main: Move ostree-container to pkglibdir, also expose `ostree ima-s…

…ign` Quite a while ago we merged ostreedev/ostree#2515 but I forgot to follow up here to make use of it once the ostree release had been done. It's cleaner to avoid the "namespace pollution" of having `/usr/bin/ostree-container`; instead it is canonically `ostree container`. Next, we have code in ostree-ext for IMA signing. The CLI wrapping code here is fully generic already, rename it to make that clearer, and add the `ostree-ima-sign` case.
coreos · Apr 20, 2022 · 535c780 · 535c780
1 parent 691e7cf
commit 535c780
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 8 deletions.
diff --git a/Makefile-rpm-ostree.am b/Makefile-rpm-ostree.am
@@ -135,11 +135,15 @@ librpmostreecxxrs_la_CXXFLAGS = $(AM_CXXFLAGS) $(SANITIZER_FLAGS) $(rpmostree_co
 librpmostreecxxrs_la_LIBADD = -lstdc++
 BUILT_SOURCES += $(binding_generated_sources)
 
+ostreeextdir = $(DESTDIR)$(libexecdir)/libostree/ext
+
 # And install our binary
 install-rpmostree-hook:
 	install -d -m 0755 $(DESTDIR)$(bindir)
 	install -m 0755 -t $(DESTDIR)$(bindir) rpm-ostree
-	ln -Tsr -f $(DESTDIR)$(bindir)/rpm-ostree $(DESTDIR)$(bindir)/ostree-container
+	install -d -m 0755 $(ostreeextdir)
+	ln -Tsr -f $(DESTDIR)$(bindir)/rpm-ostree $(ostreeextdir)/ostree-ima-sign 
+	ln -Tsr -f $(DESTDIR)$(bindir)/rpm-ostree $(ostreeextdir)/ostree-container
 INSTALL_EXEC_HOOKS += install-rpmostree-hook
 
 # Wraps `cargo test`.  This is always a debug non-release build;

diff --git a/packaging/rpm-ostree.spec.in b/packaging/rpm-ostree.spec.in
@@ -212,6 +212,7 @@ $PYTHON autofiles.py > files \
   '%{_sysconfdir}/rpm-ostreed.conf' \
   '%{_prefix}/lib/systemd/system/*' \
   '%{_libexecdir}/rpm-ostree*' \
+  '%{_libexecdir}/libostree/ext/*' \
   '%{_datadir}/polkit-1/actions/*.policy' \
   '%{_datadir}/dbus-1/system-services/*' \
   '%{_datadir}/bash-completion/completions/*'

diff --git a/rust/src/main.rs b/rust/src/main.rs
@@ -73,16 +73,16 @@ async fn inner_async_main(args: Vec<String>) -> Result<i32> {
     .await?
 }
 
-/// Multicall entrypoint for `ostree-container`.
-async fn multicall_ostree_container(args: Vec<String>) -> Result<i32> {
+/// Invoke the ostree-ext CLI code.
+async fn dispatch_ostree_ext(args: Vec<String>) -> Result<i32> {
     ostree_ext::cli::run_from_iter(args).await?;
     Ok(0)
 }
 
 /// Dispatch multicall binary to relevant logic, based on callname from `argv[0]`.
 async fn dispatch_multicall(callname: String, args: Vec<String>) -> Result<i32> {
     match callname.as_str() {
-        "ostree-container" => multicall_ostree_container(args).await,
+        "ostree-container" | "ostree-ima-sign" => dispatch_ostree_ext(args).await,
         _ => inner_async_main(args).await, // implicitly includes "rpm-ostree"
     }
 }

diff --git a/tests/kolainst/nondestructive/misc.sh b/tests/kolainst/nondestructive/misc.sh
@@ -6,13 +6,16 @@ cd $(mktemp -d)
 
 # Ensure multicall is correctly set up and working.
 R_O_DIGEST=$(sha512sum $(which rpm-ostree) | cut -d' ' -f1)
-O_C_DIGEST=$(sha512sum $(which ostree-container) | cut -d' ' -f1)
+O_C_DIGEST=$(sha512sum $(which /usr/libexec/libostree/ext/ostree-container) | cut -d' ' -f1)
 if test "${R_O_DIGEST}" != "${O_C_DIGEST}" ; then
     assert_not_reached "rpm-ostree and ostree-container are not the same binary"
 fi
-ostree-container container --help > cli_help.txt
-assert_file_has_content_literal cli_help.txt 'ostree-container container <SUBCOMMAND>'
-rm cli_help.txt
+for verb in container ima-sign; do
+    ostree "$verb" --help > cli_help.txt
+    assert_file_has_content_literal cli_help.txt "USAGE:"
+    assert_file_has_content_literal cli_help.txt "ostree-$verb $verb"
+    rm cli_help.txt
+done
 echo "ok multicall corectly set up and working"
 
 # make sure that package-related entries are always present,