rpms/rpm-ostree
7
0
Fork 0
Code Issues Pull Requests Releases Activity

New upstream version 2021.5

Browse Source
This commit is contained in:
Luca BRUNO 2021-05-12 13:28:44 +00:00
parent 67b6fd5b67
commit 41f886d35f
5 changed files with 8 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -100,3 +100,4 @@
/rpm-ostree-2021.2.tar.xz /rpm-ostree-2021.2.tar.xz
/rpm-ostree-2021.3.tar.xz /rpm-ostree-2021.3.tar.xz
/rpm-ostree-2021.4.tar.xz /rpm-ostree-2021.4.tar.xz
/rpm-ostree-2021.5.tar.xz

99
0001-Fix-bwrap-usage-for-mutate-os-release.patch
View File

@ -1,99 +0,0 @@
From e2bcf01ac131725572091a042eb1ab8ce83b64f0 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 28 Apr 2021 13:27:36 -0400
Subject: [PATCH] Fix bwrap usage for mutate-os-release
Followup to https://pagure.io/fedora-infrastructure/issue/9909
In the refactor we were passing `unified_core: true` unconditionally which was wrong,
as that implies using fuse. Anyways what we really want here is an immutable bwrap
and not `rofiles-fuse` annyways. So refactor things to use that.
From https://kojipkgs.fedoraproject.org//work/tasks/7579/66867579/runroot.log
```
fuse: device not found, try 'modprobe fuse' first
fuse: device not found, try 'modprobe fuse' first
bwrap: execvp realpath: No such file or directory
fusermount: failed to unmount /tmp/rpmostree-rofiles-fuseAAphRY: Invalid argument
fusermount: failed to unmount /tmp/rpmostree-rofiles-fuseSCLs24: Invalid argument
error: Updating os-release with commit version: Running realpath: bwrap(realpath): Child process killed by signal 1
```
---
rust/src/bwrap.rs | 5 ++++-
rust/src/composepost.rs | 19 +++++++++++++------
rust/src/lib.rs | 2 +-
3 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs
index 282b4f1b..35b54f36 100644
--- a/rust/src/bwrap.rs
+++ b/rust/src/bwrap.rs
@@ -383,7 +383,10 @@ impl Bubblewrap {
}
/// Execute the container, capturing stdout.
- fn run_captured(&mut self, cancellable: Option<&gio::Cancellable>) -> Result<glib::Bytes> {
+ pub(crate) fn run_captured(
+ &mut self,
+ cancellable: Option<&gio::Cancellable>,
+ ) -> Result<glib::Bytes> {
self.launcher.set_flags(gio::SubprocessFlags::STDOUT_PIPE);
let (child, argv0) = self.spawn()?;
let (stdout, stderr) = child.communicate(None, cancellable)?;
diff --git a/rust/src/composepost.rs b/rust/src/composepost.rs
index 437fd4f2..50c7dc08 100644
--- a/rust/src/composepost.rs
+++ b/rust/src/composepost.rs
@@ -411,11 +411,11 @@ pub fn compose_postprocess(
compose_postprocess_default_target(&rootfs_dfd, t)?;
}
- compose_postprocess_mutate_os_release(rootfs_dfd, treefile, next_version)?;
treefile.write_compose_json(rootfs_dfd)?;
let etc_guard = crate::core::prepare_tempetc_guard(rootfs_dfd.as_raw_fd())?;
// These ones depend on the /etc path
+ compose_postprocess_mutate_os_release(rootfs_dfd, treefile, next_version)?;
compose_postprocess_remove_files(rootfs_dfd, treefile)?;
compose_postprocess_add_files(rootfs_dfd, treefile)?;
etc_guard.undo()?;
@@ -444,11 +444,18 @@ fn compose_postprocess_mutate_os_release(
// find the real path to os-release using bwrap; this is an overkill but safer way
// of resolving a symlink relative to a rootfs (see discussions in
// https://github.com/projectatomic/rpm-ostree/pull/410/)
- let argv = &vec!["realpath".to_string(), "/etc/os-release".to_string()];
- let path = crate::bwrap::bubblewrap_run_sync(rootfs_dfd.as_raw_fd(), argv, true, true)
- .context("Running realpath")?;
- let path = String::from_utf8(path).context("Parsing realpath")?;
- let path = path.trim_start_matches("/").trim_end();
+ let mut bwrap = crate::bwrap::Bubblewrap::new_with_mutability(
+ rootfs_dfd,
+ crate::ffi::BubblewrapMutability::Immutable,
+ )?;
+ bwrap.append_child_argv(&["realpath", "/etc/os-release"]);
+ let cancellable = &gio::Cancellable::new();
+ let cancellable = Some(cancellable);
+ let path = bwrap.run_captured(cancellable)?;
+ let path = std::str::from_utf8(&path)
+ .context("Parsing realpath")?
+ .trim_start_matches("/")
+ .trim_end();
let path = if path.is_empty() {
// fallback on just overwriting etc/os-release
"etc/os-release"
diff --git a/rust/src/lib.rs b/rust/src/lib.rs
index 4c562d06..614bb948 100644
--- a/rust/src/lib.rs
+++ b/rust/src/lib.rs
@@ -64,7 +64,7 @@ pub mod ffi {
}
#[derive(Debug)]
- enum BubblewrapMutability {
+ pub(crate) enum BubblewrapMutability {
Immutable,
RoFiles,
MutateFreely,
--
2.30.2

39
0001-bwrap-Fix-selftest-to-be-truly-immutable.patch
View File

@ -1,39 +0,0 @@
From 8758b0faa27420e915e7e9ba815258207e02a82a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 20 Apr 2021 08:09:57 -0400
Subject: [PATCH] bwrap: Fix selftest to be truly immutable
We should never have any effect on the host system, so let's
use the more direct APIs which allow us to use the immutable
flag, don't mount `/var` etc.
Crucially this also avoids us running through the tempetc
guard which would try to rename `usr/etc` which can trigger
on an ostree based host.
Closes: https://github.com/coreos/rpm-ostree/issues/2771
---
rust/src/bwrap.rs | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs
index 939f0525..282b4f1b 100644
--- a/rust/src/bwrap.rs
+++ b/rust/src/bwrap.rs
@@ -475,7 +475,11 @@ pub(crate) fn bubblewrap_run_sync(
/// Validate that bubblewrap works at all. This will flush out any incorrect
/// setups such being inside an outer container that disallows `CLONE_NEWUSER` etc.
pub(crate) fn bubblewrap_selftest() -> CxxResult<()> {
- let fd = openat::Dir::open("/")?;
- let _ = bubblewrap_run_sync(fd.as_raw_fd(), &vec!["true".to_string()], false, true)?;
+ let fd = &openat::Dir::open("/")?;
+ let mut bwrap = Bubblewrap::new_with_mutability(fd, BubblewrapMutability::Immutable)?;
+ bwrap.append_child_argv(&["true"]);
+ let cancellable = &gio::Cancellable::new();
+ let cancellable = Some(cancellable);
+ bwrap.run_inner(cancellable)?;
Ok(())
}
--
2.30.2

10
rpm-ostree.spec
View File

@ -3,15 +3,13 @@
Summary: Hybrid image/package system Summary: Hybrid image/package system
Name: rpm-ostree Name: rpm-ostree
Version: 2021.4 Version: 2021.5
Release: 4%{?dist} Release: 1%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/coreos/rpm-ostree URL: https://github.com/coreos/rpm-ostree
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
# in the upstream git. It also contains vendored Rust sources. # in the upstream git. It also contains vendored Rust sources.
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
Patch0: 0001-bwrap-Fix-selftest-to-be-truly-immutable.patch
Patch1: 0001-Fix-bwrap-usage-for-mutate-os-release.patch
ExclusiveArch: %{rust_arches} ExclusiveArch: %{rust_arches}
@ -207,6 +205,10 @@ $PYTHON autofiles.py > files.devel \
%files devel -f files.devel %files devel -f files.devel
%changelog %changelog
* Wed May 12 2021 Luca BRUNO <lucab@lucabruno.net> - 2021.5-1
- New upstream version
https://github.com/coreos/rpm-ostree/releases/tag/v2021.5
* Sun May 09 2021 Jeff Law <jlaw@tachyum.com> - 2021.4-4 * Sun May 09 2021 Jeff Law <jlaw@tachyum.com> - 2021.4-4
- Re-enable LTO - Re-enable LTO

2
sources
View File

@ -1 +1 @@
SHA512 (rpm-ostree-2021.4.tar.xz) = d6e79c46b3de7b7ea2107b50f6aa45c792e0d53328d080416f3aaee0454c168100d7ce988fbb201d7427d4e82b7fb51be08fd7fdceb09652825306d4965ee55b SHA512 (rpm-ostree-2021.5.tar.xz) = f7802e15110255ba450ce03802552f517f7e235be46ada4229ec3904c63e741f23964802c67598ec7cedb05322b4c6f31e026336fe3ae5ef5ff3c60f68ce6810