From f0c6dd0f742512f50eff3c9b9cd2b7830e109d4a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 19 2017 17:42:21 +0000 Subject: import rpm-ostree-client-2017.9-1.atomic.el7 --- diff --git a/.gitignore b/.gitignore index efac668..31ff810 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/bubblewrap-0.1.8.tar.xz -SOURCES/rpm-ostree-client-2017.6.tar.xz +SOURCES/rpm-ostree-client-2017.9.tar.xz diff --git a/.rpm-ostree-client.metadata b/.rpm-ostree-client.metadata index cd483d8..cad7db5 100644 --- a/.rpm-ostree-client.metadata +++ b/.rpm-ostree-client.metadata @@ -1,2 +1,2 @@ dbb597b75848aa28daeaa7d4c933aadcb1a110dc SOURCES/bubblewrap-0.1.8.tar.xz -49b56c8002631b4a7a0454180111b780a96d5913 SOURCES/rpm-ostree-client-2017.6.tar.xz +9f673982000e60f28fc04e25288f8616619f1ea2 SOURCES/rpm-ostree-client-2017.9.tar.xz diff --git a/SOURCES/0001-core-only-update-repos-enabled-for-packages.patch b/SOURCES/0001-core-only-update-repos-enabled-for-packages.patch deleted file mode 100644 index e8c77de..0000000 --- a/SOURCES/0001-core-only-update-repos-enabled-for-packages.patch +++ /dev/null @@ -1,33 +0,0 @@ -From f1437028cfdba73c09daf49cf41ab7e5e665dbea Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Thu, 6 Jul 2017 11:21:18 -0700 -Subject: [PATCH] core: only update repos enabled for packages - -We don't care about repos enabled only for METADATA. This works around -an interesting libdnf behaviour in which all repos in redhat.repo are -enabled for metadata, even if disabled. - -Downstream RHBZ: #1468302 - -Closes: #863 -Approved by: cgwalters ---- - src/libpriv/rpmostree-core.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libpriv/rpmostree-core.c b/src/libpriv/rpmostree-core.c -index 22160884..8aef6617 100644 ---- a/src/libpriv/rpmostree-core.c -+++ b/src/libpriv/rpmostree-core.c -@@ -925,7 +925,7 @@ rpmostree_context_download_metadata (RpmOstreeContext *self, - { - g_assert (!self->empty); - -- g_autoptr(GPtrArray) rpmmd_repos = get_enabled_rpmmd_repos (self->hifctx, DNF_REPO_ENABLED_METADATA); -+ g_autoptr(GPtrArray) rpmmd_repos = get_enabled_rpmmd_repos (self->hifctx, DNF_REPO_ENABLED_PACKAGES); - - g_print ("Enabled rpm-md repositories:"); - for (guint i = 0; i < rpmmd_repos->len; i++) --- -2.13.2 - diff --git a/SOURCES/0001-rollback-allow-users-to-undo-a-rollback.patch b/SOURCES/0001-rollback-allow-users-to-undo-a-rollback.patch deleted file mode 100644 index af07d7f..0000000 --- a/SOURCES/0001-rollback-allow-users-to-undo-a-rollback.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 6ca072af941cd6f1fd2a094b2daa17219c9adc96 Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Thu, 3 Aug 2017 06:41:18 -0700 -Subject: [PATCH] rollback: allow users to undo a rollback - -The new API to find pending and rollback deployments do so relative to -the booted deployment. This caused an interesting behaviour: the first -time a user uses "rpm-ostree rollback", it would (as expected) move the -previous deployment first. but the second call to "rpm-ostree rollback" -would fail since there were now no more rollback deployments. - -We fine tune the logic here to allow this, as well as the more general -case of putting the booted deployment back on top. - -This fixes a subtle regression from b7cf58e -(https://github.com/projectatomic/rpm-ostree/pull/767). - -Closes: https://github.com/projectatomic/rpm-ostree/issues/906 - -Closes: #907 -Approved by: cgwalters ---- - src/daemon/rpmostreed-transaction-types.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/src/daemon/rpmostreed-transaction-types.c b/src/daemon/rpmostreed-transaction-types.c -index 9f614e4..067adbf 100644 ---- a/src/daemon/rpmostreed-transaction-types.c -+++ b/src/daemon/rpmostreed-transaction-types.c -@@ -322,11 +322,22 @@ rollback_transaction_execute (RpmostreedTransaction *transaction, - { - RollbackTransaction *self = (RollbackTransaction *) transaction; - OstreeSysroot *sysroot = rpmostreed_transaction_get_sysroot (transaction); -+ OstreeDeployment *booted_deployment = ostree_sysroot_get_booted_deployment (sysroot); - -+ g_autoptr(OstreeDeployment) pending_deployment = NULL; - g_autoptr(OstreeDeployment) rollback_deployment = NULL; -- rpmostree_syscore_query_deployments (sysroot, self->osname, NULL, &rollback_deployment); -- if (!rollback_deployment) -+ rpmostree_syscore_query_deployments (sysroot, self->osname, -+ &pending_deployment, &rollback_deployment); -+ -+ if (!rollback_deployment && !pending_deployment) /* i.e. do we just have 1 deployment? */ - return glnx_throw (error, "No rollback deployment found"); -+ else if (!rollback_deployment) -+ { -+ /* If there isn't a rollback deployment, but there *is* a pending deployment, then we -+ * want "rpm-ostree rollback" to put the currently booted deployment back on top. This -+ * also allows users to effectively undo a rollback operation. */ -+ rollback_deployment = g_object_ref (booted_deployment); -+ } - - g_autoptr(GPtrArray) old_deployments = - ostree_sysroot_get_deployments (sysroot); -@@ -344,7 +355,7 @@ rollback_transaction_execute (RpmostreedTransaction *transaction, - for (guint i = 0; i < old_deployments->len; i++) - { - OstreeDeployment *deployment = old_deployments->pdata[i]; -- if (deployment != rollback_deployment) -+ if (!ostree_deployment_equal (deployment, rollback_deployment)) - g_ptr_array_add (new_deployments, g_object_ref (deployment)); - } - --- -2.14.0 - diff --git a/SOURCES/0001-treecompose-Add-various-g_prefix_error.patch b/SOURCES/0001-treecompose-Add-various-g_prefix_error.patch deleted file mode 100644 index 75d6edd..0000000 --- a/SOURCES/0001-treecompose-Add-various-g_prefix_error.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 9f671efc60e8cb84ad2c73718c686692c92585fa Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Thu, 15 Jun 2017 13:29:06 -0400 -Subject: [PATCH 1/4] treecompose: Add various g_prefix_error() - -To help debug a problem which turned out to be in SELinux postprocessing for -RHELAH. - -Closes: #830 -Approved by: jlebon ---- - src/app/rpmostree-compose-builtin-tree.c | 20 ++++++++++++++++---- - src/libpriv/rpmostree-postprocess.c | 28 +++++++++++++--------------- - 2 files changed, 29 insertions(+), 19 deletions(-) - -diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c -index 46fb636..db24c70 100644 ---- a/src/libpriv/rpmostree-postprocess.c -+++ b/src/libpriv/rpmostree-postprocess.c -@@ -654,10 +654,7 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, - - name = dent->d_name; - if (renameat (dfd_iter.fd, name, etc_selinux_dfd, name) != 0) -- { -- glnx_set_error_from_errno (error); -- return FALSE; -- } -+ return glnx_throw_errno_prefix (error, "rename(%s)", name); - } - - return TRUE; -@@ -794,12 +791,18 @@ create_rootfs_from_yumroot_content (int target_root_dfd, - - /* NSS configuration to look at the new files */ - if (!replace_nsswitch (src_rootfs_fd, cancellable, error)) -- goto out; -+ { -+ g_prefix_error (error, "nsswitch replacement: "); -+ goto out; -+ } - - if (selinux) - { - if (!postprocess_selinux_policy_store_location (src_rootfs_fd, cancellable, error)) -- goto out; -+ { -+ g_prefix_error (error, "SELinux postprocess: "); -+ goto out; -+ } - } - - /* We take /usr from the yum content */ -@@ -1615,17 +1618,15 @@ rpmostree_prepare_rootfs_for_commit (int workdir_dfd, - glnx_fd_close int target_root_dfd = -1; - - if (mkdirat (workdir_dfd, temp_new_root, 0755) < 0) -- { -- glnx_set_error_from_errno (error); -- return FALSE; -- } -+ return glnx_throw_errno_prefix (error, "creating %s", temp_new_root); -+ - if (!glnx_opendirat (workdir_dfd, temp_new_root, TRUE, - &target_root_dfd, error)) - return FALSE; - - if (!create_rootfs_from_yumroot_content (target_root_dfd, *inout_rootfs_fd, treefile, - cancellable, error)) -- return FALSE; -+ return glnx_prefix_error (error, "Finalizing rootfs"); - - (void) close (*inout_rootfs_fd); - -@@ -1634,10 +1635,7 @@ rpmostree_prepare_rootfs_for_commit (int workdir_dfd, - - if (TEMP_FAILURE_RETRY (renameat (workdir_dfd, temp_new_root, - workdir_dfd, rootfs_name)) != 0) -- { -- glnx_set_error_from_errno (error); -- return FALSE; -- } -+ return glnx_throw_errno_prefix (error, "rename(%s, %s)", temp_new_root, rootfs_name); - - *inout_rootfs_fd = target_root_dfd; - target_root_dfd = -1; /* Transfer ownership */ --- -2.13.0 - diff --git a/SOURCES/0002-postprocess-use-glnx_throw-helpers-to-add-details.patch b/SOURCES/0002-postprocess-use-glnx_throw-helpers-to-add-details.patch deleted file mode 100644 index 8c25193..0000000 --- a/SOURCES/0002-postprocess-use-glnx_throw-helpers-to-add-details.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 4a5e9c3086da507f7be9bdf84b17aaaca4d18ad7 Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Thu, 15 Jun 2017 13:20:34 -0400 -Subject: [PATCH 2/4] postprocess: use glnx_throw helpers to add details - -Closes: #831 -Approved by: cgwalters ---- - src/libpriv/rpmostree-postprocess.c | 20 ++++---------------- - 1 file changed, 4 insertions(+), 16 deletions(-) - -diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c -index db24c70..77ad66a 100644 ---- a/src/libpriv/rpmostree-postprocess.c -+++ b/src/libpriv/rpmostree-postprocess.c -@@ -595,10 +595,7 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, - if (fstatat (rootfs_dfd, var_policy_location, &stbuf, 0) != 0) - { - if (errno != ENOENT) -- { -- glnx_set_error_from_errno (error); -- return FALSE; -- } -+ return glnx_throw_errno_prefix (error, "fstat(%s)", modules_location); - - /* Okay, this is probably CentOS 7, or maybe we have a build of - * selinux-policy with the path moved back into /etc (or maybe it's -@@ -615,28 +612,19 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, - orig_contents = glnx_file_get_contents_utf8_at (rootfs_dfd, semanage_path, NULL, - cancellable, error); - if (orig_contents == NULL) -- { -- g_prefix_error (error, "Opening %s: ", semanage_path); -- return FALSE; -- } -+ return glnx_prefix_error (error, "Opening %s:", semanage_path); - - contents = g_strconcat (orig_contents, "\nstore-root=/etc/selinux\n", NULL); - - if (!glnx_file_replace_contents_at (rootfs_dfd, semanage_path, - (guint8*)contents, -1, 0, - cancellable, error)) -- { -- g_prefix_error (error, "Replacing %s: ", semanage_path); -- return FALSE; -- } -+ return glnx_prefix_error (error, "Replacing %s:", semanage_path); - } - - etc_policy_location = glnx_strjoina ("etc/selinux/", name); - if (!glnx_opendirat (rootfs_dfd, etc_policy_location, TRUE, &etc_selinux_dfd, error)) -- { -- g_prefix_error (error, "Opening %s: ", etc_policy_location); -- return FALSE; -- } -+ return glnx_prefix_error (error, "Opening %s:", etc_policy_location); - - if (!glnx_dirfd_iterator_init_at (rootfs_dfd, var_policy_location, TRUE, &dfd_iter, error)) - return FALSE; --- -2.13.0 - diff --git a/SOURCES/0003-postprocess-stronger-handling-for-sepolicy-in-var.patch b/SOURCES/0003-postprocess-stronger-handling-for-sepolicy-in-var.patch deleted file mode 100644 index 4254ced..0000000 --- a/SOURCES/0003-postprocess-stronger-handling-for-sepolicy-in-var.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 943138b13254eae339afe47eeccfef5c5f01e2de Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Thu, 15 Jun 2017 13:21:01 -0400 -Subject: [PATCH 3/4] postprocess: stronger handling for sepolicy in /var - -We shouldn't just check that the "targeted" dir exists, but rather that -the actual directory where the modules are stored exists. This fixes a -regression on RHEL in which the new selinux-policy-targeted lists some -%ghost files under /var/lib/selinux and as a result think that the -policy is in /var. - -Closes: #831 -Approved by: cgwalters ---- - src/libpriv/rpmostree-postprocess.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c -index 77ad66a..8252f41 100644 ---- a/src/libpriv/rpmostree-postprocess.c -+++ b/src/libpriv/rpmostree-postprocess.c -@@ -592,7 +592,8 @@ postprocess_selinux_policy_store_location (int rootfs_dfd, - return TRUE; - - var_policy_location = glnx_strjoina ("var/lib/selinux/", name); -- if (fstatat (rootfs_dfd, var_policy_location, &stbuf, 0) != 0) -+ const char *modules_location = glnx_strjoina (var_policy_location, "/active/modules"); -+ if (fstatat (rootfs_dfd, modules_location, &stbuf, 0) != 0) - { - if (errno != ENOENT) - return glnx_throw_errno_prefix (error, "fstat(%s)", modules_location); --- -2.13.0 - diff --git a/SOURCES/0004-postprocess-always-nuke-var-run.patch b/SOURCES/0004-postprocess-always-nuke-var-run.patch deleted file mode 100644 index 50fb8dc..0000000 --- a/SOURCES/0004-postprocess-always-nuke-var-run.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 57cf8d9bc0448abcb7f395d2a175be6b6373a569 Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Thu, 15 Jun 2017 13:35:36 -0400 -Subject: [PATCH 4/4] postprocess: always nuke /var/run - -If `/var/run` exists, it will be a dir, so we'll fail the `unlinkat` -with `EISDIR`. Let's just explicitly nuke it. - -Closes: #831 -Approved by: cgwalters ---- - src/libpriv/rpmostree-postprocess.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c -index 8252f41..094e7b8 100644 ---- a/src/libpriv/rpmostree-postprocess.c -+++ b/src/libpriv/rpmostree-postprocess.c -@@ -329,7 +329,6 @@ convert_var_to_tmpfiles_d (int src_rootfs_dfd, - * runtime. (And really both in CentOS and Fedora) - */ - const char *known_state_files[] = { -- "run", /* We never want to traverse into /run when making tmpfiles since it's a tmpfs */ - "lib/systemd/random-seed", /* https://bugzilla.redhat.com/show_bug.cgi?id=789407 */ - "lib/systemd/catalog/database", - "lib/plymouth/boot-duration", -@@ -340,6 +339,10 @@ convert_var_to_tmpfiles_d (int src_rootfs_dfd, - if (!glnx_opendirat (src_rootfs_dfd, "var", TRUE, &var_dfd, error)) - return FALSE; - -+ /* We never want to traverse into /run when making tmpfiles since it's a tmpfs */ -+ if (!glnx_shutil_rm_rf_at (var_dfd, "run", cancellable, error)) -+ return FALSE; -+ - /* Here, delete some files ahead of time to avoid emitting warnings - * for things that are known to be harmless. - */ -@@ -349,7 +352,7 @@ convert_var_to_tmpfiles_d (int src_rootfs_dfd, - if (unlinkat (var_dfd, path, 0) < 0) - { - if (errno != ENOENT) -- return glnx_throw_errno_prefix (error, "unlinkat"); -+ return glnx_throw_errno_prefix (error, "unlinkat(%s)", path); - } - } - --- -2.13.0 - diff --git a/SPECS/rpm-ostree-client.spec b/SPECS/rpm-ostree-client.spec index 6d36a94..b0f6a9c 100644 --- a/SPECS/rpm-ostree-client.spec +++ b/SPECS/rpm-ostree-client.spec @@ -1,8 +1,8 @@ %global bubblewrap_version 0.1.8 Summary: Client side upgrade program Name: rpm-ostree-client -Version: 2017.6 -Release: 6.atomic%{?dist} +Version: 2017.9 +Release: 1.atomic%{?dist} #VCS: https://github.com/cgwalters/rpm-ostree # This tarball is generated via "make -f Makefile.dist-packaging dist-snapshot-without-compose-tooling" Source0: rpm-ostree-client-%{version}.tar.xz @@ -10,13 +10,6 @@ License: LGPLv2+ URL: https://github.com/projectatomic/rpm-ostree Source1: https://github.com/projectatomic/bubblewrap/releases/download/v%{bubblewrap_version}/bubblewrap-%{bubblewrap_version}.tar.xz -Patch0: 0001-treecompose-Add-various-g_prefix_error.patch -Patch1: 0002-postprocess-use-glnx_throw-helpers-to-add-details.patch -Patch2: 0003-postprocess-stronger-handling-for-sepolicy-in-var.patch -Patch3: 0004-postprocess-always-nuke-var-run.patch -Patch4: 0001-core-only-update-repos-enabled-for-packages.patch -Patch5: 0001-rollback-allow-users-to-undo-a-rollback.patch - Requires: ostree-fuse # We always run autogen.sh @@ -25,9 +18,10 @@ BuildRequires: autoconf automake libtool git BuildRequires: chrpath BuildRequires: gtk-doc BuildRequires: gnome-common -BuildRequires: gobject-introspection-devel +BuildRequires: /usr/bin/g-ir-scanner # Core requirements -BuildRequires: pkgconfig(ostree-1) >= 2017.6 +BuildRequires: pkgconfig(ostree-1) >= 2017.11 +BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(rpm) BuildRequires: pkgconfig(libarchive) @@ -90,6 +84,7 @@ rm $RPM_BUILD_ROOT/%{_includedir} -rf rm $RPM_BUILD_ROOT/%{_libdir}/pkgconfig -rf rm $RPM_BUILD_ROOT/%{_datadir}/gtk-doc/html -rf rm $RPM_BUILD_ROOT/%{_datadir}/gir-1.0 -rf +rm $RPM_BUILD_ROOT/%{_datadir}/dbus-1/interfaces -rf # I try to do continuous delivery via rpmdistro-gitoverlay while # reusing the existing spec files. Currently RPM only supports @@ -122,12 +117,17 @@ python autofiles.py > files \ '%{_sysconfdir}/dbus-1/system.d/*' \ '%{_prefix}/lib/systemd/system/*' \ '%{_libexecdir}/rpm-ostree*' \ + '%{_datadir}/polkit-1/actions/*.policy' \ '%{_datadir}/dbus-1/system-services' %files -f files %doc COPYING README.md %changelog +* Mon Sep 25 2017 Jonathan Lebon - 2017.9-1.atomic +- New upstream release +- Resolves: #1494120 + * Tue Aug 08 2017 Jonathan Lebon - 2017.6-6.atomic - Backport fix to allow rollback more than once - Resolves: #1478083