From b01ea491c02aabd0b78ba3783ad0cc4df0fdbf8b578612158d15807a58fe451a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Schr=C3=B6der?= Date: Mon, 16 Dec 2024 13:00:08 +0000 Subject: [PATCH] - add compatibility %buildroot definition - backport unshare fix from upstream OBS-URL: https://build.opensuse.org/package/show/Base:System/rpm?expand=0&rev=679 --- macrosin.diff | 32 +++++++++++++++++++++----------- rpm-rpmlintrc | 1 - rpm.changes | 3 +++ rpm.spec | 3 ++- unshare.diff | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 77 insertions(+), 13 deletions(-) delete mode 100644 rpm-rpmlintrc create mode 100644 unshare.diff diff --git a/macrosin.diff b/macrosin.diff index 0be3b98..4d1aea6 100644 --- a/macrosin.diff +++ b/macrosin.diff @@ -1,6 +1,16 @@ ---- macros.in.orig 2024-12-16 09:16:20.616343895 +0000 -+++ macros.in 2024-12-16 09:16:24.676335428 +0000 -@@ -163,6 +163,7 @@ +--- macros.in.orig 2024-12-16 12:48:44.110837972 +0000 ++++ macros.in 2024-12-16 12:52:32.014378635 +0000 +@@ -118,6 +118,9 @@ + # The directory where sources/patches will be unpacked and built. + %_builddir %{_topdir}/BUILD + ++# The build root where built files will be installed into ++%buildroot %{_builddir}/%{NAME}-%{VERSION}-%{_arch}/BUILDROOT ++ + # The interpreter used for build scriptlets. + %_buildshell /bin/sh + +@@ -163,6 +166,7 @@ %{?_unique_debug_names:--unique-debug-suffix "-%{VERSION}-%{RELEASE}.%{_arch}"} \\\ %{?_unique_debug_srcs:--unique-debug-src-base "%{name}-%{VERSION}-%{RELEASE}.%{_arch}"} \\\ %{?_find_debuginfo_dwz_opts} \\\ @@ -8,7 +18,7 @@ %{?_find_debuginfo_opts} \\\ %{?_debugsource_packages:-S debugsourcefiles.list} \\\ "%{builddir}/%{?buildsubdir}"\ -@@ -216,7 +217,8 @@ Supplements: (%{name} = %{version}-%{r +@@ -216,7 +220,8 @@ Supplements: (%{name} = %{version}-%{r %files langpack-%{1}\ %{nil} @@ -18,7 +28,7 @@ %_defaultlicensedir %{_datadir}/licenses # Following macros for filtering auto deps must not be used in spec files. -@@ -275,7 +277,8 @@ Supplements: (%{name} = %{version}-%{r +@@ -275,7 +280,8 @@ Supplements: (%{name} = %{version}-%{r %_tmppath %{_var}/tmp # Path to top of build area. @@ -28,7 +38,7 @@ #============================================================================== # ---- Optional rpmrc macros. -@@ -366,7 +369,7 @@ Supplements: (%{name} = %{version}-%{r +@@ -366,7 +372,7 @@ Supplements: (%{name} = %{version}-%{r # "w.ufdio" uncompressed # #%_source_payload w9.gzdio @@ -37,7 +47,7 @@ # Algorithm to use for generating file checksum digests on build. # If not specified or 0, MD5 is used. -@@ -476,6 +479,19 @@ Supplements: (%{name} = %{version}-%{r +@@ -476,6 +482,19 @@ Supplements: (%{name} = %{version}-%{r # #%_include_minidebuginfo 1 @@ -57,7 +67,7 @@ # # Include a .gdb_index section in the .debug files. # Requires _enable_debug_packages and gdb-add-index installed. -@@ -508,39 +524,39 @@ Supplements: (%{name} = %{version}-%{r +@@ -508,39 +527,39 @@ Supplements: (%{name} = %{version}-%{r # Same as for "separate" but if the __debug_package global is set then # the -debuginfo package will have a compatibility link for the main # ELF /usr/lib/debug/.build-id/xx/yyy -> /usr/lib/.build-id/xx/yyy @@ -104,7 +114,7 @@ # # Use internal dependency generator rather than external helpers? -@@ -559,6 +575,7 @@ Supplements: (%{name} = %{version}-%{r +@@ -559,6 +578,7 @@ Supplements: (%{name} = %{version}-%{r %__find_requires %{_rpmconfigdir}/find-requires #%__find_conflicts ??? #%__find_obsoletes ??? @@ -112,7 +122,7 @@ # # Path to file attribute classifications for automatic dependency -@@ -980,7 +997,7 @@ Supplements: (%{name} = %{version}-%{r +@@ -980,7 +1000,7 @@ Supplements: (%{name} = %{version}-%{r %_build_vendor %{_host_vendor} %_build_os %{_host_os} %_host @host@ @@ -121,7 +131,7 @@ %_host_cpu @host_cpu@ %_host_vendor @host_vendor@ %_host_os @host_os@ -@@ -1105,11 +1122,13 @@ Supplements: (%{name} = %{version}-%{r +@@ -1105,11 +1125,13 @@ Supplements: (%{name} = %{version}-%{r #------------------------------------------------------------------------------ # arch macro for all supported 32-bit ARM processors diff --git a/rpm-rpmlintrc b/rpm-rpmlintrc deleted file mode 100644 index 492b41b..0000000 --- a/rpm-rpmlintrc +++ /dev/null @@ -1 +0,0 @@ -addFilter("file-contains-buildroot") # until rpmlint is fixed diff --git a/rpm.changes b/rpm.changes index ab0430d..d1f86a9 100644 --- a/rpm.changes +++ b/rpm.changes @@ -23,6 +23,9 @@ Mon Dec 16 11:55:23 CET 2024 - mls@suse.de * auto-config-update-aarch64-ppc64le.diff * 0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch * 0003-Error-out-on-a-missing-changelog-date.patch +- add compatibility %buildroot definition +- backport unshare fix from upstream + * new patch: unshare.diff ------------------------------------------------------------------- Mon Nov 11 08:43:56 UTC 2024 - Michal Suchanek diff --git a/rpm.spec b/rpm.spec index 7dabec4..f84ab61 100644 --- a/rpm.spec +++ b/rpm.spec @@ -65,7 +65,6 @@ URL: https://rpm.org/ Source: https://ftp.osuosl.org/pub/rpm/releases/rpm-4.19.x/rpm-%{version}.tar.bz2 #Git-Clone: https://github.com/rpm-software-management/rpmpgp_legacy Source1: rpmpgp_legacy-1.0.tar.gz -Source2: rpm-rpmlintrc Source5: rpmsort Source8: rpmconfigcheck Source9: sysconfig.services-rpm @@ -120,6 +119,7 @@ Patch139: cmake_python_version.diff Patch140: 0001-Add-option-to-set-mtime-of-files-in-rpms.patch Patch141: 0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch Patch142: 0003-Error-out-on-a-missing-changelog-date.patch +Patch150: unshare.diff Patch6464: auto-config-update-aarch64-ppc64le.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # @@ -234,6 +234,7 @@ rm -rf sqlite %patch -P 140 %endif %patch -P 141 -P 142 +%patch -P 150 %ifarch aarch64 ppc64le riscv64 %patch -P 6464 diff --git a/unshare.diff b/unshare.diff new file mode 100644 index 0000000..12b9d07 --- /dev/null +++ b/unshare.diff @@ -0,0 +1,51 @@ +--- docs/man/rpm-plugin-unshare.8.md.orig 2024-10-07 09:35:46.000000000 +0000 ++++ docs/man/rpm-plugin-unshare.8.md 2024-12-16 12:57:40.781754250 +0000 +@@ -27,6 +27,11 @@ This plugin implements the following con + execution. Typical examples would be `/tmp` to protect against + insecure temporary file usage inside scriptlets, and `/home` to + prevent scriptlets from accessing user home directories. ++ When path unsharing is enabled, any mounts made from scriptlets ++ are also private to the scriptlet (and vice versa, mount changes ++ on the host are not visible to the scriptlet). ++ ++ Private mounts in chroot-operations is unimplemented. + + `%__transaction_unshare_nonet` + +--- plugins/unshare.c.orig 2024-10-07 09:35:46.000000000 +0000 ++++ plugins/unshare.c 2024-12-16 12:57:40.781754250 +0000 +@@ -19,8 +19,18 @@ static rpmRC unshare_init(rpmPlugin plug + { + char *paths = rpmExpand("%{?__transaction_unshare_paths}", NULL); + private_mounts = argvSplitString(paths, ":", ARGV_SKIPEMPTY); +- if (private_mounts) +- unshare_flags |= CLONE_NEWNS; ++ if (private_mounts) { ++ /* ++ * Changing mount propagation from inside a chroot fails if the root ++ * is not also a mount point, disable for now. ++ */ ++ if (strcmp(rpmtsRootDir(ts), "/")) { ++ rpmlog(RPMLOG_WARNING, ++ "private mounts in chroot not implemented\n"); ++ } else { ++ unshare_flags |= CLONE_NEWNS; ++ } ++ } + free(paths); + + if (rpmExpandNumeric("%{?__transaction_unshare_nonet}")) +@@ -47,9 +57,10 @@ static rpmRC unshare_scriptlet_fork_post + goto exit; + } + +- if (private_mounts) { +- if (mount("/", "/", NULL, MS_REC | MS_PRIVATE, NULL) == -1) { +- rpmlog(RPMLOG_ERR, _("failed to mount private %s: %s\n"), ++ if (unshare_flags & CLONE_NEWNS) { ++ if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL) == -1) { ++ rpmlog(RPMLOG_ERR, ++ _("failed to change mount propagation %s: %s\n"), + "/", strerror(errno)); + goto exit; + }