rpms/rpm-ostree
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import rpm-ostree-2019.6-8.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-04-28 05:33:29 -04:00 committed by Andrew Lukoshko
parent 3042a55ee7
commit f9181d7b50
12 changed files with 507 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/rpm-ostree-2019.3.tar.xz
SOURCES/rpm-ostree-2019.6.tar.xz

2
.rpm-ostree.metadata
View File

@ -1 +1 @@
982c3b335debe04763c0b0b8769f7e43229beebc SOURCES/rpm-ostree-2019.3.tar.xz
4394f32b43403577dd738675cbf8e28efbf8866f SOURCES/rpm-ostree-2019.6.tar.xz

35
SOURCES/0001-app-status-Fix-printf-format-string-for-32-bit.patch Normal file
View File

@ -0,0 +1,35 @@
From 08c98eda94381f0147af5783960121574043fa5a Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Wed, 25 Sep 2019 12:42:59 -0400
Subject: [PATCH] app/status: Fix printf format string for 32-bit
Hit this when compiling in Koji.
---
src/app/rpmostree-builtin-status.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/app/rpmostree-builtin-status.c b/src/app/rpmostree-builtin-status.c
index 2bc2c4b5..8b38fc83 100644
--- a/src/app/rpmostree-builtin-status.c
+++ b/src/app/rpmostree-builtin-status.c
@@ -1119,7 +1119,7 @@ fetch_history_deployment_gvariant (RORHistoryEntry *entry,
GError **error)
{
g_autofree char *fn =
- g_strdup_printf ("%s/%lu", RPMOSTREE_HISTORY_DIR, entry->deploy_timestamp);
+ g_strdup_printf ("%s/%" PRIu64, RPMOSTREE_HISTORY_DIR, entry->deploy_timestamp);
*out_deployment = NULL;
@@ -1165,7 +1165,7 @@ print_history_entry (RORHistoryEntry *entry,
print_timestamp_and_relative ("BootTimestamp", entry->last_boot_timestamp);
if (entry->boot_count > 1)
{
- g_print ("%s BootCount: %lu; first booted on ",
+ g_print ("%s BootCount: %" PRIu64 "; first booted on ",
libsd_special_glyph (TREE_RIGHT), entry->boot_count);
print_timestamp_and_relative (NULL, entry->first_boot_timestamp);
}
--
2.21.0

111
SOURCES/0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch Normal file
View File

@ -0,0 +1,111 @@
From 1675058768263b804148c7a737b00a480d6b32f8 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Wed, 26 Feb 2020 11:14:51 -0500
Subject: [PATCH] initramfs: Fix using local /etc when also replacing kernel
Instead of basing our decision to use the local `/etc` on whether we're
using `dracut --rebuild`, base it directly on a boolean parameter.
This is relevant in the client-side when initramfs regeneration is
requested as well as a kernel override. In such cases, we do want to use
the local `/etc`, but we'd skip that path because we didn't also use
`dracut --rebuild`.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1806588
---
src/daemon/rpmostree-sysroot-upgrader.c | 9 ++++++---
src/libpriv/rpmostree-kernel.c | 6 ++----
src/libpriv/rpmostree-kernel.h | 1 +
src/libpriv/rpmostree-postprocess.c | 2 +-
tests/vmcheck/test-override-kernel.sh | 9 +++++++++
5 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/src/daemon/rpmostree-sysroot-upgrader.c b/src/daemon/rpmostree-sysroot-upgrader.c
index e3f5acef..f84e20c6 100644
--- a/src/daemon/rpmostree-sysroot-upgrader.c
+++ b/src/daemon/rpmostree-sysroot-upgrader.c
@@ -1097,9 +1097,12 @@ perform_local_assembly (RpmOstreeSysrootUpgrader *self,
g_assert (kernel_state && kernel_path);
g_auto(GLnxTmpfile) initramfs_tmpf = { 0, };
- if (!rpmostree_run_dracut (self->tmprootfs_dfd, add_dracut_argv, kver,
- initramfs_path, NULL, &initramfs_tmpf,
- cancellable, error))
+ /* NB: We only use the real root's /etc if initramfs regeneration is explicitly
+ * requested. IOW, just replacing the kernel still gets use stock settings, like the
+ * server side. */
+ if (!rpmostree_run_dracut (self->tmprootfs_dfd, add_dracut_argv, kver, initramfs_path,
+ rpmostree_origin_get_regenerate_initramfs (self->origin),
+ NULL, &initramfs_tmpf, cancellable, error))
return FALSE;
if (!rpmostree_finalize_kernel (self->tmprootfs_dfd, bootdir, kver, kernel_path,
diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c
index d1f0c90c..a1e4546c 100644
--- a/src/libpriv/rpmostree-kernel.c
+++ b/src/libpriv/rpmostree-kernel.c
@@ -475,6 +475,7 @@ rpmostree_run_dracut (int rootfs_dfd,
const char *const* argv,
const char *kver,
const char *rebuild_from_initramfs,
+ gboolean use_root_etc,
GLnxTmpDir *dracut_host_tmpdir,
GLnxTmpfile *out_initramfs_tmpf,
GCancellable *cancellable,
@@ -562,10 +563,7 @@ rpmostree_run_dracut (int rootfs_dfd,
&tmpf, error))
goto out;
- /* If we're rebuilding, we use the *current* /etc so we pick up any modified
- * config files. Otherwise, we use the usr/etc defaults.
- */
- if (rebuild_from_initramfs)
+ if (use_root_etc)
{
bwrap = rpmostree_bwrap_new_base (rootfs_dfd, error);
if (!bwrap)
diff --git a/src/libpriv/rpmostree-kernel.h b/src/libpriv/rpmostree-kernel.h
index fb9d8a1b..32a36511 100644
--- a/src/libpriv/rpmostree-kernel.h
+++ b/src/libpriv/rpmostree-kernel.h
@@ -54,6 +54,7 @@ rpmostree_run_dracut (int rootfs_dfd,
const char *const* argv,
const char *kver,
const char *rebuild_from_initramfs,
+ gboolean use_root_etc,
GLnxTmpDir *dracut_host_tmpdir,
GLnxTmpfile *out_initramfs_tmpf,
GCancellable *cancellable,
diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c
index ce7424a1..186817be 100644
--- a/src/libpriv/rpmostree-postprocess.c
+++ b/src/libpriv/rpmostree-postprocess.c
@@ -447,7 +447,7 @@ process_kernel_and_initramfs (int rootfs_dfd,
return FALSE;
if (!rpmostree_run_dracut (rootfs_dfd,
(const char *const*)dracut_argv->pdata, kver,
- NULL, &dracut_host_tmpd,
+ NULL, FALSE, &dracut_host_tmpd,
&initramfs_tmpf, cancellable, error))
return FALSE;
/* No reason to have the initramfs not be world-readable since
diff --git a/tests/vmcheck/test-override-kernel.sh b/tests/vmcheck/test-override-kernel.sh
index 0e8c91b7..4bde242a 100755
--- a/tests/vmcheck/test-override-kernel.sh
+++ b/tests/vmcheck/test-override-kernel.sh
@@ -60,3 +60,12 @@ assert_streq "$(wc -l < modules-dirs.txt)" "2"
assert_file_has_content_literal modules-dirs.txt $kernel_release
echo "ok override kernel"
+
+# And check that we can regenerate the initramfs and include files from our /etc
+vm_cmd touch /etc/foobar.conf
+vm_rpmostree initramfs --enable --arg=-I --arg=/etc/foobar.conf
+newroot=$(vm_get_deployment_root 0)
+vm_cmd lsinitrd ${newroot}/usr/lib/modules/${kernel_release}/initramfs.img > lsinitrd.txt
+assert_file_has_content_literal lsinitrd.txt etc/foobar.conf
+
+echo "ok override kernel with custom initramfs args"
--
2.24.1

90
SOURCES/0001-kargs-Support-append-and-delete-simultaneously.patch Normal file
View File

@ -0,0 +1,90 @@
From f295f543064f1a0b5833fefccd6bb203b3527623 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sun, 17 Nov 2019 15:51:07 +0000
Subject: [PATCH] kargs: Support --append and --delete simultaneously
Code I wrote for the machine-config-operator expected it to
work, and I don't see a reason not to support it.
See https://github.com/openshift/machine-config-operator/issues/1265
---
src/app/rpmostree-builtin-kargs.c | 6 ------
src/daemon/rpmostreed-transaction-types.c | 20 ++++++++++----------
tests/vmcheck/test-kernel-args.sh | 9 +++++++++
3 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/src/app/rpmostree-builtin-kargs.c b/src/app/rpmostree-builtin-kargs.c
index 359df946..fcfb727a 100644
--- a/src/app/rpmostree-builtin-kargs.c
+++ b/src/app/rpmostree-builtin-kargs.c
@@ -196,12 +196,6 @@ rpmostree_builtin_kargs (int argc,
"Cannot specify both --delete and --replace");
return FALSE;
}
- if (opt_kernel_delete_strings && opt_kernel_append_strings)
- {
- g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
- "Cannot specify both --delete and --append");
- return FALSE;
- }
if (opt_import_proc_cmdline && opt_deploy_index)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT,
diff --git a/src/daemon/rpmostreed-transaction-types.c b/src/daemon/rpmostreed-transaction-types.c
index bc62b6c4..da432b83 100644
--- a/src/daemon/rpmostreed-transaction-types.c
+++ b/src/daemon/rpmostreed-transaction-types.c
@@ -2449,20 +2449,20 @@ kernel_arg_transaction_execute (RpmostreedTransaction *transaction,
return FALSE;
}
}
- else
+
+ if (self->kernel_args_replaced)
{
- if (self->kernel_args_replaced)
+ for (char **iter = self->kernel_args_replaced; iter && *iter; iter++)
{
- for (char **iter = self->kernel_args_replaced; iter && *iter; iter++)
- {
- const char *arg = *iter;
- if (!ostree_kernel_args_new_replace (kargs, arg, error))
- return FALSE;
- }
+ const char *arg = *iter;
+ if (!ostree_kernel_args_new_replace (kargs, arg, error))
+ return FALSE;
}
+ }
- if (self->kernel_args_added)
- ostree_kernel_args_append_argv (kargs, self->kernel_args_added);
+ if (self->kernel_args_added)
+ {
+ ostree_kernel_args_append_argv (kargs, self->kernel_args_added);
}
/* After all the arguments are processed earlier, we convert it to a string list*/
diff --git a/tests/vmcheck/test-kernel-args.sh b/tests/vmcheck/test-kernel-args.sh
index 570d986a..ca105ae3 100755
--- a/tests/vmcheck/test-kernel-args.sh
+++ b/tests/vmcheck/test-kernel-args.sh
@@ -48,6 +48,15 @@ assert_file_has_content_literal kargs.txt 'FOO=BAR'
assert_file_has_content_literal kargs.txt 'APPENDARG=VALAPPEND APPENDARG=2NDAPPEND'
echo "ok kargs append"
+# Ensure the result flows through with rpm-ostree kargs
+vm_rpmostree kargs --append=APPENDARG=3RDAPPEND --delete=APPENDARG=VALAPPEND
+vm_rpmostree kargs > kargs.txt
+assert_not_file_has_content kargs.txt 'APPENDARG=VALAPPEND'
+assert_file_has_content_literal kargs.txt 'APPENDARG=3RDAPPEND'
+# And reset to previous state
+vm_rpmostree cleanup -p
+echo "ok kargs append and delete"
+
# Test for rpm-ostree kargs delete
vm_kargs_now kargs --delete FOO
vm_cmd grep ^options /boot/loader/entries/ostree-2-$osname.conf > tmp_conf.txt
--
2.24.1

47
SOURCES/0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch Normal file
View File

@ -0,0 +1,47 @@
From 6aa496e3128321f911dae10bf1a0f32c5e9a11fd Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Tue, 29 Oct 2019 16:38:56 -0400
Subject: [PATCH 1/2] libpriv/kernel: Use g_build_filename instead of
g_strconcat
It's much easier to mess up with the latter than the former when
building filenames. There's a bunch more all over the codebase; just did
this bit to be consistent with the next commit which also uses it.
---
src/libpriv/rpmostree-kernel.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c
index 9eb052bd..2266f9c7 100644
--- a/src/libpriv/rpmostree-kernel.c
+++ b/src/libpriv/rpmostree-kernel.c
@@ -353,7 +353,7 @@ rpmostree_finalize_kernel (int rootfs_dfd,
GError **error)
{
const char slash_bootdir[] = "boot";
- g_autofree char *modules_bootdir = g_strconcat ("usr/lib/modules/", kver, NULL);
+ g_autofree char *modules_bootdir = g_build_filename ("usr/lib/modules", kver, NULL);
/* Calculate the sha256sum of the kernel+initramfs (called the "boot
* checksum"). We checksum the initramfs from the tmpfile fd (via mmap()) to
@@ -371,7 +371,7 @@ rpmostree_finalize_kernel (int rootfs_dfd,
}
const char *boot_checksum_str = g_checksum_get_string (boot_checksum);
- g_autofree char *kernel_modules_path = g_strconcat (modules_bootdir, "/vmlinuz", NULL);;
+ g_autofree char *kernel_modules_path = g_build_filename (modules_bootdir, "vmlinuz", NULL);
/* It's possible the bootdir is already the modules directory; in that case,
* we don't need to rename.
*/
@@ -394,7 +394,7 @@ rpmostree_finalize_kernel (int rootfs_dfd,
}
/* Replace the initramfs */
- g_autofree char *initramfs_modules_path = g_strconcat (modules_bootdir, "/initramfs.img", NULL);
+ g_autofree char *initramfs_modules_path = g_build_filename (modules_bootdir, "initramfs.img", NULL);
if (unlinkat (rootfs_dfd, initramfs_modules_path, 0) < 0)
{
if (errno != ENOENT)
--
2.21.0

43
SOURCES/0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch Normal file
View File

@ -0,0 +1,43 @@
From 3b8a1ec6c400a4e5af0f7f5889b360d2ed16f572 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Tue, 3 Dec 2019 21:36:40 -0500
Subject: [PATCH] libpriv/kernel: add cap_mknod to dracut run
A lot of history with this. But essentially, dracut tries to `mknod` a
few character devices like `/dev/random` and `/dev/urandom` and fails.
We originally blocked `cap_mknod` because, well, `%post` scripts don't
really need to do that, and it would get wiped anyway. But there is a
use case for dracut's CPIO: we want `/dev/*random` to be available in
early boot *before* systemd even mounts `devtmpfs` because libgcrypt as
part of its constructor-time selftests in FIPS mode wants to read from
there.
For more fun, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1778940
https://bugzilla.redhat.com/show_bug.cgi?id=1401444
https://bugzilla.redhat.com/show_bug.cgi?id=1380866
---
src/libpriv/rpmostree-kernel.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c
index 2bea504c..a7fffcb6 100644
--- a/src/libpriv/rpmostree-kernel.c
+++ b/src/libpriv/rpmostree-kernel.c
@@ -564,6 +564,12 @@ rpmostree_run_dracut (int rootfs_dfd,
rpmostree_bwrap_bind_read (bwrap, "usr", "/usr");
}
+ /* Need to let dracut create devices like /dev/urandom:
+ * https://bugzilla.redhat.com/show_bug.cgi?id=1778940
+ * https://bugzilla.redhat.com/show_bug.cgi?id=1401444
+ * https://bugzilla.redhat.com/show_bug.cgi?id=1380866 */
+ rpmostree_bwrap_append_bwrap_argv (bwrap, "--cap-add", "cap_mknod", NULL);
+
if (dracut_host_tmpdir)
rpmostree_bwrap_bind_readwrite (bwrap, dracut_host_tmpdir->path, "/tmp/dracut");
--
2.23.0

69
SOURCES/0001-rebase-Support-identical-checksum-rebases.patch
View File

@ -1,69 +0,0 @@
From 76ae779635afcd3984dedc57fa7c0e80c6410bba Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 29 Mar 2019 14:39:34 +0000
Subject: [PATCH] rebase: Support identical checksum rebases
Change things to only throw this error for non-checksum rebases; for
RHEL CoreOS + https://github.com/openshift/pivot/
we've had it happen that the same ostree commit can end up
in separate oscontainers. We want to support changing
the custom origin that might point to the same commit.
---
src/daemon/rpmostreed-transaction-types.c | 12 +++++++++---
src/daemon/rpmostreed-utils.c | 10 ----------
2 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/src/daemon/rpmostreed-transaction-types.c b/src/daemon/rpmostreed-transaction-types.c
index 9edfeecb..86112d1b 100644
--- a/src/daemon/rpmostreed-transaction-types.c
+++ b/src/daemon/rpmostreed-transaction-types.c
@@ -100,9 +100,6 @@ change_origin_refspec (GVariantDict *options,
error))
return FALSE;
- if (strcmp (current_refspec, new_refspec) == 0)
- return glnx_throw (error, "Old and new refs are equal: %s", new_refspec);
-
/* Re-classify after canonicalization to ensure we handle TYPE_CHECKSUM */
if (!rpmostree_refspec_classify (new_refspec, &refspectype, &refspecdata, error))
return FALSE;
@@ -128,6 +125,15 @@ change_origin_refspec (GVariantDict *options,
}
else
{
+ /* We only throw this error for non-checksum rebases; for
+ * RHEL CoreOS + https://github.com/openshift/pivot/
+ * we've had it happen that the same ostree commit can end up
+ * in separate oscontainers. We want to support changing
+ * the custom origin that might point to the same commit.
+ */
+ if (strcmp (current_refspec, new_refspec) == 0)
+ return glnx_throw (error, "Old and new refs are equal: %s", new_refspec);
+
if (!rpmostree_origin_set_rebase (origin, new_refspec, error))
return FALSE;
}
diff --git a/src/daemon/rpmostreed-utils.c b/src/daemon/rpmostreed-utils.c
index 686965a3..19b45a01 100644
--- a/src/daemon/rpmostreed-utils.c
+++ b/src/daemon/rpmostreed-utils.c
@@ -202,16 +202,6 @@ rpmostreed_refspec_parse_partial (const gchar *new_provided_refspec,
}
}
- if (g_strcmp0 (origin_remote, remote) == 0 &&
- g_strcmp0 (origin_ref, ref) == 0)
- {
- g_set_error (error, RPM_OSTREED_ERROR,
- RPM_OSTREED_ERROR_INVALID_REFSPEC,
- "Old and new refs are equal: %s:%s",
- remote, ref);
- return FALSE;
- }
-
if (remote == NULL)
*out_refspec = g_steal_pointer (&ref);
else
--
2.20.1

29
SOURCES/0001-status-Quote-initramfs-args-if-necessary.patch Normal file
View File

@ -0,0 +1,29 @@
From 14701be788420dcd8b1ed4be0e031bc034627e9c Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Wed, 26 Feb 2020 11:14:50 -0500
Subject: [PATCH] status: Quote initramfs args if necessary
E.g. if it contains spaces as is the case when one does
`rpm-ostree initramfs --arg=-I --arg='/file1 /file2'`.
---
src/app/rpmostree-builtin-status.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/app/rpmostree-builtin-status.c b/src/app/rpmostree-builtin-status.c
index 8b38fc83..09dcd94a 100644
--- a/src/app/rpmostree-builtin-status.c
+++ b/src/app/rpmostree-builtin-status.c
@@ -856,7 +856,9 @@ print_one_deployment (RPMOSTreeSysroot *sysroot_proxy,
for (char **iter = initramfs_args; iter && *iter; iter++)
{
- g_string_append (buf, *iter);
+ const char *arg = *iter;
+ g_autofree char *quoted = rpmostree_maybe_shell_quote (arg);
+ g_string_append (buf, quoted ?: arg);
g_string_append_c (buf, ' ');
}
if (buf->len == 0)
--
2.24.1

43
SOURCES/0001-unpacker-Build-with-older-libarchive-without-zstd.patch Normal file
View File

@ -0,0 +1,43 @@
From 11ee20c1cdcc7a76d9e1047e8063b8349a6c6da6 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 15 Oct 2019 15:16:06 +0000
Subject: [PATCH] unpacker: Build with older libarchive without zstd
It's not in RHEL8.1, and I'm trying to rebase rpm-ostree.
---
configure.ac | 4 ++++
src/libpriv/rpmostree-unpacker-core.c | 2 ++
2 files changed, 6 insertions(+)
diff --git a/configure.ac b/configure.ac
index 873dc6b9..a0c5cce4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -122,6 +122,10 @@ dnl bundled libdnf
PKGDEP_RPMOSTREE_CFLAGS="-I $(pwd)/libdnf -I $(pwd)/libdnf-build $PKGDEP_RPMOSTREE_CFLAGS"
PKGDEP_RPMOSTREE_LIBS="-L$(pwd)/libdnf-build/libdnf -ldnf $PKGDEP_RPMOSTREE_LIBS"
+dnl RHEL8.1 has old libarchive
+AS_IF([pkg-config --atleast-version=3.3.3 libarchive],
+ [AC_DEFINE([HAVE_LIBARCHIVE_ZSTD], 1, [Define if we have libarchive with zstd])])
+
dnl This is the current version in Fedora 25.
AS_IF([pkg-config --atleast-version=4.14.2 rpm], [], [AC_MSG_ERROR([librpm 4.14.2 required])])
diff --git a/src/libpriv/rpmostree-unpacker-core.c b/src/libpriv/rpmostree-unpacker-core.c
index 3bd574a4..2d741b1e 100644
--- a/src/libpriv/rpmostree-unpacker-core.c
+++ b/src/libpriv/rpmostree-unpacker-core.c
@@ -74,7 +74,9 @@ rpmostree_unpack_rpm2cpio (int fd, GError **error)
archive_read_support_filter_gzip,
archive_read_support_filter_xz,
archive_read_support_filter_bzip2,
+#ifdef HAVE_LIBARCHIVE_ZSTD
archive_read_support_filter_zstd,
+#endif
archive_read_support_format_cpio };
for (i = 0; i < G_N_ELEMENTS (archive_setup_funcs); i++)
--
2.21.0

66
SOURCES/0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch Normal file
View File

@ -0,0 +1,66 @@
From fec61ce5778910bac7779191ee8deeb0a24593c8 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Tue, 29 Oct 2019 16:40:39 -0400
Subject: [PATCH 2/2] libpriv/kernel: Hack around vmlinuz path in HMAC file
As mentioned in the comment block:
```
If there's an HMAC file, fix the path to the kernel in it to be
relative. Right now, the kernel spec encodes `/boot/vmlinux-$kver`,
which of course not going to work for us. We should work towards making
this change directly into the kernel spec.
```
For background, see this comment and following:
https://github.com/ostreedev/ostree/pull/1962#issuecomment-547488164
---
src/libpriv/rpmostree-kernel.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c
index 2266f9c7..2bea504c 100644
--- a/src/libpriv/rpmostree-kernel.c
+++ b/src/libpriv/rpmostree-kernel.c
@@ -393,6 +393,38 @@ rpmostree_finalize_kernel (int rootfs_dfd,
return glnx_throw_errno_prefix (error, "linkat(%s)", kernel_modules_path);
}
+ /* If there's an HMAC file, fix the path to the kernel in it to be relative. Right now,
+ * the kernel spec encodes `/boot/vmlinux-$kver`, which of course not going to work for
+ * us. We should work towards making this change directly into the kernel spec. */
+ g_autofree char *hmac_path = g_build_filename (modules_bootdir, ".vmlinuz.hmac", NULL);
+ if (!glnx_fstatat_allow_noent (rootfs_dfd, hmac_path, NULL, 0, error))
+ return FALSE;
+ if (errno == 0)
+ {
+ g_autofree char *contents = glnx_file_get_contents_utf8_at (rootfs_dfd, hmac_path,
+ NULL, cancellable, error);
+ if (contents == NULL)
+ return FALSE;
+
+ /* rather than trying to parse and understand the *sum format, just hackily replace */
+ g_autofree char *old_path = g_strconcat (" /boot/vmlinuz-", kver, NULL);
+ g_autofree char *new_path = g_strconcat (" vmlinuz-", kver, NULL);
+ g_autofree char *new_contents =
+ rpmostree_str_replace (contents, old_path, new_path, error);
+ if (!new_contents)
+ return FALSE;
+
+ /* sanity check there are no '/' in there; that way too we just error out if the path
+ * or format changes (but really, this should be a temporary hack...) */
+ if (strchr (new_contents, '/') != 0)
+ return glnx_throw (error, "Unexpected / in .vmlinuz.hmac: %s", new_contents);
+
+ if (!glnx_file_replace_contents_at (rootfs_dfd, hmac_path,
+ (guint8*)new_contents, -1, 0,
+ cancellable, error))
+ return FALSE;
+ }
+
/* Replace the initramfs */
g_autofree char *initramfs_modules_path = g_build_filename (modules_bootdir, "initramfs.img", NULL);
if (unlinkat (rootfs_dfd, initramfs_modules_path, 0) < 0)
--
2.21.0

48
SPECS/rpm-ostree.spec
View File

@ -1,15 +1,26 @@
# The canonical copy of this spec file is upstream at:
# https://github.com/projectatomic/rpm-ostree/blob/master/packaging/rpm-ostree.spec.in
Summary: Hybrid image/package system
Name: rpm-ostree
Version: 2019.3
Release: 3%{?dist}
Version: 2019.6
Release: 8%{?dist}
#VCS: https://github.com/cgwalters/rpm-ostree
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
# in the upstream git. If rust is enabled, it contains vendored sources.
Source0: rpm-ostree-%{version}.tar.xz
Patch0: 0001-rebase-Support-identical-checksum-rebases.patch
License: LGPLv2+
URL: https://github.com/projectatomic/rpm-ostree
Patch0: 0001-app-status-Fix-printf-format-string-for-32-bit.patch
Patch1: 0001-unpacker-Build-with-older-libarchive-without-zstd.patch
Patch2: 0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch
Patch3: 0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch
Patch4: 0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch
Patch5: 0001-kargs-Support-append-and-delete-simultaneously.patch
Patch6: 0001-status-Quote-initramfs-args-if-necessary.patch
Patch7: 0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch
%if !%{defined rust_arches}
# It's not defined yet in the base CentOS7 root
%define rust_arches x86_64 i686 armv7hl aarch64 ppc64 ppc64le s390x
@ -37,7 +48,7 @@ BuildRequires: gnome-common
BuildRequires: /usr/bin/g-ir-scanner
# Core requirements
# One way to check this: `objdump -p /path/to/rpm-ostree | grep LIBOSTREE` and pick the highest (though that might miss e.g. new struct members)
BuildRequires: pkgconfig(ostree-1) >= 2018.9
BuildRequires: pkgconfig(ostree-1) >= 2019.2
BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(json-glib-1.0)
BuildRequires: pkgconfig(rpm)
@ -79,7 +90,7 @@ BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(smartcols)
BuildRequires: gpgme-devel
Requires: libmodulemd%{?_isa} >= %{libmodulemd_version}
Requires: libmodulemd1%{?_isa} >= %{libmodulemd_version}
# For now...see https://github.com/projectatomic/rpm-ostree/pull/637
# and https://github.com/fedora-infra/fedmsg-atomic-composer/pull/17
@ -154,7 +165,7 @@ $PYTHON autofiles.py > files \
'%{_bindir}/*' \
'%{_libdir}/%{name}' \
'%{_mandir}/man*/*' \
'%{_sysconfdir}/dbus-1/system.d/*' \
'%{_datadir}/dbus-1/system.d/*' \
'%{_sysconfdir}/rpm-ostreed.conf' \
'%{_prefix}/lib/systemd/system/*' \
'%{_libexecdir}/rpm-ostree*' \
@ -175,13 +186,36 @@ $PYTHON autofiles.py > files.devel \
'%{_datadir}/gir-1.0/*-1.0.gir'
%files -f files
%doc COPYING README.md
%doc COPYING.GPL COPYING.LGPL LICENSE README.md
%files libs -f files.lib
%files devel -f files.devel
%changelog
* Tue Mar 03 2020 Colin Walters <walters@verbum.org> - 2019.6-8
- Backport patches for initramfs /etc
Resolves: #1808459
* Thu Feb 27 2020 Colin Walters <walters@verbum.org> - 2019.6-7
- Backport f295f543064f1a0b5833fefccd6bb203b3527623
Resolves: #1807487
* Thu Dec 05 2019 Jonathan Lebon <jlebon@redhat.com> - 2019.6-6
- Backport dracut mknod patch for FIPS:
https://github.com/coreos/rpm-ostree/pull/1946
* Thu Oct 31 2019 Jonathan Lebon <jlebon@redhat.com> - 2019.6-5
- Backport HMAC patch for FIPS:
https://github.com/coreos/rpm-ostree/pull/1934
* Fri Oct 18 2019 Colin Walters <walters@verbum.org> - 2019.6-4
- Backport zchunk patch
* Tue Oct 15 2019 Colin Walters <walters@verbum.org> - 2019.6-3
- https://github.com/coreos/rpm-ostree/releases/tag/v20196
- Backport zstd patch
* Fri May 17 2019 Jonathan Lebon <jlebon@redhat.com> - 2019.3-3
- Rebuild for rhel-8.1.0 branch