From d2cc9cc5908ef69a38c6d051cba79ffd637c442d Mon Sep 17 00:00:00 2001
From: Joseph Marrero Corchado <jmarrero@redhat.com>
Date: Tue, 11 Nov 2025 18:37:39 -0500
Subject: [PATCH] Release 2025.7

Resolves: #RHEL-126231
---
 .gitignore                                    |   1 +
 ...own.service-hide-sysroot-and-make-et.patch | 186 ------------------
 ostree.spec                                   |   5 +-
 sources                                       |   2 +-
 4 files changed, 3 insertions(+), 191 deletions(-)
 delete mode 100644 0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch

diff --git a/.gitignore b/.gitignore
index 22d6a70..1c2c92a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -117,3 +117,4 @@
 /libostree-2025.4.tar.xz
 /libostree-2025.5.tar.xz
 /libostree-2025.6.tar.xz
+/libostree-2025.7.tar.xz
diff --git a/0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch b/0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
deleted file mode 100644
index b32e571..0000000
--- a/0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
+++ /dev/null
@@ -1,186 +0,0 @@
-From d0c454c23637dceda6d7395dd2141b564e3efa47 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Thu, 28 Aug 2025 13:53:14 -0400
-Subject: [PATCH] Add ostree-shutdown.service: hide /sysroot and make /etc
- read-only
-
-We have a lot of bind mounts; these are usually set up in the initramfs.
-So far during shutdown we've let systemd just try to sort things out
-via auto-generated mount units i.e. `sysroot.mount` and `etc.mount`
-and so on.
-
-systemd has some special casing for `-.mount` (i.e. `/`) and `etc.mount`
-https://github.com/systemd/systemd/blob/e91bfad241799b449df73efc30d833b9c5937001/src/shared/fstab-util.c#L72
-
-However it doesn't special case `/sysroot` - which is currently
-an ostree-specific invention (when used in the real root).
-We cannot actually unmount `/sysroot` while it's in use, and it
-is because `/etc` is a bind mount into it. And we can't tear
-down `/etc` because it's just expected that e.g. pid 1 and other
-things hold open references to it - until things finally
-transition into systemd-shutdown.
-
-What we can do though is explicitly detach it during the shutdown
-phase; this ensures that systemd won't try to clean it up then,
-suppressing errors about its inability to do so.
-
-While we're here, let's also remount `/etc` read-only; while
-systemd itself will try to do so during systemd-shutdown.
-Per comments if this service fails, it's a bug in something
-else to be fixed.
-
-Closes: https://github.com/ostreedev/ostree/issues/3513
-Signed-off-by: Colin Walters <walters@verbum.org>
----
- Makefile-boot.am                             |  2 +
- src/boot/ostree-shutdown.service             | 22 ++++++++
- src/libostree/ostree-impl-system-generator.c |  4 ++
- src/switchroot/ostree-remount.c              | 57 ++++++++++++++++++++
- 4 files changed, 85 insertions(+)
- create mode 100644 src/boot/ostree-shutdown.service
-
-diff --git a/Makefile-boot.am b/Makefile-boot.am
-index 7b7cb892..e26c1816 100644
---- a/Makefile-boot.am
-+++ b/Makefile-boot.am
-@@ -38,6 +38,7 @@ endif
- if BUILDOPT_SYSTEMD
- systemdsystemunit_DATA = src/boot/ostree-prepare-root.service \
- 	src/boot/ostree-remount.service \
-+	src/boot/ostree-shutdown.service \
- 	src/boot/ostree-boot-complete.service \
- 	src/boot/ostree-finalize-staged.service \
- 	src/boot/ostree-finalize-staged-hold.service \
-@@ -69,6 +70,7 @@ EXTRA_DIST += src/boot/dracut/module-setup.sh \
- 	src/boot/ostree-boot-complete.service \
- 	src/boot/ostree-prepare-root.service \
- 	src/boot/ostree-remount.service \
-+	src/boot/ostree-shutdown.service \
- 	src/boot/ostree-finalize-staged.service \
- 	src/boot/ostree-finalize-staged-hold.service \
- 	src/boot/ostree-state-overlay@.service \
-diff --git a/src/boot/ostree-shutdown.service b/src/boot/ostree-shutdown.service
-new file mode 100644
-index 00000000..24919ec5
---- /dev/null
-+++ b/src/boot/ostree-shutdown.service
-@@ -0,0 +1,22 @@
-+# SPDX-License-Identifier: LGPL-2.0+
-+
-+[Unit]
-+Description=OSTree Shutdown
-+Documentation=man:ostree(1)
-+DefaultDependencies=no
-+# Only enabled via generator, but for good measure
-+ConditionKernelCommandLine=ostree
-+# Run after core mounts
-+RequiresMountsFor=/etc /sysroot
-+# However, we want to only shut down after `/var` has been umounted.
-+# Since this runs via ExecStop, this Before= is actually After= at shutdown
-+Before=var.mount
-+Conflicts=umount.target
-+Before=umount.target
-+
-+[Service]
-+Type=oneshot
-+RemainAfterExit=yes
-+ExecStop=/usr/lib/ostree/ostree-remount --shutdown
-+
-+# No [Install] section - we're only enabled via generator
-diff --git a/src/libostree/ostree-impl-system-generator.c b/src/libostree/ostree-impl-system-generator.c
-index f0116251..65f07fd5 100644
---- a/src/libostree/ostree-impl-system-generator.c
-+++ b/src/libostree/ostree-impl-system-generator.c
-@@ -108,6 +108,10 @@ require_internal_units (const char *normal_dir, const char *early_dir, const cha
-                  "local-fs.target.requires/ostree-remount.service")
-       < 0)
-     return glnx_throw_errno_prefix (error, "symlinkat");
-+  if (symlinkat (SYSTEM_DATA_UNIT_PATH "/ostree-shutdown.service", normal_dir_dfd,
-+                 "local-fs.target.wants/ostree-shutdown.service")
-+      < 0)
-+    return glnx_throw_errno_prefix (error, "symlinkat");
- 
-   if (!glnx_shutil_mkdir_p_at (normal_dir_dfd, "multi-user.target.wants", 0755, cancellable, error))
-     return FALSE;
-diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
-index f0a4b3d9..b1c829ea 100644
---- a/src/switchroot/ostree-remount.c
-+++ b/src/switchroot/ostree-remount.c
-@@ -42,6 +42,12 @@
- #include "ostree-mount-util.h"
- #include "otcore.h"
- 
-+static gboolean opt_shutdown;
-+
-+static GOptionEntry options[] = { { "shutdown", 'S', 0, G_OPTION_ARG_NONE, &opt_shutdown,
-+                                    "Perform shutdown unmounting", NULL },
-+                                  { NULL } };
-+
- static void
- do_remount (const char *target, bool writable)
- {
-@@ -133,10 +139,61 @@ relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean i
- #endif
- }
- 
-+// ostree-prepare-root sets things up so that /sysroot points to the "physical" (real) root in the
-+// initramfs, and then with composefs `/` is an overlay+EROFS that holds references to content in
-+// that physical filesystem.
-+//
-+// In a typical mutable system where the OS is in a mutable `/` (or `/usr), systemd explicitly
-+// skips unmounting both `/` and `/usr`. It will remount them read-only though - and that's
-+// the semantic we want to match here.
-+static void
-+do_shutdown (void)
-+{
-+  const char *sysroot = "/sysroot";
-+  if (mount (sysroot, sysroot, NULL, MS_REMOUNT | MS_SILENT | MS_RDONLY, NULL) < 0)
-+    {
-+      // Hopefully at this point nothing has any write references, but if they
-+      // do we still want to continue.
-+      perror ("Remounting /sysroot read-only");
-+    }
-+  // And fully detach it from the mountns because otherwise systemd thinks
-+  // it can be unmounted, but it can't - it's required by `/` (and in a
-+  // composefs setup `/etc`) and possibly `/var`. Again, we only really
-+  // care that it got mounted read-only and hence outstanding data flushed.
-+  // A better fix in the future would be to teach systemd to honor `-.mount`
-+  // having a `Requires=sysroot.mount` meaning we can't unmount the latter.
-+  if (umount2 (sysroot, MNT_DETACH) < 0)
-+    err (EXIT_FAILURE, "umount(/sysroot)");
-+
-+  // And finally: /etc
-+  // NOTE! This one is intentionally last in that we want to try to make
-+  // this read-only, but if it fails, systemd-shutdown will have another
-+  // attempt after a process killing spree. If anything happens to be
-+  // holding a writable fd at this point, conceptually it would have
-+  // created race conditions vs ostree-finalize-staged.service, and so
-+  // having this service fail will be a signal that those things need
-+  // to be fixed.
-+  do_remount ("/etc", false);
-+  // Don't add anything else after this.
-+}
-+
- int
- main (int argc, char *argv[])
- {
-   g_autoptr (GError) error = NULL;
-+  g_autoptr (GOptionContext) context = g_option_context_new ("");
-+  g_option_context_add_main_entries (context, options, NULL);
-+  if (!g_option_context_parse (context, &argc, &argv, &error))
-+    errx (EXIT_FAILURE, "Error parsing options: %s", error->message);
-+
-+  // Handle the shutdown option
-+  if (opt_shutdown)
-+    {
-+      do_shutdown ();
-+      return 0;
-+    }
-+  // Otherwise fall through to the default startup
-+
-   g_autoptr (GVariant) ostree_run_metadata_v = NULL;
-   {
-     glnx_autofd int fd = open (OTCORE_RUN_BOOTED, O_RDONLY | O_CLOEXEC);
--- 
-2.50.1
-
diff --git a/ostree.spec b/ostree.spec
index 31af7cb..3cf2499 100644
--- a/ostree.spec
+++ b/ostree.spec
@@ -7,15 +7,12 @@
 
 Summary: Tool for managing bootable, immutable filesystem trees
 Name: ostree
-Version: 2025.6
+Version: 2025.7
 Release: %autorelease
 Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libostree-%{version}.tar.xz
 License: LGPL-2.0-or-later
 URL: https://ostree.readthedocs.io/en/latest/
 
-# https://issues.redhat.com/browse/RHEL-112719
-Patch0: 0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
-
 # Conditional to ELN right now to reduce blast radius; xref
 # https://github.com/containers/composefs/pull/229#issuecomment-1838735764
 %if 0%{?rhel} >= 10
diff --git a/sources b/sources
index 9ebab4c..e79d622 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libostree-2025.6.tar.xz) = ca321175a9272cc7f6c3d7a3989d90d2cbb53def41ac2984ce6a60a05007b5760960a1bf4e9a5f13adc246c7061214424f21a5a284c201d8c4a4f5c619c6e02d
+SHA512 (libostree-2025.7.tar.xz) = bf10001f64b11c1aa5c7c4d5fee744b2ee1ea950adf1efd69f315d18e428967daba2ea4aa1120b9e2a0b8e56f7664601c396eb57ff833299bf86ed003ece60da