Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-03-05 | importd: add new bus calls for importing local tar and raw images | Lennart Poettering | |
This also adds "machinectl import-raw" and "machinectl import-tar" to wrap these new bus calls. THe commands basically do for local files that "machinectl pull-raw" and friends do for remote files. | |||
2015-03-05 | pull: improve --help text | Lennart Poettering | |
2015-03-05 | import: split out compression logic, so that we can share it with between ↵ | Lennart Poettering | |
import and pull calls | |||
2015-03-05 | import: rename download code from "import" to "pull" | Lennart Poettering | |
That way we can call the code for local container/VM imports "import" without confusion. | |||
2015-03-03 | importd: automatically grow /var/lib/machines/ loopback filesystem during ↵ | Lennart Poettering | |
downloads If /var/lib/machines is mounted as btrfs loopback file system in /var/lib/machines.raw with this change we automatically grow the file system as it fills up. After each 10M we write to it during imports, we check the free disk space, and if the fill level grows beyond 66% we increase the size of the file system to 3x the fill level (thus lowering it to 33%). | |||
2015-03-02 | import: add support for gpg2 for verifying imported images | Lennart Poettering | |
gpg2 insists on created a trust db even if we tun off all trust db support. Hence create a temporary home where the trust db is placed, and remove it after use. | |||
2015-03-02 | machined: also set up /var/lib/machines as btrfs, if "machinectl set-limit" ↵ | Lennart Poettering | |
is called | |||
2015-03-02 | importd: split out setup logic for /var/lib/machines into its own API file | Lennart Poettering | |
2015-02-24 | importd: enable btrfs quota in /var/lib/machines, if necessary | Lennart Poettering | |
2015-02-24 | importd: create a loopback btrfs file system for /var/lib/machines, if necessary | Lennart Poettering | |
When manipulating container and VM images we need efficient and atomic directory snapshots and file copies, as well as disk quota. btrfs provides this, legacy file systems do not. Hence, implicitly create a loopback file system in /var/lib/machines.raw and mount it to /var/lib/machines, if that directory is not on btrfs anyway. This is done implicitly and transparently the first time the user invokes "machinectl import-xyz". This allows us to take benefit of btrfs features for container management without actually having the rest of the system use btrfs. The loopback is sized 500M initially. Patches to grow it dynamically are to follow. | |||
2015-02-24 | import: print nice warning if we need btrfs but /var/lib/machines is not btrfs | Lennart Poettering | |
2015-02-18 | shared: introduce cmsg_close_all() call | Lennart Poettering | |
The call iterates through cmsg list and closes all fds passed via SCM_RIGHTS. This patch also ensures the call is used wherever appropriate, where we might get spurious fds sent and we should better close them, then leave them lying around. | |||
2015-02-18 | logind: open up most bus calls for unpriviliged processes, using PolicyKit | Lennart Poettering | |
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK. | |||
2015-02-17 | import: remove unused variable | Thomas Hindoe Paaboel Andersen | |
2015-02-05 | networkd: exit on idle | Tom Gundersen | |
We will be woken up on rtnl or dbus activity, so let's just quit if some time has passed and that is the only thing that can happen. Note that we will always stay around if we expect network activity (e.g. DHCP is enabled), as we are not restarted on that. | |||
2015-02-03 | util: rework strappenda(), and rename it strjoina() | Lennart Poettering | |
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary. | |||
2015-01-26 | treewide: fix multiple typos | Torstein Husebø | |
2015-01-23 | #pragma once here and there | Zbigniew Jędrzejewski-Szmek | |
2015-01-23 | importd: when listing transfers, show progress percentage | Lennart Poettering | |
With this change the pull protocol implementation processes will pass progress data to importd which then passes this information on via the bus. We use sd_notify() as generic transport for this communication, making importd listen to them, while matching the incoming messages to the right transfer. | |||
2015-01-23 | importd: fix bus policy | Lennart Poettering | |
2015-01-23 | import: we need CAP_DAC_OVERRIDE for untarring systems after all | Lennart Poettering | |
2015-01-22 | import: lock tar into its own private network namespace | Lennart Poettering | |
That way it cannot get access to the network | |||
2015-01-22 | import: drop all capabilities when invoking tar | Lennart Poettering | |
2015-01-22 | import: only define the _to_string() enum mapping function, thus making gcc ↵ | Lennart Poettering | |
shut up | |||
2015-01-22 | import: now that the worker binary is called "systemd-pull" we can shorten ↵ | Lennart Poettering | |
the verbs Atfer all "systemd-pull pull-tar" is unnecessarily redundant, over "systemd-pull tar"... | |||
2015-01-22 | importd: try to minimize confusion by renaming "systemd-import" binary to ↵ | Lennart Poettering | |
"systemd-pull" This way "systemd-importd" is the daemon that uses "systemd-pull" as backend worker. | |||
2015-01-22 | importd: minor log improvements | Lennart Poettering | |
2015-01-22 | import: make the user verficiation keyring override the vendor keyring, ↵ | Lennart Poettering | |
instead of extending it This way the user has the ability to remove keys from the vendor-supplied keyring if he intends so. | |||
2015-01-22 | import: rename --verify=sum to --verify=checksum | Lennart Poettering | |
This is how we call it internally, and also a bit more descriptive. | |||
2015-01-22 | import: introduce new mini-daemon systemd-importd, and make machinectl a ↵ | Lennart Poettering | |
client to it The old "systemd-import" binary is now an internal tool. We still use it as asynchronous backend for systemd-importd. Since the import tool might require some IO and CPU resources (due to qcow2 explosion, and decompression), and because we might want to run it with more minimal priviliges we still keep it around as the worker binary to execute as child process of importd. machinectl now has verbs for pulling down images, cancelling them and listing them. | |||
2015-01-22 | impot: minor cleanups | Lennart Poettering | |
2015-01-21 | import: simplify dkr importer, by making use of generic import-job logic, ↵ | Lennart Poettering | |
used by the raw and tar importers This gets us progress output as well xz/bzip2 support. | |||
2015-01-21 | import: minor cleanups for the tar and raw importers | Lennart Poettering | |
2015-01-21 | import: support downloading bzip2-encoded images | Lennart Poettering | |
This way, we can import CoreOS images unmodified. | |||
2015-01-21 | import: also add verification support to tar importer | Lennart Poettering | |
2015-01-21 | import: make verification code generic, in preparation for using it pull-tar | Lennart Poettering | |
2015-01-21 | import: improve logging | Lennart Poettering | |
2015-01-21 | import: show download speed while downloading | Lennart Poettering | |
2015-01-21 | import: add image verification using gpg | Lennart Poettering | |
This also adds an initial keyring for the verification, that contains Ubuntu's and Fedora's key. We should probably add more entries sooner or later. | |||
2015-01-20 | import: add a couple of additional suffixes to remove from raw images | Lennart Poettering | |
2015-01-20 | import: make image verification optional | Lennart Poettering | |
2015-01-20 | import: add a simple scheme for validating the SHA256 sums of downloaded raw ↵ | Lennart Poettering | |
files | |||
2015-01-20 | import: be less aggressive when allocating memory for downloaded payload | Lennart Poettering | |
2015-01-20 | import: improve logging a bit | Lennart Poettering | |
2015-01-20 | import: port pull-raw to helper tools implemented for pull-tar | Lennart Poettering | |
This allows us to reuse a lot more code, and simplify pull-raw drastically. | |||
2015-01-20 | import: add support for pulling raw tar balls as containers | Lennart Poettering | |
Ubuntu provides their cloud images optionally as tarball, hence also support downloading those. | |||
2015-01-20 | util: make http url validity checks more generic, and move them to util.c | Lennart Poettering | |
2015-01-19 | import: clarify when we are unpacking the qcow2 device | Lennart Poettering | |
2015-01-19 | import: make sure don't leak the LZMA context | Lennart Poettering | |
2015-01-19 | qcow2: when dissecting qcow2, use btrfs clone ioctls for reflinking blocks ↵ | Lennart Poettering | |
to target |