-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fsck fails after ostree commit for bare-user-only repo #2410
Comments
Thanks for the report. I think this due to the fact that a I'm not sure what's the proper fix here, as the committed object does not seem to retain enough metadata to reconstruct the original input (and thus match the hash). At the same time we could check the file-content checksum only, but I feat that such information is not recorded either (I haven't seen it so far). As a temporary workaround, you can commit with |
The root problem here is that on SELinux systems, we will get a I think ultimately for |
The issue is not limited to xattrs; while I was looking into this, I spot possibly mismatched uid/gid in the picture too. Is there a content-only checksum that can be used here instead? I'm inclined to say no as I haven't seen it in the committed metadata, but I may be wrong. |
You're right, uid/gid will be whatever the repo creating process chooses for bare-user-only. There's no content-only checksum. Another way to look at this is ostree was really designed to target the "host OS update" case, hence uid/gid/xattrs. I think the generalization then is to teach the core to return uid/gid |
Wouldn't the simplest thing be to just add in |
I was thinking about this a little while ago while working my ostree fuse project. I wonder if it would make sense to have an additional store/cache for data where hard-linking doesn't make sense. That way we could store file meta separately from the file objects. Graph traversals could be a lot faster as we wouldn't need to be calling I described one such design here: #2338 (comment) . An alternative might be a SQLite or LMDB database which would make writes much faster (and handle fsync safety for us) at the cost of an additional dependency. |
While looking into this, I discovered that checksums/checkouts are broken in a symmetrical way and need API fixes: #2415 |
@lucab Yes, I can confirm that it's fixed in |
Followup to PRs related to ostreedev#2410 Since the test suite now covers this the test was failing on a Fedora SELinux enabled host where we see `security.selinux` even if not in the commit.
Followup to PRs related to ostreedev#2410 Since the test suite now covers this the test was failing on a Fedora SELinux enabled host where we see `security.selinux` even if not in the commit.
Files committed with
ostree commit
into a bare-user-only repo [0] are found corrupted when checked withostree fsck
although the files are fine (SHA256 sum is valid after checkout):How to reproduce
ostree fsck
validates Flatpak repos (bare-user-only according to the config) without issues.On Arch Linux (without SELinux), the
ostree checksum
on the object files returns the expected checksum (just as in Flatpak repos):System
The behavior is reproducible on Fedora 33 (2021.2, SELinux enforcing) & Arch Linux (2021.3), with and without
--no-xattrs
:[0]: The same issue occurs on Fedora with a bare repository when committed with
--no-xattrs
.The text was updated successfully, but these errors were encountered: