summaryrefslogtreecommitdiff
path: root/src/import
AgeCommit message (Collapse)Author
2015-03-05importd: add new bus calls for importing local tar and raw imagesLennart Poettering
This also adds "machinectl import-raw" and "machinectl import-tar" to wrap these new bus calls. THe commands basically do for local files that "machinectl pull-raw" and friends do for remote files.
2015-03-05pull: improve --help textLennart Poettering
2015-03-05import: split out compression logic, so that we can share it with between ↵Lennart Poettering
import and pull calls
2015-03-05import: rename download code from "import" to "pull"Lennart Poettering
That way we can call the code for local container/VM imports "import" without confusion.
2015-03-03importd: automatically grow /var/lib/machines/ loopback filesystem during ↵Lennart Poettering
downloads If /var/lib/machines is mounted as btrfs loopback file system in /var/lib/machines.raw with this change we automatically grow the file system as it fills up. After each 10M we write to it during imports, we check the free disk space, and if the fill level grows beyond 66% we increase the size of the file system to 3x the fill level (thus lowering it to 33%).
2015-03-02import: add support for gpg2 for verifying imported imagesLennart Poettering
gpg2 insists on created a trust db even if we tun off all trust db support. Hence create a temporary home where the trust db is placed, and remove it after use.
2015-03-02machined: also set up /var/lib/machines as btrfs, if "machinectl set-limit" ↵Lennart Poettering
is called
2015-03-02importd: split out setup logic for /var/lib/machines into its own API fileLennart Poettering
2015-02-24importd: enable btrfs quota in /var/lib/machines, if necessaryLennart Poettering
2015-02-24importd: create a loopback btrfs file system for /var/lib/machines, if necessaryLennart Poettering
When manipulating container and VM images we need efficient and atomic directory snapshots and file copies, as well as disk quota. btrfs provides this, legacy file systems do not. Hence, implicitly create a loopback file system in /var/lib/machines.raw and mount it to /var/lib/machines, if that directory is not on btrfs anyway. This is done implicitly and transparently the first time the user invokes "machinectl import-xyz". This allows us to take benefit of btrfs features for container management without actually having the rest of the system use btrfs. The loopback is sized 500M initially. Patches to grow it dynamically are to follow.
2015-02-24import: print nice warning if we need btrfs but /var/lib/machines is not btrfsLennart Poettering
2015-02-18shared: introduce cmsg_close_all() callLennart Poettering
The call iterates through cmsg list and closes all fds passed via SCM_RIGHTS. This patch also ensures the call is used wherever appropriate, where we might get spurious fds sent and we should better close them, then leave them lying around.
2015-02-18logind: open up most bus calls for unpriviliged processes, using PolicyKitLennart Poettering
Also, allow clients to alter their own objects without any further priviliges. i.e. this allows clients to kill and lock their own sessions without involving PK.
2015-02-17import: remove unused variableThomas Hindoe Paaboel Andersen
2015-02-05networkd: exit on idleTom Gundersen
We will be woken up on rtnl or dbus activity, so let's just quit if some time has passed and that is the only thing that can happen. Note that we will always stay around if we expect network activity (e.g. DHCP is enabled), as we are not restarted on that.
2015-02-03util: rework strappenda(), and rename it strjoina()Lennart Poettering
After all it is now much more like strjoin() than strappend(). At the same time, add support for NULL sentinels, even if they are normally not necessary.
2015-01-26treewide: fix multiple typosTorstein Husebø
2015-01-23#pragma once here and thereZbigniew Jędrzejewski-Szmek
2015-01-23importd: when listing transfers, show progress percentageLennart Poettering
With this change the pull protocol implementation processes will pass progress data to importd which then passes this information on via the bus. We use sd_notify() as generic transport for this communication, making importd listen to them, while matching the incoming messages to the right transfer.
2015-01-23importd: fix bus policyLennart Poettering
2015-01-23import: we need CAP_DAC_OVERRIDE for untarring systems after allLennart Poettering
2015-01-22import: lock tar into its own private network namespaceLennart Poettering
That way it cannot get access to the network
2015-01-22import: drop all capabilities when invoking tarLennart Poettering
2015-01-22import: only define the _to_string() enum mapping function, thus making gcc ↵Lennart Poettering
shut up
2015-01-22import: now that the worker binary is called "systemd-pull" we can shorten ↵Lennart Poettering
the verbs Atfer all "systemd-pull pull-tar" is unnecessarily redundant, over "systemd-pull tar"...
2015-01-22importd: try to minimize confusion by renaming "systemd-import" binary to ↵Lennart Poettering
"systemd-pull" This way "systemd-importd" is the daemon that uses "systemd-pull" as backend worker.
2015-01-22importd: minor log improvementsLennart Poettering
2015-01-22import: make the user verficiation keyring override the vendor keyring, ↵Lennart Poettering
instead of extending it This way the user has the ability to remove keys from the vendor-supplied keyring if he intends so.
2015-01-22import: rename --verify=sum to --verify=checksumLennart Poettering
This is how we call it internally, and also a bit more descriptive.
2015-01-22import: introduce new mini-daemon systemd-importd, and make machinectl a ↵Lennart Poettering
client to it The old "systemd-import" binary is now an internal tool. We still use it as asynchronous backend for systemd-importd. Since the import tool might require some IO and CPU resources (due to qcow2 explosion, and decompression), and because we might want to run it with more minimal priviliges we still keep it around as the worker binary to execute as child process of importd. machinectl now has verbs for pulling down images, cancelling them and listing them.
2015-01-22impot: minor cleanupsLennart Poettering
2015-01-21import: simplify dkr importer, by making use of generic import-job logic, ↵Lennart Poettering
used by the raw and tar importers This gets us progress output as well xz/bzip2 support.
2015-01-21import: minor cleanups for the tar and raw importersLennart Poettering
2015-01-21import: support downloading bzip2-encoded imagesLennart Poettering
This way, we can import CoreOS images unmodified.
2015-01-21import: also add verification support to tar importerLennart Poettering
2015-01-21import: make verification code generic, in preparation for using it pull-tarLennart Poettering
2015-01-21import: improve loggingLennart Poettering
2015-01-21import: show download speed while downloadingLennart Poettering
2015-01-21import: add image verification using gpgLennart Poettering
This also adds an initial keyring for the verification, that contains Ubuntu's and Fedora's key. We should probably add more entries sooner or later.
2015-01-20import: add a couple of additional suffixes to remove from raw imagesLennart Poettering
2015-01-20import: make image verification optionalLennart Poettering
2015-01-20import: add a simple scheme for validating the SHA256 sums of downloaded raw ↵Lennart Poettering
files
2015-01-20import: be less aggressive when allocating memory for downloaded payloadLennart Poettering
2015-01-20import: improve logging a bitLennart Poettering
2015-01-20import: port pull-raw to helper tools implemented for pull-tarLennart Poettering
This allows us to reuse a lot more code, and simplify pull-raw drastically.
2015-01-20import: add support for pulling raw tar balls as containersLennart Poettering
Ubuntu provides their cloud images optionally as tarball, hence also support downloading those.
2015-01-20util: make http url validity checks more generic, and move them to util.cLennart Poettering
2015-01-19import: clarify when we are unpacking the qcow2 deviceLennart Poettering
2015-01-19import: make sure don't leak the LZMA contextLennart Poettering
2015-01-19qcow2: when dissecting qcow2, use btrfs clone ioctls for reflinking blocks ↵Lennart Poettering
to target