diff --git a/user/tukit-devel b/user/tukit-devel new file mode 120000 index 00000000000..44eb3e8eb1a --- /dev/null +++ b/user/tukit-devel @@ -0,0 +1 @@ +tukit \ No newline at end of file diff --git a/user/tukit-libs b/user/tukit-libs new file mode 120000 index 00000000000..44eb3e8eb1a --- /dev/null +++ b/user/tukit-libs @@ -0,0 +1 @@ +tukit \ No newline at end of file diff --git a/user/tukit/patches/cxx.patch b/user/tukit/patches/cxx.patch new file mode 100644 index 00000000000..0186fce04b8 --- /dev/null +++ b/user/tukit/patches/cxx.patch @@ -0,0 +1,33 @@ +--- a/lib/Supplement.cpp ++++ b/lib/Supplement.cpp +@@ -21,7 +21,7 @@ Supplements::Supplements(fs::path snapshot): + // those directories are deleted in the end by adding them to the list of temporary files + void Supplements::createDirs(fs::path dir) { + fs::path stump{snapshot}; +- for (auto& component: dir.relative_path()) { ++ for (const auto& component: dir.relative_path()) { + stump /= component; + if (! fs::exists(stump)) { + fs::create_directories(stump); + +--- a/lib/Snapshot/Snapper.cpp ++++ b/lib/Snapshot/Snapper.cpp +@@ -5,6 +5,7 @@ + Snapper backend for snapshot handling + */ + ++#include + #include "Snapper.hpp" + #include "Exceptions.hpp" + #include "Util.hpp" + +--- a/tukit/tukit.cpp ++++ b/tukit/tukit.cpp +@@ -5,6 +5,7 @@ + transactional-update - apply updates to the system in an atomic way + */ + ++#include + #include "tukit.hpp" + #include "Configuration.hpp" + #include "SnapshotManager.hpp" diff --git a/user/tukit/patches/etc.patch b/user/tukit/patches/etc.patch new file mode 100644 index 00000000000..1fadd5f8329 --- /dev/null +++ b/user/tukit/patches/etc.patch @@ -0,0 +1,10 @@ +--- a/etc/Makefile.am ++++ b/etc/Makefile.am +@@ -2,5 +2,5 @@ + # SPDX-FileCopyrightText: 2018-2021 SUSE LLC + + EXTRA_DIST = transactional-update.conf tukit.conf +-configdir = $(prefix)$(sysconfdir) ++configdir = $(sysconfdir) + config_DATA = $(EXTRA_DIST) + diff --git a/user/tukit/patches/no-rpm.patch b/user/tukit/patches/no-rpm.patch new file mode 100644 index 00000000000..3d14d15c97d --- /dev/null +++ b/user/tukit/patches/no-rpm.patch @@ -0,0 +1,22 @@ +--- a/configure.ac 2024-09-20 06:10:04.979023142 -0300 ++++ b/configure.ac 2024-09-20 09:08:17.039005737 -0300 +@@ -56,8 +56,6 @@ + PKG_CHECK_MODULES([ECONF], [libeconf]) + PKG_CHECK_MODULES([SELINUX], [libselinux]) + PKG_CHECK_MODULES([LIBMOUNT], [mount]) +-PKG_CHECK_MODULES([LIBRPM], [rpm >= 4.15], AC_DEFINE([HAVE_RPMDBCOOKIE]), +- [PKG_CHECK_MODULES([LIBRPM], [rpm])]) + PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd]) + + AC_ARG_WITH([doc], + +--- a/tukit.pc.in 2024-09-20 06:10:04.986023030 -0300 ++++ b/tukit.pc.in 2024-09-20 17:57:45.272302671 -0300 +@@ -7,6 +7,6 @@ + Description: Toolkit library for operating system transactional updates + Version: @VERSION@ + URL: https://github.com/openSUSE/transactional-update +-Requires.private: rpm, libeconf, mount ++Requires.private: libeconf, mount + Cflags: -I${includedir} + Libs: -L${libdir} -ltukit diff --git a/user/tukit/patches/selinux.patch b/user/tukit/patches/selinux.patch new file mode 100644 index 00000000000..f27406f90bc --- /dev/null +++ b/user/tukit/patches/selinux.patch @@ -0,0 +1,120 @@ +diff --git a/configure.ac b/configure.ac +index d78d48c..9dd6dbe 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -54,7 +54,6 @@ AC_PROG_LN_S + LT_INIT([disable-static]) + + PKG_CHECK_MODULES([ECONF], [libeconf]) +-PKG_CHECK_MODULES([SELINUX], [libselinux]) + PKG_CHECK_MODULES([LIBMOUNT], [mount]) + PKG_CHECK_MODULES([LIBRPM], [rpm >= 4.15], AC_DEFINE([HAVE_RPMDBCOOKIE]), + [PKG_CHECK_MODULES([LIBRPM], [rpm])]) +diff --git a/lib/Overlay.cpp b/lib/Overlay.cpp +index 2ea711a..81c1bf5 100644 +--- a/lib/Overlay.cpp ++++ b/lib/Overlay.cpp +@@ -15,8 +15,6 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include +@@ -120,18 +118,7 @@ bool Overlay::sync(string base, fs::path snapRoot) { + previousEtc->mount(previousOvl.upperdir.parent_path() / "sync"); + tulog.info("Syncing /etc of previous snapshot ", previousSnapId, " as base into new snapshot ", snapRoot); + +- if (is_selinux_enabled()) { +- tulog.info("SELinux is enabled."); +- } +- +- try { +- Util::exec("rsync --quiet --archive --inplace --xattrs --exclude='/fstab' --acls --delete " + syncSource + " " + string(snapRoot) + "/etc 2>&1"); +- } catch (exception &e) { +- // rsync will fail when synchronizing pre-SELinux snapshots as soon as SELinux enabled, +- // so try again without the SELinux xattrs. +- tulog.info("Retrying rsync without SELinux xattrs..."); +- Util::exec("rsync --quiet --archive --inplace --xattrs --filter='-x security.selinux' --exclude='/fstab' --acls --delete " + syncSource + " " + string(snapRoot) + "/etc"); +- } ++ Util::exec("rsync --quiet --archive --inplace --xattrs --filter='-x security.selinux' --exclude='/fstab' --acls --delete " + syncSource + " " + string(snapRoot) + "/etc"); + + return true; + } +@@ -200,16 +187,6 @@ void Overlay::create(string base, string snapshot, fs::path snapRoot) { + throw std::runtime_error{"could not set permissions of " + upperdir.string() + ": " + std::string(strerror(errno))}; + } + +- char* context = NULL; +- if (getfilecon("/etc", &context) > 0) { +- tulog.debug("selinux context on /etc: " + std::string(context)); +- if (setfilecon(upperdir.c_str(), context) != 0) { +- freecon(context); +- throw std::runtime_error{"applying selinux context failed: " + std::string(strerror(errno))}; +- } +- freecon(context); +- } +- + // Assemble the new lowerdirs + lowerdirs.clear(); + lowerdirs.push_back(parent.upperdir); +diff --git a/lib/Transaction.cpp b/lib/Transaction.cpp +index dd4c472..3cc4e16 100644 +--- a/lib/Transaction.cpp ++++ b/lib/Transaction.cpp +@@ -25,8 +25,6 @@ + #include + #include + #include +-#include +-#include + #include + #include + #include +@@ -128,44 +126,6 @@ void Transaction::impl::snapMount() { + dirsToMount.push_back(std::make_unique("/var/lib/ca-certificates")); + if (fs::is_directory("/var/lib/alternatives")) + dirsToMount.push_back(std::make_unique("/var/lib/alternatives")); +- if (fs::is_directory("/var/lib/selinux")) +- dirsToMount.push_back(std::make_unique("/var/lib/selinux")); +- if (is_selinux_enabled()) { +- // If packages installed files into /var (which is not allowed, but still happens), they will end +- // up in the root file system, but will always be shadowed by the real /var mount. Due to that they +- // also won't be relabelled at any time. During updates this may cause problems if packages try to +- // access those leftover directories with wrong permissions, so they have to be relabelled manually... +- BindMount selinuxVar("/var/lib/selinux", 0, true); +- selinuxVar.mount(bindDir); +- BindMount selinuxEtc("/etc/selinux", 0, true); +- selinuxEtc.mount(bindDir); +- +- // restorecon keeps open file handles, so execute it in a child process - umount will fail otherwise +- pid_t childPid = fork(); +- if (childPid < 0) { +- throw std::runtime_error{"Forking for SELinux relabelling failed: " + std::string(strerror(errno))}; +- } else if (childPid == 0) { +- if (chroot(bindDir.c_str()) < 0) { +- tulog.error("Chrooting to " + bindDir.native() + " for SELinux relabelling failed: " + std::string(strerror(errno))); +- _exit(errno); +- } +- unsigned int restoreconOptions = SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_IGNORE_DIGEST; +- if (tulog.level >= TULogLevel::Info) +- restoreconOptions |= SELINUX_RESTORECON_VERBOSE; +- if (selinux_restorecon("/var", restoreconOptions) < 0) { +- tulog.error("Relabelling of snapshot /var failed: " + std::string(strerror(errno))); +- _exit(errno); +- } +- _exit(0); +- } +- else { +- int status; +- waitpid(childPid, &status, 0); +- if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) || WIFSIGNALED(status)) { +- throw std::runtime_error{"SELinux relabelling failed."}; +- } +- } +- } + } + + std::unique_ptr mntEtc{new Mount{"/etc"}}; diff --git a/user/tukit/patches/systemd.patch b/user/tukit/patches/systemd.patch new file mode 100644 index 00000000000..0027c320e8c --- /dev/null +++ b/user/tukit/patches/systemd.patch @@ -0,0 +1,21 @@ +--- a/Makefile.am 2024-09-20 06:24:22.612601858 -0300 ++++ b/Makefile.am 2024-09-20 06:24:31.382453168 -0300 +@@ -5,7 +5,7 @@ + # + AUTOMAKE_OPTIONS = 1.6 foreign check-news dist-xz + # +-SUBDIRS = lib tukit dbus sbin man systemd logrotate dracut doc etc ++SUBDIRS = lib tukit man logrotate dracut doc etc + + CLEANFILES = *~ tukit.pc + +--- a/configure.ac 2024-09-20 09:12:55.295465767 -0300 ++++ b/configure.ac 2024-09-20 09:12:32.709834266 -0300 +@@ -56,7 +56,6 @@ + PKG_CHECK_MODULES([ECONF], [libeconf]) + PKG_CHECK_MODULES([SELINUX], [libselinux]) + PKG_CHECK_MODULES([LIBMOUNT], [mount]) +-PKG_CHECK_MODULES([LIBSYSTEMD], [libsystemd]) + + AC_ARG_WITH([doc], + [AS_HELP_STRING([--with-doc], [Build documentation])], , diff --git a/user/tukit/template.py b/user/tukit/template.py new file mode 100644 index 00000000000..15341860b7f --- /dev/null +++ b/user/tukit/template.py @@ -0,0 +1,28 @@ +pkgname = "tukit" +pkgver = "4.8.2" +pkgrel = 0 +build_style = "gnu_configure" +configure_env = { + "SYSTEMDDIR": "/usr/lib/systemd/system", + "TMPFILESDIR": "/usr/lib/tmpfiles.d", + "DRACUTDIR": "/usr/lib/dracut/modules.d", +} +hostmakedepends = ["autoconf-archive", "automake", "pkgconf", "slibtool"] +makedepends = ["dbus-devel", "libeconf-devel", "libmount-devel", "udev-devel"] +depends = ["snapper"] +pkgdesc = "Toolkit for atomic updates" +maintainer = "tulilirockz " +license = "LGPL-2.1-or-later AND GPL-2.0-or-later" +url = "https://github.com/openSUSE/transactional-update" +source = f"{url}/archive/refs/tags/v{pkgver}.tar.gz" +sha256 = "fc67baa3b34723d73cc0366abf74bf7f0a21e4d3ec08d29bc38e846d493c20b0" + + +@subpackage("tukit-devel") +def _(self): + return self.default_devel() + + +@subpackage("tukit-libs") +def _(self): + return self.default_libs()