From a441bdbfa801f7a73f96cb788dcf4693d45f9cd1 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 13 Nov 2024 16:15:37 +0300 Subject: [PATCH] import ostree-2024.7-3.el9_5 --- .gitignore | 2 +- .ostree.metadata | 2 +- ...repo-NUL-terminate-readlinkat-result.patch | 52 +++++++++++++++++++ SOURCES/ostree-readonly-sysroot-migration | 31 ++++++----- SPECS/ostree.spec | 27 ++++++++-- 5 files changed, 95 insertions(+), 19 deletions(-) create mode 100644 SOURCES/0001-repo-NUL-terminate-readlinkat-result.patch diff --git a/.gitignore b/.gitignore index 4ef4604..f32473c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libostree-2024.6.tar.xz +SOURCES/libostree-2024.7.tar.xz diff --git a/.ostree.metadata b/.ostree.metadata index e6e0ad4..9672719 100644 --- a/.ostree.metadata +++ b/.ostree.metadata @@ -1 +1 @@ -8a6d47e77553bab2e9853649182aef0fcdc7550c SOURCES/libostree-2024.6.tar.xz +7d1cb267442682402152ed4bb5379853e666f06b SOURCES/libostree-2024.7.tar.xz diff --git a/SOURCES/0001-repo-NUL-terminate-readlinkat-result.patch b/SOURCES/0001-repo-NUL-terminate-readlinkat-result.patch new file mode 100644 index 0000000..e2b2de7 --- /dev/null +++ b/SOURCES/0001-repo-NUL-terminate-readlinkat-result.patch @@ -0,0 +1,52 @@ +From 6756841a7d04c3cc651a1ce7de35c55c754578d3 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Mon, 29 Jul 2024 15:17:10 -0400 +Subject: [PATCH 1/1] repo: NUL terminate readlinkat result + +Coverity was correctly complaining about this. + +Signed-off-by: Colin Walters +--- + src/libostree/ostree-repo-commit.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c +index 4d12d5ec..db83ebf2 100644 +--- a/src/libostree/ostree-repo-commit.c ++++ b/src/libostree/ostree-repo-commit.c +@@ -794,7 +794,7 @@ _try_clone_from_payload_link (OstreeRepo *self, OstreeRepo *dest_repo, const cha + glnx_autofd int fdf = -1; + char loose_path_buf[_OSTREE_LOOSE_PATH_MAX]; + char loose_path_target_buf[_OSTREE_LOOSE_PATH_MAX]; +- char target_buf[_OSTREE_LOOSE_PATH_MAX + _OSTREE_PAYLOAD_LINK_PREFIX_LEN]; ++ char target_buf[_OSTREE_LOOSE_PATH_MAX + _OSTREE_PAYLOAD_LINK_PREFIX_LEN + 1]; + char target_checksum[OSTREE_SHA256_STRING_LEN + 1]; + int dfd = dfd_searches[i]; + ssize_t size; +@@ -804,16 +804,21 @@ _try_clone_from_payload_link (OstreeRepo *self, OstreeRepo *dest_repo, const cha + _ostree_loose_path (loose_path_buf, payload_checksum, OSTREE_OBJECT_TYPE_PAYLOAD_LINK, + self->mode); + +- size = TEMP_FAILURE_RETRY (readlinkat (dfd, loose_path_buf, target_buf, sizeof (target_buf))); ++ size = TEMP_FAILURE_RETRY ( ++ readlinkat (dfd, loose_path_buf, target_buf, sizeof (target_buf) - 1)); + if (size < 0) + { + if (errno == ENOENT) + continue; + return glnx_throw_errno_prefix (error, "readlinkat"); + } ++ target_buf[size] = '\0'; + ++ const size_t expected_len = OSTREE_SHA256_STRING_LEN + _OSTREE_PAYLOAD_LINK_PREFIX_LEN; + if (size < OSTREE_SHA256_STRING_LEN + _OSTREE_PAYLOAD_LINK_PREFIX_LEN) +- return glnx_throw (error, "invalid data size for %s", loose_path_buf); ++ return glnx_throw (error, "invalid data size for %s; expected=%llu found=%llu", ++ loose_path_buf, (unsigned long long)expected_len, ++ (unsigned long long)size); + + snprintf (target_checksum, size, "%.2s%.62s", target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN, + target_buf + _OSTREE_PAYLOAD_LINK_PREFIX_LEN + 3); +-- +2.45.2 + diff --git a/SOURCES/ostree-readonly-sysroot-migration b/SOURCES/ostree-readonly-sysroot-migration index 946ca0d..23eb4b5 100644 --- a/SOURCES/ostree-readonly-sysroot-migration +++ b/SOURCES/ostree-readonly-sysroot-migration @@ -1,26 +1,27 @@ #!/bin/bash # Update an existing system to use a read only sysroot # and https://bugzilla.redhat.com/show_bug.cgi?id=2060976 - + set -euo pipefail - + main() { + # Used to condition execution of this unit at the systemd level local -r stamp_file="/var/lib/.ostree-readonly-sysroot" - + if [[ -f "${stamp_file}" ]]; then exit 0 fi - + local -r ostree_sysroot_readonly="$(ostree config --repo=/sysroot/ostree/repo get "sysroot.readonly" &> /dev/null || echo "false")" if [[ "${ostree_sysroot_readonly}" == "true" ]]; then # Nothing to do touch "${stamp_file}" exit 0 fi - + local -r boot_entries="$(ls -A /boot/loader/entries/ | wc -l)" - + # Ensure that we can read BLS entries to avoid touching systems where /boot # is not mounted if [[ "${boot_entries}" -eq 0 ]]; then @@ -29,7 +30,7 @@ main() { touch "${stamp_file}" exit 0 fi - + # Check if any existing deployment is still missing the rw karg local rw_kargs_found=0 local count=0 @@ -39,13 +40,19 @@ main() { rw_kargs_found=$((rw_kargs_found + 1)) fi done - + # Some deployments are still missing the rw karg. Let's try to update them if [[ "${boot_entries}" -ne "${rw_kargs_found}" ]]; then + # work around https://github.com/ostreedev/ostree/issues/2734#issuecomment-2353739450 + stateroot=$(ls /ostree/deploy | head -n1) + if ls /boot/loader/entries/ostree-*-$stateroot.conf &>/dev/null; then + echo "Enabling bootloader naming workaround" 1>&2 + export OSTREE_SYSROOT_OPTS=bootloader-naming-1 + fi ostree admin kargs edit-in-place --append-if-missing=rw || \ echo "Failed to edit kargs in place with ostree" 1>&2 fi - + # Re-check if any existing deployment is still missing the rw karg rw_kargs_found=0 count=0 @@ -56,7 +63,7 @@ main() { fi done unset count - + # If all deployments are good, then we can set the sysroot.readonly option # in the ostree repo config if [[ "${boot_entries}" -eq "${rw_kargs_found}" ]]; then @@ -65,10 +72,10 @@ main() { touch "${stamp_file}" exit 0 fi - + # If anything else before failed, we will retry on next boot echo "Will retry next boot" 1>&2 exit 0 } - + main "${@}" diff --git a/SPECS/ostree.spec b/SPECS/ostree.spec index 845efae..e612696 100644 --- a/SPECS/ostree.spec +++ b/SPECS/ostree.spec @@ -7,12 +7,14 @@ Summary: Tool for managing bootable, immutable filesystem trees Name: ostree -Version: 2024.6 -Release: 1%{?dist} +Version: 2024.7 +Release: 3%{?dist} Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libostree-%{version}.tar.xz Source1: ostree-readonly-sysroot-migration Source2: ostree-readonly-sysroot-migration.service +Patch0: 0001-repo-NUL-terminate-readlinkat-result.patch + License: LGPLv2+ URL: https://ostree.readthedocs.io/en/latest/ @@ -179,9 +181,24 @@ find %{buildroot} -name '*.la' -delete %endif %changelog -* Fri May 17 2024 Joseph Marrero - 2024.6-1 +* Thu Sep 12 2024 Joseph Marrero - 2024.7-3 +- Rebuild to pickup changes to ostree-readonly-sysroot-migration + Resolves: #RHEL-58437 + +* Wed Aug 14 2024 Joseph Marrero - 2024.7-2 +- Backport https://github.com/ostreedev/ostree/pull/3281 + Resolves: #RHEL-50680 + +* Fri Jul 26 2024 Joseph Marrero - 2024.7-1 +- https://github.com/ostreedev/ostree/releases/tag/v2024.7 + Resolves: #RHEL-50680 + +* Fri May 17 2024 Joseph Marrero - 2024.6-1 - https://github.com/ostreedev/ostree/releases/tag/v2024.6 - Resolves: #RHEL-36770 + Resolves: #RHEL-35886 + +* Thu Mar 14 2024 Colin Walters - 2024.5-2 +- https://github.com/ostreedev/ostree/releases/tag/v2024.5 * Wed Feb 28 2024 Colin Walters - 2024.4-3 - Backport @@ -783,7 +800,7 @@ find %{buildroot} -name '*.la' -delete - Move trusted.gpg.d to main runtime package, where it should be * Fri Mar 07 2014 Colin Walters - 2014.2-2 -- Depend on gpgv2 +- Depend on gpgv2 - Resolves: #1073813 * Sat Mar 01 2014 Colin Walters - 2014.2-1