From c2487166b4bbcf37e27f1f7772bf8ace13dad152 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Fri, 14 Nov 2025 14:08:06 +0000
Subject: [PATCH] import CS ostree-2025.6-1.el10

---
 ...own.service-hide-sysroot-and-make-et.patch | 186 ++++++++++++++++++
 ostree.spec                                   |  13 +-
 2 files changed, 197 insertions(+), 2 deletions(-)
 create mode 100644 0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch

diff --git a/0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch b/0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
new file mode 100644
index 0000000..b32e571
--- /dev/null
+++ b/0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
@@ -0,0 +1,186 @@
+From d0c454c23637dceda6d7395dd2141b564e3efa47 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Thu, 28 Aug 2025 13:53:14 -0400
+Subject: [PATCH] Add ostree-shutdown.service: hide /sysroot and make /etc
+ read-only
+
+We have a lot of bind mounts; these are usually set up in the initramfs.
+So far during shutdown we've let systemd just try to sort things out
+via auto-generated mount units i.e. `sysroot.mount` and `etc.mount`
+and so on.
+
+systemd has some special casing for `-.mount` (i.e. `/`) and `etc.mount`
+https://github.com/systemd/systemd/blob/e91bfad241799b449df73efc30d833b9c5937001/src/shared/fstab-util.c#L72
+
+However it doesn't special case `/sysroot` - which is currently
+an ostree-specific invention (when used in the real root).
+We cannot actually unmount `/sysroot` while it's in use, and it
+is because `/etc` is a bind mount into it. And we can't tear
+down `/etc` because it's just expected that e.g. pid 1 and other
+things hold open references to it - until things finally
+transition into systemd-shutdown.
+
+What we can do though is explicitly detach it during the shutdown
+phase; this ensures that systemd won't try to clean it up then,
+suppressing errors about its inability to do so.
+
+While we're here, let's also remount `/etc` read-only; while
+systemd itself will try to do so during systemd-shutdown.
+Per comments if this service fails, it's a bug in something
+else to be fixed.
+
+Closes: https://github.com/ostreedev/ostree/issues/3513
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+ Makefile-boot.am                             |  2 +
+ src/boot/ostree-shutdown.service             | 22 ++++++++
+ src/libostree/ostree-impl-system-generator.c |  4 ++
+ src/switchroot/ostree-remount.c              | 57 ++++++++++++++++++++
+ 4 files changed, 85 insertions(+)
+ create mode 100644 src/boot/ostree-shutdown.service
+
+diff --git a/Makefile-boot.am b/Makefile-boot.am
+index 7b7cb892..e26c1816 100644
+--- a/Makefile-boot.am
++++ b/Makefile-boot.am
+@@ -38,6 +38,7 @@ endif
+ if BUILDOPT_SYSTEMD
+ systemdsystemunit_DATA = src/boot/ostree-prepare-root.service \
+ 	src/boot/ostree-remount.service \
++	src/boot/ostree-shutdown.service \
+ 	src/boot/ostree-boot-complete.service \
+ 	src/boot/ostree-finalize-staged.service \
+ 	src/boot/ostree-finalize-staged-hold.service \
+@@ -69,6 +70,7 @@ EXTRA_DIST += src/boot/dracut/module-setup.sh \
+ 	src/boot/ostree-boot-complete.service \
+ 	src/boot/ostree-prepare-root.service \
+ 	src/boot/ostree-remount.service \
++	src/boot/ostree-shutdown.service \
+ 	src/boot/ostree-finalize-staged.service \
+ 	src/boot/ostree-finalize-staged-hold.service \
+ 	src/boot/ostree-state-overlay@.service \
+diff --git a/src/boot/ostree-shutdown.service b/src/boot/ostree-shutdown.service
+new file mode 100644
+index 00000000..24919ec5
+--- /dev/null
++++ b/src/boot/ostree-shutdown.service
+@@ -0,0 +1,22 @@
++# SPDX-License-Identifier: LGPL-2.0+
++
++[Unit]
++Description=OSTree Shutdown
++Documentation=man:ostree(1)
++DefaultDependencies=no
++# Only enabled via generator, but for good measure
++ConditionKernelCommandLine=ostree
++# Run after core mounts
++RequiresMountsFor=/etc /sysroot
++# However, we want to only shut down after `/var` has been umounted.
++# Since this runs via ExecStop, this Before= is actually After= at shutdown
++Before=var.mount
++Conflicts=umount.target
++Before=umount.target
++
++[Service]
++Type=oneshot
++RemainAfterExit=yes
++ExecStop=/usr/lib/ostree/ostree-remount --shutdown
++
++# No [Install] section - we're only enabled via generator
+diff --git a/src/libostree/ostree-impl-system-generator.c b/src/libostree/ostree-impl-system-generator.c
+index f0116251..65f07fd5 100644
+--- a/src/libostree/ostree-impl-system-generator.c
++++ b/src/libostree/ostree-impl-system-generator.c
+@@ -108,6 +108,10 @@ require_internal_units (const char *normal_dir, const char *early_dir, const cha
+                  "local-fs.target.requires/ostree-remount.service")
+       < 0)
+     return glnx_throw_errno_prefix (error, "symlinkat");
++  if (symlinkat (SYSTEM_DATA_UNIT_PATH "/ostree-shutdown.service", normal_dir_dfd,
++                 "local-fs.target.wants/ostree-shutdown.service")
++      < 0)
++    return glnx_throw_errno_prefix (error, "symlinkat");
+ 
+   if (!glnx_shutil_mkdir_p_at (normal_dir_dfd, "multi-user.target.wants", 0755, cancellable, error))
+     return FALSE;
+diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
+index f0a4b3d9..b1c829ea 100644
+--- a/src/switchroot/ostree-remount.c
++++ b/src/switchroot/ostree-remount.c
+@@ -42,6 +42,12 @@
+ #include "ostree-mount-util.h"
+ #include "otcore.h"
+ 
++static gboolean opt_shutdown;
++
++static GOptionEntry options[] = { { "shutdown", 'S', 0, G_OPTION_ARG_NONE, &opt_shutdown,
++                                    "Perform shutdown unmounting", NULL },
++                                  { NULL } };
++
+ static void
+ do_remount (const char *target, bool writable)
+ {
+@@ -133,10 +139,61 @@ relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean i
+ #endif
+ }
+ 
++// ostree-prepare-root sets things up so that /sysroot points to the "physical" (real) root in the
++// initramfs, and then with composefs `/` is an overlay+EROFS that holds references to content in
++// that physical filesystem.
++//
++// In a typical mutable system where the OS is in a mutable `/` (or `/usr), systemd explicitly
++// skips unmounting both `/` and `/usr`. It will remount them read-only though - and that's
++// the semantic we want to match here.
++static void
++do_shutdown (void)
++{
++  const char *sysroot = "/sysroot";
++  if (mount (sysroot, sysroot, NULL, MS_REMOUNT | MS_SILENT | MS_RDONLY, NULL) < 0)
++    {
++      // Hopefully at this point nothing has any write references, but if they
++      // do we still want to continue.
++      perror ("Remounting /sysroot read-only");
++    }
++  // And fully detach it from the mountns because otherwise systemd thinks
++  // it can be unmounted, but it can't - it's required by `/` (and in a
++  // composefs setup `/etc`) and possibly `/var`. Again, we only really
++  // care that it got mounted read-only and hence outstanding data flushed.
++  // A better fix in the future would be to teach systemd to honor `-.mount`
++  // having a `Requires=sysroot.mount` meaning we can't unmount the latter.
++  if (umount2 (sysroot, MNT_DETACH) < 0)
++    err (EXIT_FAILURE, "umount(/sysroot)");
++
++  // And finally: /etc
++  // NOTE! This one is intentionally last in that we want to try to make
++  // this read-only, but if it fails, systemd-shutdown will have another
++  // attempt after a process killing spree. If anything happens to be
++  // holding a writable fd at this point, conceptually it would have
++  // created race conditions vs ostree-finalize-staged.service, and so
++  // having this service fail will be a signal that those things need
++  // to be fixed.
++  do_remount ("/etc", false);
++  // Don't add anything else after this.
++}
++
+ int
+ main (int argc, char *argv[])
+ {
+   g_autoptr (GError) error = NULL;
++  g_autoptr (GOptionContext) context = g_option_context_new ("");
++  g_option_context_add_main_entries (context, options, NULL);
++  if (!g_option_context_parse (context, &argc, &argv, &error))
++    errx (EXIT_FAILURE, "Error parsing options: %s", error->message);
++
++  // Handle the shutdown option
++  if (opt_shutdown)
++    {
++      do_shutdown ();
++      return 0;
++    }
++  // Otherwise fall through to the default startup
++
+   g_autoptr (GVariant) ostree_run_metadata_v = NULL;
+   {
+     glnx_autofd int fd = open (OTCORE_RUN_BOOTED, O_RDONLY | O_CLOEXEC);
+-- 
+2.50.1
+
diff --git a/ostree.spec b/ostree.spec
index 64112bb..9141398 100644
--- a/ostree.spec
+++ b/ostree.spec
@@ -23,6 +23,9 @@ Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libo
 License: LGPL-2.0-or-later
 URL: https://ostree.readthedocs.io/en/latest/
 
+# https://issues.redhat.com/browse/RHEL-112719
+Patch0: 0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
+
 # Conditional to ELN right now to reduce blast radius; xref
 # https://github.com/containers/composefs/pull/229#issuecomment-1838735764
 %if 0%{?rhel} >= 10
@@ -193,8 +196,14 @@ find %{buildroot} -name '*.la' -delete
 
 %changelog
 ## START: Generated by rpmautospec
-* Thu Sep 11 2025 Joseph Marrero Corchado <jmarrero@redhat.com> - 2025.6-1
-- Rebase to 2025.6
+* Tue Sep 09 2025 Colin Walters <walters@verbum.org> - 2025.6-1
+- Release v2025.6
+
+* Thu Sep 04 2025 Colin Walters <walters@verbum.org> - 2025.5-3
+- Remove unused patches
+
+* Thu Sep 04 2025 Colin Walters <walters@verbum.org> - 2025.5-2
+- Cherry pick https://github.com/ostreedev/ostree/pull/3516
 
 * Mon Aug 25 2025 Colin Walters <walters@verbum.org> - 2025.5-1
 - Release v2025.5