Sync from SUSE:SLFO:Main libpulp revision 094bc15210169175d602c39ce0fc806c

2024-12-11 15:11:23 +01:00 · 2024-12-11 15:11:23 +01:00 · 21e78f7276
commit 21e78f7276
parent 1931f603d7
6 changed files with 141 additions and 12 deletions
--- a/libpulp-0.3.7.tar.gz
+++ b/libpulp-0.3.7.tar.gz
--- a/libpulp.changes
+++ b/libpulp.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Sat Dec  7 00:59:13 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Add timestamps on each message.
+
+-------------------------------------------------------------------
+Wed Dec  4 18:58:38 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Update rpm-helper script for SLE Micro (bsc#1228879).
+- Update macros.userspace-livepatch for SLE Micro (bsc#1228879).
+- Guard macros behind sle_version >= 1600.
+
+-------------------------------------------------------------------
+Thu Nov 14 01:15:15 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Add SELinux policy for /var/livepatches (bsc#1228879).
+- Update rpm-helper script for SLE Micro.
+
 -------------------------------------------------------------------
 Fri Oct 18 19:24:22 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>

--- a/libpulp.spec
+++ b/libpulp.spec
@ -26,6 +26,7 @@ URL:            https://github.com/suse/libpulp
 Source0:        %{name}-%{version}.tar.gz
 Source1:        rpm-helper
 Source2:        macros.userspace-livepatch
+Source3:        selinux-ulp.conf
 Source99:       libpulp.rpmlintrc
 # Required to hardlink identical files.
 BuildRequires:  fdupes
@ -83,6 +84,10 @@ This package contains the tools to apply user-space live patches.
 %make_install
 install -D -m0755 %{SOURCE1} %{buildroot}%{_prefix}/lib/userspace-livepatch/rpm-helper
 install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.userspace-livepatch
+install -D -m0644 %{SOURCE3} %{buildroot}%{_prefix}/etc/tukit.conf.d/selinux-ulp.conf
+
+# Create /var/livepatches
+mkdir -p %{buildroot}/var/livepatches/

 # Convert identical files into hardlinks.
 %fdupes %{buildroot}/%{_prefix}
@ -92,6 +97,24 @@ install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.user
 find %{buildroot}/%{_prefix} -name libpulp.la -delete
 find %{buildroot}/%{_prefix} -name libpulp.so -delete

+%post -n libpulp-tools
+%define ld_so_conf  /etc/ld.so.conf
+%define addline     include /var/livepatches/ld.so.conf
+
+# There are special logic needed in sle-micro onwards.
+%if 0%{?suse_version} >= 1600
+
+# Add instance of /var/livepatches if it doesn't already exist.
+grep -qxF '%{addline}' %{ld_so_conf} || echo '%{addline}' >> %{ld_so_conf}
+
+%postun -n libpulp-tools
+
+if [ "$1" == "0" ]; then
+  # Delete all instances of libpulp in the ld_so_conf.
+  sed -i '\#%{addline}#d' %{ld_so_conf}
+fi
+%endif
+
 %post -n libpulp0 -p /sbin/ldconfig
 %postun -n libpulp0 -p /sbin/ldconfig

@ -106,6 +129,10 @@ find %{buildroot}/%{_prefix} -name libpulp.so -delete
 %dir %{_prefix}/lib/userspace-livepatch
 %{_prefix}/lib/userspace-livepatch/*
 %{_prefix}/lib/rpm/*
+%{_prefix}/etc/tukit.conf.d/selinux-ulp.conf
+%{_prefix}/etc/tukit.conf.d
+%{_prefix}/etc
+/var/livepatches
 %license LICENSE

 %changelog
--- a/macros.userspace-livepatch
+++ b/macros.userspace-livepatch
@ -7,3 +7,27 @@ echo "Executing ulp_post_hook(). About to execute rpm-helper..." \
 /bin/bash /usr/lib/userspace-livepatch/rpm-helper install "%1" "%2" "%3" $1 \
 echo "Done executing rpm-helper." \
 %{nil}
+
+# Hook for %post used by livepatch packages move the system libraries to the
+# current snapshot for sle-micro.
+#
+# The parameters are <package_name> <livepatch_version> <files_to_copy1> ...
+%ulp_post_move_libs() \
+%if 0%{?suse_version} >= 1600 \
+echo "Executing ulp_post_move_libs()" \
+/bin/bash /usr/lib/userspace-livepatch/rpm-helper movelibs "%1" "%2" "%3" $1 \
+echo "Done executing ulp_post_move_libs()" \
+%endif \
+%{nil}
+
+# Hook for %postun used by livepatch packages to remove the moved system
+# libraries
+#
+# The parameters are <package_name> <livepatch_version>
+%ulp_post_remove_libs() \
+%if 0%{?suse_version} >= 1600 \
+echo "Executing ulp_post_remove_libs()" \
+/bin/bash /usr/lib/userspace-livepatch/rpm-helper removelibs "%1" "%2" "%3" $1 \
+echo "Done executing ulp_post_remove_libs()" \
+%endif \
+%{nil}
--- a/79
+++ b/79
@ -45,14 +45,26 @@ do_install()

  check_livepatching_env || return 0

-  # Check if we are running a transactional update. If yes, set the root
-  # accordingly.
+  INSTALL_DIR="/usr/lib64/$PACKAGE/$VER"
+  TRIGGER_PATH="$INSTALL_DIR"
+
+  # Check if we are running a transactional update. If yes, then we need to
+  # move the livepatches to a better location.
  if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then
-    ROOT="-R $TRANSACTIONAL_UPDATE_ROOT"
+    TRIGGER_PATH="/var/livepatches/$PACKAGE/$VER/lp"
+
+    # Create path if it doesn't already exist.
+    mkdir -p "$TRIGGER_PATH"
+
+    # Clean the path
+    rm -rf "$TRIGGER_PATH"
+
+    # Copy the patches to the location we have permission.
+    cp -rZ "$INSTALL_DIR" "$TRIGGER_PATH"
  fi

-  ulp trigger $ROOT --recursive -r 100 --timeout 200 --revert-all=target \
-    "/usr/lib64/$PACKAGE/$VER/*.so"
+  ulp trigger --recursive -r 100 --timeout 200 --revert-all=target \
+    "$TRIGGER_PATH/*.so"

  echo "ulp trigger executed."
 }
@ -62,10 +74,56 @@ do_remove()
 	: # reserved for future use
 }

-if test $# -ne 5; then
-	echo 'WARNING: Unexpected number of parameters. Are the live patch RPM scripts compatible with this rpm-helper?' >&2
-fi
+# Execute this on sle-micro to move the new libraries to the current snapshot.
+do_movelibs()
+{
+  if test -e /.buildenv; then
+    echo "Skipping move libs in buildroot"
+    return 0
+  fi

+  local ld_so_conf="/var/livepatches/ld.so.conf"
+  local addline="/var/livepatches/$PACKAGE/$VER/libs"
+  local line_pattern="/var/livepatches/$PACKAGE/.*/libs"
+
+  [[ -e $ld_so_conf ]] && sed -i "\#$line_pattern#d" $ld_so_conf
+
+  echo "$addline" >> $ld_so_conf
+
+  mkdir -p $addline
+
+  for i in $(seq 1 3); do
+    shift
+  done
+
+  for file in "$@"; do
+    [[ -e $file ]] && install -D -Z $file "$addline/$(basename $file)"
+  done
+
+  /sbin/ldconfig
+}
+
+# Execute this on sle-micro to move the new libraries to the current snapshot.
+do_removelibs()
+{
+  if test -e /.buildenv; then
+    echo "Skipping move libs in buildroot"
+    return 0
+  fi
+
+  local ld_so_conf="/var/livepatches/ld.so.conf"
+  local addline="/var/livepatches/$PACKAGE/$VER/libs"
+  local line_pattern="/var/livepatches/$PACKAGE/.*/libs"
+
+  # Remove the line of ld.so.conf
+  [[ -e $ld_so_conf ]] && sed -i "\#$line_pattern#d" $ld_so_conf
+
+  # Update ldconfig cache.
+  /sbin/ldconfig
+
+  # Delete copied libs.
+  rm -rf $addline
+}

 # Parse first argument (install or remove).
 cmd=$1
@ -73,9 +131,10 @@ PACKAGE=$2
 VER=$3
 TARGET_LIB=$4
 NUM_PACKAGES=${5-0}
+
 case "$cmd" in
-install|remove)
-	do_$cmd
+install|remove|movelibs|removelibs)
+	do_$cmd "$@"
 	exit
 	;;
 *)
--- a/selinux-ulp.conf
+++ b/selinux-ulp.conf
@ -0,0 +1 @@
+BINDDIRS[ulp]=/var/livepatches