compose: Fix --ex-unified-core devino cache (suid bits lost)

With unified core 🌐 we are *relying* on the devino cache
for correctness when using `bare-user` repos.  Otherwise lots
of bad things will happen as we won't hit the happy path from
[this libostree PR](https://github.com/ostreedev/ostree/pull/1297)
(I should probably add an assertion there that we aren't trying to commit
 `user.ostreemeta`).

It looks like I had this working in some of the old unified core WIP patches,
but it was lost when rebasing 🏄.

We noticed this when I was trying to deploy jigdo in FAHC and the system
wouldn't boot as various things rely on those suid transitions.

Closes: #1139
Approved by: jlebon
This commit is contained in:
Colin Walters 2017-12-08 14:21:04 -05:00 committed by Atomic Bot
parent 752166ce3b
commit 802c1fcb90
2 changed files with 6 additions and 1 deletions

View File

@ -431,6 +431,7 @@ install_packages_in_root (RpmOstreeTreeComposeContext *self,
return FALSE;
rpmostree_context_set_repos (self->corectx, self->repo, self->pkgcache_repo);
self->devino_cache = ostree_repo_devino_cache_new ();
rpmostree_context_set_devino_cache (self->corectx, self->devino_cache);
/* Ensure that the imported packages are labeled with *a* policy if
* possible, even if it's not the final one. This helps avoid duplicating
@ -1186,7 +1187,7 @@ impl_commit_tree (RpmOstreeTreeComposeContext *self,
/* The penultimate step, just basically `ostree commit` */
g_autofree char *new_revision = NULL;
if (!rpmostree_commit (self->rootfs_dfd, self->repo, self->ref, opt_write_commitid_to,
metadata, gpgkey, selinux, NULL,
metadata, gpgkey, selinux, self->devino_cache,
&new_revision,
cancellable, error))
return FALSE;

View File

@ -29,6 +29,10 @@ ostree --repo=${repobuild} ls -R ${treeref} /usr/share/man > manpages.txt
assert_file_has_content manpages.txt man5/ostree.repo.5
echo "ok manpages"
ostree --repo=${repobuild} ls ${treeref} /usr/bin/su > su.txt
assert_file_has_content su.txt '^-04[71][0-7][0-7]'
echo "ok setuid"
# https://github.com/projectatomic/rpm-ostree/issues/669
ostree --repo=${repobuild} ls ${treeref} /tmp > ls.txt
assert_file_has_content ls.txt 'l00777 0 0 0 /tmp -> sysroot/tmp'