From fc7349fc19f9398a0c2010368a2142ee61d91c7e Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Fri, 8 Nov 2024 15:55:07 +0000 Subject: [PATCH] tree: promote changes from testing-devel at 533714165ae81df8cb2c507db2cf63fb55b7791f --- ci/buildroot/Dockerfile | 2 +- ci/buildroot/install-buildroot.sh | 4 +- kola-denylist.yaml | 6 -- manifest-lock.aarch64.json | 99 +++++++++---------- manifest-lock.overrides.aarch64.yaml | 35 ------- manifest-lock.overrides.ppc64le.yaml | 41 -------- manifest-lock.overrides.x86_64.yaml | 47 --------- manifest-lock.ppc64le.json | 97 +++++++++--------- manifest-lock.s390x.json | 93 +++++++++-------- manifest-lock.x86_64.json | 99 +++++++++---------- .../coreos-secex-ignition-prepare.service | 2 + .../coreos-secex-ignition-prepare.sh | 6 ++ .../system/coreos-fix-selinux-labels.service | 6 +- tests/kola/boot/bootupd-validate | 87 ++++++++++++++++ tests/kola/upgrade/extended/test.sh | 29 +++++- 15 files changed, 316 insertions(+), 337 deletions(-) delete mode 100644 manifest-lock.overrides.aarch64.yaml delete mode 100644 manifest-lock.overrides.ppc64le.yaml delete mode 100644 manifest-lock.overrides.x86_64.yaml create mode 100755 tests/kola/boot/bootupd-validate diff --git a/ci/buildroot/Dockerfile b/ci/buildroot/Dockerfile index aee83d3eec..8277318c35 100644 --- a/ci/buildroot/Dockerfile +++ b/ci/buildroot/Dockerfile @@ -5,7 +5,7 @@ # # This image is used by CoreOS CI to build software like # Ignition, rpm-ostree, ostree, coreos-installer, etc... -FROM quay.io/fedora/fedora:40 +FROM quay.io/fedora/fedora:41 # Work around for https://bugzilla.redhat.com/show_bug.cgi?id=2278652 ENV container=oci COPY . /src diff --git a/ci/buildroot/install-buildroot.sh b/ci/buildroot/install-buildroot.sh index 2809b8a8f7..52590dfbe5 100755 --- a/ci/buildroot/install-buildroot.sh +++ b/ci/buildroot/install-buildroot.sh @@ -5,7 +5,7 @@ set -euo pipefail dnf -y install dnf-plugins-core # We want to avoid a 7 day cycle for e.g. new ostree etc. -dnf config-manager --set-enabled updates-testing +dnf config-manager setopt updates-testing.enabled=1 dn=$(dirname "$0") tmpd=$(mktemp -d) && trap 'rm -rf ${tmpd}' EXIT @@ -35,7 +35,7 @@ rm -rf "${tmpd:?}"/* echo "Installing build dependencies from canonical spec files" specs=$(grep -v '^#' "${dn}"/buildroot-specs.txt) (cd "${tmpd}" && echo "${specs}" | xargs curl -L --remote-name-all) -(cd "${tmpd}" && find . -type f -print0 | xargs -0 dnf -y builddep --spec) +(cd "${tmpd}" && find . -type f -print0 | xargs -0 dnf -y builddep) rm -rf "${tmpd:?}"/* echo "Installing test dependencies from canonical upstream files" diff --git a/kola-denylist.yaml b/kola-denylist.yaml index 9cb188f817..dc96a70a6b 100644 --- a/kola-denylist.yaml +++ b/kola-denylist.yaml @@ -10,9 +10,3 @@ # warn: true (disabled on promotion) arches: - ppc64le -- pattern: kdump.crash.nfs - tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1820 - streams: - - rawhide - - next-devel - - next diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index 8667d67a13..4703793ef3 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -31,13 +31,13 @@ } }, "WALinuxAgent-udev": { - "evra": "2.11.1.4-8.fc41.noarch", + "evra": "2.11.1.12-1.fc41.noarch", "metadata": { "sourcerpm": "WALinuxAgent" } }, "aardvark-dns": { - "evra": "2:1.12.2-2.fc41.aarch64", + "evra": "2:1.13.0-1.fc41.aarch64", "metadata": { "sourcerpm": "aardvark-dns" } @@ -373,19 +373,19 @@ } }, "crun": { - "evra": "1.18-1.fc41.aarch64", + "evra": "1.18.1-1.fc41.aarch64", "metadata": { "sourcerpm": "crun" } }, "crun-wasm": { - "evra": "1.18-1.fc41.aarch64", + "evra": "1.18.1-1.fc41.aarch64", "metadata": { "sourcerpm": "crun" } }, "crypto-policies": { - "evra": "20241010-1.git8baf557.fc41.noarch", + "evra": "20241029-1.git8baf557.fc41.noarch", "metadata": { "sourcerpm": "crypto-policies" } @@ -571,19 +571,19 @@ } }, "elfutils-default-yama-scope": { - "evra": "0.192-4.fc41.noarch", + "evra": "0.192-5.fc41.noarch", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libelf": { - "evra": "0.192-4.fc41.aarch64", + "evra": "0.192-5.fc41.aarch64", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libs": { - "evra": "0.192-4.fc41.aarch64", + "evra": "0.192-5.fc41.aarch64", "metadata": { "sourcerpm": "elfutils" } @@ -607,19 +607,19 @@ } }, "fedora-release-common": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-identity-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } @@ -775,25 +775,25 @@ } }, "glibc": { - "evra": "2.40-3.fc41.aarch64", + "evra": "2.40-9.fc41.aarch64", "metadata": { "sourcerpm": "glibc" } }, "glibc-common": { - "evra": "2.40-3.fc41.aarch64", + "evra": "2.40-9.fc41.aarch64", "metadata": { "sourcerpm": "glibc" } }, "glibc-gconv-extra": { - "evra": "2.40-3.fc41.aarch64", + "evra": "2.40-9.fc41.aarch64", "metadata": { "sourcerpm": "glibc" } }, "glibc-minimal-langpack": { - "evra": "2.40-3.fc41.aarch64", + "evra": "2.40-9.fc41.aarch64", "metadata": { "sourcerpm": "glibc" } @@ -871,7 +871,7 @@ } }, "hwdata": { - "evra": "0.388-1.fc41.noarch", + "evra": "0.389-1.fc41.noarch", "metadata": { "sourcerpm": "hwdata" } @@ -1039,25 +1039,25 @@ } }, "kernel": { - "evra": "6.11.5-300.fc41.aarch64", + "evra": "6.11.6-300.fc41.aarch64", "metadata": { "sourcerpm": "kernel" } }, "kernel-core": { - "evra": "6.11.5-300.fc41.aarch64", + "evra": "6.11.6-300.fc41.aarch64", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules": { - "evra": "6.11.5-300.fc41.aarch64", + "evra": "6.11.6-300.fc41.aarch64", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules-core": { - "evra": "6.11.5-300.fc41.aarch64", + "evra": "6.11.6-300.fc41.aarch64", "metadata": { "sourcerpm": "kernel" } @@ -1099,7 +1099,7 @@ } }, "krb5-libs": { - "evra": "1.21.3-2.fc41.aarch64", + "evra": "1.21.3-3.fc41.aarch64", "metadata": { "sourcerpm": "krb5" } @@ -1159,7 +1159,7 @@ } }, "libbpf": { - "evra": "2:1.4.6-1.fc41.aarch64", + "evra": "2:1.4.7-1.fc41.aarch64", "metadata": { "sourcerpm": "libbpf" } @@ -1447,13 +1447,13 @@ } }, "libnl3": { - "evra": "3.10.0-1.fc41.aarch64", + "evra": "3.11.0-1.fc41.aarch64", "metadata": { "sourcerpm": "libnl3" } }, "libnl3-cli": { - "evra": "3.10.0-1.fc41.aarch64", + "evra": "3.11.0-1.fc41.aarch64", "metadata": { "sourcerpm": "libnl3" } @@ -1663,7 +1663,7 @@ } }, "libusb1": { - "evra": "1.0.27-3.fc41.aarch64", + "evra": "1.0.27-4.fc41.aarch64", "metadata": { "sourcerpm": "libusb1" } @@ -1699,7 +1699,7 @@ } }, "libxcrypt": { - "evra": "4.4.36-7.fc41.aarch64", + "evra": "4.4.36-8.fc41.aarch64", "metadata": { "sourcerpm": "libxcrypt" } @@ -1807,7 +1807,7 @@ } }, "makedumpfile": { - "evra": "1.7.5-13.fc41.aarch64", + "evra": "1.7.6-1.fc41.aarch64", "metadata": { "sourcerpm": "makedumpfile" } @@ -1879,7 +1879,7 @@ } }, "netavark": { - "evra": "2:1.12.2-1.fc41.aarch64", + "evra": "2:1.13.0-1.fc41.aarch64", "metadata": { "sourcerpm": "netavark" } @@ -1927,7 +1927,7 @@ } }, "numactl-libs": { - "evra": "2.0.18-2.fc41.aarch64", + "evra": "2.0.19-1.fc41.aarch64", "metadata": { "sourcerpm": "numactl" } @@ -1993,13 +1993,13 @@ } }, "ostree": { - "evra": "2024.8-1.fc41.aarch64", + "evra": "2024.8-3.fc41.aarch64", "metadata": { "sourcerpm": "ostree" } }, "ostree-libs": { - "evra": "2024.8-1.fc41.aarch64", + "evra": "2024.8-3.fc41.aarch64", "metadata": { "sourcerpm": "ostree" } @@ -2017,13 +2017,13 @@ } }, "pam": { - "evra": "1.6.1-5.fc41.aarch64", + "evra": "1.6.1-6.fc41.aarch64", "metadata": { "sourcerpm": "pam" } }, "pam-libs": { - "evra": "1.6.1-5.fc41.aarch64", + "evra": "1.6.1-6.fc41.aarch64", "metadata": { "sourcerpm": "pam" } @@ -2035,13 +2035,13 @@ } }, "passt": { - "evra": "0^20240906.g6b38f07-1.fc41.aarch64", + "evra": "0^20241030.gee7d0b6-1.fc41.aarch64", "metadata": { "sourcerpm": "passt" } }, "passt-selinux": { - "evra": "0^20240906.g6b38f07-1.fc41.noarch", + "evra": "0^20241030.gee7d0b6-1.fc41.noarch", "metadata": { "sourcerpm": "passt" } @@ -2107,13 +2107,13 @@ } }, "polkit": { - "evra": "125-1.fc41.aarch64", + "evra": "125-1.fc41.1.aarch64", "metadata": { "sourcerpm": "polkit" } }, "polkit-libs": { - "evra": "125-1.fc41.aarch64", + "evra": "125-1.fc41.1.aarch64", "metadata": { "sourcerpm": "polkit" } @@ -2251,13 +2251,13 @@ } }, "selinux-policy": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } }, "selinux-policy-targeted": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } @@ -2317,7 +2317,7 @@ } }, "slirp4netns": { - "evra": "1.2.2-3.fc41.aarch64", + "evra": "1.3.1-1.fc41.aarch64", "metadata": { "sourcerpm": "slirp4netns" } @@ -2527,19 +2527,19 @@ } }, "vim-data": { - "evra": "2:9.1.785-1.fc41.noarch", + "evra": "2:9.1.825-1.fc41.noarch", "metadata": { "sourcerpm": "vim" } }, "vim-minimal": { - "evra": "2:9.1.785-1.fc41.aarch64", + "evra": "2:9.1.825-1.fc41.aarch64", "metadata": { "sourcerpm": "vim" } }, "wasmedge-rt": { - "evra": "0.14.0-3.fc41.aarch64", + "evra": "0.14.1-1.fc41.aarch64", "metadata": { "sourcerpm": "wasmedge" } @@ -2618,19 +2618,16 @@ } }, "metadata": { - "generated": "2024-10-27T00:00:00Z", + "generated": "2024-11-07T00:00:00Z", "rpmmd_repos": { - "fedora-candidate-compose": { + "fedora": { "generated": "2024-10-24T13:55:58Z" }, "fedora-coreos-pool": { - "generated": "2024-10-27T02:50:50Z" - }, - "fedora-next": { - "generated": "2024-10-25T08:41:17Z" + "generated": "2024-11-07T18:32:31Z" }, - "fedora-next-updates": { - "generated": "2024-10-27T20:24:41Z" + "fedora-updates": { + "generated": "2024-11-07T02:11:09Z" } } } diff --git a/manifest-lock.overrides.aarch64.yaml b/manifest-lock.overrides.aarch64.yaml deleted file mode 100644 index 4dc319306b..0000000000 --- a/manifest-lock.overrides.aarch64.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This lockfile should be used to pin to a package version (`type: pin`) or to -# fast-track packages ahead of Bodhi (`type: fast-track`). Fast-tracked -# packages will automatically be removed once they are in the stable repos. -# -# IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* -# include a URL in the `metadata.reason` key. Overrides of type `fast-track` -# *should* include a Bodhi update URL in the `metadata.bodhi` key and a URL -# in the `metadata.reason` key, though it's acceptable to omit a `reason` -# for FCOS-specific packages (ignition, afterburn, etc.). - -packages: - grub2-common: - evra: 1:2.12-10.fc41.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-tools: - evra: 1:2.12-10.fc41.aarch64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-tools-minimal: - evra: 1:2.12-10.fc41.aarch64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-efi-aa64: - evra: 1:2.12-10.fc41.aarch64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track diff --git a/manifest-lock.overrides.ppc64le.yaml b/manifest-lock.overrides.ppc64le.yaml deleted file mode 100644 index f3a775b1dc..0000000000 --- a/manifest-lock.overrides.ppc64le.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# This lockfile should be used to pin to a package version (`type: pin`) or to -# fast-track packages ahead of Bodhi (`type: fast-track`). Fast-tracked -# packages will automatically be removed once they are in the stable repos. -# -# IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* -# include a URL in the `metadata.reason` key. Overrides of type `fast-track` -# *should* include a Bodhi update URL in the `metadata.bodhi` key and a URL -# in the `metadata.reason` key, though it's acceptable to omit a `reason` -# for FCOS-specific packages (ignition, afterburn, etc.). - -packages: - grub2-common: - evra: 1:2.12-10.fc41.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-tools: - evra: 1:2.12-10.fc41.ppc64le - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-tools-minimal: - evra: 1:2.12-10.fc41.ppc64le - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-ppc64le: - evra: 1:2.12-10.fc41.ppc64le - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-ppc64le-modules: - evra: 1:2.12-10.fc41.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track diff --git a/manifest-lock.overrides.x86_64.yaml b/manifest-lock.overrides.x86_64.yaml deleted file mode 100644 index ef7bc31e0a..0000000000 --- a/manifest-lock.overrides.x86_64.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# This lockfile should be used to pin to a package version (`type: pin`) or to -# fast-track packages ahead of Bodhi (`type: fast-track`). Fast-tracked -# packages will automatically be removed once they are in the stable repos. -# -# IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must* -# include a URL in the `metadata.reason` key. Overrides of type `fast-track` -# *should* include a Bodhi update URL in the `metadata.bodhi` key and a URL -# in the `metadata.reason` key, though it's acceptable to omit a `reason` -# for FCOS-specific packages (ignition, afterburn, etc.). - -packages: - grub2-common: - evra: 1:2.12-10.fc41.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-tools: - evra: 1:2.12-10.fc41.x86_64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-tools-minimal: - evra: 1:2.12-10.fc41.x86_64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-efi-x64: - evra: 1:2.12-10.fc41.x86_64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-pc-modules: - evra: 1:2.12-10.fc41.noarch - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track - grub2-pc: - evra: 1:2.12-10.fc41.x86_64 - metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7d58433dd5 - reason: https://github.com/coreos/fedora-coreos-tracker/issues/1802 - type: fast-track diff --git a/manifest-lock.ppc64le.json b/manifest-lock.ppc64le.json index 5c32403fa6..e90bb919a1 100644 --- a/manifest-lock.ppc64le.json +++ b/manifest-lock.ppc64le.json @@ -31,13 +31,13 @@ } }, "WALinuxAgent-udev": { - "evra": "2.11.1.4-8.fc41.noarch", + "evra": "2.11.1.12-1.fc41.noarch", "metadata": { "sourcerpm": "WALinuxAgent" } }, "aardvark-dns": { - "evra": "2:1.12.2-2.fc41.ppc64le", + "evra": "2:1.13.0-1.fc41.ppc64le", "metadata": { "sourcerpm": "aardvark-dns" } @@ -379,13 +379,13 @@ } }, "crun": { - "evra": "1.18-1.fc41.ppc64le", + "evra": "1.18.1-1.fc41.ppc64le", "metadata": { "sourcerpm": "crun" } }, "crypto-policies": { - "evra": "20241010-1.git8baf557.fc41.noarch", + "evra": "20241029-1.git8baf557.fc41.noarch", "metadata": { "sourcerpm": "crypto-policies" } @@ -553,19 +553,19 @@ } }, "elfutils-default-yama-scope": { - "evra": "0.192-4.fc41.noarch", + "evra": "0.192-5.fc41.noarch", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libelf": { - "evra": "0.192-4.fc41.ppc64le", + "evra": "0.192-5.fc41.ppc64le", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libs": { - "evra": "0.192-4.fc41.ppc64le", + "evra": "0.192-5.fc41.ppc64le", "metadata": { "sourcerpm": "elfutils" } @@ -589,19 +589,19 @@ } }, "fedora-release-common": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-identity-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } @@ -757,25 +757,25 @@ } }, "glibc": { - "evra": "2.40-3.fc41.ppc64le", + "evra": "2.40-9.fc41.ppc64le", "metadata": { "sourcerpm": "glibc" } }, "glibc-common": { - "evra": "2.40-3.fc41.ppc64le", + "evra": "2.40-9.fc41.ppc64le", "metadata": { "sourcerpm": "glibc" } }, "glibc-gconv-extra": { - "evra": "2.40-3.fc41.ppc64le", + "evra": "2.40-9.fc41.ppc64le", "metadata": { "sourcerpm": "glibc" } }, "glibc-minimal-langpack": { - "evra": "2.40-3.fc41.ppc64le", + "evra": "2.40-9.fc41.ppc64le", "metadata": { "sourcerpm": "glibc" } @@ -853,7 +853,7 @@ } }, "hwdata": { - "evra": "0.388-1.fc41.noarch", + "evra": "0.389-1.fc41.noarch", "metadata": { "sourcerpm": "hwdata" } @@ -1021,25 +1021,25 @@ } }, "kernel": { - "evra": "6.11.5-300.fc41.ppc64le", + "evra": "6.11.6-300.fc41.ppc64le", "metadata": { "sourcerpm": "kernel" } }, "kernel-core": { - "evra": "6.11.5-300.fc41.ppc64le", + "evra": "6.11.6-300.fc41.ppc64le", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules": { - "evra": "6.11.5-300.fc41.ppc64le", + "evra": "6.11.6-300.fc41.ppc64le", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules-core": { - "evra": "6.11.5-300.fc41.ppc64le", + "evra": "6.11.6-300.fc41.ppc64le", "metadata": { "sourcerpm": "kernel" } @@ -1081,7 +1081,7 @@ } }, "krb5-libs": { - "evra": "1.21.3-2.fc41.ppc64le", + "evra": "1.21.3-3.fc41.ppc64le", "metadata": { "sourcerpm": "krb5" } @@ -1141,7 +1141,7 @@ } }, "libbpf": { - "evra": "2:1.4.6-1.fc41.ppc64le", + "evra": "2:1.4.7-1.fc41.ppc64le", "metadata": { "sourcerpm": "libbpf" } @@ -1429,13 +1429,13 @@ } }, "libnl3": { - "evra": "3.10.0-1.fc41.ppc64le", + "evra": "3.11.0-1.fc41.ppc64le", "metadata": { "sourcerpm": "libnl3" } }, "libnl3-cli": { - "evra": "3.10.0-1.fc41.ppc64le", + "evra": "3.11.0-1.fc41.ppc64le", "metadata": { "sourcerpm": "libnl3" } @@ -1657,7 +1657,7 @@ } }, "libusb1": { - "evra": "1.0.27-3.fc41.ppc64le", + "evra": "1.0.27-4.fc41.ppc64le", "metadata": { "sourcerpm": "libusb1" } @@ -1693,7 +1693,7 @@ } }, "libxcrypt": { - "evra": "4.4.36-7.fc41.ppc64le", + "evra": "4.4.36-8.fc41.ppc64le", "metadata": { "sourcerpm": "libxcrypt" } @@ -1789,7 +1789,7 @@ } }, "makedumpfile": { - "evra": "1.7.5-13.fc41.ppc64le", + "evra": "1.7.6-1.fc41.ppc64le", "metadata": { "sourcerpm": "makedumpfile" } @@ -1855,7 +1855,7 @@ } }, "netavark": { - "evra": "2:1.12.2-1.fc41.ppc64le", + "evra": "2:1.13.0-1.fc41.ppc64le", "metadata": { "sourcerpm": "netavark" } @@ -1903,7 +1903,7 @@ } }, "numactl-libs": { - "evra": "2.0.18-2.fc41.ppc64le", + "evra": "2.0.19-1.fc41.ppc64le", "metadata": { "sourcerpm": "numactl" } @@ -1969,19 +1969,19 @@ } }, "ostree": { - "evra": "2024.8-1.fc41.ppc64le", + "evra": "2024.8-3.fc41.ppc64le", "metadata": { "sourcerpm": "ostree" } }, "ostree-grub2": { - "evra": "2024.8-1.fc41.ppc64le", + "evra": "2024.8-3.fc41.ppc64le", "metadata": { "sourcerpm": "ostree" } }, "ostree-libs": { - "evra": "2024.8-1.fc41.ppc64le", + "evra": "2024.8-3.fc41.ppc64le", "metadata": { "sourcerpm": "ostree" } @@ -1999,13 +1999,13 @@ } }, "pam": { - "evra": "1.6.1-5.fc41.ppc64le", + "evra": "1.6.1-6.fc41.ppc64le", "metadata": { "sourcerpm": "pam" } }, "pam-libs": { - "evra": "1.6.1-5.fc41.ppc64le", + "evra": "1.6.1-6.fc41.ppc64le", "metadata": { "sourcerpm": "pam" } @@ -2017,13 +2017,13 @@ } }, "passt": { - "evra": "0^20240906.g6b38f07-1.fc41.ppc64le", + "evra": "0^20241030.gee7d0b6-1.fc41.ppc64le", "metadata": { "sourcerpm": "passt" } }, "passt-selinux": { - "evra": "0^20240906.g6b38f07-1.fc41.noarch", + "evra": "0^20241030.gee7d0b6-1.fc41.noarch", "metadata": { "sourcerpm": "passt" } @@ -2089,13 +2089,13 @@ } }, "polkit": { - "evra": "125-1.fc41.ppc64le", + "evra": "125-1.fc41.1.ppc64le", "metadata": { "sourcerpm": "polkit" } }, "polkit-libs": { - "evra": "125-1.fc41.ppc64le", + "evra": "125-1.fc41.1.ppc64le", "metadata": { "sourcerpm": "polkit" } @@ -2245,13 +2245,13 @@ } }, "selinux-policy": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } }, "selinux-policy-targeted": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } @@ -2311,7 +2311,7 @@ } }, "slirp4netns": { - "evra": "1.2.2-3.fc41.ppc64le", + "evra": "1.3.1-1.fc41.ppc64le", "metadata": { "sourcerpm": "slirp4netns" } @@ -2515,13 +2515,13 @@ } }, "vim-data": { - "evra": "2:9.1.785-1.fc41.noarch", + "evra": "2:9.1.825-1.fc41.noarch", "metadata": { "sourcerpm": "vim" } }, "vim-minimal": { - "evra": "2:9.1.785-1.fc41.ppc64le", + "evra": "2:9.1.825-1.fc41.ppc64le", "metadata": { "sourcerpm": "vim" } @@ -2600,19 +2600,16 @@ } }, "metadata": { - "generated": "2024-10-27T00:00:00Z", + "generated": "2024-11-07T00:00:00Z", "rpmmd_repos": { - "fedora-candidate-compose": { + "fedora": { "generated": "2024-10-24T13:55:58Z" }, "fedora-coreos-pool": { - "generated": "2024-10-27T02:47:53Z" - }, - "fedora-next": { - "generated": "2024-10-25T08:41:17Z" + "generated": "2024-11-07T18:29:52Z" }, - "fedora-next-updates": { - "generated": "2024-10-27T20:24:42Z" + "fedora-updates": { + "generated": "2024-11-07T02:11:10Z" } } } diff --git a/manifest-lock.s390x.json b/manifest-lock.s390x.json index 1a7d5094a7..de9512bcf7 100644 --- a/manifest-lock.s390x.json +++ b/manifest-lock.s390x.json @@ -31,13 +31,13 @@ } }, "WALinuxAgent-udev": { - "evra": "2.11.1.4-8.fc41.noarch", + "evra": "2.11.1.12-1.fc41.noarch", "metadata": { "sourcerpm": "WALinuxAgent" } }, "aardvark-dns": { - "evra": "2:1.12.2-2.fc41.s390x", + "evra": "2:1.13.0-1.fc41.s390x", "metadata": { "sourcerpm": "aardvark-dns" } @@ -373,13 +373,13 @@ } }, "crun": { - "evra": "1.18-1.fc41.s390x", + "evra": "1.18.1-1.fc41.s390x", "metadata": { "sourcerpm": "crun" } }, "crypto-policies": { - "evra": "20241010-1.git8baf557.fc41.noarch", + "evra": "20241029-1.git8baf557.fc41.noarch", "metadata": { "sourcerpm": "crypto-policies" } @@ -547,19 +547,19 @@ } }, "elfutils-default-yama-scope": { - "evra": "0.192-4.fc41.noarch", + "evra": "0.192-5.fc41.noarch", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libelf": { - "evra": "0.192-4.fc41.s390x", + "evra": "0.192-5.fc41.s390x", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libs": { - "evra": "0.192-4.fc41.s390x", + "evra": "0.192-5.fc41.s390x", "metadata": { "sourcerpm": "elfutils" } @@ -583,19 +583,19 @@ } }, "fedora-release-common": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-identity-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } @@ -733,25 +733,25 @@ } }, "glibc": { - "evra": "2.40-3.fc41.s390x", + "evra": "2.40-9.fc41.s390x", "metadata": { "sourcerpm": "glibc" } }, "glibc-common": { - "evra": "2.40-3.fc41.s390x", + "evra": "2.40-9.fc41.s390x", "metadata": { "sourcerpm": "glibc" } }, "glibc-gconv-extra": { - "evra": "2.40-3.fc41.s390x", + "evra": "2.40-9.fc41.s390x", "metadata": { "sourcerpm": "glibc" } }, "glibc-minimal-langpack": { - "evra": "2.40-3.fc41.s390x", + "evra": "2.40-9.fc41.s390x", "metadata": { "sourcerpm": "glibc" } @@ -799,7 +799,7 @@ } }, "hwdata": { - "evra": "0.388-1.fc41.noarch", + "evra": "0.389-1.fc41.noarch", "metadata": { "sourcerpm": "hwdata" } @@ -961,25 +961,25 @@ } }, "kernel": { - "evra": "6.11.5-300.fc41.s390x", + "evra": "6.11.6-300.fc41.s390x", "metadata": { "sourcerpm": "kernel" } }, "kernel-core": { - "evra": "6.11.5-300.fc41.s390x", + "evra": "6.11.6-300.fc41.s390x", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules": { - "evra": "6.11.5-300.fc41.s390x", + "evra": "6.11.6-300.fc41.s390x", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules-core": { - "evra": "6.11.5-300.fc41.s390x", + "evra": "6.11.6-300.fc41.s390x", "metadata": { "sourcerpm": "kernel" } @@ -1021,7 +1021,7 @@ } }, "krb5-libs": { - "evra": "1.21.3-2.fc41.s390x", + "evra": "1.21.3-3.fc41.s390x", "metadata": { "sourcerpm": "krb5" } @@ -1075,7 +1075,7 @@ } }, "libbpf": { - "evra": "2:1.4.6-1.fc41.s390x", + "evra": "2:1.4.7-1.fc41.s390x", "metadata": { "sourcerpm": "libbpf" } @@ -1363,13 +1363,13 @@ } }, "libnl3": { - "evra": "3.10.0-1.fc41.s390x", + "evra": "3.11.0-1.fc41.s390x", "metadata": { "sourcerpm": "libnl3" } }, "libnl3-cli": { - "evra": "3.10.0-1.fc41.s390x", + "evra": "3.11.0-1.fc41.s390x", "metadata": { "sourcerpm": "libnl3" } @@ -1573,7 +1573,7 @@ } }, "libusb1": { - "evra": "1.0.27-3.fc41.s390x", + "evra": "1.0.27-4.fc41.s390x", "metadata": { "sourcerpm": "libusb1" } @@ -1609,7 +1609,7 @@ } }, "libxcrypt": { - "evra": "4.4.36-7.fc41.s390x", + "evra": "4.4.36-8.fc41.s390x", "metadata": { "sourcerpm": "libxcrypt" } @@ -1705,7 +1705,7 @@ } }, "makedumpfile": { - "evra": "1.7.5-13.fc41.s390x", + "evra": "1.7.6-1.fc41.s390x", "metadata": { "sourcerpm": "makedumpfile" } @@ -1771,7 +1771,7 @@ } }, "netavark": { - "evra": "2:1.12.2-1.fc41.s390x", + "evra": "2:1.13.0-1.fc41.s390x", "metadata": { "sourcerpm": "netavark" } @@ -1873,13 +1873,13 @@ } }, "ostree": { - "evra": "2024.8-1.fc41.s390x", + "evra": "2024.8-3.fc41.s390x", "metadata": { "sourcerpm": "ostree" } }, "ostree-libs": { - "evra": "2024.8-1.fc41.s390x", + "evra": "2024.8-3.fc41.s390x", "metadata": { "sourcerpm": "ostree" } @@ -1897,13 +1897,13 @@ } }, "pam": { - "evra": "1.6.1-5.fc41.s390x", + "evra": "1.6.1-6.fc41.s390x", "metadata": { "sourcerpm": "pam" } }, "pam-libs": { - "evra": "1.6.1-5.fc41.s390x", + "evra": "1.6.1-6.fc41.s390x", "metadata": { "sourcerpm": "pam" } @@ -1915,13 +1915,13 @@ } }, "passt": { - "evra": "0^20240906.g6b38f07-1.fc41.s390x", + "evra": "0^20241030.gee7d0b6-1.fc41.s390x", "metadata": { "sourcerpm": "passt" } }, "passt-selinux": { - "evra": "0^20240906.g6b38f07-1.fc41.noarch", + "evra": "0^20241030.gee7d0b6-1.fc41.noarch", "metadata": { "sourcerpm": "passt" } @@ -1987,13 +1987,13 @@ } }, "polkit": { - "evra": "125-1.fc41.s390x", + "evra": "125-1.fc41.1.s390x", "metadata": { "sourcerpm": "polkit" } }, "polkit-libs": { - "evra": "125-1.fc41.s390x", + "evra": "125-1.fc41.1.s390x", "metadata": { "sourcerpm": "polkit" } @@ -2137,13 +2137,13 @@ } }, "selinux-policy": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } }, "selinux-policy-targeted": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } @@ -2197,7 +2197,7 @@ } }, "slirp4netns": { - "evra": "1.2.2-3.fc41.s390x", + "evra": "1.3.1-1.fc41.s390x", "metadata": { "sourcerpm": "slirp4netns" } @@ -2407,13 +2407,13 @@ } }, "vim-data": { - "evra": "2:9.1.785-1.fc41.noarch", + "evra": "2:9.1.825-1.fc41.noarch", "metadata": { "sourcerpm": "vim" } }, "vim-minimal": { - "evra": "2:9.1.785-1.fc41.s390x", + "evra": "2:9.1.825-1.fc41.s390x", "metadata": { "sourcerpm": "vim" } @@ -2492,19 +2492,16 @@ } }, "metadata": { - "generated": "2024-10-27T00:00:00Z", + "generated": "2024-11-07T00:00:00Z", "rpmmd_repos": { - "fedora-candidate-compose": { + "fedora": { "generated": "2024-10-24T13:55:55Z" }, "fedora-coreos-pool": { - "generated": "2024-10-27T02:46:42Z" - }, - "fedora-next": { - "generated": "2024-10-25T08:41:17Z" + "generated": "2024-11-07T18:29:18Z" }, - "fedora-next-updates": { - "generated": "2024-10-27T20:24:43Z" + "fedora-updates": { + "generated": "2024-11-07T02:11:12Z" } } } diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index 68b0c3b9ba..d95fd9a82b 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -31,13 +31,13 @@ } }, "WALinuxAgent-udev": { - "evra": "2.11.1.4-8.fc41.noarch", + "evra": "2.11.1.12-1.fc41.noarch", "metadata": { "sourcerpm": "WALinuxAgent" } }, "aardvark-dns": { - "evra": "2:1.12.2-2.fc41.x86_64", + "evra": "2:1.13.0-1.fc41.x86_64", "metadata": { "sourcerpm": "aardvark-dns" } @@ -379,19 +379,19 @@ } }, "crun": { - "evra": "1.18-1.fc41.x86_64", + "evra": "1.18.1-1.fc41.x86_64", "metadata": { "sourcerpm": "crun" } }, "crun-wasm": { - "evra": "1.18-1.fc41.x86_64", + "evra": "1.18.1-1.fc41.x86_64", "metadata": { "sourcerpm": "crun" } }, "crypto-policies": { - "evra": "20241010-1.git8baf557.fc41.noarch", + "evra": "20241029-1.git8baf557.fc41.noarch", "metadata": { "sourcerpm": "crypto-policies" } @@ -577,19 +577,19 @@ } }, "elfutils-default-yama-scope": { - "evra": "0.192-4.fc41.noarch", + "evra": "0.192-5.fc41.noarch", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libelf": { - "evra": "0.192-4.fc41.x86_64", + "evra": "0.192-5.fc41.x86_64", "metadata": { "sourcerpm": "elfutils" } }, "elfutils-libs": { - "evra": "0.192-4.fc41.x86_64", + "evra": "0.192-5.fc41.x86_64", "metadata": { "sourcerpm": "elfutils" } @@ -613,19 +613,19 @@ } }, "fedora-release-common": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } }, "fedora-release-identity-coreos": { - "evra": "41-25.noarch", + "evra": "41-27.noarch", "metadata": { "sourcerpm": "fedora-release" } @@ -781,25 +781,25 @@ } }, "glibc": { - "evra": "2.40-3.fc41.x86_64", + "evra": "2.40-9.fc41.x86_64", "metadata": { "sourcerpm": "glibc" } }, "glibc-common": { - "evra": "2.40-3.fc41.x86_64", + "evra": "2.40-9.fc41.x86_64", "metadata": { "sourcerpm": "glibc" } }, "glibc-gconv-extra": { - "evra": "2.40-3.fc41.x86_64", + "evra": "2.40-9.fc41.x86_64", "metadata": { "sourcerpm": "glibc" } }, "glibc-minimal-langpack": { - "evra": "2.40-3.fc41.x86_64", + "evra": "2.40-9.fc41.x86_64", "metadata": { "sourcerpm": "glibc" } @@ -889,7 +889,7 @@ } }, "hwdata": { - "evra": "0.388-1.fc41.noarch", + "evra": "0.389-1.fc41.noarch", "metadata": { "sourcerpm": "hwdata" } @@ -1057,25 +1057,25 @@ } }, "kernel": { - "evra": "6.11.5-300.fc41.x86_64", + "evra": "6.11.6-300.fc41.x86_64", "metadata": { "sourcerpm": "kernel" } }, "kernel-core": { - "evra": "6.11.5-300.fc41.x86_64", + "evra": "6.11.6-300.fc41.x86_64", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules": { - "evra": "6.11.5-300.fc41.x86_64", + "evra": "6.11.6-300.fc41.x86_64", "metadata": { "sourcerpm": "kernel" } }, "kernel-modules-core": { - "evra": "6.11.5-300.fc41.x86_64", + "evra": "6.11.6-300.fc41.x86_64", "metadata": { "sourcerpm": "kernel" } @@ -1117,7 +1117,7 @@ } }, "krb5-libs": { - "evra": "1.21.3-2.fc41.x86_64", + "evra": "1.21.3-3.fc41.x86_64", "metadata": { "sourcerpm": "krb5" } @@ -1171,7 +1171,7 @@ } }, "libbpf": { - "evra": "2:1.4.6-1.fc41.x86_64", + "evra": "2:1.4.7-1.fc41.x86_64", "metadata": { "sourcerpm": "libbpf" } @@ -1459,13 +1459,13 @@ } }, "libnl3": { - "evra": "3.10.0-1.fc41.x86_64", + "evra": "3.11.0-1.fc41.x86_64", "metadata": { "sourcerpm": "libnl3" } }, "libnl3-cli": { - "evra": "3.10.0-1.fc41.x86_64", + "evra": "3.11.0-1.fc41.x86_64", "metadata": { "sourcerpm": "libnl3" } @@ -1675,7 +1675,7 @@ } }, "libusb1": { - "evra": "1.0.27-3.fc41.x86_64", + "evra": "1.0.27-4.fc41.x86_64", "metadata": { "sourcerpm": "libusb1" } @@ -1711,7 +1711,7 @@ } }, "libxcrypt": { - "evra": "4.4.36-7.fc41.x86_64", + "evra": "4.4.36-8.fc41.x86_64", "metadata": { "sourcerpm": "libxcrypt" } @@ -1819,7 +1819,7 @@ } }, "makedumpfile": { - "evra": "1.7.5-13.fc41.x86_64", + "evra": "1.7.6-1.fc41.x86_64", "metadata": { "sourcerpm": "makedumpfile" } @@ -1897,7 +1897,7 @@ } }, "netavark": { - "evra": "2:1.12.2-1.fc41.x86_64", + "evra": "2:1.13.0-1.fc41.x86_64", "metadata": { "sourcerpm": "netavark" } @@ -1945,7 +1945,7 @@ } }, "numactl-libs": { - "evra": "2.0.18-2.fc41.x86_64", + "evra": "2.0.19-1.fc41.x86_64", "metadata": { "sourcerpm": "numactl" } @@ -2011,13 +2011,13 @@ } }, "ostree": { - "evra": "2024.8-1.fc41.x86_64", + "evra": "2024.8-3.fc41.x86_64", "metadata": { "sourcerpm": "ostree" } }, "ostree-libs": { - "evra": "2024.8-1.fc41.x86_64", + "evra": "2024.8-3.fc41.x86_64", "metadata": { "sourcerpm": "ostree" } @@ -2035,13 +2035,13 @@ } }, "pam": { - "evra": "1.6.1-5.fc41.x86_64", + "evra": "1.6.1-6.fc41.x86_64", "metadata": { "sourcerpm": "pam" } }, "pam-libs": { - "evra": "1.6.1-5.fc41.x86_64", + "evra": "1.6.1-6.fc41.x86_64", "metadata": { "sourcerpm": "pam" } @@ -2053,13 +2053,13 @@ } }, "passt": { - "evra": "0^20240906.g6b38f07-1.fc41.x86_64", + "evra": "0^20241030.gee7d0b6-1.fc41.x86_64", "metadata": { "sourcerpm": "passt" } }, "passt-selinux": { - "evra": "0^20240906.g6b38f07-1.fc41.noarch", + "evra": "0^20241030.gee7d0b6-1.fc41.noarch", "metadata": { "sourcerpm": "passt" } @@ -2125,13 +2125,13 @@ } }, "polkit": { - "evra": "125-1.fc41.x86_64", + "evra": "125-1.fc41.1.x86_64", "metadata": { "sourcerpm": "polkit" } }, "polkit-libs": { - "evra": "125-1.fc41.x86_64", + "evra": "125-1.fc41.1.x86_64", "metadata": { "sourcerpm": "polkit" } @@ -2263,13 +2263,13 @@ } }, "selinux-policy": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } }, "selinux-policy-targeted": { - "evra": "41.23-1.fc41.noarch", + "evra": "41.24-1.fc41.noarch", "metadata": { "sourcerpm": "selinux-policy" } @@ -2329,7 +2329,7 @@ } }, "slirp4netns": { - "evra": "1.2.2-3.fc41.x86_64", + "evra": "1.3.1-1.fc41.x86_64", "metadata": { "sourcerpm": "slirp4netns" } @@ -2539,19 +2539,19 @@ } }, "vim-data": { - "evra": "2:9.1.785-1.fc41.noarch", + "evra": "2:9.1.825-1.fc41.noarch", "metadata": { "sourcerpm": "vim" } }, "vim-minimal": { - "evra": "2:9.1.785-1.fc41.x86_64", + "evra": "2:9.1.825-1.fc41.x86_64", "metadata": { "sourcerpm": "vim" } }, "wasmedge-rt": { - "evra": "0.14.0-3.fc41.x86_64", + "evra": "0.14.1-1.fc41.x86_64", "metadata": { "sourcerpm": "wasmedge" } @@ -2630,19 +2630,16 @@ } }, "metadata": { - "generated": "2024-10-27T00:00:00Z", + "generated": "2024-11-07T00:00:00Z", "rpmmd_repos": { - "fedora-candidate-compose": { + "fedora": { "generated": "2024-10-24T13:55:59Z" }, "fedora-coreos-pool": { - "generated": "2024-10-27T02:49:49Z" - }, - "fedora-next": { - "generated": "2024-10-25T08:41:19Z" + "generated": "2024-11-07T18:32:20Z" }, - "fedora-next-updates": { - "generated": "2024-10-27T20:24:43Z" + "fedora-updates": { + "generated": "2024-11-07T02:11:13Z" } } } diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.service index a9dd23f565..42c8a59b34 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.service @@ -16,5 +16,7 @@ Before=ignition-fetch-offline.service [Service] Type=oneshot +# Set to slave so rw remounting of /usr won't be for other units +MountFlags=slave RemainAfterExit=yes ExecStart=/usr/sbin/coreos-secex-ignition-prepare diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh index 018c640258..e42d655d22 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-secex-ignition-prepare.sh @@ -15,6 +15,12 @@ cleanup() { trap cleanup EXIT +# Fedora 41 comes with systemd-256, where /usr is read-only during initramfs time. +# https://github.com/coreos/ignition/issues/1891 +if [ ! -w /usr ]; then + mount -o rw,remount /usr +fi + # copy base Secure Execution config (enables LUKS+dm-verity for boot and root partitions) cp /usr/lib/coreos/01-secex.ign /usr/lib/ignition/base.d/01-secex.ign diff --git a/overlay.d/07fix-selinux-labels/usr/lib/systemd/system/coreos-fix-selinux-labels.service b/overlay.d/07fix-selinux-labels/usr/lib/systemd/system/coreos-fix-selinux-labels.service index f483c8444a..02f9c6fba2 100644 --- a/overlay.d/07fix-selinux-labels/usr/lib/systemd/system/coreos-fix-selinux-labels.service +++ b/overlay.d/07fix-selinux-labels/usr/lib/systemd/system/coreos-fix-selinux-labels.service @@ -3,6 +3,9 @@ Description=Fix mislabeled or unlabeled SELinux contexts on files Documentation=https://github.com/coreos/fedora-coreos-tracker/issues/1771 Documentation=https://github.com/coreos/fedora-coreos-tracker/issues/1772 ConditionPathExists=!/var/lib/coreos-fix-selinux-labels.stamp +# Run before zincati so we're not creating new files on the filesystem +# while we are fixing labels on existing files. +Before=zincati.service [Service] Type=oneshot @@ -11,9 +14,6 @@ ExecStartPre=/bin/touch /var/lib/coreos-fix-selinux-labels.stamp ExecStart=/usr/libexec/coreos-fix-selinux-labels RemainAfterExit=yes MountFlags=slave -# Run before zincati so we're not creating new files on the filesystem -# while we are fixing labels on existing files. -Before=zincati.service [Install] WantedBy=multi-user.target diff --git a/tests/kola/boot/bootupd-validate b/tests/kola/boot/bootupd-validate new file mode 100755 index 0000000000..fca0f9a443 --- /dev/null +++ b/tests/kola/boot/bootupd-validate @@ -0,0 +1,87 @@ +#!/bin/bash +## kola: +## # bootupd does not support bootloader update on s390x +## architectures: "! s390x" +## description: Extend bootupd test to include testing adoption and updates. + +# See https://github.com/coreos/fedora-coreos-tracker/issues/1788#issuecomment-2326473398 +# Steps: +# 1) Only x64 and aarch64 have esp device +# - Overwrite an existing file in the ESP +# - Verify that `bootupctl validate` fails as expected +# 2) Remove /boot/bootupd-state.json +# 3) Run `bootupctl adopt_and_update` +# 4) Verify that validate is successful and results are expected + +set -xeuo pipefail + +# shellcheck disable=SC1091 +. "$KOLA_EXT_DATA/commonlib.sh" + +overwrite= +# only x64 and aarch64 have esp device +overwrite_file() { + case "$(arch)" in + x86_64|aarch64) + local esp_dev=$(realpath /dev/disk/by-partlabel/EFI-SYSTEM) + if [ ! -b "${esp_dev}" ]; then + fatal "can not find ${esp_dev}" + fi + mount -v "${esp_dev}" /boot/efi + local shim_file=$(find /boot/efi -name shim.efi) + if [ -z "${shim_file}" ]; then + fatal "can not find ${shim_file}" + fi + echo test > "${shim_file}" + umount -v "${esp_dev}" + overwrite=1 + ;; + *) + echo "skipped overwrite" + ;; + esac +} + +adopt_and_update() { + local state_file="/boot/bootupd-state.json" + if [ -f "${state_file}" ]; then + mount -o remount,rw /boot + rm -f ${state_file} + bootupctl adopt-and-update | grep "Adopted and updated.*" + [ ! -f "${state_file}" ] && fatal "Should find ${state_file}" + mount -o remount,ro /boot + else + fatal "could not find ${state_file}" + fi +} + +validate() { + local msg_efi="Validated: EFI" + local msg_bios="Skipped: BIOS" + + case "$(arch)" in + x86_64) + bootupctl validate | grep "${msg_bios}" + bootupctl validate | grep "${msg_efi}" + ;; + aarch64) + bootupctl validate | grep "${msg_efi}" + ;; + ppc64le) + bootupctl validate | grep "${msg_bios}" + ;; + *) + echo "skipped validate" + ;; + esac +} + +overwrite_file +if [ -n "${overwrite}" ] && bootupctl validate 2>&1; then + fatal "bootupctl validate did not fail as expected" +fi + +adopt_and_update +validate + +ok bootupctl adopt and update diff --git a/tests/kola/upgrade/extended/test.sh b/tests/kola/upgrade/extended/test.sh index 0e069e5a93..d4fada76d3 100755 --- a/tests/kola/upgrade/extended/test.sh +++ b/tests/kola/upgrade/extended/test.sh @@ -162,10 +162,34 @@ wait-for-coreos-fix-selinux-labels() { echo "Waited for coreos-fix-selinux-labels.service to finish" } +# Check if the rollback deployment has the dtb copy fix, which +# means that the dtb files should have the correct SELinux labels. +# https://github.com/coreos/fedora-coreos-tracker/issues/1808 +# +# NOTE: we can drop this once the newest barrier release for all +# streams is newer than 41.20241028.x.x. +has_dtb_cp_fix() { + # The dtb copy issue was only ever an issue ever on aarch64 + [ "$(arch)" != 'aarch64' ] && return 0 + # We have the dtb copy fix if the rollback deployment is newer than + # when the fixed ostree was included. It should be fixed in the + # next round of releases after 41.20241028. Note 41.20241028.0.0 + # is not a real build and uses `0` for the stream identifier, but + # should sort accordingly. + previous=$(rpm-ostree status --json | jq -r '.deployments[] | select(.booted == false).version') + if ! vergt $previous '41.20241028.0.0'; then + return 1 + else + return 0 + fi +} + selinux-sanity-check() { # First make sure the migrations/fix script has finished if this is the boot # where the fixes are taking place. wait-for-coreos-fix-selinux-labels + # Check to see if we have the dtb copy fix + has_dtb_cp_fix || add_dtb_exception='true' # Verify SELinux labels are sane. Migration scripts should have cleaned # up https://github.com/coreos/fedora-coreos-tracker/issues/1772 unlabeled="$(find /sysroot -context '*unlabeled_t*' -print0 | xargs --null -I{} ls -ldZ '{}')" @@ -206,8 +230,9 @@ selinux-sanity-check() { # Add in a few temporary glob exceptions # https://github.com/coreos/fedora-coreos-tracker/issues/1806 [[ "${path}" =~ /etc/selinux/targeted/active/ ]] && continue - # https://github.com/coreos/fedora-coreos-tracker/issues/1808 - [[ "${path}" =~ /boot/ostree/.*/dtb ]] && continue + if [ "${add_dtb_exception:-}" == 'true' ]; then + [[ "${path}" =~ /boot/ostree/.*/dtb ]] && continue + fi if [[ "${exceptions[$path]:-noexception}" == 'noexception' ]]; then echo "Unexpected mislabeled file found: ${path}" found="1"