From f9181d7b508d3f2fc44f355e88dd2369bd8fbc0b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Apr 2020 05:33:29 -0400 Subject: [PATCH] import rpm-ostree-2019.6-8.el8 --- .gitignore | 2 +- .rpm-ostree.metadata | 2 +- ...-Fix-printf-format-string-for-32-bit.patch | 35 ++++++ ...ing-local-etc-when-also-replacing-ke.patch | 111 ++++++++++++++++++ ...ort-append-and-delete-simultaneously.patch | 90 ++++++++++++++ ...se-g_build_filename-instead-of-g_str.patch | 47 ++++++++ ...v-kernel-add-cap_mknod-to-dracut-run.patch | 43 +++++++ ...e-Support-identical-checksum-rebases.patch | 69 ----------- ...us-Quote-initramfs-args-if-necessary.patch | 29 +++++ ...d-with-older-libarchive-without-zstd.patch | 43 +++++++ ...ack-around-vmlinuz-path-in-HMAC-file.patch | 66 +++++++++++ SPECS/rpm-ostree.spec | 48 ++++++-- 12 files changed, 507 insertions(+), 78 deletions(-) create mode 100644 SOURCES/0001-app-status-Fix-printf-format-string-for-32-bit.patch create mode 100644 SOURCES/0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch create mode 100644 SOURCES/0001-kargs-Support-append-and-delete-simultaneously.patch create mode 100644 SOURCES/0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch create mode 100644 SOURCES/0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch delete mode 100644 SOURCES/0001-rebase-Support-identical-checksum-rebases.patch create mode 100644 SOURCES/0001-status-Quote-initramfs-args-if-necessary.patch create mode 100644 SOURCES/0001-unpacker-Build-with-older-libarchive-without-zstd.patch create mode 100644 SOURCES/0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch diff --git a/.gitignore b/.gitignore index 0df9088..1d8d3e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/rpm-ostree-2019.3.tar.xz +SOURCES/rpm-ostree-2019.6.tar.xz diff --git a/.rpm-ostree.metadata b/.rpm-ostree.metadata index d703be9..bb08118 100644 --- a/.rpm-ostree.metadata +++ b/.rpm-ostree.metadata @@ -1 +1 @@ -982c3b335debe04763c0b0b8769f7e43229beebc SOURCES/rpm-ostree-2019.3.tar.xz +4394f32b43403577dd738675cbf8e28efbf8866f SOURCES/rpm-ostree-2019.6.tar.xz diff --git a/SOURCES/0001-app-status-Fix-printf-format-string-for-32-bit.patch b/SOURCES/0001-app-status-Fix-printf-format-string-for-32-bit.patch new file mode 100644 index 0000000..a48c3ed --- /dev/null +++ b/SOURCES/0001-app-status-Fix-printf-format-string-for-32-bit.patch @@ -0,0 +1,35 @@ +From 08c98eda94381f0147af5783960121574043fa5a Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Wed, 25 Sep 2019 12:42:59 -0400 +Subject: [PATCH] app/status: Fix printf format string for 32-bit + +Hit this when compiling in Koji. +--- + src/app/rpmostree-builtin-status.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/app/rpmostree-builtin-status.c b/src/app/rpmostree-builtin-status.c +index 2bc2c4b5..8b38fc83 100644 +--- a/src/app/rpmostree-builtin-status.c ++++ b/src/app/rpmostree-builtin-status.c +@@ -1119,7 +1119,7 @@ fetch_history_deployment_gvariant (RORHistoryEntry *entry, + GError **error) + { + g_autofree char *fn = +- g_strdup_printf ("%s/%lu", RPMOSTREE_HISTORY_DIR, entry->deploy_timestamp); ++ g_strdup_printf ("%s/%" PRIu64, RPMOSTREE_HISTORY_DIR, entry->deploy_timestamp); + + *out_deployment = NULL; + +@@ -1165,7 +1165,7 @@ print_history_entry (RORHistoryEntry *entry, + print_timestamp_and_relative ("BootTimestamp", entry->last_boot_timestamp); + if (entry->boot_count > 1) + { +- g_print ("%s BootCount: %lu; first booted on ", ++ g_print ("%s BootCount: %" PRIu64 "; first booted on ", + libsd_special_glyph (TREE_RIGHT), entry->boot_count); + print_timestamp_and_relative (NULL, entry->first_boot_timestamp); + } +-- +2.21.0 + diff --git a/SOURCES/0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch b/SOURCES/0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch new file mode 100644 index 0000000..fc9b177 --- /dev/null +++ b/SOURCES/0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch @@ -0,0 +1,111 @@ +From 1675058768263b804148c7a737b00a480d6b32f8 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Wed, 26 Feb 2020 11:14:51 -0500 +Subject: [PATCH] initramfs: Fix using local /etc when also replacing kernel + +Instead of basing our decision to use the local `/etc` on whether we're +using `dracut --rebuild`, base it directly on a boolean parameter. + +This is relevant in the client-side when initramfs regeneration is +requested as well as a kernel override. In such cases, we do want to use +the local `/etc`, but we'd skip that path because we didn't also use +`dracut --rebuild`. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1806588 +--- + src/daemon/rpmostree-sysroot-upgrader.c | 9 ++++++--- + src/libpriv/rpmostree-kernel.c | 6 ++---- + src/libpriv/rpmostree-kernel.h | 1 + + src/libpriv/rpmostree-postprocess.c | 2 +- + tests/vmcheck/test-override-kernel.sh | 9 +++++++++ + 5 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/src/daemon/rpmostree-sysroot-upgrader.c b/src/daemon/rpmostree-sysroot-upgrader.c +index e3f5acef..f84e20c6 100644 +--- a/src/daemon/rpmostree-sysroot-upgrader.c ++++ b/src/daemon/rpmostree-sysroot-upgrader.c +@@ -1097,9 +1097,12 @@ perform_local_assembly (RpmOstreeSysrootUpgrader *self, + g_assert (kernel_state && kernel_path); + + g_auto(GLnxTmpfile) initramfs_tmpf = { 0, }; +- if (!rpmostree_run_dracut (self->tmprootfs_dfd, add_dracut_argv, kver, +- initramfs_path, NULL, &initramfs_tmpf, +- cancellable, error)) ++ /* NB: We only use the real root's /etc if initramfs regeneration is explicitly ++ * requested. IOW, just replacing the kernel still gets use stock settings, like the ++ * server side. */ ++ if (!rpmostree_run_dracut (self->tmprootfs_dfd, add_dracut_argv, kver, initramfs_path, ++ rpmostree_origin_get_regenerate_initramfs (self->origin), ++ NULL, &initramfs_tmpf, cancellable, error)) + return FALSE; + + if (!rpmostree_finalize_kernel (self->tmprootfs_dfd, bootdir, kver, kernel_path, +diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c +index d1f0c90c..a1e4546c 100644 +--- a/src/libpriv/rpmostree-kernel.c ++++ b/src/libpriv/rpmostree-kernel.c +@@ -475,6 +475,7 @@ rpmostree_run_dracut (int rootfs_dfd, + const char *const* argv, + const char *kver, + const char *rebuild_from_initramfs, ++ gboolean use_root_etc, + GLnxTmpDir *dracut_host_tmpdir, + GLnxTmpfile *out_initramfs_tmpf, + GCancellable *cancellable, +@@ -562,10 +563,7 @@ rpmostree_run_dracut (int rootfs_dfd, + &tmpf, error)) + goto out; + +- /* If we're rebuilding, we use the *current* /etc so we pick up any modified +- * config files. Otherwise, we use the usr/etc defaults. +- */ +- if (rebuild_from_initramfs) ++ if (use_root_etc) + { + bwrap = rpmostree_bwrap_new_base (rootfs_dfd, error); + if (!bwrap) +diff --git a/src/libpriv/rpmostree-kernel.h b/src/libpriv/rpmostree-kernel.h +index fb9d8a1b..32a36511 100644 +--- a/src/libpriv/rpmostree-kernel.h ++++ b/src/libpriv/rpmostree-kernel.h +@@ -54,6 +54,7 @@ rpmostree_run_dracut (int rootfs_dfd, + const char *const* argv, + const char *kver, + const char *rebuild_from_initramfs, ++ gboolean use_root_etc, + GLnxTmpDir *dracut_host_tmpdir, + GLnxTmpfile *out_initramfs_tmpf, + GCancellable *cancellable, +diff --git a/src/libpriv/rpmostree-postprocess.c b/src/libpriv/rpmostree-postprocess.c +index ce7424a1..186817be 100644 +--- a/src/libpriv/rpmostree-postprocess.c ++++ b/src/libpriv/rpmostree-postprocess.c +@@ -447,7 +447,7 @@ process_kernel_and_initramfs (int rootfs_dfd, + return FALSE; + if (!rpmostree_run_dracut (rootfs_dfd, + (const char *const*)dracut_argv->pdata, kver, +- NULL, &dracut_host_tmpd, ++ NULL, FALSE, &dracut_host_tmpd, + &initramfs_tmpf, cancellable, error)) + return FALSE; + /* No reason to have the initramfs not be world-readable since +diff --git a/tests/vmcheck/test-override-kernel.sh b/tests/vmcheck/test-override-kernel.sh +index 0e8c91b7..4bde242a 100755 +--- a/tests/vmcheck/test-override-kernel.sh ++++ b/tests/vmcheck/test-override-kernel.sh +@@ -60,3 +60,12 @@ assert_streq "$(wc -l < modules-dirs.txt)" "2" + assert_file_has_content_literal modules-dirs.txt $kernel_release + + echo "ok override kernel" ++ ++# And check that we can regenerate the initramfs and include files from our /etc ++vm_cmd touch /etc/foobar.conf ++vm_rpmostree initramfs --enable --arg=-I --arg=/etc/foobar.conf ++newroot=$(vm_get_deployment_root 0) ++vm_cmd lsinitrd ${newroot}/usr/lib/modules/${kernel_release}/initramfs.img > lsinitrd.txt ++assert_file_has_content_literal lsinitrd.txt etc/foobar.conf ++ ++echo "ok override kernel with custom initramfs args" +-- +2.24.1 + diff --git a/SOURCES/0001-kargs-Support-append-and-delete-simultaneously.patch b/SOURCES/0001-kargs-Support-append-and-delete-simultaneously.patch new file mode 100644 index 0000000..e0aa499 --- /dev/null +++ b/SOURCES/0001-kargs-Support-append-and-delete-simultaneously.patch @@ -0,0 +1,90 @@ +From f295f543064f1a0b5833fefccd6bb203b3527623 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Sun, 17 Nov 2019 15:51:07 +0000 +Subject: [PATCH] kargs: Support --append and --delete simultaneously + +Code I wrote for the machine-config-operator expected it to +work, and I don't see a reason not to support it. + +See https://github.com/openshift/machine-config-operator/issues/1265 +--- + src/app/rpmostree-builtin-kargs.c | 6 ------ + src/daemon/rpmostreed-transaction-types.c | 20 ++++++++++---------- + tests/vmcheck/test-kernel-args.sh | 9 +++++++++ + 3 files changed, 19 insertions(+), 16 deletions(-) + +diff --git a/src/app/rpmostree-builtin-kargs.c b/src/app/rpmostree-builtin-kargs.c +index 359df946..fcfb727a 100644 +--- a/src/app/rpmostree-builtin-kargs.c ++++ b/src/app/rpmostree-builtin-kargs.c +@@ -196,12 +196,6 @@ rpmostree_builtin_kargs (int argc, + "Cannot specify both --delete and --replace"); + return FALSE; + } +- if (opt_kernel_delete_strings && opt_kernel_append_strings) +- { +- g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, +- "Cannot specify both --delete and --append"); +- return FALSE; +- } + if (opt_import_proc_cmdline && opt_deploy_index) + { + g_set_error (error, G_IO_ERROR, G_IO_ERROR_INVALID_ARGUMENT, +diff --git a/src/daemon/rpmostreed-transaction-types.c b/src/daemon/rpmostreed-transaction-types.c +index bc62b6c4..da432b83 100644 +--- a/src/daemon/rpmostreed-transaction-types.c ++++ b/src/daemon/rpmostreed-transaction-types.c +@@ -2449,20 +2449,20 @@ kernel_arg_transaction_execute (RpmostreedTransaction *transaction, + return FALSE; + } + } +- else ++ ++ if (self->kernel_args_replaced) + { +- if (self->kernel_args_replaced) ++ for (char **iter = self->kernel_args_replaced; iter && *iter; iter++) + { +- for (char **iter = self->kernel_args_replaced; iter && *iter; iter++) +- { +- const char *arg = *iter; +- if (!ostree_kernel_args_new_replace (kargs, arg, error)) +- return FALSE; +- } ++ const char *arg = *iter; ++ if (!ostree_kernel_args_new_replace (kargs, arg, error)) ++ return FALSE; + } ++ } + +- if (self->kernel_args_added) +- ostree_kernel_args_append_argv (kargs, self->kernel_args_added); ++ if (self->kernel_args_added) ++ { ++ ostree_kernel_args_append_argv (kargs, self->kernel_args_added); + } + + /* After all the arguments are processed earlier, we convert it to a string list*/ +diff --git a/tests/vmcheck/test-kernel-args.sh b/tests/vmcheck/test-kernel-args.sh +index 570d986a..ca105ae3 100755 +--- a/tests/vmcheck/test-kernel-args.sh ++++ b/tests/vmcheck/test-kernel-args.sh +@@ -48,6 +48,15 @@ assert_file_has_content_literal kargs.txt 'FOO=BAR' + assert_file_has_content_literal kargs.txt 'APPENDARG=VALAPPEND APPENDARG=2NDAPPEND' + echo "ok kargs append" + ++# Ensure the result flows through with rpm-ostree kargs ++vm_rpmostree kargs --append=APPENDARG=3RDAPPEND --delete=APPENDARG=VALAPPEND ++vm_rpmostree kargs > kargs.txt ++assert_not_file_has_content kargs.txt 'APPENDARG=VALAPPEND' ++assert_file_has_content_literal kargs.txt 'APPENDARG=3RDAPPEND' ++# And reset to previous state ++vm_rpmostree cleanup -p ++echo "ok kargs append and delete" ++ + # Test for rpm-ostree kargs delete + vm_kargs_now kargs --delete FOO + vm_cmd grep ^options /boot/loader/entries/ostree-2-$osname.conf > tmp_conf.txt +-- +2.24.1 + diff --git a/SOURCES/0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch b/SOURCES/0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch new file mode 100644 index 0000000..6965c4b --- /dev/null +++ b/SOURCES/0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch @@ -0,0 +1,47 @@ +From 6aa496e3128321f911dae10bf1a0f32c5e9a11fd Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Tue, 29 Oct 2019 16:38:56 -0400 +Subject: [PATCH 1/2] libpriv/kernel: Use g_build_filename instead of + g_strconcat + +It's much easier to mess up with the latter than the former when +building filenames. There's a bunch more all over the codebase; just did +this bit to be consistent with the next commit which also uses it. +--- + src/libpriv/rpmostree-kernel.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c +index 9eb052bd..2266f9c7 100644 +--- a/src/libpriv/rpmostree-kernel.c ++++ b/src/libpriv/rpmostree-kernel.c +@@ -353,7 +353,7 @@ rpmostree_finalize_kernel (int rootfs_dfd, + GError **error) + { + const char slash_bootdir[] = "boot"; +- g_autofree char *modules_bootdir = g_strconcat ("usr/lib/modules/", kver, NULL); ++ g_autofree char *modules_bootdir = g_build_filename ("usr/lib/modules", kver, NULL); + + /* Calculate the sha256sum of the kernel+initramfs (called the "boot + * checksum"). We checksum the initramfs from the tmpfile fd (via mmap()) to +@@ -371,7 +371,7 @@ rpmostree_finalize_kernel (int rootfs_dfd, + } + const char *boot_checksum_str = g_checksum_get_string (boot_checksum); + +- g_autofree char *kernel_modules_path = g_strconcat (modules_bootdir, "/vmlinuz", NULL);; ++ g_autofree char *kernel_modules_path = g_build_filename (modules_bootdir, "vmlinuz", NULL); + /* It's possible the bootdir is already the modules directory; in that case, + * we don't need to rename. + */ +@@ -394,7 +394,7 @@ rpmostree_finalize_kernel (int rootfs_dfd, + } + + /* Replace the initramfs */ +- g_autofree char *initramfs_modules_path = g_strconcat (modules_bootdir, "/initramfs.img", NULL); ++ g_autofree char *initramfs_modules_path = g_build_filename (modules_bootdir, "initramfs.img", NULL); + if (unlinkat (rootfs_dfd, initramfs_modules_path, 0) < 0) + { + if (errno != ENOENT) +-- +2.21.0 + diff --git a/SOURCES/0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch b/SOURCES/0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch new file mode 100644 index 0000000..bbe19f6 --- /dev/null +++ b/SOURCES/0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch @@ -0,0 +1,43 @@ +From 3b8a1ec6c400a4e5af0f7f5889b360d2ed16f572 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Tue, 3 Dec 2019 21:36:40 -0500 +Subject: [PATCH] libpriv/kernel: add cap_mknod to dracut run + +A lot of history with this. But essentially, dracut tries to `mknod` a +few character devices like `/dev/random` and `/dev/urandom` and fails. + +We originally blocked `cap_mknod` because, well, `%post` scripts don't +really need to do that, and it would get wiped anyway. But there is a +use case for dracut's CPIO: we want `/dev/*random` to be available in +early boot *before* systemd even mounts `devtmpfs` because libgcrypt as +part of its constructor-time selftests in FIPS mode wants to read from +there. + +For more fun, see: +https://bugzilla.redhat.com/show_bug.cgi?id=1778940 +https://bugzilla.redhat.com/show_bug.cgi?id=1401444 +https://bugzilla.redhat.com/show_bug.cgi?id=1380866 +--- + src/libpriv/rpmostree-kernel.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c +index 2bea504c..a7fffcb6 100644 +--- a/src/libpriv/rpmostree-kernel.c ++++ b/src/libpriv/rpmostree-kernel.c +@@ -564,6 +564,12 @@ rpmostree_run_dracut (int rootfs_dfd, + rpmostree_bwrap_bind_read (bwrap, "usr", "/usr"); + } + ++ /* Need to let dracut create devices like /dev/urandom: ++ * https://bugzilla.redhat.com/show_bug.cgi?id=1778940 ++ * https://bugzilla.redhat.com/show_bug.cgi?id=1401444 ++ * https://bugzilla.redhat.com/show_bug.cgi?id=1380866 */ ++ rpmostree_bwrap_append_bwrap_argv (bwrap, "--cap-add", "cap_mknod", NULL); ++ + if (dracut_host_tmpdir) + rpmostree_bwrap_bind_readwrite (bwrap, dracut_host_tmpdir->path, "/tmp/dracut"); + +-- +2.23.0 + diff --git a/SOURCES/0001-rebase-Support-identical-checksum-rebases.patch b/SOURCES/0001-rebase-Support-identical-checksum-rebases.patch deleted file mode 100644 index cd1addc..0000000 --- a/SOURCES/0001-rebase-Support-identical-checksum-rebases.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 76ae779635afcd3984dedc57fa7c0e80c6410bba Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Fri, 29 Mar 2019 14:39:34 +0000 -Subject: [PATCH] rebase: Support identical checksum rebases - -Change things to only throw this error for non-checksum rebases; for -RHEL CoreOS + https://github.com/openshift/pivot/ -we've had it happen that the same ostree commit can end up -in separate oscontainers. We want to support changing -the custom origin that might point to the same commit. ---- - src/daemon/rpmostreed-transaction-types.c | 12 +++++++++--- - src/daemon/rpmostreed-utils.c | 10 ---------- - 2 files changed, 9 insertions(+), 13 deletions(-) - -diff --git a/src/daemon/rpmostreed-transaction-types.c b/src/daemon/rpmostreed-transaction-types.c -index 9edfeecb..86112d1b 100644 ---- a/src/daemon/rpmostreed-transaction-types.c -+++ b/src/daemon/rpmostreed-transaction-types.c -@@ -100,9 +100,6 @@ change_origin_refspec (GVariantDict *options, - error)) - return FALSE; - -- if (strcmp (current_refspec, new_refspec) == 0) -- return glnx_throw (error, "Old and new refs are equal: %s", new_refspec); -- - /* Re-classify after canonicalization to ensure we handle TYPE_CHECKSUM */ - if (!rpmostree_refspec_classify (new_refspec, &refspectype, &refspecdata, error)) - return FALSE; -@@ -128,6 +125,15 @@ change_origin_refspec (GVariantDict *options, - } - else - { -+ /* We only throw this error for non-checksum rebases; for -+ * RHEL CoreOS + https://github.com/openshift/pivot/ -+ * we've had it happen that the same ostree commit can end up -+ * in separate oscontainers. We want to support changing -+ * the custom origin that might point to the same commit. -+ */ -+ if (strcmp (current_refspec, new_refspec) == 0) -+ return glnx_throw (error, "Old and new refs are equal: %s", new_refspec); -+ - if (!rpmostree_origin_set_rebase (origin, new_refspec, error)) - return FALSE; - } -diff --git a/src/daemon/rpmostreed-utils.c b/src/daemon/rpmostreed-utils.c -index 686965a3..19b45a01 100644 ---- a/src/daemon/rpmostreed-utils.c -+++ b/src/daemon/rpmostreed-utils.c -@@ -202,16 +202,6 @@ rpmostreed_refspec_parse_partial (const gchar *new_provided_refspec, - } - } - -- if (g_strcmp0 (origin_remote, remote) == 0 && -- g_strcmp0 (origin_ref, ref) == 0) -- { -- g_set_error (error, RPM_OSTREED_ERROR, -- RPM_OSTREED_ERROR_INVALID_REFSPEC, -- "Old and new refs are equal: %s:%s", -- remote, ref); -- return FALSE; -- } -- - if (remote == NULL) - *out_refspec = g_steal_pointer (&ref); - else --- -2.20.1 - diff --git a/SOURCES/0001-status-Quote-initramfs-args-if-necessary.patch b/SOURCES/0001-status-Quote-initramfs-args-if-necessary.patch new file mode 100644 index 0000000..a86da9a --- /dev/null +++ b/SOURCES/0001-status-Quote-initramfs-args-if-necessary.patch @@ -0,0 +1,29 @@ +From 14701be788420dcd8b1ed4be0e031bc034627e9c Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Wed, 26 Feb 2020 11:14:50 -0500 +Subject: [PATCH] status: Quote initramfs args if necessary + +E.g. if it contains spaces as is the case when one does +`rpm-ostree initramfs --arg=-I --arg='/file1 /file2'`. +--- + src/app/rpmostree-builtin-status.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/app/rpmostree-builtin-status.c b/src/app/rpmostree-builtin-status.c +index 8b38fc83..09dcd94a 100644 +--- a/src/app/rpmostree-builtin-status.c ++++ b/src/app/rpmostree-builtin-status.c +@@ -856,7 +856,9 @@ print_one_deployment (RPMOSTreeSysroot *sysroot_proxy, + + for (char **iter = initramfs_args; iter && *iter; iter++) + { +- g_string_append (buf, *iter); ++ const char *arg = *iter; ++ g_autofree char *quoted = rpmostree_maybe_shell_quote (arg); ++ g_string_append (buf, quoted ?: arg); + g_string_append_c (buf, ' '); + } + if (buf->len == 0) +-- +2.24.1 + diff --git a/SOURCES/0001-unpacker-Build-with-older-libarchive-without-zstd.patch b/SOURCES/0001-unpacker-Build-with-older-libarchive-without-zstd.patch new file mode 100644 index 0000000..0e993bb --- /dev/null +++ b/SOURCES/0001-unpacker-Build-with-older-libarchive-without-zstd.patch @@ -0,0 +1,43 @@ +From 11ee20c1cdcc7a76d9e1047e8063b8349a6c6da6 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Tue, 15 Oct 2019 15:16:06 +0000 +Subject: [PATCH] unpacker: Build with older libarchive without zstd + +It's not in RHEL8.1, and I'm trying to rebase rpm-ostree. +--- + configure.ac | 4 ++++ + src/libpriv/rpmostree-unpacker-core.c | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 873dc6b9..a0c5cce4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -122,6 +122,10 @@ dnl bundled libdnf + PKGDEP_RPMOSTREE_CFLAGS="-I $(pwd)/libdnf -I $(pwd)/libdnf-build $PKGDEP_RPMOSTREE_CFLAGS" + PKGDEP_RPMOSTREE_LIBS="-L$(pwd)/libdnf-build/libdnf -ldnf $PKGDEP_RPMOSTREE_LIBS" + ++dnl RHEL8.1 has old libarchive ++AS_IF([pkg-config --atleast-version=3.3.3 libarchive], ++ [AC_DEFINE([HAVE_LIBARCHIVE_ZSTD], 1, [Define if we have libarchive with zstd])]) ++ + dnl This is the current version in Fedora 25. + AS_IF([pkg-config --atleast-version=4.14.2 rpm], [], [AC_MSG_ERROR([librpm 4.14.2 required])]) + +diff --git a/src/libpriv/rpmostree-unpacker-core.c b/src/libpriv/rpmostree-unpacker-core.c +index 3bd574a4..2d741b1e 100644 +--- a/src/libpriv/rpmostree-unpacker-core.c ++++ b/src/libpriv/rpmostree-unpacker-core.c +@@ -74,7 +74,9 @@ rpmostree_unpack_rpm2cpio (int fd, GError **error) + archive_read_support_filter_gzip, + archive_read_support_filter_xz, + archive_read_support_filter_bzip2, ++#ifdef HAVE_LIBARCHIVE_ZSTD + archive_read_support_filter_zstd, ++#endif + archive_read_support_format_cpio }; + + for (i = 0; i < G_N_ELEMENTS (archive_setup_funcs); i++) +-- +2.21.0 + diff --git a/SOURCES/0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch b/SOURCES/0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch new file mode 100644 index 0000000..c797777 --- /dev/null +++ b/SOURCES/0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch @@ -0,0 +1,66 @@ +From fec61ce5778910bac7779191ee8deeb0a24593c8 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Tue, 29 Oct 2019 16:40:39 -0400 +Subject: [PATCH 2/2] libpriv/kernel: Hack around vmlinuz path in HMAC file + +As mentioned in the comment block: + +``` +If there's an HMAC file, fix the path to the kernel in it to be +relative. Right now, the kernel spec encodes `/boot/vmlinux-$kver`, +which of course not going to work for us. We should work towards making +this change directly into the kernel spec. +``` + +For background, see this comment and following: +https://github.com/ostreedev/ostree/pull/1962#issuecomment-547488164 +--- + src/libpriv/rpmostree-kernel.c | 32 ++++++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) + +diff --git a/src/libpriv/rpmostree-kernel.c b/src/libpriv/rpmostree-kernel.c +index 2266f9c7..2bea504c 100644 +--- a/src/libpriv/rpmostree-kernel.c ++++ b/src/libpriv/rpmostree-kernel.c +@@ -393,6 +393,38 @@ rpmostree_finalize_kernel (int rootfs_dfd, + return glnx_throw_errno_prefix (error, "linkat(%s)", kernel_modules_path); + } + ++ /* If there's an HMAC file, fix the path to the kernel in it to be relative. Right now, ++ * the kernel spec encodes `/boot/vmlinux-$kver`, which of course not going to work for ++ * us. We should work towards making this change directly into the kernel spec. */ ++ g_autofree char *hmac_path = g_build_filename (modules_bootdir, ".vmlinuz.hmac", NULL); ++ if (!glnx_fstatat_allow_noent (rootfs_dfd, hmac_path, NULL, 0, error)) ++ return FALSE; ++ if (errno == 0) ++ { ++ g_autofree char *contents = glnx_file_get_contents_utf8_at (rootfs_dfd, hmac_path, ++ NULL, cancellable, error); ++ if (contents == NULL) ++ return FALSE; ++ ++ /* rather than trying to parse and understand the *sum format, just hackily replace */ ++ g_autofree char *old_path = g_strconcat (" /boot/vmlinuz-", kver, NULL); ++ g_autofree char *new_path = g_strconcat (" vmlinuz-", kver, NULL); ++ g_autofree char *new_contents = ++ rpmostree_str_replace (contents, old_path, new_path, error); ++ if (!new_contents) ++ return FALSE; ++ ++ /* sanity check there are no '/' in there; that way too we just error out if the path ++ * or format changes (but really, this should be a temporary hack...) */ ++ if (strchr (new_contents, '/') != 0) ++ return glnx_throw (error, "Unexpected / in .vmlinuz.hmac: %s", new_contents); ++ ++ if (!glnx_file_replace_contents_at (rootfs_dfd, hmac_path, ++ (guint8*)new_contents, -1, 0, ++ cancellable, error)) ++ return FALSE; ++ } ++ + /* Replace the initramfs */ + g_autofree char *initramfs_modules_path = g_build_filename (modules_bootdir, "initramfs.img", NULL); + if (unlinkat (rootfs_dfd, initramfs_modules_path, 0) < 0) +-- +2.21.0 + diff --git a/SPECS/rpm-ostree.spec b/SPECS/rpm-ostree.spec index 47c267e..105be69 100644 --- a/SPECS/rpm-ostree.spec +++ b/SPECS/rpm-ostree.spec @@ -1,15 +1,26 @@ +# The canonical copy of this spec file is upstream at: +# https://github.com/projectatomic/rpm-ostree/blob/master/packaging/rpm-ostree.spec.in + Summary: Hybrid image/package system Name: rpm-ostree -Version: 2019.3 -Release: 3%{?dist} +Version: 2019.6 +Release: 8%{?dist} #VCS: https://github.com/cgwalters/rpm-ostree # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # in the upstream git. If rust is enabled, it contains vendored sources. Source0: rpm-ostree-%{version}.tar.xz -Patch0: 0001-rebase-Support-identical-checksum-rebases.patch License: LGPLv2+ URL: https://github.com/projectatomic/rpm-ostree +Patch0: 0001-app-status-Fix-printf-format-string-for-32-bit.patch +Patch1: 0001-unpacker-Build-with-older-libarchive-without-zstd.patch +Patch2: 0001-libpriv-kernel-Use-g_build_filename-instead-of-g_str.patch +Patch3: 0002-libpriv-kernel-Hack-around-vmlinuz-path-in-HMAC-file.patch +Patch4: 0001-libpriv-kernel-add-cap_mknod-to-dracut-run.patch +Patch5: 0001-kargs-Support-append-and-delete-simultaneously.patch +Patch6: 0001-status-Quote-initramfs-args-if-necessary.patch +Patch7: 0001-initramfs-Fix-using-local-etc-when-also-replacing-ke.patch + %if !%{defined rust_arches} # It's not defined yet in the base CentOS7 root %define rust_arches x86_64 i686 armv7hl aarch64 ppc64 ppc64le s390x @@ -37,7 +48,7 @@ BuildRequires: gnome-common BuildRequires: /usr/bin/g-ir-scanner # Core requirements # One way to check this: `objdump -p /path/to/rpm-ostree | grep LIBOSTREE` and pick the highest (though that might miss e.g. new struct members) -BuildRequires: pkgconfig(ostree-1) >= 2018.9 +BuildRequires: pkgconfig(ostree-1) >= 2019.2 BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(rpm) @@ -79,7 +90,7 @@ BuildRequires: pkgconfig(sqlite3) BuildRequires: pkgconfig(smartcols) BuildRequires: gpgme-devel -Requires: libmodulemd%{?_isa} >= %{libmodulemd_version} +Requires: libmodulemd1%{?_isa} >= %{libmodulemd_version} # For now...see https://github.com/projectatomic/rpm-ostree/pull/637 # and https://github.com/fedora-infra/fedmsg-atomic-composer/pull/17 @@ -154,7 +165,7 @@ $PYTHON autofiles.py > files \ '%{_bindir}/*' \ '%{_libdir}/%{name}' \ '%{_mandir}/man*/*' \ - '%{_sysconfdir}/dbus-1/system.d/*' \ + '%{_datadir}/dbus-1/system.d/*' \ '%{_sysconfdir}/rpm-ostreed.conf' \ '%{_prefix}/lib/systemd/system/*' \ '%{_libexecdir}/rpm-ostree*' \ @@ -175,13 +186,36 @@ $PYTHON autofiles.py > files.devel \ '%{_datadir}/gir-1.0/*-1.0.gir' %files -f files -%doc COPYING README.md +%doc COPYING.GPL COPYING.LGPL LICENSE README.md %files libs -f files.lib %files devel -f files.devel %changelog +* Tue Mar 03 2020 Colin Walters - 2019.6-8 +- Backport patches for initramfs /etc + Resolves: #1808459 + +* Thu Feb 27 2020 Colin Walters - 2019.6-7 +- Backport f295f543064f1a0b5833fefccd6bb203b3527623 + Resolves: #1807487 + +* Thu Dec 05 2019 Jonathan Lebon - 2019.6-6 +- Backport dracut mknod patch for FIPS: + https://github.com/coreos/rpm-ostree/pull/1946 + +* Thu Oct 31 2019 Jonathan Lebon - 2019.6-5 +- Backport HMAC patch for FIPS: + https://github.com/coreos/rpm-ostree/pull/1934 + +* Fri Oct 18 2019 Colin Walters - 2019.6-4 +- Backport zchunk patch + +* Tue Oct 15 2019 Colin Walters - 2019.6-3 +- https://github.com/coreos/rpm-ostree/releases/tag/v20196 +- Backport zstd patch + * Fri May 17 2019 Jonathan Lebon - 2019.3-3 - Rebuild for rhel-8.1.0 branch