From b0464b26fc48fcfc4af74fd08cbe1d1fb487b161 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 18 2017 13:47:12 +0000
Subject: import ostree-2017.3-2.el7


---

diff --git a/.gitignore b/.gitignore
index 1fabc4f..e9e9003 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/ostree-2017.1.tar.xz
+SOURCES/libostree-2017.3.tar.xz
diff --git a/.ostree.metadata b/.ostree.metadata
index a47dab8..58f4312 100644
--- a/.ostree.metadata
+++ b/.ostree.metadata
@@ -1 +1 @@
-4592e7b0e63c295a28be94f411101e5ead625ba7 SOURCES/ostree-2017.1.tar.xz
+439fa38167fd4b722b69a8f29f14bb277f8a11e7 SOURCES/libostree-2017.3.tar.xz
diff --git a/SOURCES/0001-ostree-remount-Explicitly-set-tmp-to-01777.patch b/SOURCES/0001-ostree-remount-Explicitly-set-tmp-to-01777.patch
deleted file mode 100644
index 2cbc15d..0000000
--- a/SOURCES/0001-ostree-remount-Explicitly-set-tmp-to-01777.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From e7ef7ccc9540f493fe99037f3592f8b956d5edc6 Mon Sep 17 00:00:00 2001
-From: Matthew Barnes <mbarnes@redhat.com>
-Date: Fri, 13 Nov 2015 09:54:52 -0500
-Subject: [PATCH] [PATCH] ostree-remount: Explicitly set /tmp to 01777
-
-See https://bugzilla.redhat.com/show_bug.cgi?id=1276775
----
- src/switchroot/ostree-remount.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
-index b8d3a96..9dff2a0 100644
---- a/src/switchroot/ostree-remount.c
-+++ b/src/switchroot/ostree-remount.c
-@@ -117,5 +117,13 @@ main(int argc, char *argv[])
- 
-   maybe_mount_tmpfs_on_var ();
- 
-+  /* Ensure /sysroot/tmp is world-writable.  Works around a bug
-+   * where init-fs left the directory writable only to root. */
-+  if (chmod ("/sysroot/tmp", 01777) == -1)
-+    {
-+      perror ("failed to chmod /sysroot/tmp");
-+      exit (EXIT_FAILURE);
-+    }
-+
-   exit (EXIT_SUCCESS);
- }
--- 
-2.5.0
-
diff --git a/SOURCES/0001-unlock-backport-sepolicy-fix.patch b/SOURCES/0001-unlock-backport-sepolicy-fix.patch
new file mode 100644
index 0000000..064bdd5
--- /dev/null
+++ b/SOURCES/0001-unlock-backport-sepolicy-fix.patch
@@ -0,0 +1,70 @@
+From 1abef6b50970ab627019f04f269176e03edbae08 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jlebon@redhat.com>
+Date: Wed, 29 Mar 2017 11:00:11 -0400
+Subject: [PATCH] unlock: backport sepolicy fix
+
+This patch backports https://github.com/ostreedev/ostree/pull/763 to the
+v2017.3 release. Rather than backporting all the new sepolicy stuff, I
+reworked it in the style of yore.
+---
+ src/libostree/ostree-sysroot.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+diff --git a/src/libostree/ostree-sysroot.c b/src/libostree/ostree-sysroot.c
+index f50e34b..0365624 100644
+--- a/src/libostree/ostree-sysroot.c
++++ b/src/libostree/ostree-sysroot.c
+@@ -25,6 +25,7 @@
+ #include <sys/wait.h>
+ 
+ #include "ostree-core-private.h"
++#include "ostree-sepolicy.h"
+ #include "ostree-sysroot-private.h"
+ #include "ostree-deployment-private.h"
+ #include "ostree-bootloader-uboot.h"
+@@ -1699,6 +1700,7 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
+   g_autofree char *deployment_path = NULL;
+   glnx_fd_close int deployment_dfd = -1;
+   pid_t mount_child;
++  glnx_unref_object OstreeSePolicy *sepolicy = NULL;
+ 
+   /* This function cannot re-lock */
+   g_return_val_if_fail (unlocked_state != OSTREE_DEPLOYMENT_UNLOCKED_NONE, FALSE);
+@@ -1735,6 +1737,13 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
+   if (!glnx_opendirat (self->sysroot_fd, deployment_path, TRUE, &deployment_dfd, error))
+     goto out;
+ 
++  { g_autofree char *abspath = glnx_fdrel_abspath (deployment_dfd, ".");
++    g_autoptr(GFile) path = g_file_new_for_path (abspath);
++    sepolicy = ostree_sepolicy_new (path, cancellable, error);
++    if (!sepolicy)
++      goto out;
++  }
++
+   switch (unlocked_state)
+     {
+     case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
+@@ -1762,8 +1771,18 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
+         const char *development_ovl_upper;
+         const char *development_ovl_work;
+ 
+-        if (!glnx_mkdtempat (AT_FDCWD, development_ovldir, 0700, error))
+-          goto out;
++        /* Ensure that the directory is created with the same label as `/usr` */
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wunused-variable"
++        { ostree_cleanup_sepolicy_fscreatecon gpointer dummy = NULL;
++#pragma GCC diagnostic pop
++
++          if (!ostree_sepolicy_setfscreatecon (sepolicy, "/usr", 0755, error))
++            goto out;
++
++          if (!glnx_mkdtempat (AT_FDCWD, development_ovldir, 0755, error))
++            goto out;
++        }
+ 
+         development_ovl_upper = glnx_strjoina (development_ovldir, "/upper");
+         if (!glnx_shutil_mkdir_p_at (AT_FDCWD, development_ovl_upper, 0755, cancellable, error))
+-- 
+2.10.2
+
diff --git a/SPECS/ostree.spec b/SPECS/ostree.spec
index 17589f0..2acf3c1 100644
--- a/SPECS/ostree.spec
+++ b/SPECS/ostree.spec
@@ -1,13 +1,13 @@
 Summary: Tool for managing bootable, immutable filesystem trees
 Name: ostree
-Version: 2017.1
-Release: 3.atomic%{?dist}
+Version: 2017.3
+Release: 2%{?dist}
 #VCS: git:https://github.com/ostreedev/ostree
 # The source tarball is generated via make -C packaging dist-snapshot
 # which handles git submodules.
-Source0: %{name}-%{version}.tar.xz
+Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libostree-%{version}.tar.xz
 Source1: 91-ostree.preset
-Patch0: 0001-ostree-remount-Explicitly-set-tmp-to-01777.patch
+Patch0: 0001-unlock-backport-sepolicy-fix.patch
 License: LGPLv2+
 URL: https://github.com/ostreedev/ostree
 
@@ -18,6 +18,7 @@ BuildRequires: autoconf automake libtool
 # For docs
 BuildRequires: gtk-doc
 # Core requirements
+BuildRequires: pkgconfig(zlib)
 BuildRequires: pkgconfig(libsoup-2.4)
 BuildRequires: libattr-devel
 # Extras
@@ -58,6 +59,7 @@ The %{name}-devel package includes the header files for the %{name} library.
 Summary: GRUB2 integration for OSTree
 Group: Development/Libraries
 Requires: grub2
+Requires: ostree
 
 %description grub2
 GRUB2 integration for OSTree
@@ -70,7 +72,7 @@ Requires: fuse
 %{summary}
 
 %prep
-%autosetup -n ostree-%{version} -Sgit
+%autosetup -n libostree-%{version} -Sgit
 
 %build
 env NOCONFIGURE=1 ./autogen.sh
@@ -78,7 +80,7 @@ env NOCONFIGURE=1 ./autogen.sh
 	   --enable-gtk-doc \
 	   --with-selinux \
 	   --enable-libsoup-client-certs \
-	   --with-dracut
+	   --with-dracut=yesbutnoconf
 make %{?_smp_mflags}
 
 %install
@@ -100,7 +102,6 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/ostree
 %{_datadir}/ostree/trusted.gpg.d
 %{_sysconfdir}/ostree
-%{_sysconfdir}/dracut.conf.d/ostree.conf
 %dir %{_prefix}/lib/dracut/modules.d/98ostree
 %{_prefix}/lib/systemd/system/ostree*.service
 %{_prefix}/lib/dracut/modules.d/98ostree/*
@@ -110,7 +111,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_prefix}/lib/systemd/system-preset/91-ostree.preset
 %{_prefix}/lib/ostree/ostree-prepare-root
 %{_prefix}/lib/ostree/ostree-remount
-%{_libexecdir}/ostree/*
+%{_libexecdir}/libostree/*
 
 %files fuse
 %{_bindir}/rofiles-fuse
@@ -123,11 +124,24 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/gtk-doc/html/ostree
 %{_datadir}/gir-1.0/OSTree-1.0.gir
 
+%ifnarch s390 s390x %{arm}
 %files grub2
 %{_sysconfdir}/grub.d/*ostree
-%{_libexecdir}/ostree/grub2*
+%{_libexecdir}/libostree/grub2*
+%endif
 
 %changelog
+* Wed Mar 29 2017 Jonathan Lebon <jlebon@redhat.com> - 2017.3.2
+- Backport fix for ovl selinux labeling
+  Resolves: #1436751
+
+* Tue Mar 21 2017 Colin Walters <walters@verbum.org> - 2017.3-1
+- New upstream version
+  Resolves: #1433422
+
+* Thu Mar 09 2017 Colin Walters <walters@verbum.org> - 2017.1-4.atomic
+- grub2: Add a requires on ostree
+
 * Thu Feb 23 2017 Colin Walters <walters@redhat.com> - 2017.1-3.atomic
 - Backport libmount unref patch
   Resolves: #1426280