Hello community, here is the log from the commit of package transactional-update for openSUSE:Factory checked in at 2018-01-09 14:56:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/transactional-update (Old) and /work/SRC/openSUSE:Factory/.transactional-update.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transactional-update" Tue Jan 9 14:56:35 2018 rev:18 rq:562847 version:1.25 Changes: -------- --- /work/SRC/openSUSE:Factory/transactional-update/transactional-update.changes 2017-12-08 12:57:45.276890763 +0100 +++ /work/SRC/openSUSE:Factory/.transactional-update.new/transactional-update.changes 2018-01-09 14:56:39.110074126 +0100 @@ -1,0 +2,7 @@ +Tue Jan 9 11:42:20 CET 2018 - ku...@suse.de + +- Update to version 1.25 + - preliminary SELinux support + - support for seperate /var subvolume + +------------------------------------------------------------------- Old: ---- transactional-update-1.24.tar.bz2 New: ---- transactional-update-1.25.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transactional-update.spec ++++++ --- /var/tmp/diff_new_pack.ViQ9e5/_old 2018-01-09 14:56:39.638049376 +0100 +++ /var/tmp/diff_new_pack.ViQ9e5/_new 2018-01-09 14:56:39.638049376 +0100 @@ -1,7 +1,7 @@ # # spec file for package transactional-update # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: transactional-update -Version: 1.24 +Version: 1.25 Release: 0 Summary: Transactional Updates with btrfs and snapshots License: GPL-2.0+ ++++++ transactional-update-1.24.tar.bz2 -> transactional-update-1.25.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/NEWS new/transactional-update-1.25/NEWS --- old/transactional-update-1.24/NEWS 2017-12-05 20:36:52.000000000 +0100 +++ new/transactional-update-1.25/NEWS 2018-01-08 16:05:59.000000000 +0100 @@ -1,6 +1,10 @@ transactional-update NEWS -- history of user-visible changes. -Copyright (C) 2016, 2017 Thorsten Kukuk +Copyright (C) 2016, 2017, 2018 Thorsten Kukuk + +Version 1.25 +* Add support for seperate /var partition +* Preliminary SELinux support Version 1.24 * Fix saving of unused snapshots too early diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/configure new/transactional-update-1.25/configure --- old/transactional-update-1.24/configure 2017-12-05 20:36:55.000000000 +0100 +++ new/transactional-update-1.25/configure 2018-01-08 16:06:05.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for transactional-update 1.24. +# Generated by GNU Autoconf 2.69 for transactional-update 1.25. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -576,8 +576,8 @@ # Identity of this package. PACKAGE_NAME='transactional-update' PACKAGE_TARNAME='transactional-update' -PACKAGE_VERSION='1.24' -PACKAGE_STRING='transactional-update 1.24' +PACKAGE_VERSION='1.25' +PACKAGE_STRING='transactional-update 1.25' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1212,7 +1212,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures transactional-update 1.24 to adapt to many kinds of systems. +\`configure' configures transactional-update 1.25 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1279,7 +1279,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of transactional-update 1.24:";; + short | recursive ) echo "Configuration of transactional-update 1.25:";; esac cat <<\_ACEOF @@ -1359,7 +1359,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -transactional-update configure 1.24 +transactional-update configure 1.25 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1376,7 +1376,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by transactional-update $as_me 1.24, which was +It was created by transactional-update $as_me 1.25, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2239,7 +2239,7 @@ # Define the identity of the package. PACKAGE='transactional-update' - VERSION='1.24' + VERSION='1.25' cat >>confdefs.h <<_ACEOF @@ -3186,7 +3186,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by transactional-update $as_me 1.24, which was +This file was extended by transactional-update $as_me 1.25, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -3239,7 +3239,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -transactional-update config.status 1.24 +transactional-update config.status 1.25 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/configure.ac new/transactional-update-1.25/configure.ac --- old/transactional-update-1.24/configure.ac 2017-12-05 20:36:16.000000000 +0100 +++ new/transactional-update-1.25/configure.ac 2018-01-08 16:03:59.000000000 +0100 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(transactional-update, 1.24) +AC_INIT(transactional-update, 1.25) AM_INIT_AUTOMAKE AC_CONFIG_SRCDIR([sbin/transactional-update.in]) AC_PREFIX_DEFAULT(/usr) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/doc/Makefile.am new/transactional-update-1.25/doc/Makefile.am --- old/transactional-update-1.24/doc/Makefile.am 2017-11-25 10:10:27.000000000 +0100 +++ new/transactional-update-1.25/doc/Makefile.am 2017-12-19 16:38:47.000000000 +0100 @@ -26,6 +26,7 @@ @test -d html || mkdir -p html $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ + --stringparam img.src.path ../ \ --stringparam root.filename transactional-update \ --stringparam use.id.as.filename 1 \ --stringparam chunk.section.depth 0 \ @@ -36,6 +37,9 @@ --stringparam chunker.output.encoding UTF-8 \ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< +transactional-update.md: $(XMLS) $(DEP_XMLS) + pandoc -f docbook -t markdown -s $< -o $@ + distclean-local: -rm -rf html transactional-update.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/doc/Makefile.in new/transactional-update-1.25/doc/Makefile.in --- old/transactional-update-1.24/doc/Makefile.in 2017-12-05 20:36:55.000000000 +0100 +++ new/transactional-update-1.25/doc/Makefile.in 2018-01-08 16:06:04.000000000 +0100 @@ -401,6 +401,7 @@ @ENABLE_REGENERATE_MAN_TRUE@ @test -d html || mkdir -p html @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam base.dir html/ \ +@ENABLE_REGENERATE_MAN_TRUE@ --stringparam img.src.path ../ \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam root.filename transactional-update \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam use.id.as.filename 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunk.section.depth 0 \ @@ -411,6 +412,9 @@ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunker.output.encoding UTF-8 \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< +@enable_regenerate_man_t...@transactional-update.md: $(XMLS) $(DEP_XMLS) +@ENABLE_REGENERATE_MAN_TRUE@ pandoc -f docbook -t markdown -s $< -o $@ + @ENABLE_REGENERATE_MAN_TRUE@distclean-local: @ENABLE_REGENERATE_MAN_TRUE@ -rm -rf html transactional-update.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/doc/transactional-update.xml new/transactional-update-1.25/doc/transactional-update.xml --- old/transactional-update-1.24/doc/transactional-update.xml 2017-11-24 14:21:36.000000000 +0100 +++ new/transactional-update-1.25/doc/transactional-update.xml 2017-12-19 14:57:31.000000000 +0100 @@ -11,7 +11,7 @@ <email>ku...@thkukuk.de</email> </author> </authorgroup> - <releaseinfo>Version 0.1, 24. November 2017</releaseinfo> + <releaseinfo>Version 0.1, 15. December 2017</releaseinfo> <abstract> <para> This documentation describes how transactional update with btrfs @@ -30,7 +30,20 @@ is an application that allows to apply intrusive updates to a running system in an <emphasis>atomic</emphasis> way without influencing the running system, taking the system down for a longer period or blocks - the boot process. + the boot process. It is not a package manager, while implemented for + zypper with RPMs, it can be changed to use other package managers + and package formats. The idea and reason for this is, that you can + continue to use your existing packages and tool chain to deliver + and apply updates. + </para> + <para> + To archive this, <emphasis remap='B'>transactional-update</emphasis> + creates for every update a new snapshot with + <emphasis>btrfs</emphasis> and updates this to the latest version of + the product. Since snapshots contain only the difference between two + versions and thus are mostly very small, this is very space efficient. + Which also means you can have more parallel installations than just + two bootable root partitions. </para> </section> @@ -42,25 +55,278 @@ <itemizedlist> <listitem> <para> - is atomic - the update does not influence your running system + is atomic </para> + <itemizedlist> + <listitem> + <para> + the update does not influence your running system. + </para> + </listitem> + <listitem> + <para> + you can at every time power off your machine. If you power it + on again, either you have your unmodified old state, or the + complete new one. + </para> + </listitem> + </itemizedlist> </listitem> <listitem> <para> - can be rolled back - if the upgrade fails or if the newer software - version is not compatible with your infrastructure, you can - quickly restore the situation as it was before the upgrade. - </para> + can be rolled back + </para> + <itemizedlist> + <listitem> + <para> + if the upgrade fails or if the newer software + version is not compatible with your infrastructure, you can + quickly restore the situation as it was before the upgrade. + </para> + </listitem> + </itemizedlist> </listitem> </itemizedlist> </section> + + <section id="tu-introduction-reason"> + <title>Why transactional updates?</title> + <para> + Linux distributions have working update mechanism since many, many + years, why do we need something new? There are different users, + which have different requirements. We have the Desktop user on a very + stable distribution, for whom the current update mechanism good + enough. But we also have the bleeding edge distribtuion with rolling + updates and the enterprise customer with critical applications, which + have different requirements. + </para> + <para> + Distributions wit "rolling" updates face the problem: how should + intrusive updates be applied in a running system? Without breaking the + update mechanism itself? Like the migration from SysV init to + systemd. Or the big version update of the Desktop while the Desktop is + running. Very likely will this update kill the currently running + Desktop, which would kill the update process, which leaves the system + in a broken, undefined state. Additional, if an update breaks such a + system, there needs to be a quick way to rollback the system to the + last working state. + </para> + <para> + On mission critical systems, the update is not allowed to interrupt + the running services. On such systems, interrupting running services + is more expensive than a scheduled reboot. And the system needs always + to be in a defined state. Which means, the updates are applied without + error or no change is done. E.g. if a post-install script of a RPM + fails, the system is in an undefined state, which should never happen. + </para> + <para> + Sometimes, new software versions of the kernel or software are + incompatible with your hardware or other software. In this case, there + should be a quick and easy way to rollback to the state before the + update was applied. + </para> + <para> + There are other solutions available for the above problems, like + downloading all RPMs upfront and apply them during the boot phase. But + this blocks the user from using his PC if there is something urgently + todo. + </para> + </section> </chapter> <chapter id="tu-howitworks"> <title>How it works</title> - <para> - Explain how transactional update works, use pictures from slides. - </para> + <section> + <title>Filesystem</title> + <para> + For transactional updates the snapshot functionality of + <emphasis>btrfs</emphasis> is used. <emphasis>Btrfs</emphasis> is a + general purpose Copy-on-Write (Cow) filesystem. The main feature of + <emphasis>btrfs</emphasis> is, that it provides subvolumes. This looks + like a directory, but behave like a mount point. They can be accessed + from the parent subvolume like a directory, or they can be mounted on + other directories of the same filesytem. + Snapshots will be created from existing subvolumes, excluding other + subvolumes inside of it, and are by default read-only. + </para> + <para> + In theory this can be implemented with any CoW filesystem, as long as + it provides snapshot functionality. + </para> + </section> + <section> + <title>Update</title> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Start.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots</phrase> + </textobject> + <caption> + <para> + At the beginning, there is a list of old snapshots, each one based + on the other one, and the newest one is the current root filesystem. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Step1.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with new read-only Clone of current root filesystem</phrase> + </textobject> + <caption> + <para> + In the first step, a new read-only snapshot of the current root + filesystem will be created. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Step2.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with a read-write Clone of current root filesystem</phrase> + </textobject> + <caption> + <para> + In the second step we switch the snapshot from read-only to + read-write, so that we can update it. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Step3.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with a read-write Clone of current root + filesystem, which will be updated with zypper.</phrase> + </textobject> + <caption> + <para> + In the third step the snapshot will be updated. This can be + <emphasis>zypper up</emphasis> or <emphasis>zypper dup</emphasis>. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Step4.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with the clone again read-only.</phrase> + </textobject> + <caption> + <para> + In the fourth step the snapshot will be changed back to read-only, + so that the data cannot be modified anymore. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Step5.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with the read-only Clone the new default.</phrase> + </textobject> + <caption> + <para> + The last step is to mark the updated snapshot as new root + filesystem. This is now the atomic step: If the power would have + been pulled before, the unchanged old system would have been + booted. Now the new, updated system will boot. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-After-Reboot.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with the current root filesystem as newest + at the end.</phrase> + </textobject> + <caption> + <para> + After reboot, the newly prepared snapshot is the new root + filesystem. If something bad happens, we can rollback to any of + the older snapshots. + </para> + </caption> + </mediaobject> + <mediaobject> + <imageobject> + <imagedata fileref="png/Workflow-Without-Reboot.png"/> + </imageobject> + <textobject> + <phrase>List of snapshots with a read-write Clone of current root + filesystem, which will be updated with zypper.</phrase> + </textobject> + <caption> + <para> + If we don't reboot and call + <emphasis>transactional-update</emphasis> again, a new snapshot + will be created and updated. This new snapshot is based again on + the current running root filesystem. It is not based on newer + snapshots. Newer snapshots cannot be used as base for the next + snapshot, since we don't know if they work or not. It could be, + that the admin found out that a newer snapshot did not boot and + made a rollback. If we always base our new snapshots on the latest + one, it could happen that the system ends in a non-working, + non-fixable state. + </para> + </caption> + </mediaobject> + </section> + <section> + <title>Commands used</title> + <para> + In the end, creating and updating snapshots are only a few commands: + </para> + <itemizedlist> + <listitem> + <programlisting> +SNAPSHOT_ID=`snapper create -p -d "Snapshot Update"` + </programlisting> + </listitem> + <listitem> + <programlisting> +btrfs property set ${SNAPSHOT_DIR} ro false + </programlisting> + </listitem> + <listitem> + <programlisting> +zypper -R ${SNAPSHOT_DIR} up|patch|dup + </programlisting> + </listitem> + <listitem> + <programlisting> +btrfs property set ${SNAPSHOT_DIR} ro true + </programlisting> + </listitem> + <listitem> + <programlisting> +btrfs subvol set-default ${SNAPSHOT_DIR} + </programlisting> + <para> + or with a read-write root filesystem: + </para> + <programlisting> +snapper rollback ${SNAPSHOT_ID} + </programlisting> + </listitem> + <listitem> + <programlisting> +systemctl reboot + </programlisting> + </listitem> + </itemizedlist> + </section> </chapter> <chapter id="tu-setup"> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/man/transactional-update.8 new/transactional-update-1.25/man/transactional-update.8 --- old/transactional-update-1.24/man/transactional-update.8 2017-12-05 20:25:57.000000000 +0100 +++ new/transactional-update-1.25/man/transactional-update.8 2017-11-28 14:05:50.000000000 +0100 @@ -2,12 +2,12 @@ .\" Title: transactional-update .\" Author: Thorsten Kukuk <ku...@suse.com> .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: 12/05/2017 +.\" Date: 11/28/2017 .\" Manual: transactional-update .\" Source: transactional-update .\" Language: English .\" -.TH "TRANSACTIONAL\-UPDAT" "8" "12/05/2017" "transactional-update" "transactional-update" +.TH "TRANSACTIONAL\-UPDAT" "8" "11/28/2017" "transactional-update" "transactional-update" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/transactional-update-1.24/sbin/transactional-update.in new/transactional-update-1.25/sbin/transactional-update.in --- old/transactional-update-1.24/sbin/transactional-update.in 2017-12-05 20:23:00.000000000 +0100 +++ new/transactional-update-1.25/sbin/transactional-update.in 2018-01-08 15:29:26.000000000 +0100 @@ -3,7 +3,7 @@ # update_snapshot - update a snapshot of the current system # # Author: Thorsten Kukuk <ku...@suse.com> -# Copyright (C) 2016, 2017 SUSE Linux GmbH +# Copyright (C) 2016, 2017, 2018 SUSE Linux GmbH # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -20,7 +20,7 @@ export LANG=C -DIR_TO_MOUNT="dev opt usr/local var/log" +DIR_TO_MOUNT="dev opt var/log" EXITCODE=0 ZYPPER_ARG="" ZYPPER_NONINTERACTIVE="-y --auto-agree-with-product-licenses" @@ -39,6 +39,7 @@ LOGFILE="/var/log/transactional-update.log" STATE_FILE="/var/lib/misc/transactional-update.state" PACKAGE_UPDATES=0 +HAS_SEPERATE_VAR=0 SNAPSHOT_ID="" SECOND_SNAPSHOT_ID="" KDUMP_SYSCONFIG="/etc/sysconfig/kdump" @@ -101,9 +102,9 @@ echo "LAST_WORKING_SNAPSHOTS=\"${LAST_WORKING_SNAPSHOTS}\"" > ${STATE_FILE} echo "UNUSED_SNAPSHOTS=\"${UNUSED_SNAPSHOTS}\"" >> ${STATE_FILE} - if [ $1 -ne 0 ]; then + if [ $1 -ne 0 -a ${HAS_SEPERATE_VAR} -eq 0 ]; then # if /var/lib/misc is not a seperate partition/subvolume, - # copy it additional into the new snapshot. This will else + # copy it additional into the new snapshot. This will have else # an outdated version from before taking the snapshot grep -q var.lib.misc /proc/mounts if [ $? -ne 0 ]; then @@ -347,9 +348,16 @@ exit 1 fi -grep -q var.cache /proc/mounts -if [ $? -ne 0 ]; then - log_error "WARNING: it looks like your installation isn't recent enough." +grep -q "[[:space:]]/var[[:space:]]" /proc/mounts +if [ $? -eq 0 ]; then + log_info "Seperate /var detected" + DIR_TO_MOUNT="${DIR_TO_MOUNT} /var/cache" + HAS_SEPERATE_VAR=1 +else + grep -q var.cache /proc/mounts + if [ $? -ne 0 ]; then + log_error "WARNING: it looks like your installation isn't recent enough." + fi fi CURRENT_SNAPSHOT_ID=`grep subvol=/@/.snapshots/ /proc/mounts | grep "/ btrfs" | sed -e 's|.*.snapshots/\(.*\)/snapshot.*|\1|g'` @@ -514,18 +522,23 @@ UNUSED_SNAPSHOTS="${SNAPSHOT_ID} ${UNUSED_SNAPSHOTS}" # Check if installed with SLES12 - touch ${SNAPSHOT_DIR}/var/tmp/update_snapshot.test - if [ $? -ne 0 ]; then - log_error "ERROR: System installation is too old!" - quit 1; + if [ ${HAS_SEPERATE_VAR} -eq 0 ]; then + touch ${SNAPSHOT_DIR}/var/tmp/update_snapshot.test + if [ $? -ne 0 ]; then + log_error "ERROR: System installation is too old!" + quit 1; + fi + rm -f ${SNAPSHOT_DIR}/var/tmp/update_snapshot.test fi - rm -f ${SNAPSHOT_DIR}/var/tmp/update_snapshot.test # On a read only system, make sure that /etc/zypp in the # snapshot is current, could come from a overlayfs which # means not part of the snapshot itself if [ ${RO_ROOT} == "true" ]; then DIR_TO_MOUNT="${DIR_TO_MOUNT} etc/zypp" + if [ ${RUN_SHELL} -eq 1 ]; then + DIR_TO_MOUNT="${DIR_TO_MOUNT} root" + fi fi # Check which directories in /boot/grub2 needs to be mounted, @@ -544,7 +557,20 @@ log_error "ERROR: mount of sys failed!" quit 1; fi + if [ -x /usr/sbin/selinuxenabled ]; then + /usr/sbin/selinuxenabled + if [ $? -eq 0 ]; then + mount -t selinuxfs selinux ${SNAPSHOT_DIR}/sys/fs/selinux + if [ $? -ne 0 ]; then + log_error "ERROR: mount of sys failed!" + quit 1; + fi + fi + fi for directory in $DIR_TO_MOUNT ; do + # Make sure mount point exists. With /var on an own subvolume, this directory + # is empty by default and mount points don't exist in chroot environment. + test -d ${SNAPSHOT_DIR}/$directory || mkdir -p ${SNAPSHOT_DIR}/$directory mount -o bind /$directory ${SNAPSHOT_DIR}/$directory if [ $? -ne 0 ]; then log_error "ERROR: mount of $directory failed!" @@ -552,6 +578,20 @@ fi done + # If we have a seperate /var, create some directories which we + # will delete later again. + if [ ${HAS_SEPERATE_VAR} -eq 1 ]; then + mkdir ${SNAPSHOT_DIR}/var/tmp + fi + + # check if we have /var/lib/rpm, else zypper will + # create a new rpm database [bsc#1074598] + if [ ! -e ${SNAPSHOT_DIR}/var/lib/rpm -a \ + -e ${SNAPSHOT_DIR}/usr/lib/sysimage/rpm ]; then + mkdir -p ${SNAPSHOT_DIR}/var/lib + ln -sf ../../usr/lib/sysimage/rpm ${SNAPSHOT_DIR}/var/lib/rpm + fi + # Do we need to cleanup the /var/cache directory? if [ -d ${SNAPSHOT_DIR}/var/cache/zypp ]; then VAR_CACHE_CLEANUP=0 @@ -652,6 +692,11 @@ # unset variable unset TRANSACTIONAL_UPDATE + # Delete temporary data before unmounting everything: + if [ ${HAS_SEPERATE_VAR} -eq 1 ]; then + rm -rf ${SNAPSHOT_DIR}/var/tmp + fi + # Unmount everything we don't need anymore: for directory in proc sys $DIR_TO_MOUNT ; do umount -R ${SNAPSHOT_DIR}/$directory @@ -661,14 +706,14 @@ lsof ${SNAPSHOT_DIR}/$directory >> ${LOGFILE} # Try again after some time sleep 30 - umount ${SNAPSHOT_DIR}/$directory + umount -R ${SNAPSHOT_DIR}/$directory if [ $? -ne 0 ]; then log_error "ERROR 2nd try: umount of $directory failed!" EXITCODE=1; fi fi done - umount ${MOUNT_DIR} + umount -R ${MOUNT_DIR} # Cleanup of temporary mount point rmdir ${MOUNT_DIR}