From 41f886d35f77e14b92628b6b57a497a3b507d946 Mon Sep 17 00:00:00 2001 From: Luca BRUNO Date: Wed, 12 May 2021 13:28:44 +0000 Subject: [PATCH] New upstream version 2021.5 --- .gitignore | 1 + ...ix-bwrap-usage-for-mutate-os-release.patch | 99 ------------------- ...p-Fix-selftest-to-be-truly-immutable.patch | 39 -------- rpm-ostree.spec | 10 +- sources | 2 +- 5 files changed, 8 insertions(+), 143 deletions(-) delete mode 100644 0001-Fix-bwrap-usage-for-mutate-os-release.patch delete mode 100644 0001-bwrap-Fix-selftest-to-be-truly-immutable.patch diff --git a/.gitignore b/.gitignore index f4e059b..0768fa2 100644 --- a/.gitignore +++ b/.gitignore @@ -100,3 +100,4 @@ /rpm-ostree-2021.2.tar.xz /rpm-ostree-2021.3.tar.xz /rpm-ostree-2021.4.tar.xz +/rpm-ostree-2021.5.tar.xz diff --git a/0001-Fix-bwrap-usage-for-mutate-os-release.patch b/0001-Fix-bwrap-usage-for-mutate-os-release.patch deleted file mode 100644 index 8e12a33..0000000 --- a/0001-Fix-bwrap-usage-for-mutate-os-release.patch +++ /dev/null @@ -1,99 +0,0 @@ -From e2bcf01ac131725572091a042eb1ab8ce83b64f0 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Wed, 28 Apr 2021 13:27:36 -0400 -Subject: [PATCH] Fix bwrap usage for mutate-os-release - -Followup to https://pagure.io/fedora-infrastructure/issue/9909 - -In the refactor we were passing `unified_core: true` unconditionally which was wrong, -as that implies using fuse. Anyways what we really want here is an immutable bwrap -and not `rofiles-fuse` annyways. So refactor things to use that. - -From https://kojipkgs.fedoraproject.org//work/tasks/7579/66867579/runroot.log -``` -fuse: device not found, try 'modprobe fuse' first -fuse: device not found, try 'modprobe fuse' first -bwrap: execvp realpath: No such file or directory -fusermount: failed to unmount /tmp/rpmostree-rofiles-fuseAAphRY: Invalid argument -fusermount: failed to unmount /tmp/rpmostree-rofiles-fuseSCLs24: Invalid argument -error: Updating os-release with commit version: Running realpath: bwrap(realpath): Child process killed by signal 1 -``` ---- - rust/src/bwrap.rs | 5 ++++- - rust/src/composepost.rs | 19 +++++++++++++------ - rust/src/lib.rs | 2 +- - 3 files changed, 18 insertions(+), 8 deletions(-) - -diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs -index 282b4f1b..35b54f36 100644 ---- a/rust/src/bwrap.rs -+++ b/rust/src/bwrap.rs -@@ -383,7 +383,10 @@ impl Bubblewrap { - } - - /// Execute the container, capturing stdout. -- fn run_captured(&mut self, cancellable: Option<&gio::Cancellable>) -> Result { -+ pub(crate) fn run_captured( -+ &mut self, -+ cancellable: Option<&gio::Cancellable>, -+ ) -> Result { - self.launcher.set_flags(gio::SubprocessFlags::STDOUT_PIPE); - let (child, argv0) = self.spawn()?; - let (stdout, stderr) = child.communicate(None, cancellable)?; -diff --git a/rust/src/composepost.rs b/rust/src/composepost.rs -index 437fd4f2..50c7dc08 100644 ---- a/rust/src/composepost.rs -+++ b/rust/src/composepost.rs -@@ -411,11 +411,11 @@ pub fn compose_postprocess( - compose_postprocess_default_target(&rootfs_dfd, t)?; - } - -- compose_postprocess_mutate_os_release(rootfs_dfd, treefile, next_version)?; - treefile.write_compose_json(rootfs_dfd)?; - - let etc_guard = crate::core::prepare_tempetc_guard(rootfs_dfd.as_raw_fd())?; - // These ones depend on the /etc path -+ compose_postprocess_mutate_os_release(rootfs_dfd, treefile, next_version)?; - compose_postprocess_remove_files(rootfs_dfd, treefile)?; - compose_postprocess_add_files(rootfs_dfd, treefile)?; - etc_guard.undo()?; -@@ -444,11 +444,18 @@ fn compose_postprocess_mutate_os_release( - // find the real path to os-release using bwrap; this is an overkill but safer way - // of resolving a symlink relative to a rootfs (see discussions in - // https://github.com/projectatomic/rpm-ostree/pull/410/) -- let argv = &vec!["realpath".to_string(), "/etc/os-release".to_string()]; -- let path = crate::bwrap::bubblewrap_run_sync(rootfs_dfd.as_raw_fd(), argv, true, true) -- .context("Running realpath")?; -- let path = String::from_utf8(path).context("Parsing realpath")?; -- let path = path.trim_start_matches("/").trim_end(); -+ let mut bwrap = crate::bwrap::Bubblewrap::new_with_mutability( -+ rootfs_dfd, -+ crate::ffi::BubblewrapMutability::Immutable, -+ )?; -+ bwrap.append_child_argv(&["realpath", "/etc/os-release"]); -+ let cancellable = &gio::Cancellable::new(); -+ let cancellable = Some(cancellable); -+ let path = bwrap.run_captured(cancellable)?; -+ let path = std::str::from_utf8(&path) -+ .context("Parsing realpath")? -+ .trim_start_matches("/") -+ .trim_end(); - let path = if path.is_empty() { - // fallback on just overwriting etc/os-release - "etc/os-release" -diff --git a/rust/src/lib.rs b/rust/src/lib.rs -index 4c562d06..614bb948 100644 ---- a/rust/src/lib.rs -+++ b/rust/src/lib.rs -@@ -64,7 +64,7 @@ pub mod ffi { - } - - #[derive(Debug)] -- enum BubblewrapMutability { -+ pub(crate) enum BubblewrapMutability { - Immutable, - RoFiles, - MutateFreely, --- -2.30.2 - diff --git a/0001-bwrap-Fix-selftest-to-be-truly-immutable.patch b/0001-bwrap-Fix-selftest-to-be-truly-immutable.patch deleted file mode 100644 index c342b1c..0000000 --- a/0001-bwrap-Fix-selftest-to-be-truly-immutable.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 8758b0faa27420e915e7e9ba815258207e02a82a Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Tue, 20 Apr 2021 08:09:57 -0400 -Subject: [PATCH] bwrap: Fix selftest to be truly immutable - -We should never have any effect on the host system, so let's -use the more direct APIs which allow us to use the immutable -flag, don't mount `/var` etc. - -Crucially this also avoids us running through the tempetc -guard which would try to rename `usr/etc` which can trigger -on an ostree based host. - -Closes: https://github.com/coreos/rpm-ostree/issues/2771 ---- - rust/src/bwrap.rs | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs -index 939f0525..282b4f1b 100644 ---- a/rust/src/bwrap.rs -+++ b/rust/src/bwrap.rs -@@ -475,7 +475,11 @@ pub(crate) fn bubblewrap_run_sync( - /// Validate that bubblewrap works at all. This will flush out any incorrect - /// setups such being inside an outer container that disallows `CLONE_NEWUSER` etc. - pub(crate) fn bubblewrap_selftest() -> CxxResult<()> { -- let fd = openat::Dir::open("/")?; -- let _ = bubblewrap_run_sync(fd.as_raw_fd(), &vec!["true".to_string()], false, true)?; -+ let fd = &openat::Dir::open("/")?; -+ let mut bwrap = Bubblewrap::new_with_mutability(fd, BubblewrapMutability::Immutable)?; -+ bwrap.append_child_argv(&["true"]); -+ let cancellable = &gio::Cancellable::new(); -+ let cancellable = Some(cancellable); -+ bwrap.run_inner(cancellable)?; - Ok(()) - } --- -2.30.2 - diff --git a/rpm-ostree.spec b/rpm-ostree.spec index 677c556..f016519 100644 --- a/rpm-ostree.spec +++ b/rpm-ostree.spec @@ -3,15 +3,13 @@ Summary: Hybrid image/package system Name: rpm-ostree -Version: 2021.4 -Release: 4%{?dist} +Version: 2021.5 +Release: 1%{?dist} License: LGPLv2+ URL: https://github.com/coreos/rpm-ostree # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # in the upstream git. It also contains vendored Rust sources. Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz -Patch0: 0001-bwrap-Fix-selftest-to-be-truly-immutable.patch -Patch1: 0001-Fix-bwrap-usage-for-mutate-os-release.patch ExclusiveArch: %{rust_arches} @@ -207,6 +205,10 @@ $PYTHON autofiles.py > files.devel \ %files devel -f files.devel %changelog +* Wed May 12 2021 Luca BRUNO - 2021.5-1 +- New upstream version + https://github.com/coreos/rpm-ostree/releases/tag/v2021.5 + * Sun May 09 2021 Jeff Law - 2021.4-4 - Re-enable LTO diff --git a/sources b/sources index 309bf2b..9465cff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (rpm-ostree-2021.4.tar.xz) = d6e79c46b3de7b7ea2107b50f6aa45c792e0d53328d080416f3aaee0454c168100d7ce988fbb201d7427d4e82b7fb51be08fd7fdceb09652825306d4965ee55b +SHA512 (rpm-ostree-2021.5.tar.xz) = f7802e15110255ba450ce03802552f517f7e235be46ada4229ec3904c63e741f23964802c67598ec7cedb05322b4c6f31e026336fe3ae5ef5ff3c60f68ce6810