rpms/libdnf
6
0
Fork 0
Code Issues Pull Requests Releases Activity

conf: Add bootc_unsafe_paths

Browse Source 
Resolves: RHEL-99826
This commit is contained in:
Evan Goode 2025-06-24 21:03:32 +00:00
parent ff89fe4bf9
commit 77045573f2
2 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
0018-conf-Add-usr_drift_protected_paths.patch Normal file
View File

@ -0,0 +1,66 @@
From fd638c7b0110547da1ea7ea994f695078db603a1 Mon Sep 17 00:00:00 2001
From: Evan Goode <mail@evangoo.de>
Date: Wed, 28 May 2025 20:39:20 +0000
Subject: [PATCH 3/3] conf: Add usr_drift_protected_paths
Adds the `usr_drift_protected_paths` configuration option which can be
configured by adding .conf files to the drop-in directory
/etc/dnf/usr-drift-protected-paths.d, similar to /etc/dnf/protected.d.
Distributions will be able to add paths that are known to cause problems
when their contents drift with respect to /usr, e.g. /etc/pam.d.
For https://github.com/rpm-software-management/dnf/issues/2199.
---
libdnf/conf/ConfigMain.cpp | 9 +++++++++
libdnf/conf/ConfigMain.hpp | 1 +
2 files changed, 10 insertions(+)
diff --git a/libdnf/conf/ConfigMain.cpp b/libdnf/conf/ConfigMain.cpp
index b58b2f47..fac8bbee 100644
--- a/libdnf/conf/ConfigMain.cpp
+++ b/libdnf/conf/ConfigMain.cpp
@@ -293,6 +293,8 @@ class ConfigMain::Impl {
OptionBool countme{false};
OptionBool protect_running_kernel{true};
+ OptionStringList usr_drift_protected_paths{resolveGlobs("glob:/etc/dnf/usr-drift-protected-paths.d/*.conf")};
+
// Repo main config
OptionNumber<std::uint32_t> retries{10};
@@ -460,6 +462,12 @@ ConfigMain::Impl::Impl(Config & owner)
owner.optBinds().add("countme", countme);
owner.optBinds().add("protect_running_kernel", protect_running_kernel);
owner.optBinds().add("persistence", persistence);
+ owner.optBinds().add("usr_drift_protected_paths", usr_drift_protected_paths,
+ [&](Option::Priority priority, const std::string & value){
+ if (priority >= usr_drift_protected_paths.getPriority())
+ usr_drift_protected_paths.set(priority, resolveGlobs(value));
+ }, nullptr, false
+ );
// Repo main config
@@ -616,6 +624,7 @@ OptionString & ConfigMain::comment() { return pImpl->comment; }
OptionBool & ConfigMain::downloadonly() { return pImpl->downloadonly; }
OptionBool & ConfigMain::ignorearch() { return pImpl->ignorearch; }
OptionEnum<std::string> & ConfigMain::persistence() { return pImpl->persistence; }
+OptionStringList & ConfigMain::usr_drift_protected_paths() { return pImpl->usr_drift_protected_paths; }
OptionString & ConfigMain::module_platform_id() { return pImpl->module_platform_id; }
OptionBool & ConfigMain::module_stream_switch() { return pImpl->module_stream_switch; }
diff --git a/libdnf/conf/ConfigMain.hpp b/libdnf/conf/ConfigMain.hpp
index af6496f3..b9d68939 100644
--- a/libdnf/conf/ConfigMain.hpp
+++ b/libdnf/conf/ConfigMain.hpp
@@ -126,6 +126,7 @@ public:
OptionBool & downloadonly();
OptionBool & ignorearch();
OptionEnum<std::string> & persistence();
+ OptionStringList & usr_drift_protected_paths();
OptionString & module_platform_id();
OptionBool & module_stream_switch();
--
2.49.0

2
libdnf.spec
View File

@ -78,6 +78,7 @@ Patch14: 0014-conf-Improve-granularity-of-ConfigParser-exceptions.patch
Patch15: 0015-module-Warn-if-module-config-file-is-inaccessible.patch
Patch16: 0016-history-DB-Add-persistence-column.patch
Patch17: 0017-MergedTransaction-listPersistences.patch
Patch18: 0018-conf-Add-usr_drift_protected_paths.patch
BuildRequires: cmake
BuildRequires: gcc
@ -323,6 +324,7 @@ popd
%changelog
* Tue Jun 24 2025 Evan Goode <egoode@redhat.com> - 0.73.1-11
- history DB: Add "persistence" column (RHEL-99825)
- conf: Add bootc_unsafe_paths (RHEL-99826)
* Thu Mar 20 2025 Marek Blaha <mblaha@redhat.com> - 0.73.1-10
- module: Warn if module config file is inaccessible (RHEL-83804)