diff --git a/libpulp-0.3.7.tar.gz b/libpulp-0.3.7.tar.gz index 91c289f..8b9ee10 100644 --- a/libpulp-0.3.7.tar.gz +++ b/libpulp-0.3.7.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bd0c4a6b0212292ec11d44196e621eeb76ae6f2650de2148aa0b29e393eae409 -size 634127 +oid sha256:aead1d4cd04fdde95108640262106e05c79f324df7aa9bc0982ec67dc538d1a2 +size 639555 diff --git a/libpulp.changes b/libpulp.changes index a56a916..f8f699c 100644 --- a/libpulp.changes +++ b/libpulp.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Sat Dec 7 00:59:13 UTC 2024 - Giuliano Belinassi + +- Add timestamps on each message. + +------------------------------------------------------------------- +Wed Dec 4 18:58:38 UTC 2024 - Giuliano Belinassi + +- Update rpm-helper script for SLE Micro (bsc#1228879). +- Update macros.userspace-livepatch for SLE Micro (bsc#1228879). +- Guard macros behind sle_version >= 1600. + +------------------------------------------------------------------- +Thu Nov 14 01:15:15 UTC 2024 - Giuliano Belinassi + +- Add SELinux policy for /var/livepatches (bsc#1228879). +- Update rpm-helper script for SLE Micro. + ------------------------------------------------------------------- Fri Oct 18 19:24:22 UTC 2024 - Giuliano Belinassi diff --git a/libpulp.spec b/libpulp.spec index f956ebc..042501e 100644 --- a/libpulp.spec +++ b/libpulp.spec @@ -26,6 +26,7 @@ URL: https://github.com/suse/libpulp Source0: %{name}-%{version}.tar.gz Source1: rpm-helper Source2: macros.userspace-livepatch +Source3: selinux-ulp.conf Source99: libpulp.rpmlintrc # Required to hardlink identical files. BuildRequires: fdupes @@ -83,6 +84,10 @@ This package contains the tools to apply user-space live patches. %make_install install -D -m0755 %{SOURCE1} %{buildroot}%{_prefix}/lib/userspace-livepatch/rpm-helper install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.userspace-livepatch +install -D -m0644 %{SOURCE3} %{buildroot}%{_prefix}/etc/tukit.conf.d/selinux-ulp.conf + +# Create /var/livepatches +mkdir -p %{buildroot}/var/livepatches/ # Convert identical files into hardlinks. %fdupes %{buildroot}/%{_prefix} @@ -92,6 +97,24 @@ install -D -m0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.user find %{buildroot}/%{_prefix} -name libpulp.la -delete find %{buildroot}/%{_prefix} -name libpulp.so -delete +%post -n libpulp-tools +%define ld_so_conf /etc/ld.so.conf +%define addline include /var/livepatches/ld.so.conf + +# There are special logic needed in sle-micro onwards. +%if 0%{?suse_version} >= 1600 + +# Add instance of /var/livepatches if it doesn't already exist. +grep -qxF '%{addline}' %{ld_so_conf} || echo '%{addline}' >> %{ld_so_conf} + +%postun -n libpulp-tools + +if [ "$1" == "0" ]; then + # Delete all instances of libpulp in the ld_so_conf. + sed -i '\#%{addline}#d' %{ld_so_conf} +fi +%endif + %post -n libpulp0 -p /sbin/ldconfig %postun -n libpulp0 -p /sbin/ldconfig @@ -106,6 +129,10 @@ find %{buildroot}/%{_prefix} -name libpulp.so -delete %dir %{_prefix}/lib/userspace-livepatch %{_prefix}/lib/userspace-livepatch/* %{_prefix}/lib/rpm/* +%{_prefix}/etc/tukit.conf.d/selinux-ulp.conf +%{_prefix}/etc/tukit.conf.d +%{_prefix}/etc +/var/livepatches %license LICENSE %changelog diff --git a/macros.userspace-livepatch b/macros.userspace-livepatch index 5fc8570..d69467b 100644 --- a/macros.userspace-livepatch +++ b/macros.userspace-livepatch @@ -7,3 +7,27 @@ echo "Executing ulp_post_hook(). About to execute rpm-helper..." \ /bin/bash /usr/lib/userspace-livepatch/rpm-helper install "%1" "%2" "%3" $1 \ echo "Done executing rpm-helper." \ %{nil} + +# Hook for %post used by livepatch packages move the system libraries to the +# current snapshot for sle-micro. +# +# The parameters are ... +%ulp_post_move_libs() \ +%if 0%{?suse_version} >= 1600 \ +echo "Executing ulp_post_move_libs()" \ +/bin/bash /usr/lib/userspace-livepatch/rpm-helper movelibs "%1" "%2" "%3" $1 \ +echo "Done executing ulp_post_move_libs()" \ +%endif \ +%{nil} + +# Hook for %postun used by livepatch packages to remove the moved system +# libraries +# +# The parameters are +%ulp_post_remove_libs() \ +%if 0%{?suse_version} >= 1600 \ +echo "Executing ulp_post_remove_libs()" \ +/bin/bash /usr/lib/userspace-livepatch/rpm-helper removelibs "%1" "%2" "%3" $1 \ +echo "Done executing ulp_post_remove_libs()" \ +%endif \ +%{nil} diff --git a/rpm-helper b/rpm-helper index dd72245..9116a8c 100644 --- a/rpm-helper +++ b/rpm-helper @@ -45,14 +45,26 @@ do_install() check_livepatching_env || return 0 - # Check if we are running a transactional update. If yes, set the root - # accordingly. + INSTALL_DIR="/usr/lib64/$PACKAGE/$VER" + TRIGGER_PATH="$INSTALL_DIR" + + # Check if we are running a transactional update. If yes, then we need to + # move the livepatches to a better location. if [ "$TRANSACTIONAL_UPDATE" = "true" ] && [ "x$TRANSACTIONAL_UPDATE_ROOT" != "x" ]; then - ROOT="-R $TRANSACTIONAL_UPDATE_ROOT" + TRIGGER_PATH="/var/livepatches/$PACKAGE/$VER/lp" + + # Create path if it doesn't already exist. + mkdir -p "$TRIGGER_PATH" + + # Clean the path + rm -rf "$TRIGGER_PATH" + + # Copy the patches to the location we have permission. + cp -rZ "$INSTALL_DIR" "$TRIGGER_PATH" fi - ulp trigger $ROOT --recursive -r 100 --timeout 200 --revert-all=target \ - "/usr/lib64/$PACKAGE/$VER/*.so" + ulp trigger --recursive -r 100 --timeout 200 --revert-all=target \ + "$TRIGGER_PATH/*.so" echo "ulp trigger executed." } @@ -62,10 +74,56 @@ do_remove() : # reserved for future use } -if test $# -ne 5; then - echo 'WARNING: Unexpected number of parameters. Are the live patch RPM scripts compatible with this rpm-helper?' >&2 -fi +# Execute this on sle-micro to move the new libraries to the current snapshot. +do_movelibs() +{ + if test -e /.buildenv; then + echo "Skipping move libs in buildroot" + return 0 + fi + local ld_so_conf="/var/livepatches/ld.so.conf" + local addline="/var/livepatches/$PACKAGE/$VER/libs" + local line_pattern="/var/livepatches/$PACKAGE/.*/libs" + + [[ -e $ld_so_conf ]] && sed -i "\#$line_pattern#d" $ld_so_conf + + echo "$addline" >> $ld_so_conf + + mkdir -p $addline + + for i in $(seq 1 3); do + shift + done + + for file in "$@"; do + [[ -e $file ]] && install -D -Z $file "$addline/$(basename $file)" + done + + /sbin/ldconfig +} + +# Execute this on sle-micro to move the new libraries to the current snapshot. +do_removelibs() +{ + if test -e /.buildenv; then + echo "Skipping move libs in buildroot" + return 0 + fi + + local ld_so_conf="/var/livepatches/ld.so.conf" + local addline="/var/livepatches/$PACKAGE/$VER/libs" + local line_pattern="/var/livepatches/$PACKAGE/.*/libs" + + # Remove the line of ld.so.conf + [[ -e $ld_so_conf ]] && sed -i "\#$line_pattern#d" $ld_so_conf + + # Update ldconfig cache. + /sbin/ldconfig + + # Delete copied libs. + rm -rf $addline +} # Parse first argument (install or remove). cmd=$1 @@ -73,9 +131,10 @@ PACKAGE=$2 VER=$3 TARGET_LIB=$4 NUM_PACKAGES=${5-0} + case "$cmd" in -install|remove) - do_$cmd +install|remove|movelibs|removelibs) + do_$cmd "$@" exit ;; *) diff --git a/selinux-ulp.conf b/selinux-ulp.conf new file mode 100644 index 0000000..d058e74 --- /dev/null +++ b/selinux-ulp.conf @@ -0,0 +1 @@ +BINDDIRS[ulp]=/var/livepatches