https://github.com/coreos/rpm-ostree/releases/tag/v2022.16

And re-sync spec file modulo https://github.com/coreos/rpm-ostree/pull/4157.
2022-11-18 12:52:33 -05:00 · 2022-11-18 12:52:33 -05:00 · 8f463db78c
commit 8f463db78c
parent 91907e91bc
6 changed files with 29 additions and 110 deletions
--- a/.gitignore
+++ b/.gitignore
@ -125,3 +125,4 @@
 /rpm-ostree-2022.13.tar.xz
 /rpm-ostree-2022.14.tar.xz
 /rpm-ostree-2022.15.tar.xz
 /rpm-ostree-2022.16.tar.xz
--- a/0001-libpriv-postprocess-work-around-semanage-bug.patch
+++ b/0001-libpriv-postprocess-work-around-semanage-bug.patch
@ -1,71 +0,0 @@
 From 479050e7540dc90de9ec6f49960b98e095537224 Mon Sep 17 00:00:00 2001
 From: Jonathan Lebon <jonathan@jlebon.com>
 Date: Wed, 2 Nov 2022 12:19:09 -0400
 Subject: [PATCH] libpriv/postprocess: work around semanage bug
 There is a bug in the latest semanage code which causes an invocation of
 `semodule --rebuild-if-modules-changed` to still write a policy even
 though nothing changed since a full policy build. On FCOS and RHCOS,
 this bug is triggered as early as `ostree admin deploy` in cosa when
 creating the disk images. This results in shipping images with a policy
 diff baked in.
 Hack around this by immediately rerunning
 `semodule --rebuild-if-modules-changed` after building the policy.
 Fixes: https://github.com/openshift/os/issues/1036
 ---
 src/libpriv/rpmostree-postprocess.cxx | 20 +++++++++++++++-----
 tests/kolainst/nondestructive/misc.sh |  5 +++++
 2 files changed, 20 insertions(+), 5 deletions(-)
 diff --git a/src/libpriv/rpmostree-postprocess.cxx b/src/libpriv/rpmostree-postprocess.cxx
 index fc5c3cb0..bfadaa73 100644
 --- a/src/libpriv/rpmostree-postprocess.cxx
 +++ b/src/libpriv/rpmostree-postprocess.cxx
@@ -387,11 +387,21 @@ postprocess_final (int rootfs_dfd, rpmostreecxx::Treefile &treefile, gboolean un
     {
       g_print ("Recompiling policy\n");
 -      /* Now regenerate SELinux policy so that postprocess scripts from users and from us
 -       * (e.g. the /etc/default/useradd incision) that affect it are baked in. */
 -      rust::Vec child_argv = { rust::String ("semodule"), rust::String ("-nB") };
 -      ROSCXX_TRY (bubblewrap_run_sync (rootfs_dfd, child_argv, false, (bool)unified_core_mode),
 -                  error);
 +      {
 +        /* Now regenerate SELinux policy so that postprocess scripts from users and from us
 +         * (e.g. the /etc/default/useradd incision) that affect it are baked in. */
 +        rust::Vec child_argv = { rust::String ("semodule"), rust::String ("-nB") };
 +        ROSCXX_TRY (bubblewrap_run_sync (rootfs_dfd, child_argv, false, (bool)unified_core_mode),
 +                    error);
 +      }
 +
 +      /* Temporary workaround for https://github.com/openshift/os/issues/1036. */
 +      {
 +        rust::Vec child_argv = { rust::String ("semodule"), rust::String ("-n"),
 +                                 rust::String ("--rebuild-if-modules-changed") };
 +        ROSCXX_TRY (bubblewrap_run_sync (rootfs_dfd, child_argv, false, (bool)unified_core_mode),
 +                    error);
 +      }
     }
   auto container = treefile.get_container ();
 diff --git a/tests/kolainst/nondestructive/misc.sh b/tests/kolainst/nondestructive/misc.sh
 index f98a13f0..e43dc87d 100755
 --- a/tests/kolainst/nondestructive/misc.sh
 +++ b/tests/kolainst/nondestructive/misc.sh
@@ -7,6 +7,11 @@ cd $(mktemp -d)
 libtest_prepare_offline
 libtest_enable_repover 0
 +# Sanity-check the policy isn't marked as modified
 +if ostree admin config-diff | grep 'selinux/targeted/policy'; then
 +    assert_not_reached "selinux policy is marked as modified"
 +fi
 +
 # Ensure multicall is correctly set up and working.
 R_O_DIGEST=$(sha512sum $(which rpm-ostree) | cut -d' ' -f1)
 O_C_DIGEST=$(sha512sum $(which /usr/libexec/libostree/ext/ostree-container) | cut -d' ' -f1)
 -- 
 2.38.1
--- a/0001-util-Fix-fpermissive-warning.patch
+++ b/0001-util-Fix-fpermissive-warning.patch
@ -1,27 +0,0 @@
 From 724b7405064b37410e67cd309e2862bc22d95fde Mon Sep 17 00:00:00 2001
 From: Colin Walters <walters@verbum.org>
 Date: Tue, 1 Nov 2022 16:06:20 -0400
 Subject: [PATCH] util: Fix `-fpermissive` warning
 This seems to only be happening with newer gcc (or something
 in the glib2 headers changed?).
 ---
 src/libpriv/rpmostree-util.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/libpriv/rpmostree-util.cxx b/src/libpriv/rpmostree-util.cxx
 index 623475fe..438511a7 100644
 --- a/src/libpriv/rpmostree-util.cxx
 +++ b/src/libpriv/rpmostree-util.cxx
@@ -436,7 +436,7 @@ rpmostree_str_ptrarray_contains (GPtrArray *strs, const char *str)
   guint n = strs->len;
   for (guint i = 0; i < n; i++)
     {
 -      if (g_str_equal (str, strs->pdata[i]))
 +      if (g_str_equal (str, (const char*)strs->pdata[i]))
         return TRUE;
     }
   return FALSE;
 -- 
 2.38.1
--- a/3
+++ b/3
@ -23,6 +23,9 @@ main() {
    local upstream
    upstream=$(get_parsed_spec_field URL)
    curl -Lo rpm-ostree.spec.new "$upstream/raw/main/packaging/rpm-ostree.spec.in"
    # remove dummy changelog from upstream spec
    sed -i -e '/%changelog/Q' rpm-ostree.spec.new
    # append real changelog to upstream spec
    sed -ne '/%changelog/,$ p' rpm-ostree.spec >> rpm-ostree.spec.new
    if [ -n "${KEEP_V_R}" ]; then
--- a/rpm-ostree.spec
+++ b/rpm-ostree.spec
@ -3,17 +3,14 @@
 Summary: Hybrid image/package system
 Name: rpm-ostree
-Version: 2022.15
+Version: 2022.16
-Release: 3%{?dist}
+Release: 1%{?dist}
 License: LGPLv2+
 URL: https://github.com/coreos/rpm-ostree
 # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
 # in the upstream git.  It also contains vendored Rust sources.
 Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
 Patch0: 0001-util-Fix-fpermissive-warning.patch
 Patch1: 0001-libpriv-postprocess-work-around-semanage-bug.patch
 ExclusiveArch: %{rust_arches}
 BuildRequires: make
@ -30,6 +27,13 @@ BuildRequires: rust
 # Embedded unit tests
 %bcond_with bin_unit_tests
 # This is copied from the libdnf spec
 %if 0%{?rhel} && ! 0%{?centos}
 %bcond_without rhsm
 %else
 %bcond_with rhsm
 %endif
 # RHEL (8,9) doesn't ship zchunk today.  Keep this in sync
 # with libdnf: https://gitlab.com/redhat/centos-stream/rpms/libdnf/-/blob/762f631e36d1e42c63a794882269d26c156b68c1/libdnf.spec#L45
 %if 0%{?rhel}
@ -98,6 +102,9 @@ BuildRequires:  pkgconfig(check)
 BuildRequires:  pkgconfig(gio-unix-2.0) >= 2.46.0
 BuildRequires:  pkgconfig(gtk-doc)
 BuildRequires:  rpm-devel >= 4.15.0
 %if %{with rhsm}
 BuildRequires:  pkgconfig(librhsm) >= 0.0.3
 %endif
 %if %{with zchunk}
 BuildRequires:  pkgconfig(zck) >= 0.9.11
 %endif
@ -108,11 +115,6 @@ BuildRequires:  pkgconfig(modulemd-2.0) >= %{libmodulemd_version}
 BuildRequires:  pkgconfig(smartcols)
 BuildRequires:  gettext
 BuildRequires:  gpgme-devel
 %if 0%{?rhel} <= 8
 # In current Fedora, this is a dependency of gpgme-devel, but
 # not in RHEL8.  Missing this package breaks -znow.
 BuildRequires:  libassuan-devel
 %endif
 Requires:       libmodulemd%{?_isa} >= %{libmodulemd_version}
 Requires:       libsolv%{?_isa} >= %{libsolv_version}
@ -122,6 +124,12 @@ Requires:       librepo%{?_isa} >= %{librepo_version}
 #                     end of libdnf build deps                          #
 #########################################################################
 %if 0%{?rhel} <= 8
 # In current Fedora, this is a dependency of gpgme-devel, but
 # not in RHEL8.  Missing this package breaks -znow.
 BuildRequires:  libassuan-devel
 %endif
 # For now...see https://github.com/projectatomic/rpm-ostree/pull/637
 # and https://github.com/fedora-infra/fedmsg-atomic-composer/pull/17
 # etc.  We'll drop this dependency at some point in the future when
@ -171,7 +179,8 @@ env NOCONFIGURE=1 ./autogen.sh
 %if 0%{?build_rustflags:1}
 export RUSTFLAGS="%{build_rustflags}"
 %endif
-%configure --disable-silent-rules --enable-gtk-doc %{?rpmdb_default} %{?with_sanitizers:--enable-sanitizers}  %{?with_bin_unit_tests:--enable-bin-unit-tests}
+%configure --disable-silent-rules --enable-gtk-doc %{?rpmdb_default} %{?with_sanitizers:--enable-sanitizers}  %{?with_bin_unit_tests:--enable-bin-unit-tests} \
  %{?with_rhsm:--enable-featuresrs=rhsm}
 %make_build
@ -236,7 +245,11 @@ $PYTHON autofiles.py > files.devel \
 %files libs -f files.lib
 %files devel -f files.devel
 %changelog
 * Fri Nov 18 2022 Jonathan Lebon <jonathan@jlebon.com> - 2022.16-1
 - https://github.com/coreos/rpm-ostree/releases/tag/v2022.16
 * Wed Nov 02 2022 Jonathan Lebon <jonathan@jlebon.com> - 2022.15-3
 - Backport semanage bug workaround
  https://github.com/coreos/rpm-ostree/pull/4122
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (rpm-ostree-2022.15.tar.xz) = e4d68964512a7694a5fcf019aac3fadf44e3280530b39730f2a27247bdac74f5ec8d19522c02f4ebb2cc22b41a385cccea7b8ba34a4421e746691b4787344f60
+SHA512 (rpm-ostree-2022.16.tar.xz) = eadfcb5e0f3ce97d5e4711e8a7db76d4470f528931cfd546657b11c47496154d25daad07bce6c33daeaa7f24e0e99972b41fc90a13133ac6f9facd8e53617325
`@ -1 +1 @@`
	`SHA512 (rpm-ostree-2022.15.tar.xz) = e4d68964512a7694a5fcf019aac3fadf44e3280530b39730f2a27247bdac74f5ec8d19522c02f4ebb2cc22b41a385cccea7b8ba34a4421e746691b4787344f60`	`SHA512 (rpm-ostree-2022.16.tar.xz) = eadfcb5e0f3ce97d5e4711e8a7db76d4470f528931cfd546657b11c47496154d25daad07bce6c33daeaa7f24e0e99972b41fc90a13133ac6f9facd8e53617325`