Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package transactional-update for
openSUSE:Factory checked in at 2023-09-22 21:46:37
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/transactional-update (Old)
and /work/SRC/openSUSE:Factory/.transactional-update.new.1770 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transactional-update"
Fri Sep 22 21:46:37 2023 rev:101 rq:1111543 version:4.4.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/transactional-update/transactional-update.changes
2023-06-29 17:27:56.110121121 +0200
+++
/work/SRC/openSUSE:Factory/.transactional-update.new.1770/transactional-update.changes
2023-09-22 21:46:42.667329112 +0200
@@ -1,0 +2,18 @@
+Mon Sep 11 13:55:40 UTC 2023 - Ignaz Forster <ifors...@suse.com>
+
+- Version 4.4.0
+ - t-u: Introduce setup-fips command [jsc#SMO-194]
+ - libtukit: Always set a cleanup algorithm for snapshots - when
+ using API, D-Bus interface or tukit the snapshots will be
+ automatically cleaned up by snapper after some time now; in the
+ past only snapshots created by the transactional-update shell
+ script would be cleanup after, and only after a `t-u cleanup`
+ run.
+ - tukit: enable kexec's syscall detection feature
+ - tukit: Don't throw exceptions from the child process after fork
+ - tukitd: Rename service file to org.opensuse.tukit.service
+ - tukitd: Allow querying DBus Properties [boo#1214707]
+ - t-u: Add support for fully written-out update commands
+ - t-u: Improve detection of existing kernel parameters
+
+-------------------------------------------------------------------
Old:
----
transactional-update-4.3.0.tar.gz
New:
----
transactional-update-4.4.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ transactional-update.spec ++++++
--- /var/tmp/diff_new_pack.JTXN4I/_old 2023-09-22 21:46:43.779369481 +0200
+++ /var/tmp/diff_new_pack.JTXN4I/_new 2023-09-22 21:46:43.783369627 +0200
@@ -26,7 +26,7 @@
%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
Name: transactional-update
-Version: 4.3.0
+Version: 4.4.0
Release: 0
Summary: Transactional Updates with btrfs and snapshots
License: GPL-2.0-or-later AND LGPL-2.1-or-later
@@ -306,7 +306,7 @@
%license COPYING gpl-2.0.txt
%{_sbindir}/tukitd
%{_unitdir}/tukitd.service
-%{_prefix}/share/dbus-1/system-services/tukitd.d-bus.service
+%{_prefix}/share/dbus-1/system-services/org.opensuse.tukit.service
%{_prefix}/share/dbus-1/system.d/org.opensuse.tukit.conf
%{_prefix}/share/dbus-1/interfaces/org.opensuse.tukit.Snapshot.xml
%{_prefix}/share/dbus-1/interfaces/org.opensuse.tukit.Transaction.xml
++++++ transactional-update-4.3.0.tar.gz -> transactional-update-4.4.0.tar.gz
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/NEWS
new/transactional-update-4.4.0/NEWS
--- old/transactional-update-4.3.0/NEWS 2023-06-28 16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/NEWS 2023-09-11 15:49:37.000000000 +0200
@@ -2,6 +2,20 @@
Copyright (C) 2016-2022 Thorsten Kukuk, Ignaz Forster et al.
+Version 4.4.0
+* t-u: Introduce setup-fips command [jsc#SMO-194]
+* libtukit: Always set a cleanup algorithm for snapshots - when using API,
+ D-Bus interface or tukit the snapshots will be automatically cleaned up
+ by snapper after some time now; in the past only snapshots created by
+ the transactional-update shell script would be cleanup after, and only
+ after a `t-u cleanup` run.
+* tukit: enable kexec's syscall detection feature
+* tukit: Don't throw exceptions from the child process after fork
+* tukitd: Rename service file to org.opensuse.tukit.service
+* tukitd: Allow querying DBus Properties [boo#1214707]
+* t-u: Add support for fully written-out update commands
+* t-u: Improve detection of existing kernel parameters
+
Version 4.3.0
* Replace custom tu-rebuild-kdump-initrd with call to mkdumprd
[gh#openSUSE/transactional-update#107].
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/configure.ac
new/transactional-update-4.4.0/configure.ac
--- old/transactional-update-4.3.0/configure.ac 2023-06-28 16:55:05.000000000
+0200
+++ new/transactional-update-4.4.0/configure.ac 2023-09-11 15:49:37.000000000
+0200
@@ -1,11 +1,11 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(transactional-update, 4.3.0)
+AC_INIT(transactional-update, 4.4.0)
# Increase on any interface change and reset revision
LIBTOOL_CURRENT=4
# On interface change increase if backwards compatible, reset otherwise
LIBTOOL_AGE=0
# Increase on *any* C/C++ library code change, reset at interface change
-LIBTOOL_REVISION=6
+LIBTOOL_REVISION=7
AC_CANONICAL_SYSTEM
AM_INIT_AUTOMAKE([foreign])
AC_CONFIG_FILES([tukit.pc])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/dbus/Makefile.am
new/transactional-update-4.4.0/dbus/Makefile.am
--- old/transactional-update-4.3.0/dbus/Makefile.am 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/dbus/Makefile.am 2023-09-11
15:49:37.000000000 +0200
@@ -9,7 +9,7 @@
dbusconfdir = @DBUSCONFDIR@
dbusconf_DATA = org.opensuse.tukit.conf
dbussystembusservicedir = @DBUSSYSTEMBUSSERVICEDIR@
-dbussystembusservice_DATA = tukitd.d-bus.service
+dbussystembusservice_DATA = org.opensuse.tukit.service
dbusinterfacesdir = @DBUSINTERFACESDIR@
dbusinterfaces_DATA = org.opensuse.tukit.Transaction.xml
org.opensuse.tukit.Snapshot.xml
systemdsystemunitdir = @SYSTEMDDIR@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/transactional-update-4.3.0/dbus/org.opensuse.tukit.conf
new/transactional-update-4.4.0/dbus/org.opensuse.tukit.conf
--- old/transactional-update-4.3.0/dbus/org.opensuse.tukit.conf 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/dbus/org.opensuse.tukit.conf 2023-09-11
15:49:37.000000000 +0200
@@ -3,7 +3,7 @@
<policy user="root">
<allow own="org.opensuse.tukit"/>
<allow send_destination="org.opensuse.tukit"
send_interface="org.opensuse.tukit.Transaction"/>
- <allow send_destination="org.opensuse.tukit"
send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.opensuse.tukit"
send_interface="org.freedesktop.DBus.Properties"/>
</policy>
<policy context="default">
<deny own="org.opensuse.tukit"/>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/transactional-update-4.3.0/dbus/org.opensuse.tukit.service
new/transactional-update-4.4.0/dbus/org.opensuse.tukit.service
--- old/transactional-update-4.3.0/dbus/org.opensuse.tukit.service
1970-01-01 01:00:00.000000000 +0100
+++ new/transactional-update-4.4.0/dbus/org.opensuse.tukit.service
2023-09-11 15:49:37.000000000 +0200
@@ -0,0 +1,5 @@
+[D-BUS Service]
+Name=org.opensuse.tukit
+Exec=/usr/sbin/tukitd
+User=root
+SystemdService=tukitd.service
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/dbus/tukitd.d-bus.service
new/transactional-update-4.4.0/dbus/tukitd.d-bus.service
--- old/transactional-update-4.3.0/dbus/tukitd.d-bus.service 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/dbus/tukitd.d-bus.service 1970-01-01
01:00:00.000000000 +0100
@@ -1,5 +0,0 @@
-[D-BUS Service]
-Name=org.opensuse.tukit
-Exec=/usr/sbin/tukitd
-User=root
-SystemdService=tukitd.service
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/lib/Reboot.cpp
new/transactional-update-4.4.0/lib/Reboot.cpp
--- old/transactional-update-4.3.0/lib/Reboot.cpp 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/lib/Reboot.cpp 2023-09-11
15:49:37.000000000 +0200
@@ -37,7 +37,7 @@
} else if (method == "kured") {
command = "touch /var/run/reboot-required";
} else if (method == "kexec") {
- command = "kexec -l /boot/vmlinuz --initrd=/boot/initrd
--reuse-cmdline;";
+ command = "kexec --kexec-syscall-auto -l /boot/vmlinuz
--initrd=/boot/initrd --reuse-cmdline;";
command += "sync;";
command += "systemctl kexec;";
} else if (method == "none") {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/lib/Snapshot/Snapper.cpp
new/transactional-update-4.4.0/lib/Snapshot/Snapper.cpp
--- old/transactional-update-4.3.0/lib/Snapshot/Snapper.cpp 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/lib/Snapshot/Snapper.cpp 2023-09-11
15:49:37.000000000 +0200
@@ -17,7 +17,7 @@
std::unique_ptr<Snapshot> Snapper::create(std::string base, std::string
description) {
if (! std::filesystem::exists("/.snapshots/" + base + "/snapshot"))
throw std::invalid_argument{"Base snapshot '" + base + "' does not
exist."};
- snapshotId = callSnapper("create --from " + base + " --read-write
--print-number --description '" + description + "' --userdata
'transactional-update-in-progress=yes'");
+ snapshotId = callSnapper("create --from " + base + " --read-write
--cleanup-algorithm number --print-number --description '" + description + "'
--userdata 'transactional-update-in-progress=yes'");
Util::rtrim(snapshotId);
return std::make_unique<Snapper>(snapshotId);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/transactional-update-4.3.0/lib/Transaction.cpp
new/transactional-update-4.4.0/lib/Transaction.cpp
--- old/transactional-update-4.3.0/lib/Transaction.cpp 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/lib/Transaction.cpp 2023-09-11
15:49:37.000000000 +0200
@@ -370,15 +370,18 @@
if (output != nullptr) {
ret = dup2(pipefd[1], STDOUT_FILENO);
if (ret < 0) {
- throw std::runtime_error{"Redirecting stdout failed: " +
std::string(strerror(errno))};
+ tulog.error("Redirecting stdout failed: " +
std::string(strerror(errno)));
+ _exit(errno);
}
ret = dup2(pipefd[1], STDERR_FILENO);
if (ret < 0) {
- throw std::runtime_error{"Redirecting stderr failed: " +
std::string(strerror(errno))};
+ tulog.error("Redirecting stderr failed: " +
std::string(strerror(errno)));
+ _exit(errno);
}
ret = close(pipefd[0]);
if (ret < 0) {
- throw std::runtime_error{"Closing pipefd failed: " +
std::string(strerror(errno))};
+ tulog.error("Closing pipefd failed: " +
std::string(strerror(errno)));
+ _exit(errno);
}
}
@@ -387,28 +390,34 @@
tulog.info("Warning: Couldn't set working directory: ",
std::string(strerror(errno)));
}
if (chroot(bindDir.c_str()) < 0) {
- throw std::runtime_error{"Chrooting to " + bindDir + " failed:
" + std::string(strerror(errno))};
+ tulog.error("Chrooting to " + bindDir + " failed: " +
std::string(strerror(errno)));
+ _exit(errno);
}
// Prevent mounts from within the chroot environment influence the
tukit organized mounts
if (unshare(CLONE_NEWNS) < 0) {
- throw std::runtime_error{"Creating new mount namespace failed:
" + std::string(strerror(errno))};
+ tulog.error("Creating new mount namespace failed: " +
std::string(strerror(errno)));
+ _exit(errno);
}
if (mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) < 0) {
- throw std::runtime_error{"Setting private mount for command
execution failed: " + std::string(strerror(errno))};
+ tulog.error("Setting private mount for command execution
failed: " + std::string(strerror(errno)));
+ _exit(errno);
}
}
// Set indicator for RPM pre/post sections to detect whether we run in
a
// transactional update
if (setenv("TRANSACTIONAL_UPDATE", "true", 1) < 0) {
- throw std::runtime_error{"Setting environment variable
TRANSACTIONAL_UPDATE failed: " + std::string(strerror(errno))};
+ tulog.error("Setting environment variable TRANSACTIONAL_UPDATE
failed: " + std::string(strerror(errno)));
+ _exit(errno);
}
if (setenv("TRANSACTIONAL_UPDATE_ROOT", snapshot->getRoot().c_str(),
1)) {
- throw std::runtime_error{"Setting environment variable
TRANSACTIONAL_UPDATE_ROOT failed: " + std::string(strerror(errno))};
+ tulog.error("Setting environment variable
TRANSACTIONAL_UPDATE_ROOT failed: " + std::string(strerror(errno)));
+ _exit(errno);
}
if (execvp(argv[0], (char* const*)argv) < 0) {
- throw std::runtime_error{"Calling " + std::string(argv[0]) + "
failed: " + std::string(strerror(errno))};
+ tulog.error("Calling " + std::string(argv[0]) + " failed: " +
std::string(strerror(errno)));
+ _exit(errno);
}
ret = -1;
} else {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/transactional-update-4.3.0/man/transactional-update.8.xml
new/transactional-update-4.4.0/man/transactional-update.8.xml
--- old/transactional-update-4.3.0/man/transactional-update.8.xml
2023-06-28 16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/man/transactional-update.8.xml
2023-09-11 15:49:37.000000000 +0200
@@ -290,6 +290,20 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><option>setup-fips</option></term>
+ <listitem>
+ <para>
+ Install the FIPS pattern package and configure the kernel command
+ line parameter to activate FIPS mode.
+ </para>
+ <para>
+ This command can not be combined with any
+ <link linkend='pkg_commands'>Package Command</link> other than
+ <option>install</option>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term><option>setup-kdump</option>
<optional>--crashkernel=<replaceable>low</replaceable>,<replaceable>high</replaceable></optional></term>
<listitem>
<para>
@@ -359,6 +373,7 @@
<refsect3 id='ni_pkg_commands'><title>Non-interactive Package Commands</title>
<variablelist>
<varlistentry>
+ <term><option>dist-upgrade</option></term>
<term><option>dup</option></term>
<listitem>
<para>
@@ -370,6 +385,7 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term><option>update</option></term>
<term><option>up</option></term>
<listitem>
<para>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/transactional-update-4.3.0/sbin/transactional-update.in
new/transactional-update-4.4.0/sbin/transactional-update.in
--- old/transactional-update-4.3.0/sbin/transactional-update.in 2023-06-28
16:55:05.000000000 +0200
+++ new/transactional-update-4.4.0/sbin/transactional-update.in 2023-09-11
15:49:37.000000000 +0200
@@ -47,6 +47,7 @@
REBOOT_METHOD="auto"
RUN_CMD=""
RUN_SHELL=0
+SETUP_FIPS=0
SETUP_KDUMP=0
SETUP_SELINUX=0
USE_TELEMETRICS=0
@@ -150,18 +151,19 @@
echo "shell Open rw shell in new snapshot before
exiting"
echo "reboot Reboot after update"
echo "run <cmd> Run a command in a new snapshot"
+ echo "setup-fips Install and enable FIPS pattern package"
echo "setup-kdump [--crashkernel=<low>,<high>] Configure and enable kdump"
echo "setup-selinux Install targeted SELinux policy and
enable it"
echo ""
echo "Package Commands:"
echo "Defaults: (i) interactive command; (n) non-interactive command"
- echo "dup Call 'zypper dup' (n)"
- echo "up Call 'zypper up' (n)"
+ echo "dist-upgrade, dup Call 'zypper dup' (n)"
+ echo "update, up Call 'zypper up' (n)"
echo "patch Call 'zypper patch' (n)"
echo "migration Updates systems registered via SCC / SMT
(i)"
- echo "pkg install ... Install individual packages (i)"
- echo "pkg remove ... Remove individual packages (i)"
- echo "pkg update ... Updates individual packages (i)"
+ echo "pkg install|in ... Install individual packages (i)"
+ echo "pkg remove|rm ... Remove individual packages (i)"
+ echo "pkg update|up ... Updates individual packages (i)"
echo "register ... Register system via SUSEConnect (implies
-d)"
echo ""
echo "Standalone Commands:"
@@ -871,13 +873,13 @@
DO_CLEANUP_OVERLAYS=1
shift
;;
- dup)
+ dist-upgrade|dup)
DO_DUP=1
ZYPPER_ARG="--no-cd dup"
shift
TELEM_CLASS="upgrade"
;;
- up)
+ update|up)
ZYPPER_ARG=up
shift
TELEM_CLASS="update"
@@ -1011,6 +1013,11 @@
RUN_CMD=("$@")
break
;;
+ setup-fips)
+ test -z "$TELEM_CLASS" && TELEM_CLASS="fips"
+ SETUP_FIPS=1
+ shift
+ ;;
setup-kdump)
test -z "$TELEM_CLASS" && TELEM_CLASS="setup-kdump"
SETUP_KDUMP=1
@@ -1125,6 +1132,24 @@
fi
fi
+# Setup FIPS
+if [ "${SETUP_FIPS}" -eq 1 ]; then
+ if [ -n "${ZYPPER_ARG}" -a "${ZYPPER_ARG}" != "install" ]; then
+ log_error "ERROR: Cannot combine 'setup-fips' with zypper command
'${ZYPPER_ARG}'"
+ exit 1
+ fi
+ # Check if we need to install packages
+ fipspattern="$(rpm -q --whatprovides 'pattern()' --provides | grep
'^pattern() = fips$')"
+ if [ -z "${fipspattern}" ]; then
+ ZYPPER_ARG_PKGS+=("pattern() = fips")
+ fi
+ if [ ${#ZYPPER_ARG_PKGS[@]} -ne 0 ]; then
+ ZYPPER_ARG="install"
+ fi
+ REWRITE_INITRD=1
+ REBUILD_KDUMP_INITRD=1
+fi
+
# Setup SELinux
if [ "${SETUP_SELINUX}" -eq 1 ]; then
# Setting up SELinux requires several steps:
@@ -1539,11 +1564,19 @@
else
ETC_BASE="${SNAPSHOT_DIR}"
fi
+ if [ ${SETUP_FIPS} -eq 1 ]; then
+ # Adjust grub configuration
+
+ # Check if we don't have selinux already enabled.
+ grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q -w fips ||
\
+ tukit ${TUKIT_OPTS} call "${SNAPSHOT_ID}" sed -i -e
's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 fips=1"|g' "/etc/default/grub"
+ REWRITE_GRUB_CFG=1
+ fi
if [ ${SETUP_SELINUX} -eq 1 ]; then
# Adjust grub configuration
# Check if we don't have selinux already enabled.
- grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q
security=selinux || \
+ grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q -w
security=selinux || \
tukit ${TUKIT_OPTS} call "${SNAPSHOT_ID}" sed -i -e
's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g'
"/etc/default/grub"
REWRITE_GRUB_CFG=1
