From 9376d4f6bff7e403501c50954c84819eaea03b72 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 01 2017 16:19:41 +0000 Subject: import rpm-ostree-2017.6-3.atomic.el7 --- diff --git a/.gitignore b/.gitignore index bb692f8..62e048e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/bubblewrap-0.1.8.tar.xz -SOURCES/rpm-ostree-2017.5.tar.xz +SOURCES/rpm-ostree-2017.6.tar.xz diff --git a/.rpm-ostree.metadata b/.rpm-ostree.metadata index 9635c19..7f14a5f 100644 --- a/.rpm-ostree.metadata +++ b/.rpm-ostree.metadata @@ -1,2 +1,2 @@ dbb597b75848aa28daeaa7d4c933aadcb1a110dc SOURCES/bubblewrap-0.1.8.tar.xz -8c1db36bd4f23b32eed646541fe723b633a4b866 SOURCES/rpm-ostree-2017.5.tar.xz +ec83827de0ed0ffc0d2c0de0f1e63f967e9371e5 SOURCES/rpm-ostree-2017.6.tar.xz diff --git a/SOURCES/0001-Revert-reldep_from_str-add-support-for-rich-deps.patch b/SOURCES/0001-Revert-reldep_from_str-add-support-for-rich-deps.patch deleted file mode 100644 index 74b7cfa..0000000 --- a/SOURCES/0001-Revert-reldep_from_str-add-support-for-rich-deps.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 76e32ad40bb4cc27e13818be5c2acc4a70197c9e Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 2 May 2017 11:26:56 -0400 -Subject: [PATCH] Revert "reldep_from_str: add support for rich deps" - -This reverts commit 28017b4e2678f416f4a287da82382accd394d0d9. ---- - libdnf/libdnf/hy-iutil.c | 27 ++++++++------------------- - 1 file changed, 8 insertions(+), 19 deletions(-) - -diff --git a/libdnf/libdnf/hy-iutil.c b/libdnf/libdnf/hy-iutil.c -index 4031a15..f5c14b5 100644 ---- a/libdnf/libdnf/hy-iutil.c -+++ b/libdnf/libdnf/hy-iutil.c -@@ -40,7 +40,6 @@ - #include - #include - #include --#include - - // glib - #include -@@ -52,7 +51,6 @@ - #include "hy-packageset-private.h" - #include "hy-query.h" - #include "dnf-sack-private.h" --#include "dnf-reldep-private.h" - - #define BUF_BLOCK 4096 - #define CHKSUM_TYPE REPOKEY_TYPE_SHA256 -@@ -734,23 +732,14 @@ parse_reldep_str(const char *reldep_str, char **name, char **evr, - DnfReldep * - reldep_from_str(DnfSack *sack, const char *reldep_str) - { -- if (reldep_str[0] == '(') { -- /* Rich dependency */ -- Pool *pool = dnf_sack_get_pool (sack); -- Id id = pool_parserpmrichdep(pool, reldep_str); -- if (!id) -- return NULL; -- return dnf_reldep_from_pool (pool, id); -- } else { -- char *name, *evr = NULL; -- int cmp_type = 0; -- if (parse_reldep_str(reldep_str, &name, &evr, &cmp_type) == -1) -- return NULL; -- DnfReldep *reldep = dnf_reldep_new (sack, name, cmp_type, evr); -- g_free(name); -- g_free(evr); -- return reldep; -- } -+ char *name, *evr = NULL; -+ int cmp_type = 0; -+ if (parse_reldep_str(reldep_str, &name, &evr, &cmp_type) == -1) -+ return NULL; -+ DnfReldep *reldep = dnf_reldep_new (sack, name, cmp_type, evr); -+ g_free(name); -+ g_free(evr); -+ return reldep; - } - - DnfReldepList * --- -2.12.2 - diff --git a/SOURCES/0001-core-only-update-repos-enabled-for-packages.patch b/SOURCES/0001-core-only-update-repos-enabled-for-packages.patch new file mode 100644 index 0000000..e8c77de --- /dev/null +++ b/SOURCES/0001-core-only-update-repos-enabled-for-packages.patch @@ -0,0 +1,33 @@ +From f1437028cfdba73c09daf49cf41ab7e5e665dbea Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Thu, 6 Jul 2017 11:21:18 -0700 +Subject: [PATCH] core: only update repos enabled for packages + +We don't care about repos enabled only for METADATA. This works around +an interesting libdnf behaviour in which all repos in redhat.repo are +enabled for metadata, even if disabled. + +Downstream RHBZ: #1468302 + +Closes: #863 +Approved by: cgwalters +--- + src/libpriv/rpmostree-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libpriv/rpmostree-core.c b/src/libpriv/rpmostree-core.c +index 22160884..8aef6617 100644 +--- a/src/libpriv/rpmostree-core.c ++++ b/src/libpriv/rpmostree-core.c +@@ -925,7 +925,7 @@ rpmostree_context_download_metadata (RpmOstreeContext *self, + { + g_assert (!self->empty); + +- g_autoptr(GPtrArray) rpmmd_repos = get_enabled_rpmmd_repos (self->hifctx, DNF_REPO_ENABLED_METADATA); ++ g_autoptr(GPtrArray) rpmmd_repos = get_enabled_rpmmd_repos (self->hifctx, DNF_REPO_ENABLED_PACKAGES); + + g_print ("Enabled rpm-md repositories:"); + for (guint i = 0; i < rpmmd_repos->len; i++) +-- +2.13.2 + diff --git a/SOURCES/0001-treecompose-Add-various-g_prefix_error.patch b/SOURCES/0001-treecompose-Add-various-g_prefix_error.patch new file mode 100644 index 0000000..9c36ef4 --- /dev/null +++ b/SOURCES/0001-treecompose-Add-various-g_prefix_error.patch @@ -0,0 +1,134 @@ +From 9f671efc60e8cb84ad2c73718c686692c92585fa Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Thu, 15 Jun 2017 13:29:06 -0400 +Subject: [PATCH 1/4] treecompose: Add various g_prefix_error() + +To help debug a problem which turned out to be in SELinux postprocessing for +RHELAH. + +Closes: #830 +Approved by: jlebon +--- + src/app/rpmostree-compose-builtin-tree.c | 20 ++++++++++++++++---- + src/libpriv/rpmostree-postprocess.c | 28 +++++++++++++--------------- + 2 files changed, 29 insertions(+), 19 deletions(-) + +diff --git a/src/app/rpmostree-compose-builtin-tree.c b/src/app/rpmostree-compose-builtin-tree.c +index 15b2862..4cbe503 100644 +--- a/src/app/rpmostree-compose-builtin-tree.c ++++ b/src/app/rpmostree-compose-builtin-tree.c +@@ -1008,12 +1008,18 @@ rpmostree_compose_builtin_tree (int argc, + if (!rpmostree_treefile_postprocessing (rootfs_fd, self->treefile_context_dirs->pdata[0], + self->serialized_treefile, treefile, + next_version, cancellable, error)) +- goto out; ++ { ++ g_prefix_error (error, "Postprocessing: "); ++ goto out; ++ } + + if (!rpmostree_prepare_rootfs_for_commit (self->workdir_dfd, &rootfs_fd, rootfs_name, + treefile, + cancellable, error)) +- goto out; ++ { ++ g_prefix_error (error, "Preparing rootfs for commit: "); ++ goto out; ++ } + + if (!rpmostree_copy_additional_files (yumroot, self->treefile_context_dirs->pdata[0], treefile, cancellable, error)) + goto out; +@@ -1021,12 +1027,18 @@ rpmostree_compose_builtin_tree (int argc, + if (!rpmostree_check_passwd (repo, yumroot, treefile_dirpath, treefile, + previous_checksum, + cancellable, error)) +- goto out; ++ { ++ g_prefix_error (error, "Handling passwd db: "); ++ goto out; ++ } + + if (!rpmostree_check_groups (repo, yumroot, treefile_dirpath, treefile, + previous_checksum, + cancellable, error)) +- goto out; ++ { ++ g_prefix_error (error, "Handling group db: "); ++ goto out; ++ } + + /* Insert our input hash */ + g_hash_table_replace (metadata_hash, g_strdup ("rpmostree.inputhash"), +diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c +index 46fb636..db24c70 100644 +--- a/src/libpriv/rpmostree-postprocess.c ++++ b/src/libpriv/rpmostree-postprocess.c +@@ -654,10 +654,7 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, + + name = dent->d_name; + if (renameat (dfd_iter.fd, name, etc_selinux_dfd, name) != 0) +- { +- glnx_set_error_from_errno (error); +- return FALSE; +- } ++ return glnx_throw_errno_prefix (error, "rename(%s)", name); + } + + return TRUE; +@@ -794,12 +791,18 @@ create_rootfs_from_yumroot_content (int target_root_dfd, + + /* NSS configuration to look at the new files */ + if (!replace_nsswitch (src_rootfs_fd, cancellable, error)) +- goto out; ++ { ++ g_prefix_error (error, "nsswitch replacement: "); ++ goto out; ++ } + + if (selinux) + { + if (!postprocess_selinux_policy_store_location (src_rootfs_fd, cancellable, error)) +- goto out; ++ { ++ g_prefix_error (error, "SELinux postprocess: "); ++ goto out; ++ } + } + + /* We take /usr from the yum content */ +@@ -1615,17 +1618,15 @@ rpmostree_prepare_rootfs_for_commit (int workdir_dfd, + glnx_fd_close int target_root_dfd = -1; + + if (mkdirat (workdir_dfd, temp_new_root, 0755) < 0) +- { +- glnx_set_error_from_errno (error); +- return FALSE; +- } ++ return glnx_throw_errno_prefix (error, "creating %s", temp_new_root); ++ + if (!glnx_opendirat (workdir_dfd, temp_new_root, TRUE, + &target_root_dfd, error)) + return FALSE; + + if (!create_rootfs_from_yumroot_content (target_root_dfd, *inout_rootfs_fd, treefile, + cancellable, error)) +- return FALSE; ++ return glnx_prefix_error (error, "Finalizing rootfs"); + + (void) close (*inout_rootfs_fd); + +@@ -1634,10 +1635,7 @@ rpmostree_prepare_rootfs_for_commit (int workdir_dfd, + + if (TEMP_FAILURE_RETRY (renameat (workdir_dfd, temp_new_root, + workdir_dfd, rootfs_name)) != 0) +- { +- glnx_set_error_from_errno (error); +- return FALSE; +- } ++ return glnx_throw_errno_prefix (error, "rename(%s, %s)", temp_new_root, rootfs_name); + + *inout_rootfs_fd = target_root_dfd; + target_root_dfd = -1; /* Transfer ownership */ +-- +2.13.0 + diff --git a/SOURCES/0002-postprocess-use-glnx_throw-helpers-to-add-details.patch b/SOURCES/0002-postprocess-use-glnx_throw-helpers-to-add-details.patch new file mode 100644 index 0000000..8c25193 --- /dev/null +++ b/SOURCES/0002-postprocess-use-glnx_throw-helpers-to-add-details.patch @@ -0,0 +1,62 @@ +From 4a5e9c3086da507f7be9bdf84b17aaaca4d18ad7 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Thu, 15 Jun 2017 13:20:34 -0400 +Subject: [PATCH 2/4] postprocess: use glnx_throw helpers to add details + +Closes: #831 +Approved by: cgwalters +--- + src/libpriv/rpmostree-postprocess.c | 20 ++++---------------- + 1 file changed, 4 insertions(+), 16 deletions(-) + +diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c +index db24c70..77ad66a 100644 +--- a/src/libpriv/rpmostree-postprocess.c ++++ b/src/libpriv/rpmostree-postprocess.c +@@ -595,10 +595,7 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, + if (fstatat (rootfs_dfd, var_policy_location, &stbuf, 0) != 0) + { + if (errno != ENOENT) +- { +- glnx_set_error_from_errno (error); +- return FALSE; +- } ++ return glnx_throw_errno_prefix (error, "fstat(%s)", modules_location); + + /* Okay, this is probably CentOS 7, or maybe we have a build of + * selinux-policy with the path moved back into /etc (or maybe it's +@@ -615,28 +612,19 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, + orig_contents = glnx_file_get_contents_utf8_at (rootfs_dfd, semanage_path, NULL, + cancellable, error); + if (orig_contents == NULL) +- { +- g_prefix_error (error, "Opening %s: ", semanage_path); +- return FALSE; +- } ++ return glnx_prefix_error (error, "Opening %s:", semanage_path); + + contents = g_strconcat (orig_contents, "\nstore-root=/etc/selinux\n", NULL); + + if (!glnx_file_replace_contents_at (rootfs_dfd, semanage_path, + (guint8*)contents, -1, 0, + cancellable, error)) +- { +- g_prefix_error (error, "Replacing %s: ", semanage_path); +- return FALSE; +- } ++ return glnx_prefix_error (error, "Replacing %s:", semanage_path); + } + + etc_policy_location = glnx_strjoina ("etc/selinux/", name); + if (!glnx_opendirat (rootfs_dfd, etc_policy_location, TRUE, &etc_selinux_dfd, error)) +- { +- g_prefix_error (error, "Opening %s: ", etc_policy_location); +- return FALSE; +- } ++ return glnx_prefix_error (error, "Opening %s:", etc_policy_location); + + if (!glnx_dirfd_iterator_init_at (rootfs_dfd, var_policy_location, TRUE, &dfd_iter, error)) + return FALSE; +-- +2.13.0 + diff --git a/SOURCES/0003-postprocess-stronger-handling-for-sepolicy-in-var.patch b/SOURCES/0003-postprocess-stronger-handling-for-sepolicy-in-var.patch new file mode 100644 index 0000000..4254ced --- /dev/null +++ b/SOURCES/0003-postprocess-stronger-handling-for-sepolicy-in-var.patch @@ -0,0 +1,34 @@ +From 943138b13254eae339afe47eeccfef5c5f01e2de Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Thu, 15 Jun 2017 13:21:01 -0400 +Subject: [PATCH 3/4] postprocess: stronger handling for sepolicy in /var + +We shouldn't just check that the "targeted" dir exists, but rather that +the actual directory where the modules are stored exists. This fixes a +regression on RHEL in which the new selinux-policy-targeted lists some +%ghost files under /var/lib/selinux and as a result think that the +policy is in /var. + +Closes: #831 +Approved by: cgwalters +--- + src/libpriv/rpmostree-postprocess.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c +index 77ad66a..8252f41 100644 +--- a/src/libpriv/rpmostree-postprocess.c ++++ b/src/libpriv/rpmostree-postprocess.c +@@ -592,7 +592,8 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, + return TRUE; + + var_policy_location = glnx_strjoina ("var/lib/selinux/", name); +- if (fstatat (rootfs_dfd, var_policy_location, &stbuf, 0) != 0) ++ const char *modules_location = glnx_strjoina (var_policy_location, "/active/modules"); ++ if (fstatat (rootfs_dfd, modules_location, &stbuf, 0) != 0) + { + if (errno != ENOENT) + return glnx_throw_errno_prefix (error, "fstat(%s)", modules_location); +-- +2.13.0 + diff --git a/SOURCES/0004-postprocess-always-nuke-var-run.patch b/SOURCES/0004-postprocess-always-nuke-var-run.patch new file mode 100644 index 0000000..50fb8dc --- /dev/null +++ b/SOURCES/0004-postprocess-always-nuke-var-run.patch @@ -0,0 +1,49 @@ +From 57cf8d9bc0448abcb7f395d2a175be6b6373a569 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Thu, 15 Jun 2017 13:35:36 -0400 +Subject: [PATCH 4/4] postprocess: always nuke /var/run + +If `/var/run` exists, it will be a dir, so we'll fail the `unlinkat` +with `EISDIR`. Let's just explicitly nuke it. + +Closes: #831 +Approved by: cgwalters +--- + src/libpriv/rpmostree-postprocess.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c +index 8252f41..094e7b8 100644 +--- a/src/libpriv/rpmostree-postprocess.c ++++ b/src/libpriv/rpmostree-postprocess.c +@@ -329,7 +329,6 @@ convert_var_to_tmpfiles_d (int src_rootfs_dfd, + * runtime. (And really both in CentOS and Fedora) + */ + const char *known_state_files[] = { +- "run", /* We never want to traverse into /run when making tmpfiles since it's a tmpfs */ + "lib/systemd/random-seed", /* https://bugzilla.redhat.com/show_bug.cgi?id=789407 */ + "lib/systemd/catalog/database", + "lib/plymouth/boot-duration", +@@ -340,6 +339,10 @@ convert_var_to_tmpfiles_d (int src_rootfs_dfd, + if (!glnx_opendirat (src_rootfs_dfd, "var", TRUE, &var_dfd, error)) + return FALSE; + ++ /* We never want to traverse into /run when making tmpfiles since it's a tmpfs */ ++ if (!glnx_shutil_rm_rf_at (var_dfd, "run", cancellable, error)) ++ return FALSE; ++ + /* Here, delete some files ahead of time to avoid emitting warnings + * for things that are known to be harmless. + */ +@@ -349,7 +352,7 @@ convert_var_to_tmpfiles_d (int src_rootfs_dfd, + if (unlinkat (var_dfd, path, 0) < 0) + { + if (errno != ENOENT) +- return glnx_throw_errno_prefix (error, "unlinkat"); ++ return glnx_throw_errno_prefix (error, "unlinkat(%s)", path); + } + } + +-- +2.13.0 + diff --git a/SPECS/rpm-ostree.spec b/SPECS/rpm-ostree.spec index 90675e0..1cd27ff 100644 --- a/SPECS/rpm-ostree.spec +++ b/SPECS/rpm-ostree.spec @@ -1,8 +1,8 @@ %global bubblewrap_version 0.1.8 Summary: Client side upgrade program and server side compose tool Name: rpm-ostree -Version: 2017.5 -Release: 1.atomic%{?dist} +Version: 2017.6 +Release: 3.atomic%{?dist} #VCS: https://github.com/cgwalters/rpm-ostree # This tarball is generated via "make -f Makefile.dist-packaging dist-snapshot" # because github doesn't support placing submodules in tarballs and RPM @@ -12,7 +12,11 @@ License: LGPLv2+ URL: https://github.com/projectatomic/rpm-ostree Source1: https://github.com/projectatomic/bubblewrap/releases/download/v%{bubblewrap_version}/bubblewrap-%{bubblewrap_version}.tar.xz -Patch1: 0001-Revert-reldep_from_str-add-support-for-rich-deps.patch +Patch0: 0001-treecompose-Add-various-g_prefix_error.patch +Patch1: 0002-postprocess-use-glnx_throw-helpers-to-add-details.patch +Patch2: 0003-postprocess-stronger-handling-for-sepolicy-in-var.patch +Patch3: 0004-postprocess-always-nuke-var-run.patch +Patch4: 0001-core-only-update-repos-enabled-for-packages.patch Requires: ostree-fuse @@ -24,7 +28,7 @@ BuildRequires: gtk-doc BuildRequires: gnome-common BuildRequires: gobject-introspection-devel # Core requirements -BuildRequires: pkgconfig(ostree-1) >= 2017.2 +BuildRequires: pkgconfig(ostree-1) >= 2017.6 BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(rpm) BuildRequires: pkgconfig(libarchive) @@ -39,6 +43,9 @@ BuildRequires: pkgconfig(librepo) # We're using RPATH to pick up our bundled version %global __requires_exclude ^libdnf[.]so[.].*$ +# Our bundled libdnf.so.1 is for us only +%global __provides_exclude_from ^%{_libdir}/%{name}/.*$ + BuildRequires: cmake BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(check) @@ -131,6 +138,17 @@ python autofiles.py > files.devel \ %files devel -f files.devel %changelog +* Fri Jul 07 2017 Colin Walters - 2017.6-3.atomic +- Backport patch to fix metadata-only repos + +* Thu Jun 15 2017 Jonathan Lebon - 2017.6-2.atomic +- Backport patch to fix SELinux workaround for policy move to /var +- Backport patch to fix /var/run potentially being a directory + +* Fri Jun 02 2017 Jonathan Lebon - 2017.6-1.atomic +- New upstream release +- Resolves: #1457964 + * Tue May 02 2017 Jonathan Lebon - 2017.5-1.atomic - New upstream release - Resolves: #1447070