Push ostree commits over ssh
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



ostree-push uses ssh to push commits from a local OSTree repo to a remote OSTree repo. This is to fill a gap where currently you can only pull commits in core ostree. To publish commits to a remote repository, you either have to pull from the local repo to the remote repo or use an out of band mechanism like rsync.

Both approaches have significant limitations. To pull over the network, only http is supported. So, in addition to having to login on the remote machine and run ostree pull, the local repository needs to be served over http. This means your build machine needs to be an http server with appropriate configuration in addition to simply making commits. This pushes the builds to be done on the public repository server, which prevents reasonable separation of duties and makes multiarch repositories impossible.

Using rsync for publishing has some major benefits since only updated objects are published. However, it has no concept of the OSTree object store or refs structures. There are a few problems deriving from this issue. First, objects are published in sort order, but this means that objects can be published before their children. In the most extreme case, a commit object could be published before it's complete. The remote repo would assume this commit object was valid even though some children might be missing. Second, the refs might get updated before the commit objects are in place. If a client pulls while rsync is publishing, it may attempt to pull an incomplete or entirely missing commit. Finally, rsync will push the objects directly into the store rather than using a staging directory like pull or commit do. If rsync is interrupted, it could leave partial objects in the store.

ostree-push tries to offer functionality like git where commits can be pushed over ssh to avoid these issues. Eventually, the protocol could be used to offer pulls over ssh, which would allow working with remotes over something other than http.


When ostree-push is started, it opens a channel to the specified remote host with ssh. On the remote host, ostree-receive is spawned. ostree-push and ostree-receive then communicate via a custom protocol to publish the commits. After determining what objects are needed in the remote repository, ostree-push sends the objects one by one to ostree-receive. After receiving all objects, ostree-receive moves them from a temporary staging directory to the object store and updates the refs files.

The full protocol and message format are described in protocol.md.