Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package transactional-update for openSUSE:Factory checked in at 2023-01-23 04:38:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transactional-update (Old) and /work/SRC/openSUSE:Factory/.transactional-update.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transactional-update" Mon Jan 23 04:38:07 2023 rev:94 rq: version:4.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/transactional-update/transactional-update.changes 2023-01-20 17:38:05.548326178 +0100 +++ /work/SRC/openSUSE:Factory/.transactional-update.new.32243/transactional-update.changes 2023-01-23 04:38:08.576888702 +0100 @@ -1,17 +0,0 @@ -------------------------------------------------------------------- -Wed Jan 18 16:56:16 UTC 2023 - Ignaz Forster <ifors...@suse.com> - -- Version 4.1.1 - - Mount user specific binddirs last: Prevously the internal mounts would - potentially overwrite user bind mounts [boo#1205011] - - selinux: Relabel shadowed /var files during update to make sure they - don't interfere with the update [boo#1205937] - - Clean up /var/lib/overlay more aggressively [boo#1206947] - - tukit: Merge /etc overlay into parent if --discard is used together - with --continue - previously the files were incorrectly always merged - with the currently running system - - status: do not execute the status command if experimental - - Don't delete created mount point dirs any more - - Small code optimizations - -------------------------------------------------------------------- Old: ---- transactional-update-4.1.1.tar.gz New: ---- transactional-update-4.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transactional-update.spec ++++++ --- /var/tmp/diff_new_pack.xLFIZj/_old 2023-01-23 04:38:09.228892437 +0100 +++ /var/tmp/diff_new_pack.xLFIZj/_new 2023-01-23 04:38:09.232892460 +0100 @@ -1,7 +1,7 @@ # # spec file for package transactional-update # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2021 Neal Gompa # # All modifications and additions to the file contributed by third parties @@ -26,7 +26,7 @@ %{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}} Name: transactional-update -Version: 4.1.1 +Version: 4.1.0 Release: 0 Summary: Transactional Updates with btrfs and snapshots License: GPL-2.0-or-later AND LGPL-2.1-or-later ++++++ transactional-update-4.1.1.tar.gz -> transactional-update-4.1.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/NEWS new/transactional-update-4.1.0/NEWS --- old/transactional-update-4.1.1/NEWS 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/NEWS 2022-10-26 16:50:43.000000000 +0200 @@ -2,19 +2,6 @@ Copyright (C) 2016-2022 Thorsten Kukuk, Ignaz Forster et al. -Version 4.1.1 -* Mount user specific binddirs last: Prevously the internal mounts would - potentially overwrite user bind mounts [boo#1205011] -* selinux: Relabel shadowed /var files during update to make sure they - don't interfere with the update [boo#1205937] -* Clean up /var/lib/overlay more aggressively [boo#1206947] -* tukit: Merge /etc overlay into parent if --discard is used together - with --continue - previously the files were incorrectly always merged - with the currently running system -* status: do not execute the status command if experimental -* Don't delete created mount point dirs any more -* Small code optimizations - Version 4.1.0 * t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] * Add support for ULP (Userspace Live Patching) [jsc#PED-1078]: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/README.md new/transactional-update-4.1.0/README.md --- old/transactional-update-4.1.1/README.md 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/README.md 2022-10-26 16:50:43.000000000 +0200 @@ -29,7 +29,7 @@ ## Known users * **dnf**, Fedora's package management system, supports transactional systems directly via the [libdnf-plugin-txnupd](https://code.opensuse.org/microos/libdnf-plugin-txnupd) plugin (libtukit). -* **Cockpit** can update transactional systems via the [cockpit-tukit](https://github.com/openSUSE/cockpit-tukit) plugin (tukitd). +* **Cockpit** can update transactionals systems via the [cockpit-tukit](https://github.com/openSUSE/cockpit-tukit) plugin (tukitd). * **Salt** contains the [salt.modules.transactional\_update module](https://docs.saltproject.io/en/3004/ref/modules/all/salt.modules.transactional_update.html) module (transactional-update). * **Ansible** also supports transactional-update via the the [community.general.zypper](https://docs.ansible.com/ansible/latest/collections/community/general/zypper_module.html) module (transactional-update). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/configure.ac new/transactional-update-4.1.0/configure.ac --- old/transactional-update-4.1.1/configure.ac 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/configure.ac 2022-10-26 16:50:43.000000000 +0200 @@ -1,11 +1,11 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(transactional-update, 4.1.1) +AC_INIT(transactional-update, 4.1.0) # Increase on any interface change and reset revision LIBTOOL_CURRENT=4 # On interface change increase if backwards compatible, reset otherwise LIBTOOL_AGE=0 # Increase on *any* C/C++ library code change, reset at interface change -LIBTOOL_REVISION=2 +LIBTOOL_REVISION=1 AC_CANONICAL_SYSTEM AM_INIT_AUTOMAKE([foreign]) AC_CONFIG_FILES([tukit.pc]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/lib/Mount.cpp new/transactional-update-4.1.0/lib/Mount.cpp --- old/transactional-update-4.1.1/lib/Mount.cpp 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/lib/Mount.cpp 2022-10-26 16:50:43.000000000 +0200 @@ -13,9 +13,9 @@ namespace TransactionalUpdate { -Mount::Mount(std::string mountpoint, unsigned long flags, bool umount) +Mount::Mount(std::string mountpoint, unsigned long flags) : mnt_table{mnt_new_table()}, mountpoint{std::move(mountpoint)}, - flags{std::move(flags)}, umount{std::move(umount)} + flags{std::move(flags)} { } @@ -29,7 +29,7 @@ } Mount::~Mount() { - if (mnt_fs && umount) { + if (mnt_fs) { struct libmnt_table* umount_table = mnt_new_table(); if ((mnt_table_parse_mtab(umount_table, nullptr)) != 0) tulog.error("Error reading mtab for umount"); @@ -39,6 +39,14 @@ mnt_free_table(umount_table); } + if (!directoryCreated.empty()) { + try { + std::filesystem::remove_all(std::filesystem::path{directoryCreated}); + } catch (const std::exception &e) { + tulog.error("ERROR: ", e.what()); + } + } + mnt_free_context(mnt_cxt); mnt_unref_fs(mnt_fs); mnt_free_table(mnt_table); @@ -184,6 +192,10 @@ throw std::runtime_error{"Setting mount flags for '" + mountpoint + "' failed: " + std::to_string(rc)}; } + if (! std::filesystem::is_directory(mounttarget)) { + tulog.debug("Mount target ", mounttarget, " does not exist - creating..."); + directoryCreated = mounttarget; + } std::filesystem::create_directories(mounttarget); rc = mnt_context_mount(mnt_cxt); @@ -257,8 +269,8 @@ mnt_free_context(umount_cxt); } -BindMount::BindMount(std::string mountpoint, unsigned long flags, bool umount) - : Mount(mountpoint, flags | MS_BIND, umount) +BindMount::BindMount(std::string mountpoint, unsigned long flags) + : Mount(mountpoint, flags | MS_BIND) { } @@ -269,8 +281,8 @@ Mount::mount(prefix); } -PropagatedBindMount::PropagatedBindMount(std::string mountpoint, unsigned long flags, bool umount) - : BindMount(mountpoint, flags | MS_REC | MS_SLAVE, umount) +PropagatedBindMount::PropagatedBindMount(std::string mountpoint, unsigned long flags) + : BindMount(mountpoint, flags | MS_REC | MS_SLAVE) { } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/lib/Mount.hpp new/transactional-update-4.1.0/lib/Mount.hpp --- old/transactional-update-4.1.1/lib/Mount.hpp 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/lib/Mount.hpp 2022-10-26 16:50:43.000000000 +0200 @@ -18,7 +18,7 @@ class Mount { public: - Mount(std::string mountpoint, unsigned long flags = 0, bool umount = false); + Mount(std::string mountpoint, unsigned long flags = 0); Mount(Mount&& other) noexcept; virtual ~Mount(); std::string getFilesystem(); @@ -38,7 +38,7 @@ std::string tabsource; std::string mountpoint; unsigned long flags; - bool umount; + std::string directoryCreated; struct libmnt_fs* findFS(); struct libmnt_fs* getTabEntry(); struct libmnt_fs* newFS(); @@ -48,14 +48,14 @@ class BindMount : public Mount { public: - BindMount(std::string mountpoint, unsigned long flags = 0, bool umount = false); + BindMount(std::string mountpoint, unsigned long flags = 0); void mount(std::string prefix = "/") override; }; class PropagatedBindMount : public BindMount { public: - PropagatedBindMount(std::string mountpoint, unsigned long flags = 0, bool umount = false); + PropagatedBindMount(std::string mountpoint, unsigned long flags = 0); }; class MountList diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/lib/Overlay.cpp new/transactional-update-4.1.0/lib/Overlay.cpp --- old/transactional-update-4.1.1/lib/Overlay.cpp 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/lib/Overlay.cpp 2022-10-26 16:50:43.000000000 +0200 @@ -115,6 +115,7 @@ previousEtc->removeOption("workdir"); string syncSource = string(previousOvl.upperdir.parent_path() / "sync" / "etc") + "/"; + string rsyncExtraArgs; previousEtc->mount(previousOvl.upperdir.parent_path() / "sync"); tulog.info("Syncing /etc of previous snapshot ", previousSnapId, " as base into new snapshot ", snapRoot); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/lib/Snapshot/Snapper.cpp new/transactional-update-4.1.0/lib/Snapshot/Snapper.cpp --- old/transactional-update-4.1.1/lib/Snapshot/Snapper.cpp 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/lib/Snapshot/Snapper.cpp 2022-10-26 16:50:43.000000000 +0200 @@ -7,6 +7,7 @@ #include "Snapper.hpp" #include "Exceptions.hpp" +#include "Log.hpp" #include "Util.hpp" #include <regex> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/lib/Transaction.cpp new/transactional-update-4.1.0/lib/Transaction.cpp --- old/transactional-update-4.1.1/lib/Transaction.cpp 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/lib/Transaction.cpp 2022-10-26 16:50:43.000000000 +0200 @@ -25,8 +25,6 @@ #include <limits.h> #include <poll.h> #include <sched.h> -#include <selinux/restorecon.h> -#include <selinux/selinux.h> #include <signal.h> #include <sys/inotify.h> #include <sys/mount.h> @@ -108,13 +106,18 @@ // mount the snapshot directory on a temporary mount point char bindTemplate[] = "/tmp/transactional-update-XXXXXX"; bindDir = mkdtemp(bindTemplate); - std::unique_ptr<BindMount> mntBind{new BindMount{bindDir, MS_PRIVATE, true}}; + std::unique_ptr<BindMount> mntBind{new BindMount{bindDir, MS_PRIVATE}}; mntBind->setSource(snapshot->getRoot()); mntBind->mount(); dirsToMount.push_back(std::make_unique<PropagatedBindMount>("/dev")); dirsToMount.push_back(std::make_unique<BindMount>("/var/log")); + std::vector<std::string> customDirs = config.getArray("BINDDIRS"); + for (auto it = customDirs.begin(); it != customDirs.end(); ++it) { + dirsToMount.push_back(std::make_unique<BindMount>(*it)); + } + Mount mntVar{"/var"}; if (mntVar.isMount()) { if (fs::is_directory("/var/lib/zypp")) @@ -124,41 +127,7 @@ dirsToMount.push_back(std::make_unique<BindMount>("/var/lib/alternatives")); if (fs::is_directory("/var/lib/selinux")) dirsToMount.push_back(std::make_unique<BindMount>("/var/lib/selinux")); - if (is_selinux_enabled()) { - // If packages installed files into /var (which is not allowed, but still happens), they will end - // up in the root file system, but will always be shadowed by the real /var mount. Due to that they - // also won't be relabelled at any time. During updates this may cause problems if packages try to - // access those leftover directories with wrong permissions, so they have to be relabelled manually... - BindMount selinuxVar("/var/lib/selinux", 0, true); - selinuxVar.mount(bindDir); - BindMount selinuxEtc("/etc/selinux", 0, true); - selinuxEtc.mount(bindDir); - - // restorecon keeps open file handles, so execute it in a child process - umount will fail otherwise - pid_t childPid = fork(); - if (childPid < 0) { - throw std::runtime_error{"Forking for SELinux relabelling failed: " + std::string(strerror(errno))}; - } else if (childPid == 0) { - if (chroot(bindDir.c_str()) < 0) { - tulog.error("Chrooting to " + bindDir + " for SELinux relabelling failed: " + std::string(strerror(errno))); - _exit(errno); - } - if (selinux_restorecon("/var", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_VERBOSE | SELINUX_RESTORECON_IGNORE_DIGEST) < 0) { - tulog.error("Relabelling of snapshot /var failed: " + std::string(strerror(errno))); - _exit(errno); - } - _exit(0); - } - else { - int status; - waitpid(childPid, &status, 0); - if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) || WIFSIGNALED(status)) { - throw std::runtime_error{"SELinux relabelling failed."}; - } - } - } } - std::unique_ptr<Mount> mntEtc{new Mount{"/etc"}}; if (mntEtc->isMount() && mntEtc->getFilesystem() == "overlay") { Overlay overlay = Overlay{snapshot->getUid()}; @@ -202,11 +171,6 @@ if (BindMount{"/boot/writable"}.isMount()) dirsToMount.push_back(std::make_unique<BindMount>("/boot/writable")); - std::vector<std::string> customDirs = config.getArray("BINDDIRS"); - for (auto it = customDirs.begin(); it != customDirs.end(); ++it) { - dirsToMount.push_back(std::make_unique<BindMount>(*it)); - } - dirsToMount.push_back(std::make_unique<BindMount>("/.snapshots")); for (auto it = dirsToMount.begin(); it != dirsToMount.end(); ++it) { @@ -312,7 +276,7 @@ struct pollfd pfd = {inotifyFd, POLLIN, 0}; ret = (poll(&pfd, 1, 500)); if (ret == -1) { - throw std::runtime_error{"Polling inotify file descriptor failed: " + std::string(strerror(errno))}; + throw std::runtime_error{"Polling inotify file descriptior failed: " + std::string(strerror(errno))}; } else if (ret > 0) { numRead = read(inotifyFd, buf, bufLen); if (numRead == 0) @@ -468,33 +432,12 @@ (inotifyFd == 0 && fs::exists(getRoot() / "discardIfNoChange")))) { tulog.info("No changes to the root file system - discarding snapshot."); - // Even if the snapshot itself does not contain any changes, /etc may do so. If the new snapshot is a - // direct descendant of the currently running system, then merge the changes back into the currently - // running system directly and delete the snapshot. Otherwise merge it back into the previous overlay - // (using rsync instead of a plain copy to preserve xattrs). + // Even if the snapshot itself did not contain any changes, /etc may do so. Changes + // in /etc may be applied immediately, so merge them back into the running system. std::unique_ptr<Mount> mntEtc{new Mount{"/etc"}}; if (mntEtc->isMount() && mntEtc->getFilesystem() == "overlay") { - std::filesystem::path targetRoot; - std::unique_ptr<Mount> previousEtc{new Mount("/etc", 0, true)}; - if (pImpl->snapshotMgr->getCurrent() == Overlay{pImpl->snapshot->getUid()}.getPreviousSnapshotOvlId()) { - tulog.info("Merging changes in /etc into the running system."); - targetRoot = "/"; - } else { - tulog.info("Merging changes in /etc into the previous snapshot."); - - auto previousSnapId = Overlay{pImpl->snapshot->getUid()}.getPreviousSnapshotOvlId(); - std::unique_ptr<Snapshot> previousSnapshot = pImpl->snapshotMgr->open(previousSnapId); - previousEtc->setTabSource(previousSnapshot->getRoot() / "etc" / "fstab"); - - Overlay previousOvl{previousSnapId}; - previousOvl.lowerdirs.back() = previousSnapshot->getRoot(); - previousOvl.setMountOptionsForMount(previousEtc); - targetRoot = previousOvl.upperdir.parent_path() / "sync"; - previousEtc->mount(targetRoot); - } - Util::exec("rsync --archive --inplace --xattrs --acls --exclude 'fstab' --delete --quiet '" + this->pImpl->bindDir + "/etc/' " + targetRoot.native() + "/etc"); + Util::exec("rsync --archive --inplace --xattrs --acls --exclude 'fstab' --delete --quiet '" + this->pImpl->bindDir + "/etc/' /etc"); } - return; } if (fs::exists(getRoot() / "discardIfNoChange")) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-4.1.1/sbin/transactional-update.in new/transactional-update-4.1.0/sbin/transactional-update.in --- old/transactional-update-4.1.1/sbin/transactional-update.in 2023-01-18 16:35:08.000000000 +0100 +++ new/transactional-update-4.1.0/sbin/transactional-update.in 2022-10-26 16:50:43.000000000 +0200 @@ -1209,14 +1209,10 @@ fi if [ "${DO_STATUS}" -eq 1 ]; then - if [ "${EXPERIMENTAL_STATUS}" -eq 1 ]; then - for snapshot in $(ls -d /.snapshots/*/ | cut -d '/' -f 3 | sort --reverse --numeric-sort); do - show_snapshot_status "/.snapshots/$snapshot/" - [ "${DO_STATUS_LAST}" -eq 1 ] && break - done - else - echo "The status command is disabled by default as it is marked as experimental" - fi + for snapshot in $(ls -d /.snapshots/*/ | cut -d '/' -f 3 | sort --reverse --numeric-sort); do + show_snapshot_status "/.snapshots/$snapshot/" + [ "${DO_STATUS_LAST}" -eq 1 ] && break + done exit 0 fi @@ -1294,10 +1290,11 @@ # Clean up old unused overlays if [ ${RO_ROOT} == "true" ]; then shopt -s nullglob - for overlay in /var/lib/overlay/*; do + for overlay in /var/lib/overlay/[0-9]*/etc /var/lib/overlay/etc; do if [ -e ${overlay} ] && ! grep -qs "${overlay}" /.snapshots/*/snapshot/etc/fstab{,.sys}; then log_info "Deleting unused overlay ${overlay}" - rm -r "${overlay}" + rm -rf "${overlay}" + rmdir --ignore-fail-on-non-empty "$(dirname "${overlay}")" fi done shopt -u nullglob