Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package microos-tools for openSUSE:Factory checked in at 2023-10-13 23:13:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/microos-tools (Old) and /work/SRC/openSUSE:Factory/.microos-tools.new.20540 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "microos-tools" Fri Oct 13 23:13:38 2023 rev:31 rq:1117456 version:2.21+git5 Changes: -------- --- /work/SRC/openSUSE:Factory/microos-tools/microos-tools.changes 2023-06-19 22:50:20.597485172 +0200 +++ /work/SRC/openSUSE:Factory/.microos-tools.new.20540/microos-tools.changes 2023-10-13 23:13:39.788821805 +0200 @@ -1,0 +2,11 @@ +Thu Oct 12 12:11:04 UTC 2023 - Fabian Vogt <[email protected]> + +- Update to version 2.21+git5: + * 98selinux-microos: Set mount propagation properly + * 98selinux-microos: Convert tabs to spaces + * 98selinux-microos: Don't include setenforce unnecessarily + * Add spec file + * systemd-proxy-env: fix typos in setup-systemd-proxy-env +- Use the .spec file from the repo + +------------------------------------------------------------------- Old: ---- microos-tools-2.21+git0.obscpio New: ---- microos-tools-2.21+git5.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ microos-tools.spec ++++++ --- /var/tmp/diff_new_pack.Evl1bc/_old 2023-10-13 23:13:40.540849082 +0200 +++ /var/tmp/diff_new_pack.Evl1bc/_new 2023-10-13 23:13:40.540849082 +0200 @@ -19,7 +19,7 @@ %{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}} Name: microos-tools -Version: 2.21+git0 +Version: 2.21+git5 Release: 0 Summary: Files and Scripts for openSUSE MicroOS License: GPL-2.0-or-later ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Evl1bc/_old 2023-10-13 23:13:40.568850097 +0200 +++ /var/tmp/diff_new_pack.Evl1bc/_new 2023-10-13 23:13:40.572850243 +0200 @@ -5,6 +5,7 @@ <param name="url">https://github.com/openSUSE/microos-tools.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> + <param name="extract">microos-tools.spec</param> </service> <service name="set_version" mode="disabled"/> <service name="tar" mode="buildtime"/> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Evl1bc/_old 2023-10-13 23:13:40.592850968 +0200 +++ /var/tmp/diff_new_pack.Evl1bc/_new 2023-10-13 23:13:40.596851113 +0200 @@ -1,7 +1,7 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openSUSE/microos-tools.git</param> - <param name="changesrevision">aeedf237cc4fce2b2da856fc29347f555a26abff</param></service> + <param name="changesrevision">b43efacd05faccc841ae5302e3a9a5821485f31f</param></service> </servicedata> (No newline at EOF) ++++++ microos-tools-2.21+git0.obscpio -> microos-tools-2.21+git5.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-tools-2.21+git0/microos-tools.spec new/microos-tools-2.21+git5/microos-tools.spec --- old/microos-tools-2.21+git0/microos-tools.spec 1970-01-01 01:00:00.000000000 +0100 +++ new/microos-tools-2.21+git5/microos-tools.spec 2023-10-12 14:08:18.000000000 +0200 @@ -0,0 +1,126 @@ +# +# spec file for package microos-tools +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}} + +Name: microos-tools +Version: 2.21+git0 +Release: 0 +Summary: Files and Scripts for openSUSE MicroOS +License: GPL-2.0-or-later +Group: Development/Tools/Other +URL: https://github.com/openSUSE/microos-tools +Source: microos-tools-%{version}.tar.xz +Source1: tmp.mount +Source2: microos-tmp.conf +Source99: microos-tools-rpmlintrc +BuildRequires: automake +BuildRequires: distribution-release +BuildRequires: pkgconfig +BuildRequires: pkgconfig(dracut) +BuildRequires: pkgconfig(rpm) +BuildRequires: pkgconfig(systemd) +Requires: read-only-root-fs + +%description +Files, scripts and directories for openSUSE MicroOS. + +%package -n microos-devel-tools +Summary: Tools to develop MicroOS + +%description -n microos-devel-tools +This package contains tools to make developing of MicroOS easier. + +%prep +%autosetup -p1 + +%build +./autogen.sh +%configure +%make_build + +%install +%make_install +%if 0%{?suse_version} <= 1500 +install -m 0644 %{SOURCE1} %{buildroot}/%{_unitdir}/ +install -m 0644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir} +%endif + +%pre +%service_add_pre setup-systemd-proxy-env.service setup-systemd-proxy-env.path printenv.service + +%post +%{regenerate_initrd_post} +%service_add_post setup-systemd-proxy-env.service setup-systemd-proxy-env.path printenv.service + +%preun +%service_del_preun setup-systemd-proxy-env.service setup-systemd-proxy-env.path printenv.service + +%postun +%{regenerate_initrd_post} +%service_del_postun setup-systemd-proxy-env.service setup-systemd-proxy-env.path printenv.service + +%posttrans +%{regenerate_initrd_posttrans} + +%pre -n microos-devel-tools +%service_add_pre microos-ro.service + +%post -n microos-devel-tools +%service_add_post microos-ro.service + +%preun -n microos-devel-tools +%service_del_preun microos-ro.service + +%postun -n microos-devel-tools +%service_del_postun microos-ro.service + +%files +%license COPYING +%dir %{_sysconfdir}/selinux +%config %{_sysconfdir}/selinux/fixfiles_exclude_dirs +%{_unitdir}/printenv.service +%{_unitdir}/setup-systemd-proxy-env.path +%{_unitdir}/setup-systemd-proxy-env.service +%dir %{_unitdir}/salt-minion.service.d +%{_unitdir}/salt-minion.service.d/TMPDIR.conf +%{_tmpfilesdir}/salt-minion-tmpdir.conf +%if %{?suse_version} <= 1500 +%dir %{_distconfdir} +%endif +%dir %{_distconfdir}/tukit.conf.d +%{_distconfdir}/tukit.conf.d/salt-tukit.conf +%{_sbindir}/setup-systemd-proxy-env +%dir %{_prefix}/lib/dracut +%dir %{_prefix}/lib/dracut/modules.d +%{_prefix}/lib/dracut/modules.d/98selinux-microos +%{_systemdgeneratordir}/selinux-autorelabel-generator +%if 0%{?suse_version} <= 1500 +%{_unitdir}/tmp.mount +%{_tmpfilesdir}/microos-tmp.conf +%endif + +%files -n microos-devel-tools +%{_unitdir}/microos-ro.service +%{_sbindir}/microos-ro +%{_sbindir}/microos-rw +%{_sbindir}/rpm-sortbysize +%{_sbindir}/rpmorphan +%{_sbindir}/sysext-add-debug + +%changelog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-tools-2.21+git0/selinux/98selinux-microos/module-setup.sh new/microos-tools-2.21+git5/selinux/98selinux-microos/module-setup.sh --- old/microos-tools-2.21+git0/selinux/98selinux-microos/module-setup.sh 2023-04-20 13:36:22.000000000 +0200 +++ new/microos-tools-2.21+git5/selinux/98selinux-microos/module-setup.sh 2023-10-12 14:08:18.000000000 +0200 @@ -14,5 +14,5 @@ # called by dracut install() { inst_hook pre-pivot 50 "$moddir/selinux-microos-relabel.sh" - inst_multiple chroot cut grep setenforce + inst_multiple chroot cut grep } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-tools-2.21+git0/selinux/98selinux-microos/selinux-microos-relabel.sh new/microos-tools-2.21+git5/selinux/98selinux-microos/selinux-microos-relabel.sh --- old/microos-tools-2.21+git0/selinux/98selinux-microos/selinux-microos-relabel.sh 2023-04-20 13:36:22.000000000 +0200 +++ new/microos-tools-2.21+git5/selinux/98selinux-microos/selinux-microos-relabel.sh 2023-10-12 14:08:18.000000000 +0200 @@ -22,50 +22,46 @@ # (boo#1197309), the exclusion is ignored. If it gets mounted during # the relabel, it gets wrong labels assigned. if ! [ -d "$NEWROOT/var/lib/overlay" ]; then - warn "ERROR: /var/lib/overlay doesn't exist - /var not mounted (yet)?" - return 1 + warn "ERROR: /var/lib/overlay doesn't exist - /var not mounted (yet)?" + return 1 fi + # Use alternate mount point to prevent overwriting subvolume options (bsc#1186563) + ROOT_SELINUX="${NEWROOT}-selinux" + mkdir -p "${ROOT_SELINUX}" + # Don't let mounts propagate into other namespaces + mount --bind --make-private "${ROOT_SELINUX}" "${ROOT_SELINUX}" + mount --rbind --make-rslave "${NEWROOT}" "${ROOT_SELINUX}" ret=0 for sysdir in /proc /sys /dev; do - if ! mount --rbind "${sysdir}" "${NEWROOT}${sysdir}" ; then - warn "ERROR: mounting ${sysdir} failed!" - ret=1 - fi - # Don't let recursive umounts propagate into the bind source - mount --make-rslave "${NEWROOT}${sysdir}" + # Don't let recursive umounts propagate into the bind source + if ! mount --rbind --make-rslave "${sysdir}" "${ROOT_SELINUX}${sysdir}" ; then + warn "ERROR: mounting ${sysdir} failed!" + ret=1 + fi done if [ $ret -eq 0 ]; then - #LANG=C /usr/sbin/setenforce 0 - info "SELinux: mount root read-write and relabel" - # Use alternate mount point to prevent overwriting subvolume options (bsc#1186563) - ROOT_SELINUX="${NEWROOT}-selinux" - mkdir -p "${ROOT_SELINUX}" - mount --rbind --make-rslave "${NEWROOT}" "${ROOT_SELINUX}" - mount -o remount,rw "${ROOT_SELINUX}" - oldrovalue="$(btrfs prop get "${ROOT_SELINUX}" ro | cut -d= -f2)" - btrfs prop set "${ROOT_SELINUX}" ro false - FORCE= - [ -e "${ROOT_SELINUX}"/etc/selinux/.autorelabel ] && FORCE="$(cat "${ROOT_SELINUX}"/etc/selinux/.autorelabel)" - . "${ROOT_SELINUX}"/etc/selinux/config - # Marker when we had relabelled the filesystem. This is relabelled as well. - > "${ROOT_SELINUX}"/etc/selinux/.relabelled - LANG=C chroot "$ROOT_SELINUX" /sbin/setfiles $FORCE -e /var/lib/overlay -e /proc -e /sys -e /dev -e /etc "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" $(chroot "$ROOT_SELINUX" cut -d" " -f2 /proc/mounts) + info "SELinux: mount root read-write and relabel" + mount -o remount,rw "${ROOT_SELINUX}" + oldrovalue="$(btrfs prop get "${ROOT_SELINUX}" ro | cut -d= -f2)" + btrfs prop set "${ROOT_SELINUX}" ro false + FORCE= + [ -e "${ROOT_SELINUX}"/etc/selinux/.autorelabel ] && FORCE="$(cat "${ROOT_SELINUX}"/etc/selinux/.autorelabel)" + . "${ROOT_SELINUX}"/etc/selinux/config + # Marker when we had relabelled the filesystem. This is relabelled as well. + > "${ROOT_SELINUX}"/etc/selinux/.relabelled + LANG=C chroot "$ROOT_SELINUX" /sbin/setfiles $FORCE -e /var/lib/overlay -e /proc -e /sys -e /dev -e /etc "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" $(chroot "$ROOT_SELINUX" cut -d" " -f2 /proc/mounts) # On overlayfs, st_dev isn't consistent so setfiles thinks it's a different mountpoint, ignoring it. # st_dev changes also on copy-up triggered by setfiles itself, so the only way to relabel properly # is to list every file explicitly. # That's not all: There's a kernel bug that security.selinux of parent directories is lost on copy-up (bsc#1210690). # Work around that by visiting children first and only then the parent directories. LANG=C chroot "$ROOT_SELINUX" find /etc -depth -exec /sbin/setfiles $FORCE "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" \{\} + - btrfs prop set "${ROOT_SELINUX}" ro "${oldrovalue}" - umount -R "${ROOT_SELINUX}" + btrfs prop set "${ROOT_SELINUX}" ro "${oldrovalue}" fi - for sysdir in /proc /sys /dev; do - if ! umount -R "${NEWROOT}${sysdir}" ; then - warn "ERROR: unmounting ${sysdir} failed!" - ret=1 - fi - done + + umount -R "${ROOT_SELINUX}" + umount "${ROOT_SELINUX}" # For the private bind on itself return $ret } @@ -77,9 +73,9 @@ if rd_is_selinux_enabled; then if test -f "$NEWROOT"/etc/selinux/.autorelabel; then - rd_microos_relabel + rd_microos_relabel elif getarg "autorelabel" > /dev/null; then - rd_microos_relabel + rd_microos_relabel fi elif test -e "$NEWROOT"/etc/selinux/.relabelled; then # SELinux is off but looks like some labeling took place before. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/microos-tools-2.21+git0/systemd-proxy-env/setup-systemd-proxy-env new/microos-tools-2.21+git5/systemd-proxy-env/setup-systemd-proxy-env --- old/microos-tools-2.21+git0/systemd-proxy-env/setup-systemd-proxy-env 2023-04-20 13:36:22.000000000 +0200 +++ new/microos-tools-2.21+git5/systemd-proxy-env/setup-systemd-proxy-env 2023-10-12 14:08:18.000000000 +0200 @@ -26,44 +26,44 @@ exit 0 ;; HTTP_PROXY=*) - DefaultEnvironent="$DefaultEnvironent \"HTTP_PROXY=${val}\" \"http_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"HTTP_PROXY=${val}\" \"http_proxy=${val}\"" ;; HTTPS_PROXY=*) - DefaultEnvironent="$DefaultEnvironent \"HTTPS_PROXY=${val}\" \"https_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"HTTPS_PROXY=${val}\" \"https_proxy=${val}\"" ;; FTP_PROXY=*) - DefaultEnvironent="$DefaultEnvironent \"FTP_PROXY=${val}\" \"ftp_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"FTP_PROXY=${val}\" \"ftp_proxy=${val}\"" ;; GOPHER_PROXY=*) - DefaultEnvironent="$DefaultEnvironent \"GOPHER_PROXY=${val}\" \"gopher_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"GOPHER_PROXY=${val}\" \"gopher_proxy=${val}\"" ;; SOCKS_PROXY=*) - DefaultEnvironent="$DefaultEnvironent \"SOCKS_PROXY=${val}\" \"socks_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"SOCKS_PROXY=${val}\" \"socks_proxy=${val}\"" ;; SOCKS5_SERVER=*) - DefaultEnvironent="$DefaultEnvironent \"SOCKS5_PROXY=${val}\" \"socks5_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"SOCKS5_SERVER=${val}\" \"socks5_server=${val}\"" ;; NO_PROXY=*) - DefaultEnvironent="$DefaultEnvironent \"NO_PROXY=${val}\" \"no_proxy=${val}\"" + DefaultEnvironment="$DefaultEnvironment \"NO_PROXY=${val}\" \"no_proxy=${val}\"" ;; esac done < $CFG -test -z "$DefaultEnvironent" && exit 0 +test -z "$DefaultEnvironment" && exit 0 if [ ! -d /etc/systemd/system.conf.d ]; then mkdir -p /etc/systemd/system.conf.d || exit 1 fi TMPCFGFILE=`mktemp ${SYSTEMD_CFG}.XXXXXXXXXX` || exit 1 -echo -e "[Manager]\nDefaultEnvironment=${DefaultEnvironent}" > ${TMPCFGFILE} +echo -e "[Manager]\nDefaultEnvironment=${DefaultEnvironment}" > ${TMPCFGFILE} cmp -s ${TMPCFGFILE} ${SYSTEMD_CFG} if [ $? -ne 0 ]; then chmod 0644 ${TMPCFGFILE} mv ${TMPCFGFILE} ${SYSTEMD_CFG} systemctl daemon-reload else - rm -f $TMPCFGFIlE + rm -f $TMPCFGFILE fi exit 0 ++++++ microos-tools.obsinfo ++++++ --- /var/tmp/diff_new_pack.Evl1bc/_old 2023-10-13 23:13:40.708855176 +0200 +++ /var/tmp/diff_new_pack.Evl1bc/_new 2023-10-13 23:13:40.708855176 +0200 @@ -1,5 +1,5 @@ name: microos-tools -version: 2.21+git0 -mtime: 1681990582 -commit: aeedf237cc4fce2b2da856fc29347f555a26abff +version: 2.21+git5 +mtime: 1697112498 +commit: b43efacd05faccc841ae5302e3a9a5821485f31f
