In some cases we want to replace with zero size, and `posix_fallocate()`
is documented to return `EINVAL` in this case.
Making this change since I noticed it elsewhere.
A wild sordid tale of substractions and unsigned integers leads this
team of variables down a loonng path...
Reported-by: Gatis Paeglis <gatis.paeglis@qt.io>
This is kind of an ABI change but it's for the better I think; on
error we consistently clean up the temp file.
This is obviously necessary without `O_TMPFILE`. With it, we still
need an error cleanup in the case where we're trying to replace an
existing file. I noticed this in ostree's `tests/test-refs.sh` which
intentionally tries to rename a file over a directory path.
While auditing this code to figure out why ostree's
`tests/test-refs.sh` was failing, while the bug turned out to be
different, I noticed that in the case where `dfd != target_dfd`, we
failed to do the right `renameat()`. (No code I'm aware of does this
now).
We had a bug previously where we failed to clean up a temporary file
in an error path. This is a classic case where the new `O_TMPFILE`
API in Linux is nicer.
To implement this, as usual we start with some original bits from
systemd. But in this case I ended up having to heavily modify it
because systemd doesn't support "link into place and overwrite". They
don't actually use their tempfile code much at all in fact - as far as
I can tell, just in the coredump code.
Whereas in many apps, ostree included, a very common use case is
atomically updating an existing file, which is
`glnx_file_replace_contents_at()`, including subtleties like doing an
`fdatasync()` if the file already existed.
Implementing this then is slightly weird since we need to link() the
file into place, then rename() after.
It's still better though because if we e.g. hit `ENOSPC` halfway
through, we'll clean up the file automatically.
We still do keep the mode where we error out if the file exists.
Finally, the ostree core though does have a more unusual case where we
want to ignore EEXIST (allow concurrent object writers), so add
support for that now.
Note: One really confusing bug I had here was that `O_TMPFILE` ignores
the provided mode, and this caused ostree to write refs that weren't
world readable.
Rework things so we always call `fchmod()`, but as a consequence we're
no longer honoring umask in the default case. I doubt anyone will
care, and if they do we should probably fix ostree to consistently use
a mode inherited from the repo or something.
We noticed the temp files being left over in ostree when (mistakenly)
trying to replace the contents of a subpath that wasn't a directory.
In the future we should look at the systemd code using `O_TMPFILE`
here.
Padding in the percentage case was useless (and actually didn't work
properly) since all the real estate is taken up by the text and the bar.
We only need padding in the text case, in case the new string is
shorter.
For rpm-ostree's use we always run in a new root, so we don't want to
inherit the host system's PATH. For example, NixOS uses PATH for its
software namespacing, but one could be using rpm-ostree to build
CentOS commits.
We're ignoring the result from the close, but it can still affect
errno, which is bad if you use this in functions that sets
errno, because errno can unexpectedly change after you've set it.
It's quite common to iterate over a directory recursively, only caring
about the file type, but not other bits returned by `stat()`.
Good file systems fill in `dt_type`, but not all do. This function
papers over that in userspace conveniently.
rpm-ostree is going through some awkwardness trying to
support being run both inside and outside of a container.
For now, let's drop all recursive container usage. There is still
some value in readding this in the future - for example, downloading
packages requires networking, but `%post` scripts do not. But we
should really solve that when we return to running unprivileged or the
like.
In Fedora rawhide, dracut switched from `/usr/sbin` to `/usr/bin`,
which broke rpm-ostree's hardcoding of the path.
There was no real reason to hardcode it (assume our `$PATH` is sane
and secure), so in order to help support that, this change in libglnx
will automatically search $PATH if the input is not absolute.
(This is a sane default for a process spawning library IMO)
It can be used without initialization if condition causing a "goto
error" fails before buf is initialized.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There are some cases where we want to copy with just a filename,
so let's be convenient in that case and do stat for the caller.
This will be used by an ostree commit.
