From 68a1444bcb0b4a83d0ae3980d569170f9456492b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jan 2024 15:52:38 -0500 Subject: [PATCH] Backport https://github.com/ostreedev/ostree/pull/3129/commits/a1c1c0b500d23ff129adbfe9486a067788b24969 To aid https://github.com/coreos/fedora-coreos-config/pull/2783 --- ...-composefs-ostree-admin-unlock-hotfi.patch | 53 +++++++++++++++++++ ostree.spec | 4 ++ 2 files changed, 57 insertions(+) create mode 100644 0001-prepare-root-Fix-composefs-ostree-admin-unlock-hotfi.patch diff --git a/0001-prepare-root-Fix-composefs-ostree-admin-unlock-hotfi.patch b/0001-prepare-root-Fix-composefs-ostree-admin-unlock-hotfi.patch new file mode 100644 index 0000000..a408a73 --- /dev/null +++ b/0001-prepare-root-Fix-composefs-ostree-admin-unlock-hotfi.patch @@ -0,0 +1,53 @@ +From a1c1c0b500d23ff129adbfe9486a067788b24969 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Wed, 3 Jan 2024 14:01:38 -0500 +Subject: [PATCH] prepare-root: Fix composefs + ostree admin unlock --hotfix + compat + +There's a test case for `ostree admin unlock --hotfix` that +runs in FCOS, not here; it breaks when enabling composefs. + +The reason is because the composefs is mounted readonly, and +we tried to remount it writable. Instead of trying to remount +the rootfs writable at this point forcibly, honor the +*real* sysroot readonly state flag from the underlying FS before +we mounted the composefs. + +Note that in FCOS derivatives we always have the root mounted +writable via `rw` on the kernel cmdline and this is the default +general expectation now with ostree usage. +--- + src/switchroot/ostree-prepare-root.c | 17 +++++------------ + 1 file changed, 5 insertions(+), 12 deletions(-) + +diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c +index 1a0539e1..d7c44e97 100644 +--- a/src/switchroot/ostree-prepare-root.c ++++ b/src/switchroot/ostree-prepare-root.c +@@ -639,18 +639,11 @@ main (int argc, char *argv[]) + const char usr_ovl_options[] + = "lowerdir=" TMP_SYSROOT "/usr,upperdir=.usr-ovl-upper,workdir=.usr-ovl-work"; + +- /* Except overlayfs barfs if we try to mount it on a read-only +- * filesystem. For this use case I think admins are going to be +- * okay if we remount the rootfs here, rather than waiting until +- * later boot and `systemd-remount-fs.service`. +- */ +- if (path_is_on_readonly_fs (TMP_SYSROOT)) +- { +- if (mount (TMP_SYSROOT, TMP_SYSROOT, NULL, MS_REMOUNT | MS_SILENT, NULL) < 0) +- err (EXIT_FAILURE, "failed to remount rootfs writable (for overlayfs)"); +- } +- +- if (mount ("overlay", TMP_SYSROOT "/usr", "overlay", MS_SILENT, usr_ovl_options) < 0) ++ unsigned long mflags = MS_SILENT; ++ // Propagate readonly state ++ if (!sysroot_currently_writable) ++ mflags |= MS_RDONLY; ++ if (mount ("overlay", TMP_SYSROOT "/usr", "overlay", mflags, usr_ovl_options) < 0) + err (EXIT_FAILURE, "failed to mount /usr overlayfs"); + } + else if (!using_composefs) +-- +2.41.0 + diff --git a/ostree.spec b/ostree.spec index 5940164..791e8cb 100644 --- a/ostree.spec +++ b/ostree.spec @@ -18,6 +18,10 @@ Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libo License: LGPL-2.0-or-later URL: https://ostree.readthedocs.io/en/latest/ +# Backport https://github.com/ostreedev/ostree/pull/3129/commits/a1c1c0b500d23ff129adbfe9486a067788b24969 +# To aid https://github.com/coreos/fedora-coreos-config/pull/2783 +Patch0: 0001-prepare-root-Fix-composefs-ostree-admin-unlock-hotfi.patch + # Conditional to ELN right now to reduce blast radius; xref # https://github.com/containers/composefs/pull/229#issuecomment-1838735764 %if 0%{?rhel} >= 10