From 8f463db78cb014eb1089f390f28a03276bbe2798 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 18 Nov 2022 12:52:33 -0500 Subject: [PATCH] https://github.com/coreos/rpm-ostree/releases/tag/v2022.16 And re-sync spec file modulo https://github.com/coreos/rpm-ostree/pull/4157. --- .gitignore | 1 + ...postprocess-work-around-semanage-bug.patch | 71 ------------------- 0001-util-Fix-fpermissive-warning.patch | 27 ------- import-spec | 3 + rpm-ostree.spec | 35 ++++++--- sources | 2 +- 6 files changed, 29 insertions(+), 110 deletions(-) delete mode 100644 0001-libpriv-postprocess-work-around-semanage-bug.patch delete mode 100644 0001-util-Fix-fpermissive-warning.patch diff --git a/.gitignore b/.gitignore index d95933a..9f3c05c 100644 --- a/.gitignore +++ b/.gitignore @@ -125,3 +125,4 @@ /rpm-ostree-2022.13.tar.xz /rpm-ostree-2022.14.tar.xz /rpm-ostree-2022.15.tar.xz +/rpm-ostree-2022.16.tar.xz diff --git a/0001-libpriv-postprocess-work-around-semanage-bug.patch b/0001-libpriv-postprocess-work-around-semanage-bug.patch deleted file mode 100644 index d48f7f4..0000000 --- a/0001-libpriv-postprocess-work-around-semanage-bug.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 479050e7540dc90de9ec6f49960b98e095537224 Mon Sep 17 00:00:00 2001 -From: Jonathan Lebon -Date: Wed, 2 Nov 2022 12:19:09 -0400 -Subject: [PATCH] libpriv/postprocess: work around semanage bug - -There is a bug in the latest semanage code which causes an invocation of -`semodule --rebuild-if-modules-changed` to still write a policy even -though nothing changed since a full policy build. On FCOS and RHCOS, -this bug is triggered as early as `ostree admin deploy` in cosa when -creating the disk images. This results in shipping images with a policy -diff baked in. - -Hack around this by immediately rerunning -`semodule --rebuild-if-modules-changed` after building the policy. - -Fixes: https://github.com/openshift/os/issues/1036 ---- - src/libpriv/rpmostree-postprocess.cxx | 20 +++++++++++++++----- - tests/kolainst/nondestructive/misc.sh | 5 +++++ - 2 files changed, 20 insertions(+), 5 deletions(-) - -diff --git a/src/libpriv/rpmostree-postprocess.cxx b/src/libpriv/rpmostree-postprocess.cxx -index fc5c3cb0..bfadaa73 100644 ---- a/src/libpriv/rpmostree-postprocess.cxx -+++ b/src/libpriv/rpmostree-postprocess.cxx -@@ -387,11 +387,21 @@ postprocess_final (int rootfs_dfd, rpmostreecxx::Treefile &treefile, gboolean un - { - g_print ("Recompiling policy\n"); - -- /* Now regenerate SELinux policy so that postprocess scripts from users and from us -- * (e.g. the /etc/default/useradd incision) that affect it are baked in. */ -- rust::Vec child_argv = { rust::String ("semodule"), rust::String ("-nB") }; -- ROSCXX_TRY (bubblewrap_run_sync (rootfs_dfd, child_argv, false, (bool)unified_core_mode), -- error); -+ { -+ /* Now regenerate SELinux policy so that postprocess scripts from users and from us -+ * (e.g. the /etc/default/useradd incision) that affect it are baked in. */ -+ rust::Vec child_argv = { rust::String ("semodule"), rust::String ("-nB") }; -+ ROSCXX_TRY (bubblewrap_run_sync (rootfs_dfd, child_argv, false, (bool)unified_core_mode), -+ error); -+ } -+ -+ /* Temporary workaround for https://github.com/openshift/os/issues/1036. */ -+ { -+ rust::Vec child_argv = { rust::String ("semodule"), rust::String ("-n"), -+ rust::String ("--rebuild-if-modules-changed") }; -+ ROSCXX_TRY (bubblewrap_run_sync (rootfs_dfd, child_argv, false, (bool)unified_core_mode), -+ error); -+ } - } - - auto container = treefile.get_container (); -diff --git a/tests/kolainst/nondestructive/misc.sh b/tests/kolainst/nondestructive/misc.sh -index f98a13f0..e43dc87d 100755 ---- a/tests/kolainst/nondestructive/misc.sh -+++ b/tests/kolainst/nondestructive/misc.sh -@@ -7,6 +7,11 @@ cd $(mktemp -d) - libtest_prepare_offline - libtest_enable_repover 0 - -+# Sanity-check the policy isn't marked as modified -+if ostree admin config-diff | grep 'selinux/targeted/policy'; then -+ assert_not_reached "selinux policy is marked as modified" -+fi -+ - # Ensure multicall is correctly set up and working. - R_O_DIGEST=$(sha512sum $(which rpm-ostree) | cut -d' ' -f1) - O_C_DIGEST=$(sha512sum $(which /usr/libexec/libostree/ext/ostree-container) | cut -d' ' -f1) --- -2.38.1 - diff --git a/0001-util-Fix-fpermissive-warning.patch b/0001-util-Fix-fpermissive-warning.patch deleted file mode 100644 index 22645b0..0000000 --- a/0001-util-Fix-fpermissive-warning.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 724b7405064b37410e67cd309e2862bc22d95fde Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Tue, 1 Nov 2022 16:06:20 -0400 -Subject: [PATCH] util: Fix `-fpermissive` warning - -This seems to only be happening with newer gcc (or something -in the glib2 headers changed?). ---- - src/libpriv/rpmostree-util.cxx | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libpriv/rpmostree-util.cxx b/src/libpriv/rpmostree-util.cxx -index 623475fe..438511a7 100644 ---- a/src/libpriv/rpmostree-util.cxx -+++ b/src/libpriv/rpmostree-util.cxx -@@ -436,7 +436,7 @@ rpmostree_str_ptrarray_contains (GPtrArray *strs, const char *str) - guint n = strs->len; - for (guint i = 0; i < n; i++) - { -- if (g_str_equal (str, strs->pdata[i])) -+ if (g_str_equal (str, (const char*)strs->pdata[i])) - return TRUE; - } - return FALSE; --- -2.38.1 - diff --git a/import-spec b/import-spec index ad1ca4b..885ee67 100755 --- a/import-spec +++ b/import-spec @@ -23,6 +23,9 @@ main() { local upstream upstream=$(get_parsed_spec_field URL) curl -Lo rpm-ostree.spec.new "$upstream/raw/main/packaging/rpm-ostree.spec.in" + # remove dummy changelog from upstream spec + sed -i -e '/%changelog/Q' rpm-ostree.spec.new + # append real changelog to upstream spec sed -ne '/%changelog/,$ p' rpm-ostree.spec >> rpm-ostree.spec.new if [ -n "${KEEP_V_R}" ]; then diff --git a/rpm-ostree.spec b/rpm-ostree.spec index 1203c38..cc97c7e 100644 --- a/rpm-ostree.spec +++ b/rpm-ostree.spec @@ -3,17 +3,14 @@ Summary: Hybrid image/package system Name: rpm-ostree -Version: 2022.15 -Release: 3%{?dist} +Version: 2022.16 +Release: 1%{?dist} License: LGPLv2+ URL: https://github.com/coreos/rpm-ostree # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # in the upstream git. It also contains vendored Rust sources. Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz -Patch0: 0001-util-Fix-fpermissive-warning.patch -Patch1: 0001-libpriv-postprocess-work-around-semanage-bug.patch - ExclusiveArch: %{rust_arches} BuildRequires: make @@ -30,6 +27,13 @@ BuildRequires: rust # Embedded unit tests %bcond_with bin_unit_tests +# This is copied from the libdnf spec +%if 0%{?rhel} && ! 0%{?centos} +%bcond_without rhsm +%else +%bcond_with rhsm +%endif + # RHEL (8,9) doesn't ship zchunk today. Keep this in sync # with libdnf: https://gitlab.com/redhat/centos-stream/rpms/libdnf/-/blob/762f631e36d1e42c63a794882269d26c156b68c1/libdnf.spec#L45 %if 0%{?rhel} @@ -98,6 +102,9 @@ BuildRequires: pkgconfig(check) BuildRequires: pkgconfig(gio-unix-2.0) >= 2.46.0 BuildRequires: pkgconfig(gtk-doc) BuildRequires: rpm-devel >= 4.15.0 +%if %{with rhsm} +BuildRequires: pkgconfig(librhsm) >= 0.0.3 +%endif %if %{with zchunk} BuildRequires: pkgconfig(zck) >= 0.9.11 %endif @@ -108,11 +115,6 @@ BuildRequires: pkgconfig(modulemd-2.0) >= %{libmodulemd_version} BuildRequires: pkgconfig(smartcols) BuildRequires: gettext BuildRequires: gpgme-devel -%if 0%{?rhel} <= 8 -# In current Fedora, this is a dependency of gpgme-devel, but -# not in RHEL8. Missing this package breaks -znow. -BuildRequires: libassuan-devel -%endif Requires: libmodulemd%{?_isa} >= %{libmodulemd_version} Requires: libsolv%{?_isa} >= %{libsolv_version} @@ -122,6 +124,12 @@ Requires: librepo%{?_isa} >= %{librepo_version} # end of libdnf build deps # ######################################################################### +%if 0%{?rhel} <= 8 +# In current Fedora, this is a dependency of gpgme-devel, but +# not in RHEL8. Missing this package breaks -znow. +BuildRequires: libassuan-devel +%endif + # For now...see https://github.com/projectatomic/rpm-ostree/pull/637 # and https://github.com/fedora-infra/fedmsg-atomic-composer/pull/17 # etc. We'll drop this dependency at some point in the future when @@ -171,7 +179,8 @@ env NOCONFIGURE=1 ./autogen.sh %if 0%{?build_rustflags:1} export RUSTFLAGS="%{build_rustflags}" %endif -%configure --disable-silent-rules --enable-gtk-doc %{?rpmdb_default} %{?with_sanitizers:--enable-sanitizers} %{?with_bin_unit_tests:--enable-bin-unit-tests} +%configure --disable-silent-rules --enable-gtk-doc %{?rpmdb_default} %{?with_sanitizers:--enable-sanitizers} %{?with_bin_unit_tests:--enable-bin-unit-tests} \ + %{?with_rhsm:--enable-featuresrs=rhsm} %make_build @@ -236,7 +245,11 @@ $PYTHON autofiles.py > files.devel \ %files libs -f files.lib %files devel -f files.devel + %changelog +* Fri Nov 18 2022 Jonathan Lebon - 2022.16-1 +- https://github.com/coreos/rpm-ostree/releases/tag/v2022.16 + * Wed Nov 02 2022 Jonathan Lebon - 2022.15-3 - Backport semanage bug workaround https://github.com/coreos/rpm-ostree/pull/4122 diff --git a/sources b/sources index b47da90..a0ad104 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (rpm-ostree-2022.15.tar.xz) = e4d68964512a7694a5fcf019aac3fadf44e3280530b39730f2a27247bdac74f5ec8d19522c02f4ebb2cc22b41a385cccea7b8ba34a4421e746691b4787344f60 +SHA512 (rpm-ostree-2022.16.tar.xz) = eadfcb5e0f3ce97d5e4711e8a7db76d4470f528931cfd546657b11c47496154d25daad07bce6c33daeaa7f24e0e99972b41fc90a13133ac6f9facd8e53617325