diff --git a/0018-conf-Add-usr_drift_protected_paths.patch b/0018-conf-Add-usr_drift_protected_paths.patch new file mode 100644 index 0000000..a22d485 --- /dev/null +++ b/0018-conf-Add-usr_drift_protected_paths.patch @@ -0,0 +1,66 @@ +From fd638c7b0110547da1ea7ea994f695078db603a1 Mon Sep 17 00:00:00 2001 +From: Evan Goode +Date: Wed, 28 May 2025 20:39:20 +0000 +Subject: [PATCH 3/3] conf: Add usr_drift_protected_paths + +Adds the `usr_drift_protected_paths` configuration option which can be +configured by adding .conf files to the drop-in directory +/etc/dnf/usr-drift-protected-paths.d, similar to /etc/dnf/protected.d. +Distributions will be able to add paths that are known to cause problems +when their contents drift with respect to /usr, e.g. /etc/pam.d. + +For https://github.com/rpm-software-management/dnf/issues/2199. +--- + libdnf/conf/ConfigMain.cpp | 9 +++++++++ + libdnf/conf/ConfigMain.hpp | 1 + + 2 files changed, 10 insertions(+) + +diff --git a/libdnf/conf/ConfigMain.cpp b/libdnf/conf/ConfigMain.cpp +index b58b2f47..fac8bbee 100644 +--- a/libdnf/conf/ConfigMain.cpp ++++ b/libdnf/conf/ConfigMain.cpp +@@ -293,6 +293,8 @@ class ConfigMain::Impl { + OptionBool countme{false}; + OptionBool protect_running_kernel{true}; + ++ OptionStringList usr_drift_protected_paths{resolveGlobs("glob:/etc/dnf/usr-drift-protected-paths.d/*.conf")}; ++ + // Repo main config + + OptionNumber retries{10}; +@@ -460,6 +462,12 @@ ConfigMain::Impl::Impl(Config & owner) + owner.optBinds().add("countme", countme); + owner.optBinds().add("protect_running_kernel", protect_running_kernel); + owner.optBinds().add("persistence", persistence); ++ owner.optBinds().add("usr_drift_protected_paths", usr_drift_protected_paths, ++ [&](Option::Priority priority, const std::string & value){ ++ if (priority >= usr_drift_protected_paths.getPriority()) ++ usr_drift_protected_paths.set(priority, resolveGlobs(value)); ++ }, nullptr, false ++ ); + + // Repo main config + +@@ -616,6 +624,7 @@ OptionString & ConfigMain::comment() { return pImpl->comment; } + OptionBool & ConfigMain::downloadonly() { return pImpl->downloadonly; } + OptionBool & ConfigMain::ignorearch() { return pImpl->ignorearch; } + OptionEnum & ConfigMain::persistence() { return pImpl->persistence; } ++OptionStringList & ConfigMain::usr_drift_protected_paths() { return pImpl->usr_drift_protected_paths; } + + OptionString & ConfigMain::module_platform_id() { return pImpl->module_platform_id; } + OptionBool & ConfigMain::module_stream_switch() { return pImpl->module_stream_switch; } +diff --git a/libdnf/conf/ConfigMain.hpp b/libdnf/conf/ConfigMain.hpp +index af6496f3..b9d68939 100644 +--- a/libdnf/conf/ConfigMain.hpp ++++ b/libdnf/conf/ConfigMain.hpp +@@ -126,6 +126,7 @@ public: + OptionBool & downloadonly(); + OptionBool & ignorearch(); + OptionEnum & persistence(); ++ OptionStringList & usr_drift_protected_paths(); + + OptionString & module_platform_id(); + OptionBool & module_stream_switch(); +-- +2.49.0 + diff --git a/libdnf.spec b/libdnf.spec index b72fd6c..2dbd2a2 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -78,6 +78,7 @@ Patch14: 0014-conf-Improve-granularity-of-ConfigParser-exceptions.patch Patch15: 0015-module-Warn-if-module-config-file-is-inaccessible.patch Patch16: 0016-history-DB-Add-persistence-column.patch Patch17: 0017-MergedTransaction-listPersistences.patch +Patch18: 0018-conf-Add-usr_drift_protected_paths.patch BuildRequires: cmake BuildRequires: gcc @@ -323,6 +324,7 @@ popd %changelog * Tue Jun 24 2025 Evan Goode - 0.73.1-11 - history DB: Add "persistence" column (RHEL-99825) +- conf: Add bootc_unsafe_paths (RHEL-99826) * Thu Mar 20 2025 Marek Blaha - 0.73.1-10 - module: Warn if module config file is inaccessible (RHEL-83804)