From 01a7163c2303e83bf5f6f9683797a24569e45a77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Tue, 23 Jul 2024 12:30:13 +0200 Subject: [PATCH] More specific error message on a locked OSTree system or a bootc system without a usr-overlay Resolves: RHEL-49671 --- ...r-ostree-based-systems-and-warn-user.patch | 95 ++++++++++++++++ ...pdate-ostree-bootc-host-system-check.patch | 104 ++++++++++++++++++ ...hosts-message-to-point-to-bootc-help.patch | 29 +++++ dnf.spec | 5 + 4 files changed, 233 insertions(+) create mode 100644 0006-Add-detection-for-ostree-based-systems-and-warn-user.patch create mode 100644 0007-Update-ostree-bootc-host-system-check.patch create mode 100644 0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch diff --git a/0006-Add-detection-for-ostree-based-systems-and-warn-user.patch b/0006-Add-detection-for-ostree-based-systems-and-warn-user.patch new file mode 100644 index 0000000..5c3a745 --- /dev/null +++ b/0006-Add-detection-for-ostree-based-systems-and-warn-user.patch @@ -0,0 +1,95 @@ +From 5c050ba2324c5fb95bf0e0501c7925f38f6a09dc Mon Sep 17 00:00:00 2001 +From: David Cantrell +Date: Thu, 15 Feb 2024 14:03:32 -0500 +Subject: [PATCH] Add detection for ostree-based systems and warn users about + losing changes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +On ostree-based systems, users can use dnf to customize the +environment but those changes will be lost at the next ostree-based +image update. If you want to retain changes between ostree-updates +you need to make use of rpm-ostree right now. + +Signed-off-by: David Cantrell +Signed-off-by: Petr Písař +--- + dnf/cli/cli.py | 9 +++++++++ + dnf/util.py | 31 +++++++++++++++++++++++++++++++ + 2 files changed, 40 insertions(+) + +diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py +index 1824bd00e..c14f83639 100644 +--- a/dnf/cli/cli.py ++++ b/dnf/cli/cli.py +@@ -214,6 +214,15 @@ class BaseCli(dnf.Base): + elif 'test' in self.conf.tsflags: + logger.info(_("{prog} will only download packages, install gpg keys, and check the " + "transaction.").format(prog=dnf.util.MAIN_PROG_UPPER)) ++ if dnf.util.is_container(): ++ _container_msg = _(""" ++*** This system is managed with ostree. Changes to the system ++*** made with dnf will be lost with the next ostree-based update. ++*** If you do not want to lose these changes, use 'rpm-ostree'. ++""") ++ logger.info(_container_msg) ++ raise CliError(_("Operation aborted.")) ++ + if self._promptWanted(): + if self.conf.assumeno or not self.output.userconfirm(): + raise CliError(_("Operation aborted.")) +diff --git a/dnf/util.py b/dnf/util.py +index 6cd7ad41f..1b465bda5 100644 +--- a/dnf/util.py ++++ b/dnf/util.py +@@ -33,11 +33,13 @@ import errno + import functools + import hawkey + import itertools ++import json + import locale + import logging + import os + import pwd + import shutil ++import subprocess + import sys + import tempfile + import time +@@ -639,3 +641,32 @@ def _is_file_pattern_present(specs): + if subj._filename_pattern: + return True + return False ++ ++ ++def is_container(): ++ """Returns true is the system is managed as an immutable container, ++ false otherwise. If msg is True, a warning message is displayed ++ for the user. ++ """ ++ ++ bootc = '/usr/bin/bootc' ++ ostree = '/sysroot/ostree' ++ ++ if os.path.isfile(bootc) and os.access(bootc, os.X_OK): ++ p = subprocess.Popen([bootc, "status", "--json"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) ++ (out, err) = p.communicate() ++ ++ if p.returncode == 0: ++ # check the output of 'bootc status' ++ j = json.loads(out) ++ ++ # XXX: the API from bootc status is evolving ++ status = j.get("status", "") ++ kind = j.get("kind", "") ++ ++ if kind.lower() == "bootchost" and bool(status.get("isContainer", None)): ++ return True ++ elif os.path.isdir(ostree): ++ return True ++ ++ return False +-- +2.45.2 + diff --git a/0007-Update-ostree-bootc-host-system-check.patch b/0007-Update-ostree-bootc-host-system-check.patch new file mode 100644 index 0000000..1200385 --- /dev/null +++ b/0007-Update-ostree-bootc-host-system-check.patch @@ -0,0 +1,104 @@ +From 6120fe52511775b60b6031d4169988c025610ab5 Mon Sep 17 00:00:00 2001 +From: Joseph Marrero +Date: Tue, 16 Jul 2024 15:48:41 -0400 +Subject: [PATCH] Update ostree/bootc host system check. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This changes the is_container() func for _is_bootc_host() +and updates the logic and message. This should detect on +all ostree and bootc hosts to date that are not using +bootc usroverlay or ostree admin unlock for development +purposes. + +resolves: #RHEL-49670, RHEL-49671 +Signed-off-by: Petr Písař +--- + dnf/cli/cli.py | 11 +++++------ + dnf/util.py | 32 ++++++++------------------------ + 2 files changed, 13 insertions(+), 30 deletions(-) + +diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py +index c14f83639..83b190026 100644 +--- a/dnf/cli/cli.py ++++ b/dnf/cli/cli.py +@@ -214,13 +214,12 @@ class BaseCli(dnf.Base): + elif 'test' in self.conf.tsflags: + logger.info(_("{prog} will only download packages, install gpg keys, and check the " + "transaction.").format(prog=dnf.util.MAIN_PROG_UPPER)) +- if dnf.util.is_container(): +- _container_msg = _(""" +-*** This system is managed with ostree. Changes to the system +-*** made with dnf will be lost with the next ostree-based update. +-*** If you do not want to lose these changes, use 'rpm-ostree'. ++ if dnf.util._is_bootc_host(): ++ _bootc_host_msg = _(""" ++*** Error: system is configured to be read-only; for more ++*** information run `bootc status` or `ostree admin status`. + """) +- logger.info(_container_msg) ++ logger.info(_bootc_host_msg) + raise CliError(_("Operation aborted.")) + + if self._promptWanted(): +diff --git a/dnf/util.py b/dnf/util.py +index 1b465bda5..0327321ca 100644 +--- a/dnf/util.py ++++ b/dnf/util.py +@@ -33,13 +33,11 @@ import errno + import functools + import hawkey + import itertools +-import json + import locale + import logging + import os + import pwd + import shutil +-import subprocess + import sys + import tempfile + import time +@@ -643,30 +641,16 @@ def _is_file_pattern_present(specs): + return False + + +-def is_container(): ++def _is_bootc_host(): + """Returns true is the system is managed as an immutable container, + false otherwise. If msg is True, a warning message is displayed + for the user. + """ ++ ostree_booted = '/run/ostree-booted' ++ usr = '/usr/' ++ # Check if usr is writtable and we are in a running ostree system. ++ # We want this code to return true only when the system is in locked state. If someone ran ++ # bootc overlay or ostree admin unlock we would want normal DNF path to be ran as it will be ++ # temporary changes (until reboot). ++ return os.path.isfile(ostree_booted) and not os.access(usr, os.W_OK) + +- bootc = '/usr/bin/bootc' +- ostree = '/sysroot/ostree' +- +- if os.path.isfile(bootc) and os.access(bootc, os.X_OK): +- p = subprocess.Popen([bootc, "status", "--json"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +- (out, err) = p.communicate() +- +- if p.returncode == 0: +- # check the output of 'bootc status' +- j = json.loads(out) +- +- # XXX: the API from bootc status is evolving +- status = j.get("status", "") +- kind = j.get("kind", "") +- +- if kind.lower() == "bootchost" and bool(status.get("isContainer", None)): +- return True +- elif os.path.isdir(ostree): +- return True +- +- return False +-- +2.45.2 + diff --git a/0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch b/0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch new file mode 100644 index 0000000..12376c4 --- /dev/null +++ b/0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch @@ -0,0 +1,29 @@ +From e2535589ce16bc36b96b37369502a3c312f6056a Mon Sep 17 00:00:00 2001 +From: Joseph Marrero +Date: Mon, 22 Jul 2024 15:33:32 -0400 +Subject: [PATCH] Update bootc hosts message to point to bootc --help +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + dnf/cli/cli.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py +index 83b190026..0eda2c8cb 100644 +--- a/dnf/cli/cli.py ++++ b/dnf/cli/cli.py +@@ -217,7 +217,7 @@ class BaseCli(dnf.Base): + if dnf.util._is_bootc_host(): + _bootc_host_msg = _(""" + *** Error: system is configured to be read-only; for more +-*** information run `bootc status` or `ostree admin status`. ++*** information run `bootc --help`. + """) + logger.info(_bootc_host_msg) + raise CliError(_("Operation aborted.")) +-- +2.45.2 + diff --git a/dnf.spec b/dnf.spec index b341f37..4f74115 100644 --- a/dnf.spec +++ b/dnf.spec @@ -79,6 +79,9 @@ Patch2: 0002-Limit-queries-to-nevra-forms-when-provided-by-comman.patch Patch3: 0003-doc-Remove-provide-of-spec-definition-for-repoquery-.patch Patch4: 0004-Drop-collect-file-for-ABRT.patch Patch5: 0005-tests-Use-PGP-keys-without-SHA-1.patch +Patch6: 0006-Add-detection-for-ostree-based-systems-and-warn-user.patch +Patch7: 0007-Update-ostree-bootc-host-system-check.patch +Patch8: 0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch BuildArch: noarch BuildRequires: cmake BuildRequires: gettext @@ -421,6 +424,8 @@ popd %changelog * Tue Jul 23 2024 Petr Pisar - 4.20.0-5 - Adapt the tests to a crypto policy without SHA-1 (RHEL-50218) +- More specific error message on a locked OSTree system or a bootc system + without a usr-overlay (RHEL-49671). * Mon Jun 24 2024 Troy Dawson - 4.20.0-4 - Bump release for June 2024 mass rebuild