loopback may later be readjusted with
+ <command>set-limit</command>, as well. If such a
+ loopback-mounted <filename>/var/lib/machines</filename>
+ directory is used <command>set-limit</command> without image
+ name alters both the quota setting within the file system as
+ well as the loopback file and file system size
+ itself.</para></listitem>
</varlistentry>
</variablelist></refsect2>
@@ -686,6 +702,17 @@
<filename>/var/lib/machines/</filename> to make them available for
control with <command>machinectl</command>.</para>
+ <para>Note that many image operations are only supported,
+ efficient or atomic on btrfs file systems. Due to this, if the
+ <command>pull-tar</command>, <command>pull-raw</command>,
+ <command>pull-dkr</command> and <command>set-limit</command>
+ commands notice that <filename>/var/lib/machines</filename> is
+ empty and not located on btrfs, they will implicitly set up a
+ loopback file <filename>/var/lib/machines.raw</filename>
+ containing a btrfs file system that is mounted to
+ <filename>/var/lib/machines</filename>. The size of this loopback
+ file may be controlled dynamically with <command>set-limit</command>.</para>
+
<para>Disk images are understood by
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and <command>machinectl</command> in three formats:</para>
commit 4cee5eede280b7fd48c18a1942616c4ac896a554
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Mar 2 19:21:04 2015 +0100
machined: also set up /var/lib/machines as btrfs, if "machinectl set-limit" is called
diff --git a/src/import/importd.c b/src/import/importd.c
index a6447e1..8a6a8c8 100644
--- a/src/import/importd.c
+++ b/src/import/importd.c
@@ -689,7 +689,7 @@ static int method_pull_tar_or_raw(sd_bus *bus, sd_bus_message *msg, void *userda
if (v < 0)
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unknown verification mode %s", verify);
- r = setup_machine_directory(error);
+ r = setup_machine_directory((uint64_t) -1, error);
if (r < 0)
return r;
@@ -784,7 +784,7 @@ static int method_pull_dkr(sd_bus *bus, sd_bus_message *msg, void *userdata, sd_
if (v != IMPORT_VERIFY_NO)
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "DKR does not support verification.");
- r = setup_machine_directory(error);
+ r = setup_machine_directory((uint64_t) -1, error);
if (r < 0)
return r;
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 0b57a62..5ab40b0 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -31,6 +31,7 @@
#include "cgroup-util.h"
#include "btrfs-util.h"
#include "machine-image.h"
+#include "machine-pool.h"
#include "image-dbus.h"
#include "machined.h"
#include "machine-dbus.h"
@@ -799,6 +800,11 @@ static int method_set_pool_limit(sd_bus *bus, sd_bus_message *message, void *use
if (r == 0)
return 1; /* Will call us back */
+ /* Set up the machine directory if necessary */
+ r = setup_machine_directory(limit, error);
+ if (r < 0)
+ return r;
+
r = btrfs_resize_loopback("/var/lib/machines", limit);
if (r < 0 && r != -ENODEV)
return sd_bus_error_set_errnof(error, r, "Failed to adjust loopback limit: %m");
diff --git a/src/shared/machine-pool.c b/src/shared/machine-pool.c
index 7b17395..b74252d 100644
--- a/src/shared/machine-pool.c
+++ b/src/shared/machine-pool.c
@@ -47,7 +47,7 @@ static int check_btrfs(void) {
return F_TYPE_EQUAL(sfs.f_type, BTRFS_SUPER_MAGIC);
}
-static int setup_machine_raw(sd_bus_error *error) {
+static int setup_machine_raw(uint64_t size, sd_bus_error *error) {
_cleanup_free_ char *tmp = NULL;
_cleanup_close_ int fd = -1;
struct statvfs ss;
@@ -91,7 +91,7 @@ static int setup_machine_raw(sd_bus_error *error) {
goto fail;
}
- if (ftruncate(fd, VAR_LIB_MACHINES_SIZE_START) < 0) {
+ if (ftruncate(fd, size) < 0) {
r = sd_bus_error_set_errnof(error, errno, "Failed to enlarge /var/lib/machines.raw: %m");
goto fail;
}
@@ -160,7 +160,7 @@ fail:
return r;
}
-int setup_machine_directory(sd_bus_error *error) {
+int setup_machine_directory(uint64_t size, sd_bus_error *error) {
_cleanup_release_lock_file_ LockFile lock_file = LOCK_FILE_INIT;
struct loop_info64 info = {
.lo_flags = LO_FLAGS_AUTOCLEAR,
@@ -171,6 +171,12 @@ int setup_machine_directory(sd_bus_error *error) {
bool tmpdir_made = false, mntdir_made = false, mntdir_mounted = false;
int r, nr = -1;
+ /* btrfs cannot handle file systems < 16M, hence use this as minimum */
+ if (size == (uint64_t) -1)
+ size = VAR_LIB_MACHINES_SIZE_START;
+ else if (size < 16*1024*1024)
+ size = 16*1024*1024;
+
/* Make sure we only set the directory up once at a time */
r = make_lock_file("/run/systemd/machines.lock", LOCK_EX, &lock_file);
if (r < 0)
@@ -193,7 +199,7 @@ int setup_machine_directory(sd_bus_error *error) {
dir_is_empty("/var/lib/machines") == 0)
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "/var/lib/machines is not a btrfs file system. Operation is not supported on legacy file systems.");
- fd = setup_machine_raw(error);
+ fd = setup_machine_raw(size, error);
if (fd < 0)
return fd;
diff --git a/src/shared/machine-pool.h b/src/shared/machine-pool.h
index 5f7bc28..9c9849f 100644
--- a/src/shared/machine-pool.h
+++ b/src/shared/machine-pool.h
@@ -23,4 +23,4 @@
#include "sd-bus.h"
-int setup_machine_directory(sd_bus_error *error);
+int setup_machine_directory(uint64_t size, sd_bus_error *error);
More information about the systemd-commits
mailing list