/etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
means libvirtd will automatically alter all of them once it starts. Thus
RPM verification will always fail on them. Let's use a trick similar to
the default network XML and store nwfilter XMLs in /usr/share. They will
be copied into /etc in %post. Additionally the /etc files are marked as
%ghost so that they are uninstalled if the RPM package is removed.
Note that the %post script overwrites existing files with new ones on
upgrade, which is what has always been happening.
https://bugzilla.redhat.com/show_bug.cgi?id=1431581
https://bugzilla.redhat.com/show_bug.cgi?id=1378774
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
libvirt.spec.in | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 1d249851a..78c3c28e1 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1360,6 +1360,13 @@ cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \
$RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml
+
+# nwfilter files are installed in /usr/share/libvirt and copied to /etc in %post
+# to avoid verification errors on changed files in /etc
+install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/
+cp -a $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml \
+ $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/
+
# Strip auto-generated UUID - we need it generated per-install
sed -i -e "/<uuid>/d" $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml
%if ! %{with_qemu}
@@ -1586,6 +1593,17 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ;
fi
+
+%post daemon-config-nwfilter
+cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/
+# Make sure libvirt picks up the new nwfilter defininitons
+%if %{with_systemd}
+ /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||:
+%else
+ /sbin/service libvirtd condrestart > /dev/null 2>&1 || :
+%endif
+
+
%if %{with_systemd}
%triggerun -- libvirt < 0.9.4
%{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||:
@@ -1767,7 +1785,9 @@ exit 0
%{_datadir}/libvirt/networks/default.xml
%files daemon-config-nwfilter
-%{_sysconfdir}/libvirt/nwfilter/*.xml
+%dir %{_datadir}/libvirt/nwfilter/
+%{_datadir}/libvirt/nwfilter/*.xml
+%ghost %{_sysconfdir}/libvirt/nwfilter/*.xml
%files daemon-driver-interface
%{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so
--
2.12.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote: > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which > means libvirtd will automatically alter all of them once it starts. Thus > RPM verification will always fail on them. Let's use a trick similar to > the default network XML and store nwfilter XMLs in /usr/share. They will > be copied into /etc in %post. Additionally the /etc files are marked as > %ghost so that they are uninstalled if the RPM package is removed. This feels wrong to me - we don't remove any other XML files in /etc/libvirt when we uninstall the RPMs. Should we not instead mark it is %config so that RPM knows the files are liable to be changed by local admin and thus not report verification errors. > > Note that the %post script overwrites existing files with new ones on > upgrade, which is what has always been happening. > > https://bugzilla.redhat.com/show_bug.cgi?id=1431581 > https://bugzilla.redhat.com/show_bug.cgi?id=1378774 > > Signed-off-by: Jiri Denemark <jdenemar@redhat.com> > --- > libvirt.spec.in | 22 +++++++++++++++++++++- > 1 file changed, 21 insertions(+), 1 deletion(-) > > diff --git a/libvirt.spec.in b/libvirt.spec.in > index 1d249851a..78c3c28e1 100644 > --- a/libvirt.spec.in > +++ b/libvirt.spec.in > @@ -1360,6 +1360,13 @@ cp $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml \ > $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml > rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/default.xml > rm -f $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/qemu/networks/autostart/default.xml > + > +# nwfilter files are installed in /usr/share/libvirt and copied to /etc in %post > +# to avoid verification errors on changed files in /etc > +install -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/ > +cp -a $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml \ > + $RPM_BUILD_ROOT%{_datadir}/libvirt/nwfilter/ > + > # Strip auto-generated UUID - we need it generated per-install > sed -i -e "/<uuid>/d" $RPM_BUILD_ROOT%{_datadir}/libvirt/networks/default.xml > %if ! %{with_qemu} > @@ -1586,6 +1593,17 @@ if test $1 -eq 1 && test ! -f %{_sysconfdir}/libvirt/qemu/networks/default.xml ; > > fi > > + > +%post daemon-config-nwfilter > +cp %{_datadir}/libvirt/nwfilter/*.xml %{_sysconfdir}/libvirt/nwfilter/ > +# Make sure libvirt picks up the new nwfilter defininitons > +%if %{with_systemd} > + /bin/systemctl try-restart libvirtd.service >/dev/null 2>&1 ||: > +%else > + /sbin/service libvirtd condrestart > /dev/null 2>&1 || : > +%endif > + > + > %if %{with_systemd} > %triggerun -- libvirt < 0.9.4 > %{_bindir}/systemd-sysv-convert --save libvirtd >/dev/null 2>&1 ||: > @@ -1767,7 +1785,9 @@ exit 0 > %{_datadir}/libvirt/networks/default.xml > > %files daemon-config-nwfilter > -%{_sysconfdir}/libvirt/nwfilter/*.xml > +%dir %{_datadir}/libvirt/nwfilter/ > +%{_datadir}/libvirt/nwfilter/*.xml > +%ghost %{_sysconfdir}/libvirt/nwfilter/*.xml > > %files daemon-driver-interface > %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so > -- > 2.12.2 > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Apr 13, 2017 at 13:28:18 +0100, Daniel P. Berrange wrote: > On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote: > > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which > > means libvirtd will automatically alter all of them once it starts. Thus > > RPM verification will always fail on them. Let's use a trick similar to > > the default network XML and store nwfilter XMLs in /usr/share. They will > > be copied into /etc in %post. Additionally the /etc files are marked as > > %ghost so that they are uninstalled if the RPM package is removed. > > This feels wrong to me - we don't remove any other XML files in /etc/libvirt > when we uninstall the RPMs. Well, it matches what we do now. We do remove nwfilter files from /etc since our current spec file considers the nwfilter XMLs as data files. > Should we not instead mark it is %config so that RPM knows the files > are liable to be changed by local admin and thus not report > verification errors. Changing them to %config would be possible too, but this would mean *.rpmnew files would be created on every upgrade, wouldn't it? I'd say the files should not be in /etc in the first place since we don't even expect users to modify them. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Apr 13, 2017 at 02:41:42PM +0200, Jiri Denemark wrote: > On Thu, Apr 13, 2017 at 13:28:18 +0100, Daniel P. Berrange wrote: > > On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote: > > > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which > > > means libvirtd will automatically alter all of them once it starts. Thus > > > RPM verification will always fail on them. Let's use a trick similar to > > > the default network XML and store nwfilter XMLs in /usr/share. They will > > > be copied into /etc in %post. Additionally the /etc files are marked as > > > %ghost so that they are uninstalled if the RPM package is removed. > > > > This feels wrong to me - we don't remove any other XML files in /etc/libvirt > > when we uninstall the RPMs. > > Well, it matches what we do now. We do remove nwfilter files from /etc > since our current spec file considers the nwfilter XMLs as data files. Ok, I didn't realize that. ACK on the basis that it isn't worse. > > Should we not instead mark it is %config so that RPM knows the files > > are liable to be changed by local admin and thus not report > > verification errors. > > Changing them to %config would be possible too, but this would mean > *.rpmnew files would be created on every upgrade, wouldn't it? I'd say > the files should not be in /etc in the first place since we don't even > expect users to modify them. Yes, we should never have added them to /etc by default, but I don't see a viable way to stop that now without breaking apps like openstack which assume they exist there. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Apr 19, 2017 at 10:31:17 +0100, Daniel P. Berrange wrote: > On Thu, Apr 13, 2017 at 02:41:42PM +0200, Jiri Denemark wrote: > > On Thu, Apr 13, 2017 at 13:28:18 +0100, Daniel P. Berrange wrote: > > > On Thu, Apr 13, 2017 at 02:23:08PM +0200, Jiri Denemark wrote: > > > > /etc/libvirt/nwfilter/*.xml files are installed with no UUID, which > > > > means libvirtd will automatically alter all of them once it starts. Thus > > > > RPM verification will always fail on them. Let's use a trick similar to > > > > the default network XML and store nwfilter XMLs in /usr/share. They will > > > > be copied into /etc in %post. Additionally the /etc files are marked as > > > > %ghost so that they are uninstalled if the RPM package is removed. > > > > > > This feels wrong to me - we don't remove any other XML files in /etc/libvirt > > > when we uninstall the RPMs. > > > > Well, it matches what we do now. We do remove nwfilter files from /etc > > since our current spec file considers the nwfilter XMLs as data files. > > Ok, I didn't realize that. ACK on the basis that it isn't worse. Pushed, thanks. Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.