More specific error message on a locked OSTree system or a bootc system without a usr-overlay

Resolves: RHEL-49671
2024-07-23 12:30:13 +02:00 · 2024-07-23 12:30:13 +02:00 · 01a7163c23
commit 01a7163c23
parent 495dc3fa5f
4 changed files with 233 additions and 0 deletions
--- a/0006-Add-detection-for-ostree-based-systems-and-warn-user.patch
+++ b/0006-Add-detection-for-ostree-based-systems-and-warn-user.patch
@ -0,0 +1,95 @@
 From 5c050ba2324c5fb95bf0e0501c7925f38f6a09dc Mon Sep 17 00:00:00 2001
 From: David Cantrell <dcantrell@redhat.com>
 Date: Thu, 15 Feb 2024 14:03:32 -0500
 Subject: [PATCH] Add detection for ostree-based systems and warn users about
 losing changes
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 On ostree-based systems, users can use dnf to customize the
 environment but those changes will be lost at the next ostree-based
 image update.  If you want to retain changes between ostree-updates
 you need to make use of rpm-ostree right now.
 Signed-off-by: David Cantrell <dcantrell@redhat.com>
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 dnf/cli/cli.py |  9 +++++++++
 dnf/util.py    | 31 +++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)
 diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
 index 1824bd00e..c14f83639 100644
 --- a/dnf/cli/cli.py
 +++ b/dnf/cli/cli.py
@@ -214,6 +214,15 @@ class BaseCli(dnf.Base):
             elif 'test' in self.conf.tsflags:
                 logger.info(_("{prog} will only download packages, install gpg keys, and check the "
                               "transaction.").format(prog=dnf.util.MAIN_PROG_UPPER))
 +            if dnf.util.is_container():
 +                _container_msg = _("""
 +*** This system is managed with ostree.  Changes to the system
 +*** made with dnf will be lost with the next ostree-based update.
 +*** If you do not want to lose these changes, use 'rpm-ostree'.
 +""")
 +                logger.info(_container_msg)
 +                raise CliError(_("Operation aborted."))
 +
             if self._promptWanted():
                 if self.conf.assumeno or not self.output.userconfirm():
                     raise CliError(_("Operation aborted."))
 diff --git a/dnf/util.py b/dnf/util.py
 index 6cd7ad41f..1b465bda5 100644
 --- a/dnf/util.py
 +++ b/dnf/util.py
@@ -33,11 +33,13 @@ import errno
 import functools
 import hawkey
 import itertools
 +import json
 import locale
 import logging
 import os
 import pwd
 import shutil
 +import subprocess
 import sys
 import tempfile
 import time
@@ -639,3 +641,32 @@ def _is_file_pattern_present(specs):
         if subj._filename_pattern:
             return True
     return False
 +
 +
 +def is_container():
 +    """Returns true is the system is managed as an immutable container,
 +       false otherwise.  If msg is True, a warning message is displayed
 +       for the user.
 +    """
 +
 +    bootc = '/usr/bin/bootc'
 +    ostree = '/sysroot/ostree'
 +
 +    if os.path.isfile(bootc) and os.access(bootc, os.X_OK):
 +        p = subprocess.Popen([bootc, "status", "--json"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 +        (out, err) = p.communicate()
 +
 +        if p.returncode == 0:
 +            # check the output of 'bootc status'
 +            j = json.loads(out)
 +
 +            # XXX: the API from bootc status is evolving
 +            status = j.get("status", "")
 +            kind = j.get("kind", "")
 +
 +            if kind.lower() == "bootchost" and bool(status.get("isContainer", None)):
 +                return True
 +    elif os.path.isdir(ostree):
 +        return True
 +
 +    return False
 -- 
 2.45.2
--- a/0007-Update-ostree-bootc-host-system-check.patch
+++ b/0007-Update-ostree-bootc-host-system-check.patch
@ -0,0 +1,104 @@
 From 6120fe52511775b60b6031d4169988c025610ab5 Mon Sep 17 00:00:00 2001
 From: Joseph Marrero <jmarrero@redhat.com>
 Date: Tue, 16 Jul 2024 15:48:41 -0400
 Subject: [PATCH] Update ostree/bootc host system check.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 This changes the is_container() func for _is_bootc_host()
 and updates the logic and message. This should detect on
 all ostree and bootc hosts to date that are not using
 bootc usroverlay or ostree admin unlock for development
 purposes.
 resolves: #RHEL-49670, RHEL-49671
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 dnf/cli/cli.py | 11 +++++------
 dnf/util.py    | 32 ++++++++------------------------
 2 files changed, 13 insertions(+), 30 deletions(-)
 diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
 index c14f83639..83b190026 100644
 --- a/dnf/cli/cli.py
 +++ b/dnf/cli/cli.py
@@ -214,13 +214,12 @@ class BaseCli(dnf.Base):
             elif 'test' in self.conf.tsflags:
                 logger.info(_("{prog} will only download packages, install gpg keys, and check the "
                               "transaction.").format(prog=dnf.util.MAIN_PROG_UPPER))
 -            if dnf.util.is_container():
 -                _container_msg = _("""
 -*** This system is managed with ostree.  Changes to the system
 -*** made with dnf will be lost with the next ostree-based update.
 -*** If you do not want to lose these changes, use 'rpm-ostree'.
 +            if dnf.util._is_bootc_host():
 +                _bootc_host_msg = _("""
 +*** Error: system is configured to be read-only; for more
 +*** information run `bootc status` or `ostree admin status`.
 """)
 -                logger.info(_container_msg)
 +                logger.info(_bootc_host_msg)
                 raise CliError(_("Operation aborted."))
             if self._promptWanted():
 diff --git a/dnf/util.py b/dnf/util.py
 index 1b465bda5..0327321ca 100644
 --- a/dnf/util.py
 +++ b/dnf/util.py
@@ -33,13 +33,11 @@ import errno
 import functools
 import hawkey
 import itertools
 -import json
 import locale
 import logging
 import os
 import pwd
 import shutil
 -import subprocess
 import sys
 import tempfile
 import time
@@ -643,30 +641,16 @@ def _is_file_pattern_present(specs):
     return False
 -def is_container():
 +def _is_bootc_host():
     """Returns true is the system is managed as an immutable container,
        false otherwise.  If msg is True, a warning message is displayed
        for the user.
     """
 +    ostree_booted = '/run/ostree-booted'
 +    usr = '/usr/'
 +    # Check if usr is writtable and we are in a running ostree system.
 +    # We want this code to return true only when the system is in locked state. If someone ran
 +    # bootc overlay or ostree admin unlock we would want normal DNF path to be ran as it will be
 +    # temporary changes (until reboot).
 +    return os.path.isfile(ostree_booted) and not os.access(usr, os.W_OK)
 -    bootc = '/usr/bin/bootc'
 -    ostree = '/sysroot/ostree'
 -
 -    if os.path.isfile(bootc) and os.access(bootc, os.X_OK):
 -        p = subprocess.Popen([bootc, "status", "--json"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 -        (out, err) = p.communicate()
 -
 -        if p.returncode == 0:
 -            # check the output of 'bootc status'
 -            j = json.loads(out)
 -
 -            # XXX: the API from bootc status is evolving
 -            status = j.get("status", "")
 -            kind = j.get("kind", "")
 -
 -            if kind.lower() == "bootchost" and bool(status.get("isContainer", None)):
 -                return True
 -    elif os.path.isdir(ostree):
 -        return True
 -
 -    return False
 -- 
 2.45.2
--- a/0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch
+++ b/0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch
@ -0,0 +1,29 @@
 From e2535589ce16bc36b96b37369502a3c312f6056a Mon Sep 17 00:00:00 2001
 From: Joseph Marrero <jmarrero@redhat.com>
 Date: Mon, 22 Jul 2024 15:33:32 -0400
 Subject: [PATCH] Update bootc hosts message to point to bootc --help
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Signed-off-by: Petr Písař <ppisar@redhat.com>
 ---
 dnf/cli/cli.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
 index 83b190026..0eda2c8cb 100644
 --- a/dnf/cli/cli.py
 +++ b/dnf/cli/cli.py
@@ -217,7 +217,7 @@ class BaseCli(dnf.Base):
             if dnf.util._is_bootc_host():
                 _bootc_host_msg = _("""
 *** Error: system is configured to be read-only; for more
 -*** information run `bootc status` or `ostree admin status`.
 +*** information run `bootc --help`.
 """)
                 logger.info(_bootc_host_msg)
                 raise CliError(_("Operation aborted."))
 -- 
 2.45.2
--- a/dnf.spec
+++ b/dnf.spec
@ -79,6 +79,9 @@ Patch2:         0002-Limit-queries-to-nevra-forms-when-provided-by-comman.patch
 Patch3:         0003-doc-Remove-provide-of-spec-definition-for-repoquery-.patch
 Patch4:         0004-Drop-collect-file-for-ABRT.patch
 Patch5:         0005-tests-Use-PGP-keys-without-SHA-1.patch
 Patch6:         0006-Add-detection-for-ostree-based-systems-and-warn-user.patch
 Patch7:         0007-Update-ostree-bootc-host-system-check.patch
 Patch8:         0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch
 BuildArch:      noarch
 BuildRequires:  cmake
 BuildRequires:  gettext
@ -421,6 +424,8 @@ popd
 %changelog
 * Tue Jul 23 2024 Petr Pisar <ppisar@redhat.com> - 4.20.0-5
 - Adapt the tests to a crypto policy without SHA-1 (RHEL-50218)
 - More specific error message on a locked OSTree system or a bootc system
  without a usr-overlay (RHEL-49671).
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.20.0-4
 - Bump release for June 2024 mass rebuild