From 7271b0c4a48a72d023a905b2214345cdf60b793f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 29 2022 19:40:12 +0000 Subject: import kpatch-0.9.4-2.el8 --- diff --git a/.gitignore b/.gitignore index de588d4..5083f33 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/kpatch-dnf-v0.2.tar.gz -SOURCES/v0.9.2.tar.gz +SOURCES/kpatch-dnf-v0.4.tar.gz +SOURCES/v0.9.4.tar.gz diff --git a/.kpatch.metadata b/.kpatch.metadata index 141152c..20fca39 100644 --- a/.kpatch.metadata +++ b/.kpatch.metadata @@ -1,2 +1,2 @@ -74e3123e0edc694676a36994b23094be354f87b5 SOURCES/kpatch-dnf-v0.2.tar.gz -c0878679129add77d6fff57093640892ad941155 SOURCES/v0.9.2.tar.gz +fa86620559069e8253b5172849797a6d03b509be SOURCES/kpatch-dnf-v0.4.tar.gz +1f080a31cc087b41cb4d37c514819444bd8a75ae SOURCES/v0.9.4.tar.gz diff --git a/SOURCES/0003-kpatch-cleanup-install-directory.patch b/SOURCES/0003-kpatch-cleanup-install-directory.patch deleted file mode 100644 index 7c05150..0000000 --- a/SOURCES/0003-kpatch-cleanup-install-directory.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 47c1bd435a498e736a6fd3f41655c05279560bb1 Mon Sep 17 00:00:00 2001 -From: Artem Savkov -Date: Thu, 25 Feb 2021 13:24:30 +0100 -Subject: [PATCH] kpatch: cleanup install directory - -On module installation kpatch utility creates a directory with kernel -version as a name in /var/lib/kpatch which is never removed. To address -this check if any files are left in this directory after each -'uninstall' call and if not - remove it. - -Signed-off-by: Artem Savkov ---- - kpatch/kpatch | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/kpatch/kpatch b/kpatch/kpatch -index ccb6914..8c34ed4 100755 ---- a/kpatch/kpatch -+++ b/kpatch/kpatch -@@ -575,10 +575,12 @@ case "$1" in - fi - - [[ ! -e "$MODULE" ]] && die "$PATCH is not installed for kernel $KVER" -- - - echo "uninstalling $PATCH ($KVER)" - rm -f "$MODULE" || die "failed to uninstall module $PATCH" -+ rmdir --ignore-fail-on-non-empty "$INSTALLDIR/$KVER" || die "failed to remove directory $INSTALLDIR/$KVER" -+ rmdir --ignore-fail-on-non-empty "$INSTALLDIR" || die "failed to remove directory $INSTALLDIR" -+ - ;; - - "list") --- -2.26.2 - diff --git a/SOURCES/0100-kpatch-wait-for-module-ref-counts-on-unload.patch b/SOURCES/0100-kpatch-wait-for-module-ref-counts-on-unload.patch deleted file mode 100644 index 2b10e15..0000000 --- a/SOURCES/0100-kpatch-wait-for-module-ref-counts-on-unload.patch +++ /dev/null @@ -1,100 +0,0 @@ -From cdee6bd650a35075515d4fe2bb67657811c9640c Mon Sep 17 00:00:00 2001 -From: Joe Lawrence -Date: Mon, 16 Nov 2020 15:21:59 -0500 -Subject: [PATCH] kpatch: wait for module ref counts on unload - -There exists a very small timing window in which "kpatch unload" gets to -its "rmmod" step before the kpatch-patch module's reference count has -cleared and the "rmmod" fails. - -This is only a transient problem, but we can adopt code from upstream -livepatch kselftests which wait for the module refcounts to settle -before moving onto "rmmod". - -A small wrinkle is that this is not supported by the older kpatch.ko -core. The price for circumventing the activeness safety check via -KPATCH_FORCE_UNSAFE is that it must leave the kpatch patch modules in -place (see e1890e627a9b ("prevent rmmod of forced modules")). - -Signed-off-by: Joe Lawrence ---- - kpatch/kpatch | 40 ++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 38 insertions(+), 2 deletions(-) - -diff --git a/kpatch/kpatch b/kpatch/kpatch -index bca8f41..b35b742 100755 ---- a/kpatch/kpatch -+++ b/kpatch/kpatch -@@ -28,6 +28,7 @@ SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")" - VERSION="0.9.2" - POST_ENABLE_WAIT=15 # seconds - POST_SIGNAL_WAIT=60 # seconds -+MODULE_REF_WAIT=15 # seconds - - # How many times to try loading the patch if activeness safety check fails. - MAX_LOAD_ATTEMPTS=5 -@@ -125,6 +126,10 @@ find_core_module() { - return 1 - } - -+kpatch_core_loaded() { -+ grep -q -e "T kpatch_register" /proc/kallsyms -+} -+ - core_loaded () { - grep -q -e "T klp_enable_patch" -e "T kpatch_register" /proc/kallsyms - } -@@ -265,6 +270,31 @@ wait_for_patch_transition() { - return 1 - } - -+module_ref_count() { -+ local modname="$1" -+ [[ $(cat "/sys/module/$modname/refcnt" 2>/dev/null) != "0" ]] -+} -+ -+wait_for_zero_module_ref_count() { -+ local modname="$1" -+ local i=0 -+ -+ # We can't rely on a zero refcount with kpatch.ko as it -+ # implements KPATCH_FORCE_UNSAFE with an additional reference on -+ # kpatch-patch modules to avoid potential crashes. -+ kpatch_core_loaded && return 0 -+ -+ module_ref_count "$modname" || return 0 -+ -+ echo "waiting (up to $MODULE_REF_WAIT seconds) for module refcount..." -+ for (( i=0; i /dev/null || return 0 -+ rmmod "$modname" 2> /dev/null || return 0 - } - - unload_module () { --- -2.25.4 - diff --git a/SOURCES/0200-Makefile-set-install-permission-modes.patch b/SOURCES/0200-Makefile-set-install-permission-modes.patch deleted file mode 100644 index aecd225..0000000 --- a/SOURCES/0200-Makefile-set-install-permission-modes.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 73f6d5cdb2a4ce78cec6f49517116a3c7616f393 Mon Sep 17 00:00:00 2001 -From: Joe Lawrence -Date: Thu, 12 Nov 2020 15:15:47 -0500 -Subject: [PATCH] Makefile: set install permission modes - -By default, the install command will apply rwxr-xr-x permissions (how -intuitive). Give the command expected file modes to avoid rpmbuild -complaints like this: - - *** WARNING: ./usr/lib/python3.9/site-packages/dnf-plugins/kpatch.py is executable but has no shebang, removing executable bit - *** WARNING: ./etc/dnf/plugins/kpatch.conf is executable but has no shebang, removing executable bit - -Signed-off-by: Joe Lawrence ---- - Makefile | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile b/Makefile -index fb92d06..77c8eb5 100644 ---- a/Makefile -+++ b/Makefile -@@ -23,11 +23,11 @@ all: $(TARGETS) - - install: $(TARGETS) - install -d $(MANDIR) -- install man/dnf.kpatch.8.gz $(MANDIR) -+ install -m 644 man/dnf.kpatch.8.gz $(MANDIR) - install -d $(CONFDIR) -- install conf/kpatch.conf $(CONFDIR) -+ install -m 644 conf/kpatch.conf $(CONFDIR) - install -d $(DNFPLUGINDIR) -- install kpatch.py $(DNFPLUGINDIR) -+ install -m 644 kpatch.py $(DNFPLUGINDIR) - - %.gz: % - gzip --keep $^ --- -2.25.4 - diff --git a/SPECS/kpatch.spec b/SPECS/kpatch.spec index 07f962d..9657f70 100644 --- a/SPECS/kpatch.spec +++ b/SPECS/kpatch.spec @@ -1,8 +1,8 @@ -%define kpatch_dnf_ver 0.2 +%define kpatch_dnf_ver 0.4 Name: kpatch -Version: 0.9.2 -Release: 5%{?dist} +Version: 0.9.4 +Release: 2%{?dist} Summary: Dynamic kernel patch manager Group: System Environment/Kernel @@ -14,13 +14,12 @@ Source1: kpatch-dnf-v%{kpatch_dnf_ver}.tar.gz # RHEL-only Patch0: 0001-contrib-disable-upstart-kpatch.conf-install.patch Patch1: 0002-kpatch-clarify-unload-unsupport.patch -Patch2: 0003-kpatch-cleanup-install-directory.patch # Upstream backports -Patch100: 0100-kpatch-wait-for-module-ref-counts-on-unload.patch +#Patch100: 0100-xxx.patch # kpatch-dnf backports -Patch200: 0200-Makefile-set-install-permission-modes.patch +#Patch200: 0200-xxx.patch Requires: bash kmod binutils Recommends: kpatch-dnf @@ -50,12 +49,9 @@ kpatch-patch packages updates. %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch100 -p1 %setup -D -T -a 1 cd kpatch-dnf-%{kpatch_dnf_ver} -%patch200 -p1 cd .. %build @@ -67,6 +63,7 @@ make -C kpatch-dnf-%{kpatch_dnf_ver} make install PREFIX=/usr DESTDIR=%{buildroot} -C kpatch make install PREFIX=/usr DESTDIR=%{buildroot} -C man make install PREFIX=/usr DESTDIR=%{buildroot} -C contrib +mkdir -p %{buildroot}/%{_sharedstatedir}/kpatch rm -f %{buildroot}/usr/share/man/man1/kpatch-build.1.gz make install PREFIX=/usr DESTDIR=%{buildroot} PYTHONSITES=%{python3_sitelib} -C kpatch-dnf-%{kpatch_dnf_ver} @@ -74,6 +71,7 @@ make install PREFIX=/usr DESTDIR=%{buildroot} PYTHONSITES=%{python3_sitelib} -C %files %{_sbindir}/kpatch %{_usr}/lib/systemd/system/kpatch.service +%{_sharedstatedir}/kpatch %doc %{_mandir}/man1/kpatch.1.gz %files -n kpatch-dnf @@ -87,6 +85,12 @@ echo "To enable automatic kpatch-patch subscription, run:" echo -e "\t$ dnf kpatch auto" %changelog +* Fri Jan 14 2022 Yannick Cote 0.9.4-2 +- Add /usr/lib/kpatch to install and files list to appease SELinux (rhbz#2022123) + +* Thu Sep 23 2021 Artem Savkov 0.9.4-1 +- Update kpatch utility to 0.9.4 and kpatch-dnf to 0.4 (rhbz#2006841) + * Mon Mar 15 2021 Artem Savkov 0.9.2-5 - Cleanup /var/lib/kpatch directory on uninstall (rhbz#1930108)