From b3bfb2a63376cd06065068ee6ca2a246cea846fc Mon Sep 17 00:00:00 2001 From: Renbo Date: Mon, 19 Aug 2024 14:25:59 +0800 Subject: [PATCH 1/5] update to libdnf-0.63.0-20.src.rpm Signed-off-by: Renbo --- ...o-perform-labeling-if-SELinux-is-dis.patch | 93 +++++++++++++++++++ 1000-anolis-fix-platform-compatibility.patch | 20 ---- 1001-arch-add-loongarch64-to-arch_map.patch | 24 ----- 1002-libdnf-add-sw.patch | 25 ----- dist | 2 +- libdnf.spec | 22 ++--- 6 files changed, 101 insertions(+), 85 deletions(-) create mode 100644 0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis.patch delete mode 100644 1000-anolis-fix-platform-compatibility.patch delete mode 100644 1001-arch-add-loongarch64-to-arch_map.patch delete mode 100644 1002-libdnf-add-sw.patch diff --git a/0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis.patch b/0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis.patch new file mode 100644 index 0000000..d26055d --- /dev/null +++ b/0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis.patch @@ -0,0 +1,93 @@ +From 8eac75556d0f53f3ba6cd12d2545bc8dbebb11f4 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Tue, 4 Jun 2024 06:57:19 -0400 +Subject: [PATCH] repo: Don't try to perform labeling if SELinux is disabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The default for container execution is that `/sys/fs/selinux` +is not mounted, and the libselinux library function `is_selinux_enabled` +should be used to dynamically check if the system should attempt to perform SELinux labeling. + +This is how it's done by rpm, ostree, and systemd for example. + +But this code unconditionally tries to label if it finds a policy, +which breaks in an obscure corner case +when executed inside a container that includes policy files (e.g. +fedora/rhel-bootc) but when we're not using overlayfs for the backend +(with BUILDAH_BACKEND=vfs). + +Signed-off-by: Petr Písař +--- + libdnf/repo/Repo.cpp | 50 +++++++++++++++++++++++--------------------- + 1 file changed, 26 insertions(+), 24 deletions(-) + +diff --git a/libdnf/repo/Repo.cpp b/libdnf/repo/Repo.cpp +index 68b82ccc..4f646f8c 100644 +--- a/libdnf/repo/Repo.cpp ++++ b/libdnf/repo/Repo.cpp +@@ -676,34 +676,36 @@ static int create_temporary_directory(char *name_template) { + int old_default_context_was_retrieved= 0; + struct selabel_handle *labeling_handle = NULL; + +- /* A purpose of this piece of code is to deal with applications whose +- * security policy overrides a file context for temporary files but don't +- * know that libdnf executes GnuPG which expects a default file context. */ +- if (0 == getfscreatecon(&old_default_context)) { +- old_default_context_was_retrieved = 1; +- } else { +- logger->debug(tfm::format("Failed to retrieve a default SELinux context")); +- } ++ if (is_selinux_enabled()) { ++ /* A purpose of this piece of code is to deal with applications whose ++ * security policy overrides a file context for temporary files but don't ++ * know that libdnf executes GnuPG which expects a default file context. */ ++ if (0 == getfscreatecon(&old_default_context)) { ++ old_default_context_was_retrieved = 1; ++ } else { ++ logger->debug(tfm::format("Failed to retrieve a default SELinux context")); ++ } + +- labeling_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); +- if (NULL == labeling_handle) { +- logger->debug(tfm::format("Failed to open a SELinux labeling handle: %s", +- strerror(errno))); +- } else { +- if (selabel_lookup(labeling_handle, &new_default_context, name_template, 0700)) { +- /* Here we could hard-code "system_u:object_r:user_tmp_t:s0", but +- * that value should be really defined in default file context +- * SELinux policy. Only log that the policy is incpomplete. */ +- logger->debug(tfm::format("Failed to look up a default SELinux label for \"%s\"", +- name_template)); ++ labeling_handle = selabel_open(SELABEL_CTX_FILE, NULL, 0); ++ if (NULL == labeling_handle) { ++ logger->debug(tfm::format("Failed to open a SELinux labeling handle: %s", ++ strerror(errno))); + } else { +- if (setfscreatecon(new_default_context)) { +- logger->debug(tfm::format("Failed to set default SELinux context to \"%s\"", +- new_default_context)); ++ if (selabel_lookup(labeling_handle, &new_default_context, name_template, 0700)) { ++ /* Here we could hard-code "system_u:object_r:user_tmp_t:s0", but ++ * that value should be really defined in default file context ++ * SELinux policy. Only log that the policy is incpomplete. */ ++ logger->debug(tfm::format("Failed to look up a default SELinux label for \"%s\"", ++ name_template)); ++ } else { ++ if (setfscreatecon(new_default_context)) { ++ logger->debug(tfm::format("Failed to set default SELinux context to \"%s\"", ++ new_default_context)); ++ } ++ freecon(new_default_context); + } +- freecon(new_default_context); ++ selabel_close(labeling_handle); + } +- selabel_close(labeling_handle); + } + #endif + +-- +2.45.2 + diff --git a/1000-anolis-fix-platform-compatibility.patch b/1000-anolis-fix-platform-compatibility.patch deleted file mode 100644 index b470693..0000000 --- a/1000-anolis-fix-platform-compatibility.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -Nur libdnf-0.55.0/libdnf/module/ModulePackage.cpp libdnf-0.55.0.new/libdnf/module/ModulePackage.cpp ---- libdnf-0.55.0/libdnf/module/ModulePackage.cpp 2020-11-09 22:42:13.000000000 +0800 -+++ libdnf-0.55.0.new/libdnf/module/ModulePackage.cpp 2021-07-08 16:40:15.635247194 +0800 -@@ -580,6 +580,16 @@ - Id id = repo_add_solvable(repo); - Solvable *solvable = pool_id2solvable(pool, id); - setSovable(pool, solvable, name, stream, version, context, "noarch"); -+ if (name == "platform" and stream == "an8") -+ { -+ std::string compatible_stream = "el8"; -+ setSovable(pool, solvable, name, compatible_stream, version, context, "noarch"); -+ } -+ if (name == "platform" and stream == "el8") -+ { -+ std::string compatible_stream = "an8"; -+ setSovable(pool, solvable, name, compatible_stream, version, context, "noarch"); -+ } - repoImpl->needs_internalizing = 1; - dnf_sack_set_provides_not_ready(moduleSack); - dnf_sack_set_considered_to_update(moduleSack); diff --git a/1001-arch-add-loongarch64-to-arch_map.patch b/1001-arch-add-loongarch64-to-arch_map.patch deleted file mode 100644 index be4e9b1..0000000 --- a/1001-arch-add-loongarch64-to-arch_map.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9753114b8aaf03ef2bb30d02cf20275836f1d4ed Mon Sep 17 00:00:00 2001 -From: Liwei Ge -Date: Wed, 14 Sep 2022 15:09:32 +0800 -Subject: [PATCH] arch: add loongarch64 to arch_map - ---- - libdnf/dnf-context.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp -index d119e7d..4de4333 100644 ---- a/libdnf/dnf-context.cpp -+++ b/libdnf/dnf-context.cpp -@@ -115,6 +115,7 @@ static const struct { - { "sparc", { "sparc", "sparc64", "sparc64v", "sparcv8", - "sparcv9", "sparcv9v", NULL } }, - { "x86_64", { "x86_64", "amd64", "ia32e", NULL } }, -+ { "loongarch64",{ "loongarch64", NULL } }, - { NULL, { NULL } } - }; - --- -2.27.0 - diff --git a/1002-libdnf-add-sw.patch b/1002-libdnf-add-sw.patch deleted file mode 100644 index 683fc36..0000000 --- a/1002-libdnf-add-sw.patch +++ /dev/null @@ -1,25 +0,0 @@ -From fc613dbf0418e13abb24c5f29ecef68e0c13ed71 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 8 Aug 2023 10:58:35 +0800 -Subject: [PATCH] add sw - -Signed-off-by: rpm-build ---- - libdnf/dnf-context.cpp | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp -index e663949..750b97f 100644 ---- a/libdnf/dnf-context.cpp -+++ b/libdnf/dnf-context.cpp -@@ -119,6 +119,7 @@ static const struct { - "sparcv9", "sparcv9v", NULL } }, - { "x86_64", { "x86_64", "amd64", "ia32e", NULL } }, - { "loongarch64",{ "loongarch64", NULL } }, -+ { "sw_64", { "sw_64", NULL } }, - { NULL, { NULL } } - }; - --- -2.31.1 - diff --git a/dist b/dist index 9c0e36e..1fe92cf 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8 +an8_10 diff --git a/libdnf.spec b/libdnf.spec index 452f571..e3a2818 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 %global libsolv_version 0.7.20-3 %global libmodulemd_version 2.11.2-2 %global librepo_version 1.13.1 @@ -37,7 +36,7 @@ %bcond_without python2 %endif -%if 0%{?rhel} && ! 0%{?centos} && ! 0%{?anolis} +%if 0%{?rhel} && ! 0%{?centos} %bcond_without rhsm %else %bcond_with rhsm @@ -59,7 +58,7 @@ Name: libdnf Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version} -Release: 19%{anolis_release}%{?dist} +Release: 20%{?dist} Summary: Library providing simplified C and Python API to libsolv License: LGPLv2+ URL: https://github.com/rpm-software-management/libdnf @@ -113,10 +112,8 @@ Patch46: 0046-Update-translations-RHEL-8.9.patch Patch47: 0047-filterAdvisory-installed_solvables-sort-RhBug2212838.patch Patch48: 0048-Avoid-reinstal-installonly-packages-marked-for-ERASE.patch Patch49: 0049-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d.patch -Patch50: 9999-change-bugtracker.diff -Patch1000: 1000-anolis-fix-platform-compatibility.patch -Patch1001: 1001-arch-add-loongarch64-to-arch_map.patch -Patch1002: 1002-libdnf-add-sw.patch +Patch50: 0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis.patch + BuildRequires: cmake BuildRequires: gcc @@ -366,14 +363,9 @@ popd %endif %changelog -* Wed Jul 17 2024 Liu Xiaoping - 0.63.0-19.0.1 -- Disable rhsm support in Anolis (geliwei@openanolis.org) -- rebrand: fix platform compatibility (geliwei@openanolis.org) -- Add loongarch64 to arch_map (liwei.glw@alibaba-inc.com) -- cherry-pick `add sw arch #9c8c414fae68cb1faed14be823ab34eb6ff00028`. (nijie@wxiat.com) - -* Fri Dec 01 2023 Release Engineering - 0.63.0-19 -- Add Rocky bugtracker +* Mon Jun 24 2024 Petr Pisar - 0.63.0-20 +- Do not set a default SELinux creation context if SELinux appears to be + disabled (RHEL-43231) * Wed Oct 18 2023 Petr Pisar - 0.63.0-19 - Set default SELinux labels on GnuPG directories (RHEL-6421) -- Gitee From a737fecad070ee95b0d506e8028ff70dec06bce3 Mon Sep 17 00:00:00 2001 From: songmingliang Date: Tue, 17 May 2022 19:16:16 +0800 Subject: [PATCH 2/5] Disable rhsm support in Anolis --- libdnf.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libdnf.spec b/libdnf.spec index e3a2818..5f01ea2 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 %global libsolv_version 0.7.20-3 %global libmodulemd_version 2.11.2-2 %global librepo_version 1.13.1 @@ -36,7 +37,7 @@ %bcond_without python2 %endif -%if 0%{?rhel} && ! 0%{?centos} +%if 0%{?rhel} && ! 0%{?centos} && ! 0%{?anolis} %bcond_without rhsm %else %bcond_with rhsm @@ -58,7 +59,7 @@ Name: libdnf Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version} -Release: 20%{?dist} +Release: 20%{anolis_release}%{?dist} Summary: Library providing simplified C and Python API to libsolv License: LGPLv2+ URL: https://github.com/rpm-software-management/libdnf @@ -363,6 +364,9 @@ popd %endif %changelog +* Mon Aug 19 2024 Liu Xiaoping - 0.63.0-20.0.1 +- Disable rhsm support in Anolis (geliwei@openanolis.org) + * Mon Jun 24 2024 Petr Pisar - 0.63.0-20 - Do not set a default SELinux creation context if SELinux appears to be disabled (RHEL-43231) -- Gitee From bf73d0b5cfae9e9f72c1b162721ee083725da4d6 Mon Sep 17 00:00:00 2001 From: songmingliang Date: Wed, 18 May 2022 14:02:51 +0800 Subject: [PATCH 3/5] module: fix platform compatibility with centos --- 1000-anolis-fix-platform-compatibility.patch | 20 ++++++++++++++++++++ libdnf.spec | 2 ++ 2 files changed, 22 insertions(+) create mode 100644 1000-anolis-fix-platform-compatibility.patch diff --git a/1000-anolis-fix-platform-compatibility.patch b/1000-anolis-fix-platform-compatibility.patch new file mode 100644 index 0000000..b470693 --- /dev/null +++ b/1000-anolis-fix-platform-compatibility.patch @@ -0,0 +1,20 @@ +diff -Nur libdnf-0.55.0/libdnf/module/ModulePackage.cpp libdnf-0.55.0.new/libdnf/module/ModulePackage.cpp +--- libdnf-0.55.0/libdnf/module/ModulePackage.cpp 2020-11-09 22:42:13.000000000 +0800 ++++ libdnf-0.55.0.new/libdnf/module/ModulePackage.cpp 2021-07-08 16:40:15.635247194 +0800 +@@ -580,6 +580,16 @@ + Id id = repo_add_solvable(repo); + Solvable *solvable = pool_id2solvable(pool, id); + setSovable(pool, solvable, name, stream, version, context, "noarch"); ++ if (name == "platform" and stream == "an8") ++ { ++ std::string compatible_stream = "el8"; ++ setSovable(pool, solvable, name, compatible_stream, version, context, "noarch"); ++ } ++ if (name == "platform" and stream == "el8") ++ { ++ std::string compatible_stream = "an8"; ++ setSovable(pool, solvable, name, compatible_stream, version, context, "noarch"); ++ } + repoImpl->needs_internalizing = 1; + dnf_sack_set_provides_not_ready(moduleSack); + dnf_sack_set_considered_to_update(moduleSack); diff --git a/libdnf.spec b/libdnf.spec index 5f01ea2..d7f46b9 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -116,6 +116,7 @@ Patch49: 0049-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d. Patch50: 0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis.patch +Patch1000: 1000-anolis-fix-platform-compatibility.patch BuildRequires: cmake BuildRequires: gcc BuildRequires: gcc-c++ @@ -366,6 +367,7 @@ popd %changelog * Mon Aug 19 2024 Liu Xiaoping - 0.63.0-20.0.1 - Disable rhsm support in Anolis (geliwei@openanolis.org) +- rebrand: fix platform compatibility (geliwei@openanolis.org) * Mon Jun 24 2024 Petr Pisar - 0.63.0-20 - Do not set a default SELinux creation context if SELinux appears to be -- Gitee From 142cc106a4999364131cdec83932ba614116a60b Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Wed, 14 Sep 2022 15:15:37 +0800 Subject: [PATCH 4/5] arch: add loongarch64 to arch_map Signed-off-by: Liwei Ge --- 1001-arch-add-loongarch64-to-arch_map.patch | 24 +++++++++++++++++++++ libdnf.spec | 3 +++ 2 files changed, 27 insertions(+) create mode 100644 1001-arch-add-loongarch64-to-arch_map.patch diff --git a/1001-arch-add-loongarch64-to-arch_map.patch b/1001-arch-add-loongarch64-to-arch_map.patch new file mode 100644 index 0000000..be4e9b1 --- /dev/null +++ b/1001-arch-add-loongarch64-to-arch_map.patch @@ -0,0 +1,24 @@ +From 9753114b8aaf03ef2bb30d02cf20275836f1d4ed Mon Sep 17 00:00:00 2001 +From: Liwei Ge +Date: Wed, 14 Sep 2022 15:09:32 +0800 +Subject: [PATCH] arch: add loongarch64 to arch_map + +--- + libdnf/dnf-context.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp +index d119e7d..4de4333 100644 +--- a/libdnf/dnf-context.cpp ++++ b/libdnf/dnf-context.cpp +@@ -115,6 +115,7 @@ static const struct { + { "sparc", { "sparc", "sparc64", "sparc64v", "sparcv8", + "sparcv9", "sparcv9v", NULL } }, + { "x86_64", { "x86_64", "amd64", "ia32e", NULL } }, ++ { "loongarch64",{ "loongarch64", NULL } }, + { NULL, { NULL } } + }; + +-- +2.27.0 + diff --git a/libdnf.spec b/libdnf.spec index d7f46b9..6abe438 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -117,6 +117,8 @@ Patch50: 0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis. Patch1000: 1000-anolis-fix-platform-compatibility.patch +Patch1001: 1001-arch-add-loongarch64-to-arch_map.patch + BuildRequires: cmake BuildRequires: gcc BuildRequires: gcc-c++ @@ -368,6 +370,7 @@ popd * Mon Aug 19 2024 Liu Xiaoping - 0.63.0-20.0.1 - Disable rhsm support in Anolis (geliwei@openanolis.org) - rebrand: fix platform compatibility (geliwei@openanolis.org) +- Add loongarch64 to arch_map (liwei.glw@alibaba-inc.com) * Mon Jun 24 2024 Petr Pisar - 0.63.0-20 - Do not set a default SELinux creation context if SELinux appears to be -- Gitee From 831804df1407a6ef0ef766fe5931433e6890729c Mon Sep 17 00:00:00 2001 From: wxiat Date: Tue, 8 Aug 2023 11:04:01 +0800 Subject: [PATCH 5/5] cherry-pick `add sw arch #9c8c414fae68cb1faed14be823ab34eb6ff00028`. Signed-off-by: wxiat Signed-off-by: Weisson --- 1002-libdnf-add-sw.patch | 25 +++++++++++++++++++++++++ libdnf.spec | 2 ++ 2 files changed, 27 insertions(+) create mode 100644 1002-libdnf-add-sw.patch diff --git a/1002-libdnf-add-sw.patch b/1002-libdnf-add-sw.patch new file mode 100644 index 0000000..683fc36 --- /dev/null +++ b/1002-libdnf-add-sw.patch @@ -0,0 +1,25 @@ +From fc613dbf0418e13abb24c5f29ecef68e0c13ed71 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 8 Aug 2023 10:58:35 +0800 +Subject: [PATCH] add sw + +Signed-off-by: rpm-build +--- + libdnf/dnf-context.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libdnf/dnf-context.cpp b/libdnf/dnf-context.cpp +index e663949..750b97f 100644 +--- a/libdnf/dnf-context.cpp ++++ b/libdnf/dnf-context.cpp +@@ -119,6 +119,7 @@ static const struct { + "sparcv9", "sparcv9v", NULL } }, + { "x86_64", { "x86_64", "amd64", "ia32e", NULL } }, + { "loongarch64",{ "loongarch64", NULL } }, ++ { "sw_64", { "sw_64", NULL } }, + { NULL, { NULL } } + }; + +-- +2.31.1 + diff --git a/libdnf.spec b/libdnf.spec index 6abe438..58c76c9 100644 --- a/libdnf.spec +++ b/libdnf.spec @@ -118,6 +118,7 @@ Patch50: 0050-repo-Don-t-try-to-perform-labeling-if-SELinux-is-dis. Patch1000: 1000-anolis-fix-platform-compatibility.patch Patch1001: 1001-arch-add-loongarch64-to-arch_map.patch +Patch1002: 1002-libdnf-add-sw.patch BuildRequires: cmake BuildRequires: gcc @@ -371,6 +372,7 @@ popd - Disable rhsm support in Anolis (geliwei@openanolis.org) - rebrand: fix platform compatibility (geliwei@openanolis.org) - Add loongarch64 to arch_map (liwei.glw@alibaba-inc.com) +- cherry-pick `add sw arch #9c8c414fae68cb1faed14be823ab34eb6ff00028`. (nijie@wxiat.com) * Mon Jun 24 2024 Petr Pisar - 0.63.0-20 - Do not set a default SELinux creation context if SELinux appears to be -- Gitee