[libvirt] [PATCH] spec: Avoid RPM verification errors on nwfilter XMLs

Jiri Denemark posted 1 patch 6 years, 11 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/4175a4e61f68df30da78924514e086522ff9bda3.1492086188.git.jdenemar@redhat.com
libvirt.spec.in | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
[libvirt] [PATCH] spec: Avoid RPM verification errors on nwfilter XMLs
Posted by Jiri Denemark 6 years, 11 months ago
/etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
means libvirtd will automatically alter all of them once it starts. Thus
RPM verification will always fail on them. Let's use a trick similar to
the default network XML and store nwfilter XMLs in /usr/share. They will
be copied into /etc in %post. Additionally the /etc files are marked as
%ghost so that they are uninstalled if the RPM package is removed.

Note that the %post script overwrites existing files with new ones on
upgrade, which is what has always been happening.

https://bugzilla.redhat.com/show_bug.cgi?id=1431581
https://bugzilla.redhat.com/show_bug.cgi?id=1378774

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 libvirt.spec.in | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 1d249851a..78c3c28e1 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1360,6 +1360,13 @@ cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \
    $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
 rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
+
+# nwfilter files are installed in /usr/share/libvirt and copied to /etc in %post
+# to avoid verification errors on changed files in /etc
+install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/
+cp -a $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml \
+    $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/
+
 # Strip auto-generated UUID - we need it generated per-install
 sed -i -e "/<uuid>/d" $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
 %if ! %{with_qemu}
@@ -1586,6 +1593,17 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ;
 
 fi
 
+
+%post daemon-config-nwfilter
+cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
+# Make sure libvirt picks up the new nwfilter defininitons
+%if %{with_systemd}
+    /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||:
+%else
+    /sbin/service libvirtd condrestart > /dev/null 2>&1 || :
+%endif
+
+
 %if %{with_systemd}
 %triggerun -- libvirt < 0.9.4
 %{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
@@ -1767,7 +1785,9 @@ exit 0
 %{_datadir}/libvirt/networks/default.xml
 
 %files daemon-config-nwfilter
-%{_sysconfdir}/libvirt/nwfilter/*.xml
+%dir %{_datadir}/libvirt/nwfilter/
+%{_datadir}/libvirt/nwfilter/*.xml
+%ghost %{_sysconfdir}/libvirt/nwfilter/*.xml
 
 %files daemon-driver-interface
 %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
-- 
2.12.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] spec: Avoid RPM verification errors on nwfilter XMLs
Posted by Daniel P. Berrange 6 years, 11 months ago
On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote:
> /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
> means libvirtd will automatically alter all of them once it starts. Thus
> RPM verification will always fail on them. Let's use a trick similar to
> the default network XML and store nwfilter XMLs in /usr/share. They will
> be copied into /etc in %post. Additionally the /etc files are marked as
> %ghost so that they are uninstalled if the RPM package is removed.

This feels wrong to me - we don't remove any other XML files in /etc/libvirt
when we uninstall the RPMs. Should we not instead mark it is %config so that
RPM knows the files are liable to be changed by local admin and thus not
report verification errors.

> 
> Note that the %post script overwrites existing files with new ones on
> upgrade, which is what has always been happening.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1431581
> https://bugzilla.redhat.com/show_bug.cgi?id=1378774
> 
> Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
> ---
>  libvirt.spec.in | 22 +++++++++++++++++++++-
>  1 file changed, 21 insertions(+), 1 deletion(-)
> 
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 1d249851a..78c3c28e1 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1360,6 +1360,13 @@ cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \
>     $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
>  rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
>  rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
> +
> +# nwfilter files are installed in /usr/share/libvirt and copied to /etc in %post
> +# to avoid verification errors on changed files in /etc
> +install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/
> +cp -a $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml \
> +    $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/
> +
>  # Strip auto-generated UUID - we need it generated per-install
>  sed -i -e "/<uuid>/d" $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
>  %if ! %{with_qemu}
> @@ -1586,6 +1593,17 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ;
>  
>  fi
>  
> +
> +%post daemon-config-nwfilter
> +cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
> +# Make sure libvirt picks up the new nwfilter defininitons
> +%if %{with_systemd}
> +    /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||:
> +%else
> +    /sbin/service libvirtd condrestart > /dev/null 2>&1 || :
> +%endif
> +
> +
>  %if %{with_systemd}
>  %triggerun -- libvirt < 0.9.4
>  %{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
> @@ -1767,7 +1785,9 @@ exit 0
>  %{_datadir}/libvirt/networks/default.xml
>  
>  %files daemon-config-nwfilter
> -%{_sysconfdir}/libvirt/nwfilter/*.xml
> +%dir %{_datadir}/libvirt/nwfilter/
> +%{_datadir}/libvirt/nwfilter/*.xml
> +%ghost %{_sysconfdir}/libvirt/nwfilter/*.xml
>  
>  %files daemon-driver-interface
>  %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
> -- 
> 2.12.2
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] spec: Avoid RPM verification errors on nwfilter XMLs
Posted by Jiri Denemark 6 years, 11 months ago
On Thu, Apr 13, 2017 at 13:28:18 +0100, Daniel P. Berrange wrote:
> On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote:
> > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
> > means libvirtd will automatically alter all of them once it starts. Thus
> > RPM verification will always fail on them. Let's use a trick similar to
> > the default network XML and store nwfilter XMLs in /usr/share. They will
> > be copied into /etc in %post. Additionally the /etc files are marked as
> > %ghost so that they are uninstalled if the RPM package is removed.
> 
> This feels wrong to me - we don't remove any other XML files in /etc/libvirt
> when we uninstall the RPMs.

Well, it matches what we do now. We do remove nwfilter files from /etc
since our current spec file considers the nwfilter XMLs as data files.

> Should we not instead mark it is %config so that RPM knows the files
> are liable to be changed by local admin and thus not report
> verification errors.

Changing them to %config would be possible too, but this would mean
*.rpmnew files would be created on every upgrade, wouldn't it? I'd say
the files should not be in /etc in the first place since we don't even
expect users to modify them.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] spec: Avoid RPM verification errors on nwfilter XMLs
Posted by Daniel P. Berrange 6 years, 11 months ago
On Thu, Apr 13, 2017 at 02:41:42PM +0200, Jiri Denemark wrote:
> On Thu, Apr 13, 2017 at 13:28:18 +0100, Daniel P. Berrange wrote:
> > On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote:
> > > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
> > > means libvirtd will automatically alter all of them once it starts. Thus
> > > RPM verification will always fail on them. Let's use a trick similar to
> > > the default network XML and store nwfilter XMLs in /usr/share. They will
> > > be copied into /etc in %post. Additionally the /etc files are marked as
> > > %ghost so that they are uninstalled if the RPM package is removed.
> > 
> > This feels wrong to me - we don't remove any other XML files in /etc/libvirt
> > when we uninstall the RPMs.
> 
> Well, it matches what we do now. We do remove nwfilter files from /etc
> since our current spec file considers the nwfilter XMLs as data files.

Ok, I didn't realize that. ACK on the basis that it isn't worse.

> > Should we not instead mark it is %config so that RPM knows the files
> > are liable to be changed by local admin and thus not report
> > verification errors.
> 
> Changing them to %config would be possible too, but this would mean
> *.rpmnew files would be created on every upgrade, wouldn't it? I'd say
> the files should not be in /etc in the first place since we don't even
> expect users to modify them.

Yes, we should never have added them to /etc by default, but I don't see
a viable way to stop that now without breaking  apps like openstack which
assume they exist there.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] spec: Avoid RPM verification errors on nwfilter XMLs
Posted by Jiri Denemark 6 years, 11 months ago
On Wed, Apr 19, 2017 at 10:31:17 +0100, Daniel P. Berrange wrote:
> On Thu, Apr 13, 2017 at 02:41:42PM +0200, Jiri Denemark wrote:
> > On Thu, Apr 13, 2017 at 13:28:18 +0100, Daniel P. Berrange wrote:
> > > On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote:
> > > > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
> > > > means libvirtd will automatically alter all of them once it starts. Thus
> > > > RPM verification will always fail on them. Let's use a trick similar to
> > > > the default network XML and store nwfilter XMLs in /usr/share. They will
> > > > be copied into /etc in %post. Additionally the /etc files are marked as
> > > > %ghost so that they are uninstalled if the RPM package is removed.
> > > 
> > > This feels wrong to me - we don't remove any other XML files in /etc/libvirt
> > > when we uninstall the RPMs.
> > 
> > Well, it matches what we do now. We do remove nwfilter files from /etc
> > since our current spec file considers the nwfilter XMLs as data files.
> 
> Ok, I didn't realize that. ACK on the basis that it isn't worse.

Pushed, thanks.

Jirka

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list