import ostree-2024.7-3.el9_5

c9 imports/c9/ostree-2024.7-3.el9_5
MSVSphere Packaging Team 1 month ago
parent c7d1185381
commit a441bdbfa8
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

2
.gitignore vendored

@ -1 +1 @@
SOURCES/libostree-2024.6.tar.xz
SOURCES/libostree-2024.7.tar.xz

@ -1 +1 @@
8a6d47e77553bab2e9853649182aef0fcdc7550c SOURCES/libostree-2024.6.tar.xz
7d1cb267442682402152ed4bb5379853e666f06b SOURCES/libostree-2024.7.tar.xz

@ -0,0 +1,52 @@
From 6756841a7d04c3cc651a1ce7de35c55c754578d3 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Mon, 29 Jul 2024 15:17:10 -0400
Subject: [PATCH 1/1] repo: NUL terminate readlinkat result
Coverity was correctly complaining about this.
Signed-off-by: Colin Walters <walters@verbum.org>
---
src/libostree/ostree-repo-commit.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c
index 4d12d5ec..db83ebf2 100644
--- a/src/libostree/ostree-repo-commit.c
+++ b/src/libostree/ostree-repo-commit.c
@@ -794,7 +794,7 @@ _try_clone_from_payload_link (OstreeRepo *self, OstreeRepo *dest_repo, const cha
glnx_autofd int fdf = -1;
char loose_path_buf[_OSTREE_LOOSE_PATH_MAX];
char loose_path_target_buf[_OSTREE_LOOSE_PATH_MAX];
- char target_buf[_OSTREE_LOOSE_PATH_MAX + _OSTREE_PAYLOAD_LINK_PREFIX_LEN];
+ char target_buf[_OSTREE_LOOSE_PATH_MAX + _OSTREE_PAYLOAD_LINK_PREFIX_LEN + 1];
char target_checksum[OSTREE_SHA256_STRING_LEN + 1];
int dfd = dfd_searches[i];
ssize_t size;
@@ -804,16 +804,21 @@ _try_clone_from_payload_link (OstreeRepo *self, OstreeRepo *dest_repo, const cha
_ostree_loose_path (loose_path_buf, payload_checksum, OSTREE_OBJECT_TYPE_PAYLOAD_LINK,
self->mode);
- size = TEMP_FAILURE_RETRY (readlinkat (dfd, loose_path_buf, target_buf, sizeof (target_buf)));
+ size = TEMP_FAILURE_RETRY (
+ readlinkat (dfd, loose_path_buf, target_buf, sizeof (target_buf) - 1));
if (size < 0)
{
if (errno == ENOENT)
continue;
return glnx_throw_errno_prefix (error, "readlinkat");
}
+ target_buf[size] = '\0';
+ const size_t expected_len = OSTREE_SHA256_STRING_LEN + _OSTREE_PAYLOAD_LINK_PREFIX_LEN;
if (size < OSTREE_SHA256_STRING_LEN + _OSTREE_PAYLOAD_LINK_PREFIX_LEN)
- return glnx_throw (error, "invalid data size for %s", loose_path_buf);
+ return glnx_throw (error, "invalid data size for %s; expected=%llu found=%llu",
+ loose_path_buf, (unsigned long long)expected_len,
+ (unsigned long long)size);
snprintf (target_checksum, size, "%.2s%.62s", target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN,
target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN + 3);
--
2.45.2

@ -1,26 +1,27 @@
#!/bin/bash
# Update an existing system to use a read only sysroot
# and https://bugzilla.redhat.com/show_bug.cgi?id=2060976
set -euo pipefail
main() {
# Used to condition execution of this unit at the systemd level
local -r stamp_file="/var/lib/.ostree-readonly-sysroot"
if [[ -f "${stamp_file}" ]]; then
exit 0
fi
local -r ostree_sysroot_readonly="$(ostree config --repo=/sysroot/ostree/repo get "sysroot.readonly" &> /dev/null || echo "false")"
if [[ "${ostree_sysroot_readonly}" == "true" ]]; then
# Nothing to do
touch "${stamp_file}"
exit 0
fi
local -r boot_entries="$(ls -A /boot/loader/entries/ | wc -l)"
# Ensure that we can read BLS entries to avoid touching systems where /boot
# is not mounted
if [[ "${boot_entries}" -eq 0 ]]; then
@ -29,7 +30,7 @@ main() {
touch "${stamp_file}"
exit 0
fi
# Check if any existing deployment is still missing the rw karg
local rw_kargs_found=0
local count=0
@ -39,13 +40,19 @@ main() {
rw_kargs_found=$((rw_kargs_found + 1))
fi
done
# Some deployments are still missing the rw karg. Let's try to update them
if [[ "${boot_entries}" -ne "${rw_kargs_found}" ]]; then
# work around https://github.com/ostreedev/ostree/issues/2734#issuecomment-2353739450
stateroot=$(ls /ostree/deploy | head -n1)
if ls /boot/loader/entries/ostree-*-$stateroot.conf &>/dev/null; then
echo "Enabling bootloader naming workaround" 1>&2
export OSTREE_SYSROOT_OPTS=bootloader-naming-1
fi
ostree admin kargs edit-in-place --append-if-missing=rw || \
echo "Failed to edit kargs in place with ostree" 1>&2
fi
# Re-check if any existing deployment is still missing the rw karg
rw_kargs_found=0
count=0
@ -56,7 +63,7 @@ main() {
fi
done
unset count
# If all deployments are good, then we can set the sysroot.readonly option
# in the ostree repo config
if [[ "${boot_entries}" -eq "${rw_kargs_found}" ]]; then
@ -65,10 +72,10 @@ main() {
touch "${stamp_file}"
exit 0
fi
# If anything else before failed, we will retry on next boot
echo "Will retry next boot" 1>&2
exit 0
}
main "${@}"

@ -7,12 +7,14 @@
Summary: Tool for managing bootable, immutable filesystem trees
Name: ostree
Version: 2024.6
Release: 1%{?dist}
Version: 2024.7
Release: 3%{?dist}
Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libostree-%{version}.tar.xz
Source1: ostree-readonly-sysroot-migration
Source2: ostree-readonly-sysroot-migration.service
Patch0: 0001-repo-NUL-terminate-readlinkat-result.patch
License: LGPLv2+
URL: https://ostree.readthedocs.io/en/latest/
@ -179,9 +181,24 @@ find %{buildroot} -name '*.la' -delete
%endif
%changelog
* Fri May 17 2024 Joseph Marrero <jmarrero@redhat.com> - 2024.6-1
* Thu Sep 12 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-3
- Rebuild to pickup changes to ostree-readonly-sysroot-migration
Resolves: #RHEL-58437
* Wed Aug 14 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-2
- Backport https://github.com/ostreedev/ostree/pull/3281
Resolves: #RHEL-50680
* Fri Jul 26 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.7-1
- https://github.com/ostreedev/ostree/releases/tag/v2024.7
Resolves: #RHEL-50680
* Fri May 17 2024 Joseph Marrero <jmarrero@fedoraproject.org> - 2024.6-1
- https://github.com/ostreedev/ostree/releases/tag/v2024.6
Resolves: #RHEL-36770
Resolves: #RHEL-35886
* Thu Mar 14 2024 Colin Walters <walters@verbum.org> - 2024.5-2
- https://github.com/ostreedev/ostree/releases/tag/v2024.5
* Wed Feb 28 2024 Colin Walters <walters@verbum.org> - 2024.4-3
- Backport
@ -783,7 +800,7 @@ find %{buildroot} -name '*.la' -delete
- Move trusted.gpg.d to main runtime package, where it should be
* Fri Mar 07 2014 Colin Walters <walters@verbum.org> - 2014.2-2
- Depend on gpgv2
- Depend on gpgv2
- Resolves: #1073813
* Sat Mar 01 2014 Colin Walters <walters@verbum.org> - 2014.2-1

Loading…
Cancel
Save