From 586473bf1840dcc04676b93683c1963a2b54effb Mon Sep 17 00:00:00 2001 From: Luke Yang Date: Wed, 24 Apr 2024 09:49:31 -0400 Subject: [PATCH 1/3] Various Fedora 40 fixes - Update hardcoded versions in CI - Change alloca usage denied by clang - Workaround dropped `container=oci` env in F40 Signed-off-by: Colin Walters --- ci/test-container.sh | 8 ++++---- rust/src/client.rs | 8 ++++++-- src/app/rpmostree-clientlib.cxx | 2 +- tests/compose.sh | 4 ++-- tests/kolainst/destructive/client-layering-upgrade | 2 +- tests/vmcheck/test-layering-scripts.sh | 8 ++++---- tests/vmcheck/test-override-kernel.sh | 6 +++--- tests/vmcheck/test-override-replace-2.sh | 13 ++++++------- 8 files changed, 27 insertions(+), 24 deletions(-) diff --git a/ci/test-container.sh b/ci/test-container.sh index 423d39b762..d1c2842f00 100755 --- a/ci/test-container.sh +++ b/ci/test-container.sh @@ -56,19 +56,19 @@ versionid=$(. /usr/lib/os-release && echo $VERSION_ID) # Test overrides case $versionid in - 38) + 40) url_suffix=2.16.2/2.fc39/x86_64/ignition-2.16.2-2.fc39.x86_64.rpm # 2.15.0-3 koji_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585" - koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2174317" - kver=6.2.8 + koji_kernel_url=https://koji.fedoraproject.org/koji/buildinfo?buildID=2294111 + kver=6.5.5 krev=300 ;; 39) url_suffix=2.16.2/1.fc39/x86_64/ignition-2.16.2-1.fc39.x86_64.rpm # 2.15.0-3 koji_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585" - koji_kernel_url=https://koji.fedoraproject.org/koji/buildinfo?buildID=2294111 + koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2294111" kver=6.5.5 krev=300 ;; diff --git a/rust/src/client.rs b/rust/src/client.rs index 542e84f587..d60e3b8ed9 100644 --- a/rust/src/client.rs +++ b/rust/src/client.rs @@ -336,7 +336,7 @@ pub(crate) fn confirm_or_abort() -> CxxResult<()> { #[cfg(test)] mod tests { use super::*; - use std::env; + use std::{env, path::Path}; #[test] fn test_is_src_rpm() { @@ -358,6 +358,10 @@ mod tests { #[test] fn test_running_in_container() { - assert_eq!(env::var("container").is_ok(), running_in_container()); + // See also https://bugzilla.redhat.com/show_bug.cgi?id=2278652 + let container = env::var_os("container").is_some() + || Path::new("/run/.containerenv").exists() + || Path::new("/.dockerenv").exists(); + assert_eq!(container, running_in_container()); } } diff --git a/src/app/rpmostree-clientlib.cxx b/src/app/rpmostree-clientlib.cxx index 7382b8854c..e4e0f13dd6 100644 --- a/src/app/rpmostree-clientlib.cxx +++ b/src/app/rpmostree-clientlib.cxx @@ -770,7 +770,7 @@ rpmostree_print_gpg_info (GVariant *signatures, gboolean verbose, guint max_key_ { /* +2 for initial leading spaces */ const guint gpgpad = max_key_len + 2 + strlen (": "); - char gpgspaces[gpgpad + 1]; + g_autofree char *gpgspaces = (char *)g_malloc (gpgpad + 1); memset (gpgspaces, ' ', gpgpad); gpgspaces[gpgpad] = '\0'; diff --git a/tests/compose.sh b/tests/compose.sh index 436ec6fba8..1ca031cc43 100755 --- a/tests/compose.sh +++ b/tests/compose.sh @@ -3,7 +3,7 @@ set -euo pipefail # freeze on a specific commit for tests for reproducibility and since it should # always work to target older treefiles -FEDORA_COREOS_CONFIG_COMMIT=ce65013fcb9f10bfee1c7c1c27477c6c6ce676b3 +FEDORA_COREOS_CONFIG_COMMIT=83f419c54bad614d70149830cc3b25fe4b93433e dn=$(cd "$(dirname "$0")" && pwd) topsrcdir=$(cd "$dn/.." && pwd) @@ -49,7 +49,7 @@ if [ ! -d compose-cache ]; then # default; we'll want it to test `install-langs`. This also means that we have # to add updates-archive to the repo list. # Also neuter OSTree layers; we don't re-implement cosa's auto-layering sugar - curl -LO https://src.fedoraproject.org/rpms/fedora-repos/raw/f37/f/fedora-updates-archive.repo + curl -LO https://src.fedoraproject.org/rpms/fedora-repos/raw/f40/f/fedora-updates-archive.repo python3 -c ' import sys, json y = json.load(sys.stdin) diff --git a/tests/kolainst/destructive/client-layering-upgrade b/tests/kolainst/destructive/client-layering-upgrade index 20498af601..faa191240b 100755 --- a/tests/kolainst/destructive/client-layering-upgrade +++ b/tests/kolainst/destructive/client-layering-upgrade @@ -20,7 +20,7 @@ set -xeuo pipefail . /etc/os-release case $VERSION_ID in - 39) kernel_release=6.5.6-300.fc39.x86_64 + 40) kernel_release=6.5.6-300.fc39.x86_64 koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2302642" ;; *) echo "Unsupported Fedora version: $VERSION_ID" diff --git a/tests/vmcheck/test-layering-scripts.sh b/tests/vmcheck/test-layering-scripts.sh index 4a423afc7e..3db45e9eed 100755 --- a/tests/vmcheck/test-layering-scripts.sh +++ b/tests/vmcheck/test-layering-scripts.sh @@ -149,11 +149,11 @@ vm_rpmostree cleanup -pr # File triggers are Fedora+ if ! vm_cmd grep -q 'ID=.*centos' /etc/os-release; then # We use /usr/share/licenses since it's small predictable content -license_combos="zlib-rpm systemd-tar-rpm sed-tzdata" -license_un_combos="zlib systemd-rpm" +license_combos="which-rpm systemd-tar-rpm sed-tzdata" +license_un_combos="which systemd-rpm" vm_build_rpm scriptpkg4 \ - transfiletriggerin "/usr/share/licenses/zlib /usr/share/licenses/rpm" 'sort >/usr/share/transfiletriggerin-license-zlib-rpm.txt' \ - transfiletriggerun "/usr/share/licenses/zlib" 'sort >/usr/share/transfiletriggerun-license-zlib.txt' \ + transfiletriggerin "/usr/share/licenses/which /usr/share/licenses/rpm" 'sort >/usr/share/transfiletriggerin-license-which-rpm.txt' \ + transfiletriggerun "/usr/share/licenses/which" 'sort >/usr/share/transfiletriggerun-license-which.txt' \ transfiletriggerin2 "/usr/share/licenses/xz/COPYING" 'cat > /usr/share/transfiletriggerin-license-file-xz.txt' vm_build_rpm scriptpkg5 \ transfiletriggerin "/usr/share/licenses/systemd /usr/share/licenses/rpm /usr/share/licenses/tar" 'sort >/usr/share/transfiletriggerin-license-systemd-tar-rpm.txt' \ diff --git a/tests/vmcheck/test-override-kernel.sh b/tests/vmcheck/test-override-kernel.sh index 6fe4b7ef22..68918d8abc 100755 --- a/tests/vmcheck/test-override-kernel.sh +++ b/tests/vmcheck/test-override-kernel.sh @@ -41,11 +41,11 @@ versionid=${versionid:11} # trim off VERSION_ID= current=$(vm_get_booted_csum) vm_cmd rpm-ostree db list "${current}" > current-dblist.txt case $versionid in - 38) kernel_release=6.2.9-300.fc38.x86_64 - koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2178613" + 40) kernel_release=6.5.6-300.fc39.x86_64 + koji_kernel_url=https://koji.fedoraproject.org/koji/buildinfo?buildID=2302642 ;; 39) kernel_release=6.5.6-300.fc39.x86_64 - koji_kernel_url=https://koji.fedoraproject.org/koji/buildinfo?buildID=2302642 + koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2302642" ;; *) assert_not_reached "Unsupported Fedora version: $versionid";; esac diff --git a/tests/vmcheck/test-override-replace-2.sh b/tests/vmcheck/test-override-replace-2.sh index 4f1f0bc9d7..652dc57a13 100755 --- a/tests/vmcheck/test-override-replace-2.sh +++ b/tests/vmcheck/test-override-replace-2.sh @@ -159,17 +159,16 @@ case $versionid in # XXX: this isn't actually the gold selinux; that one is too old for # container-selinux and moby-engine. rather than trying to change multiple # packages, we use one that's in coreos-pool since that also prevents GC - 38) - evr=38.25-1.fc38 - koji_url='https://koji.fedoraproject.org/koji/buildinfo?buildID=2274128' - # XXX: we need to replace container-selinux too for dep reasons - hack='https://koji.fedoraproject.org/koji/buildinfo?buildID=2281229' - ;; - 39) + 40) evr=38.28-1.fc39 koji_url=https://koji.fedoraproject.org/koji/buildinfo?buildID=2291271 hack=https://koji.fedoraproject.org/koji/buildinfo?buildID=2291519 ;; + 39) + evr=38.28-1.fc39 + koji_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2291271" + hack="https://koji.fedoraproject.org/koji/buildinfo?buildID=2291519" + ;; *) assert_not_reached "Unsupported Fedora version: $versionid";; esac assert_not_file_has_content current-dblist.txt selinux-policy-$evr From 1ba3a7b0670af55f21ff285ae44248b6f73e36c2 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 2 May 2024 14:07:25 -0400 Subject: [PATCH 2/3] Remove modularity support entrypoints This should hopefully fix libdnf warnings. Signed-off-by: Colin Walters --- docs/administrator-handbook.md | 33 ---------------------- src/app/rpmostree-builtin-ex.cxx | 4 --- src/libpriv/rpmostree-core.cxx | 42 +--------------------------- tests/compose/test-basic-unified.sh | 43 ----------------------------- 4 files changed, 1 insertion(+), 121 deletions(-) diff --git a/docs/administrator-handbook.md b/docs/administrator-handbook.md index b65effcdcc..2bd26a6ea5 100644 --- a/docs/administrator-handbook.md +++ b/docs/administrator-handbook.md @@ -105,39 +105,6 @@ The install --force-replacefiles option allows this. # rpm-ostree install --force-replacefiles ``` -### Modularity - -rpm-ostree provides experimental support for modules, a way for the distribution -to ship multiple versions (or "streams") of the same software. - -A module can have multiple streams, and each stream can have multiple profiles. -A profile is a set of packages for common use cases (e.g. you can have a -"client" and "server" profile, each installing different packages). - -`rpm-ostree ex module enable` enables a module stream and allow you to -individually pick packages to `rpm-ostree install` from that stream. -`rpm-ostree ex module install` installs module stream profiles directly. - -For example, to enable the `cri-o:1.20` module stream, use: - -``` -# rpm-ostree ex module enable cri-o:1.20 -``` - -You can then `rpm-ostree install` individual packages from the enabled module. - -Or to install a predefined profile, use e.g.: - -``` -# rpm-ostree ex module install cri-o:1.20/default -``` - -For more information about modularity, see -[the Fedora documentation](https://docs.fedoraproject.org/en-US/modularity). In -particular, -[this page](https://docs.fedoraproject.org/en-US/modularity/installing-modules/#_installing_packages) -provides sample syntax invocations. - ### Rebasing ``` diff --git a/src/app/rpmostree-builtin-ex.cxx b/src/app/rpmostree-builtin-ex.cxx index 1e2420bceb..37b291cd74 100644 --- a/src/app/rpmostree-builtin-ex.cxx +++ b/src/app/rpmostree-builtin-ex.cxx @@ -40,10 +40,6 @@ static RpmOstreeCommand ex_subcommands[] (RpmOstreeBuiltinFlags)(RPM_OSTREE_BUILTIN_FLAG_HIDDEN | RPM_OSTREE_BUILTIN_FLAG_CONTAINER_CAPABLE), "Rebuild system based on configuration", rpmostree_ex_builtin_rebuild }, - /* To graduate out of experimental, simply revert: - * https://github.com/coreos/rpm-ostree/pull/3078 */ - { "module", static_cast (0), "Commands to install/uninstall modules", - rpmostree_ex_builtin_module }, { NULL, (RpmOstreeBuiltinFlags)0, NULL, NULL } }; /* diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx index fc6b046a97..63510a1e69 100644 --- a/src/libpriv/rpmostree-core.cxx +++ b/src/libpriv/rpmostree-core.cxx @@ -277,12 +277,6 @@ rpmostree_context_new_compose (int userroot_dfd, OstreeRepo *repo, rpmostree_context_set_cache_root (ret, userroot_dfd); - auto platform_module = treefile_rs.get_platform_module (); - if (!platform_module.empty ()) - { - dnf_context_set_platform_module (ret->dnfctx, platform_module.c_str ()); - } - // The ref needs special handling as it gets variable-substituted. auto ref = ret->treefile_rs->get_ref (); if (ref.length () > 0) @@ -1856,12 +1850,6 @@ rpmostree_context_prepare (RpmOstreeContext *self, GCancellable *cancellable, GE return FALSE; } - /* All modules are opt-in, so start off with everything disabled. We'll enable/install - * user-provided ones down below. We need to do this before `find_locked_packages` so that it can - * find non-modular versions of a package. */ - if (!dnf_context_module_disable_all (dnfctx, error)) - return FALSE; - /* Now that we're done adding stuff to the sack, we can actually mark pkgs for install and * uninstall. We don't want to mix those two steps, otherwise we might confuse libdnf, * see: https://github.com/rpm-software-management/libdnf/issues/700 */ @@ -2039,36 +2027,8 @@ rpmostree_context_prepare (RpmOstreeContext *self, GCancellable *cancellable, GE } } - gboolean we_got_modules = FALSE; if (!modules_enable.empty ()) - { - g_auto (GStrv) modules = rpmostree_cxx_string_vec_to_strv (modules_enable); - if (!dnf_context_module_enable (dnfctx, (const char **)modules, error)) - return FALSE; - we_got_modules = TRUE; - } - - if (!modules_install.empty ()) - { - g_auto (GStrv) modules = rpmostree_cxx_string_vec_to_strv (modules_install); - if (!dnf_context_module_install (dnfctx, (const char **)modules, error)) - return glnx_prefix_error (error, "Installing modules"); - we_got_modules = TRUE; - } - - /* By default, when enabling a module, trying to install a package "foo" will - * always prioritize the "foo" in the module. This is what we want, but in the - * case of pinned repo packages, we want to be able to override that. So we - * need to fiddle with the modular excludes. */ - if (we_got_modules && pinned_pkgs && dnf_packageset_count (pinned_pkgs) > 0) - { - g_autoptr (DnfPackageSet) excludes = dnf_sack_get_module_excludes (sack); - g_autoptr (DnfPackageSet) cloned_pkgs = dnf_packageset_clone (pinned_pkgs); - Map *m = dnf_packageset_get_map (cloned_pkgs); - map_invertall (m); - map_and (dnf_packageset_get_map (excludes), m); - dnf_sack_set_module_excludes (sack, excludes); - } + return glnx_throw (error, "Modularity is no longer supported"); /* And finally, handle packages to install from all enabled repos */ g_autoptr (GPtrArray) missing_pkgs = NULL; diff --git a/tests/compose/test-basic-unified.sh b/tests/compose/test-basic-unified.sh index ea3b2d2003..c7af847f95 100755 --- a/tests/compose/test-basic-unified.sh +++ b/tests/compose/test-basic-unified.sh @@ -11,13 +11,6 @@ treefile_append "repos" '["test-repo"]' build_rpm foobar recommends foobar-rec post "test -f /run/ostree-booted" build_rpm foobar-rec -# check that even a modular version of a pinned pkg is ignored, even if it's -# higher version -build_rpm foobar version 99.9 -build_module foo \ - stream foo \ - rpm foobar-0:99.9-1.x86_64 - uinfo_cmd add TEST-SEC-LOW security low build_rpm vuln-pkg uinfo TEST-SEC-LOW uinfo_cmd add-ref TEST-SEC-LOW 1 http://example.com/vuln1 "CVE-12-34 vuln1" @@ -33,11 +26,6 @@ tf['repo-packages'] = [{ }] " -treefile_pyedit "tf['modules'] = { - 'enable': [], - 'install': [], -}" - # also test repovar substitution treefile_pyedit "tf['repovars'] = { 'foobar': 'yumrepo', @@ -46,28 +34,6 @@ treefile_pyedit "tf['repovars'] = { sed -i -e 's,baseurl=\(.*\)/yumrepo,baseurl=\1/$foobar,' yumrepo.repo assert_file_has_content_literal yumrepo.repo '$foobar' -build_rpm foomodular requires foomodular-ext -build_rpm foomodular-ext -build_rpm foomodular-optional -build_module foomodular \ - stream mystream \ - profile myprof:foomodular \ - rpm foomodular-0:1.0-1.x86_64 \ - rpm foomodular-ext-0:1.0-1.x86_64 \ - rpm foomodular-optional-0:1.0-1.x86_64 -treefile_pyedit "tf['modules']['install'] += ['foomodular:mystream/myprof']" - -build_rpm barmodular requires barmodular-ext -build_rpm barmodular-ext -build_rpm barmodular-optional -build_module barmodular \ - stream latest \ - rpm barmodular-0:1.0-1.x86_64 \ - rpm barmodular-ext-0:1.0-1.x86_64 \ - rpm barmodular-optional-0:1.0-1.x86_64 -treefile_pyedit "tf['modules']['enable'] += ['barmodular:latest']" -treefile_append "packages" '["barmodular"]' - # Test --print-only. We also # just in this test (for now) use ${basearch} to test substitution. # shellcheck disable=SC2016 @@ -164,15 +130,6 @@ assert_not_file_has_content_literal db-diff-adv.txt TEST-SEC-LOW assert_file_has_content_literal db-diff-adv.txt TEST-SEC-CRIT echo "ok db diff --advisories" -rpm-ostree db list --repo="${repo}" "${treeref}" > db-list.txt -assert_file_has_content_literal db-list.txt foomodular-1.0-1.x86_64 -assert_file_has_content_literal db-list.txt foomodular-ext-1.0-1.x86_64 -assert_not_file_has_content_literal db-list.txt foomodular-optional -assert_file_has_content_literal db-list.txt barmodular-1.0-1.x86_64 -assert_file_has_content_literal db-list.txt barmodular-ext-1.0-1.x86_64 -assert_not_file_has_content_literal db-list.txt barmodular-optional -echo "ok modules" - build_rpm dodo-base build_rpm dodo requires dodo-base build_rpm solitaire From 17edc3754e533f9ff868b029c88dee4ddae81c36 Mon Sep 17 00:00:00 2001 From: Luke Yang Date: Fri, 3 May 2024 11:18:50 -0400 Subject: [PATCH 3/3] Update to f40 kernel --- ci/test-container.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/test-container.sh b/ci/test-container.sh index d1c2842f00..f51cbef757 100755 --- a/ci/test-container.sh +++ b/ci/test-container.sh @@ -60,8 +60,8 @@ case $versionid in url_suffix=2.16.2/2.fc39/x86_64/ignition-2.16.2-2.fc39.x86_64.rpm # 2.15.0-3 koji_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2158585" - koji_kernel_url=https://koji.fedoraproject.org/koji/buildinfo?buildID=2294111 - kver=6.5.5 + koji_kernel_url="https://koji.fedoraproject.org/koji/buildinfo?buildID=2435097" + kver=6.8.5 krev=300 ;; 39)