user/tukit: new package

user/tukit-devel

@@ -0,0 +1 @@
+tukit

user/tukit-libs

@@ -0,0 +1 @@
+tukit

user/tukit/patches/cxx.patch

@@ -0,0 +1,33 @@
+--- a/lib/Supplement.cpp
++++ b/lib/Supplement.cpp
+@@ -21,7 +21,7 @@ Supplements::Supplements(fs::path snapshot):
+ // those directories are deleted in the end by adding them to the list of temporary files
+ void Supplements::createDirs(fs::path dir) {
+     fs::path stump{snapshot};
+-    for (auto& component: dir.relative_path()) {
++    for (const auto& component: dir.relative_path()) {
+         stump /= component;
+         if (! fs::exists(stump)) {
+             fs::create_directories(stump);
+
+--- a/lib/Snapshot/Snapper.cpp
++++ b/lib/Snapshot/Snapper.cpp
+@@ -5,6 +5,7 @@
+   Snapper backend for snapshot handling
+  */
+
++#include <sstream>
+ #include "Snapper.hpp"
+ #include "Exceptions.hpp"
+ #include "Util.hpp"
+
+--- a/tukit/tukit.cpp
++++ b/tukit/tukit.cpp
+@@ -5,6 +5,7 @@
+   transactional-update - apply updates to the system in an atomic way
+  */
+
++#include <sstream>
+ #include "tukit.hpp"
+ #include "Configuration.hpp"
+ #include "SnapshotManager.hpp"

user/tukit/patches/etc.patch

@@ -0,0 +1,10 @@
+--- a/etc/Makefile.am
++++ b/etc/Makefile.am
+@@ -2,5 +2,5 @@
+ # SPDX-FileCopyrightText: 2018-2021 SUSE LLC
+
+ EXTRA_DIST = transactional-update.conf tukit.conf
+-configdir = $(prefix)$(sysconfdir)
++configdir = $(sysconfdir)
+ config_DATA = $(EXTRA_DIST)
+

user/tukit/patches/no-rpm.patch

@@ -0,0 +1,22 @@
+--- a/configure.ac	2024-09-20 06:10:04.979023142 -0300
++++ b/configure.ac	2024-09-20 09:08:17.039005737 -0300
+@@ -56,8 +56,6 @@
+ PKG_CHECK_MODULES([ECONF], [libeconf])
+ PKG_CHECK_MODULES([SELINUX], [libselinux])
+ PKG_CHECK_MODULES([LIBMOUNT], [mount])
+-PKG_CHECK_MODULES([LIBRPM], [rpm >= 4.15], AC_DEFINE([HAVE_RPMDBCOOKIE]),
+-	[PKG_CHECK_MODULES([LIBRPM], [rpm])])
+ PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd])
+
+ AC_ARG_WITH([doc],
+
+--- a/tukit.pc.in	2024-09-20 06:10:04.986023030 -0300
++++ b/tukit.pc.in	2024-09-20 17:57:45.272302671 -0300
+@@ -7,6 +7,6 @@
+ Description: Toolkit library for operating system transactional updates
+ Version: @VERSION@
+ URL: https://github.com/openSUSE/transactional-update
+-Requires.private: rpm, libeconf, mount
++Requires.private: libeconf, mount
+ Cflags: -I${includedir}
+ Libs: -L${libdir} -ltukit

user/tukit/patches/selinux.patch

@@ -0,0 +1,120 @@
+diff --git a/configure.ac b/configure.ac
+index d78d48c..9dd6dbe 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -54,7 +54,6 @@ AC_PROG_LN_S
+ LT_INIT([disable-static])
+
+ PKG_CHECK_MODULES([ECONF], [libeconf])
+-PKG_CHECK_MODULES([SELINUX], [libselinux])
+ PKG_CHECK_MODULES([LIBMOUNT], [mount])
+ PKG_CHECK_MODULES([LIBRPM], [rpm >= 4.15], AC_DEFINE([HAVE_RPMDBCOOKIE]),
+ 	[PKG_CHECK_MODULES([LIBRPM], [rpm])])
+diff --git a/lib/Overlay.cpp b/lib/Overlay.cpp
+index 2ea711a..81c1bf5 100644
+--- a/lib/Overlay.cpp
++++ b/lib/Overlay.cpp
+@@ -15,8 +15,6 @@
+ #include <cstring>
+ #include <filesystem>
+ #include <regex>
+-#include <selinux/selinux.h>
+-#include <selinux/context.h>
+ #include <sstream>
+ #include <sys/stat.h>
+ #include <unistd.h>
+@@ -120,18 +118,7 @@ bool Overlay::sync(string base, fs::path snapRoot) {
+     previousEtc->mount(previousOvl.upperdir.parent_path() / "sync");
+     tulog.info("Syncing /etc of previous snapshot ", previousSnapId, " as base into new snapshot ", snapRoot);
+
+-    if (is_selinux_enabled()) {
+-        tulog.info("SELinux is enabled.");
+-    }
+-
+-    try {
+-        Util::exec("rsync --quiet --archive --inplace --xattrs --exclude='/fstab' --acls --delete " + syncSource + " " + string(snapRoot) + "/etc 2>&1");
+-    } catch (exception &e) {
+-        // rsync will fail when synchronizing pre-SELinux snapshots as soon as SELinux enabled,
+-        // so try again without the SELinux xattrs.
+-        tulog.info("Retrying rsync without SELinux xattrs...");
+-        Util::exec("rsync --quiet --archive --inplace --xattrs --filter='-x security.selinux' --exclude='/fstab' --acls --delete " + syncSource + " " + string(snapRoot) + "/etc");
+-    }
++    Util::exec("rsync --quiet --archive --inplace --xattrs --filter='-x security.selinux' --exclude='/fstab' --acls --delete " + syncSource + " " + string(snapRoot) + "/etc");
+
+     return true;
+ }
+@@ -200,16 +187,6 @@ void Overlay::create(string base, string snapshot, fs::path snapRoot) {
+         throw std::runtime_error{"could not set permissions of " + upperdir.string() + ": " + std::string(strerror(errno))};
+     }
+
+-    char* context = NULL;
+-    if (getfilecon("/etc", &context) > 0) {
+-        tulog.debug("selinux context on /etc: " + std::string(context));
+-        if (setfilecon(upperdir.c_str(), context) != 0) {
+-            freecon(context);
+-            throw std::runtime_error{"applying selinux context failed: " + std::string(strerror(errno))};
+-        }
+-        freecon(context);
+-    }
+-
+     // Assemble the new lowerdirs
+     lowerdirs.clear();
+     lowerdirs.push_back(parent.upperdir);
+diff --git a/lib/Transaction.cpp b/lib/Transaction.cpp
+index dd4c472..3cc4e16 100644
+--- a/lib/Transaction.cpp
++++ b/lib/Transaction.cpp
+@@ -25,8 +25,6 @@
+ #include <limits.h>
+ #include <poll.h>
+ #include <sched.h>
+-#include <selinux/restorecon.h>
+-#include <selinux/selinux.h>
+ #include <signal.h>
+ #include <sys/inotify.h>
+ #include <sys/mount.h>
+@@ -128,44 +126,6 @@ void Transaction::impl::snapMount() {
+         dirsToMount.push_back(std::make_unique<BindMount>("/var/lib/ca-certificates"));
+         if (fs::is_directory("/var/lib/alternatives"))
+             dirsToMount.push_back(std::make_unique<BindMount>("/var/lib/alternatives"));
+-        if (fs::is_directory("/var/lib/selinux"))
+-            dirsToMount.push_back(std::make_unique<BindMount>("/var/lib/selinux"));
+-        if (is_selinux_enabled()) {
+-            // If packages installed files into /var (which is not allowed, but still happens), they will end
+-            // up in the root file system, but will always be shadowed by the real /var mount. Due to that they
+-            // also won't be relabelled at any time. During updates this may cause problems if packages try to
+-            // access those leftover directories with wrong permissions, so they have to be relabelled manually...
+-            BindMount selinuxVar("/var/lib/selinux", 0, true);
+-            selinuxVar.mount(bindDir);
+-            BindMount selinuxEtc("/etc/selinux", 0, true);
+-            selinuxEtc.mount(bindDir);
+-
+-            // restorecon keeps open file handles, so execute it in a child process - umount will fail otherwise
+-            pid_t childPid = fork();
+-            if (childPid < 0) {
+-                throw std::runtime_error{"Forking for SELinux relabelling failed: " + std::string(strerror(errno))};
+-            } else if (childPid == 0) {
+-                if (chroot(bindDir.c_str()) < 0) {
+-                    tulog.error("Chrooting to " + bindDir.native() + " for SELinux relabelling failed: " + std::string(strerror(errno)));
+-                    _exit(errno);
+-                }
+-                unsigned int restoreconOptions = SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_IGNORE_DIGEST;
+-                if (tulog.level >= TULogLevel::Info)
+-                    restoreconOptions |= SELINUX_RESTORECON_VERBOSE;
+-                if (selinux_restorecon("/var", restoreconOptions) < 0) {
+-                    tulog.error("Relabelling of snapshot /var failed: " + std::string(strerror(errno)));
+-                    _exit(errno);
+-                }
+-                _exit(0);
+-            }
+-            else {
+-                int status;
+-                waitpid(childPid, &status, 0);
+-                if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) || WIFSIGNALED(status)) {
+-                    throw std::runtime_error{"SELinux relabelling failed."};
+-                }
+-            }
+-        }
+     }
+
+     std::unique_ptr<Mount> mntEtc{new Mount{"/etc"}};

user/tukit/patches/systemd.patch

@@ -0,0 +1,21 @@
+--- a/Makefile.am	2024-09-20 06:24:22.612601858 -0300
++++ b/Makefile.am	2024-09-20 06:24:31.382453168 -0300
+@@ -5,7 +5,7 @@
+ #
+ AUTOMAKE_OPTIONS = 1.6 foreign check-news dist-xz
+ #
+-SUBDIRS = lib tukit dbus sbin man systemd logrotate dracut doc etc
++SUBDIRS = lib tukit man logrotate dracut doc etc
+
+ CLEANFILES = *~ tukit.pc
+
+--- a/configure.ac	2024-09-20 09:12:55.295465767 -0300
++++ b/configure.ac	2024-09-20 09:12:32.709834266 -0300
+@@ -56,7 +56,6 @@
+ PKG_CHECK_MODULES([ECONF], [libeconf])
+ PKG_CHECK_MODULES([SELINUX], [libselinux])
+ PKG_CHECK_MODULES([LIBMOUNT], [mount])
+-PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd])
+
+ AC_ARG_WITH([doc],
+ 	[AS_HELP_STRING([--with-doc], [Build documentation])], ,

user/tukit/template.py

@@ -0,0 +1,28 @@
+pkgname = "tukit"
+pkgver = "4.8.2"
+pkgrel = 0
+build_style = "gnu_configure"
+configure_env = {
+    "SYSTEMDDIR": "/usr/lib/systemd/system",
+    "TMPFILESDIR": "/usr/lib/tmpfiles.d",
+    "DRACUTDIR": "/usr/lib/dracut/modules.d",
+}
+hostmakedepends = ["autoconf-archive", "automake", "pkgconf", "slibtool"]
+makedepends = ["dbus-devel", "libeconf-devel", "libmount-devel", "udev-devel"]
+depends = ["snapper"]
+pkgdesc = "Toolkit for atomic updates"
+maintainer = "tulilirockz <[email protected]>"
+license = "LGPL-2.1-or-later AND GPL-2.0-or-later"
+url = "https://github.com/openSUSE/transactional-update"
+source = f"{url}/archive/refs/tags/v{pkgver}.tar.gz"
+sha256 = "fc67baa3b34723d73cc0366abf74bf7f0a21e4d3ec08d29bc38e846d493c20b0"
+
+
+@subpackage("tukit-devel")
+def _(self):
+    return self.default_devel()
+
+
+@subpackage("tukit-libs")
+def _(self):
+    return self.default_libs()