Overrides don't check for shared files when removing packages

[miabbott]

Using Fedora 27 Atomic Host on the testing branch, I used rpm-ostree override replace to replace the selinux-policy and selinux-policy-targeted packages. When I rebooted into the new deployment, I was unable to query the RPM db.

# rpm-ostree status                                                          
State: idle                                                                                                                                                                                                        
Deployments:                                                                                             
● fedora-atomic:fedora/27/x86_64/testing/atomic-host                                                     
                   Version: 27.30 (2017-12-12 15:21:57)                                                  
                BaseCommit: 2575b3a0c66897d1ba10a4294a54f2e70eae16f133fd40d7883d8a1ff95430ed             
              GPGSignature: Valid signature by 860E19B0AFA800A1751881A6F55E7430F5282EE4                                                                                                                            
      ReplacedBasePackages: selinux-policy-targeted selinux-policy 3.13.1-283.17.fc27 -> 3.13.1-283.18.fc27
                                                                                                         
  fedora-atomic:fedora/27/x86_64/testing/atomic-host                                                     
                   Version: 27.30 (2017-12-12 15:21:57)                                                                                                                                                            
                    Commit: 2575b3a0c66897d1ba10a4294a54f2e70eae16f133fd40d7883d8a1ff95430ed                                                                                                                       
              GPGSignature: Valid signature by 860E19B0AFA800A1751881A6F55E7430F5282EE4                                                                                                                            

# rpm -q selinux-policy                                                                                                                                                                
error: Unable to open /usr/lib/rpm/rpmrc for reading: No such file or directory.                         

# ls -latrZ /usr/lib/rpm                                                     
total 4                                             
drwxr-xr-x.  2 root root system_u:object_r:lib_t:s0   35 Jan  1  1970 macros.d                           
dr-xr-xr-x. 32 root root system_u:object_r:lib_t:s0 4096 Jan  1  1970 ..                                 
drwxr-xr-x.  3 root root system_u:object_r:lib_t:s0   22 Jan  1  1970 .                    

$ rpm-ostree --version
rpm-ostree:
 Version: 2017.11
 Git: 51225b64a7cd417c05f950df65ad960980390a1b
 Features:
  - compose

I used the following build for the replace operation - https://bodhi.fedoraproject.org/updates/FEDORA-2017-8225c4e502

[cgwalters]

Reproduced this.

[miabbott]

I installed the version of selinux-policy on a non-AH host and did not encounter this problem.

[cgwalters]

I only briefly looked at this; I did verify that using ex override with a different package like docker did not cause this.

I also noticed that when booted into a system with this override active, trying to do anything else with the package side caused failures.

Something else I noticed:

[root@localhost ~]# diff -u /usr/lib/rpm/macros.d/macros.selinux-policy /ostree/deploy/fedora-atomic/deploy/81f18ab1168d4ddee9350b9e013f50681c63f802689007b3704317df42747cd4.0/usr/lib/rpm/macros.d/macros.selinux-policy  
--- /usr/lib/rpm/macros.d/macros.selinux-policy	1970-01-01 00:00:00.000000000 +0000
+++ /ostree/deploy/fedora-atomic/deploy/81f18ab1168d4ddee9350b9e013f50681c63f802689007b3704317df42747cd4.0/usr/lib/rpm/macros.d/macros.selinux-policy	1970-01-01 00:00:00.000000000 +0000
@@ -18,7 +18,7 @@
 
 # RPM macros for packages installing SELinux modules
 
-%_selinux_policy_version 3.13.1-283.17.fc27
+%_selinux_policy_version 3.13.1-283.18.fc27
 
 %_file_context_file %{_sysconfdir}/selinux/${SELINUXTYPE}/contexts/files/file_contexts
 %_file_context_file_pre %{_localstatedir}/lib/rpm-state/file_contexts.pre
@@ -26,6 +26,23 @@
 %_file_custom_defined_booleans %{_sharedstatedir}/selinux/${_policytype}/rpmbooleans.custom
 %_file_custom_defined_booleans_tmp %{_sharedstatedir}/selinux/${_policytype}/rpmbooleans.custom.tmp
 
+# %selinux_requires
+%selinux_requires \
+Requires: selinux-policy >= %{_selinux_policy_version} \
+BuildRequires: git \
+BuildRequires: pkgconfig(systemd) \
+BuildRequires: selinux-policy \
+BuildRequires: selinux-policy-devel \
+Requires(post): selinux-policy-base >= %{_selinux_policy_version} \
+Requires(post): libselinux-utils \
+Requires(post): policycoreutils \
+%if 0%{?fedora} \
+Requires(post): policycoreutils-python-utils \
+%else \
+Requires(post): policycoreutils-python \
+%endif \
+%{nil}
+
 # %selinux_modules_install [-s <policytype>] [-p <modulepriority>] module [module]...
 %selinux_modules_install("s:p:") \
 . /etc/selinux/config \
[root@localhost ~]# 

[cgwalters]

Offhand I wouldn't be surprised if this didn't reproduce doing a fresh "compose tree" for the result...how we handle SELinux is extraordinarily complex, things like 3d3dd37

[jlebon]

Ahh yup, I can reproduce this as well. Will take a look at it tomorrow!

[jlebon]

So, the proximate cause for this is: https://src.fedoraproject.org/rpms/selinux-policy/pull-request/8. The ultimate cause is that we don't check during replacements whether a file entry also belongs to another RPM before removing it. I started playing with librpm for how to do this, but it's turning out... more involved than I thought. Will have to get back to this.

I did check that with the patch above, doing override replace works correctly (scratch build https://koji.fedoraproject.org/koji/taskinfo?taskID=23686058). (Though note that the patch has to already be in the base tree when doing the override replace).

[cgwalters]

Shouldn't we just not remove non-empty directories or so?

[jlebon]

Now:

# rpm-ostree override replace ./selinux-policy-3.13.1-283.24.fc27.noarch.rpm ./selinux-policy-targeted-3.13.1-283.24.fc27.noarch.rpm
...
Upgraded:
  selinux-policy 3.13.1-283.21.fc27 -> 3.13.1-283.24.fc27
  selinux-policy-targeted 3.13.1-283.21.fc27 -> 3.13.1-283.24.fc27
# ls -la /ostree/deploy/fedora-atomic/deploy/8807f0d91509c8ea4ea8f8ae6d1981faf998d5a6fe5d3a313b098069298442aa.0/usr/lib/rpm
total 112
drwxr-xr-x.  5 root root  4096 Jan  1  1970 .
dr-xr-xr-x. 34 root root  4096 Jan  1  1970 ..
drwxr-xr-x.  2 root root     6 Jan  1  1970 fileattrs
-rw-r--r--.  4 root root 42651 Jan  1  1970 macros
drwxr-xr-x.  2 root root   119 Jan  1  1970 macros.d
drwxr-xr-x. 66 root root  4096 Jan  1  1970 platform
-rwxr-xr-x.  4 root root  1249 Jan  1  1970 rpm2cpio.sh
-rw-r--r--.  4 root root   296 Jan  1  1970 rpm.daily
lrwxrwxrwx.  4 root root    17 Nov 29 06:43 rpmdb_dump -> ../../bin/db_dump
lrwxrwxrwx.  4 root root    17 Nov 29 06:43 rpmdb_load -> ../../bin/db_load
-rwxr-xr-x.  4 root root  1467 Jan  1  1970 rpmdb_loadcvt
lrwxrwxrwx.  4 root root    20 Nov 29 06:43 rpmdb_recover -> ../../bin/db_recover
lrwxrwxrwx.  4 root root    17 Nov 29 06:43 rpmdb_stat -> ../../bin/db_stat
lrwxrwxrwx.  4 root root    20 Nov 29 06:43 rpmdb_upgrade -> ../../bin/db_upgrade
lrwxrwxrwx.  4 root root    19 Nov 29 06:43 rpmdb_verify -> ../../bin/db_verify
-rw-r--r--.  4 root root    61 Jan  1  1970 rpm.log
-rw-r--r--.  4 root root 10491 Jan  1  1970 rpmpopt-4.14.0
-rw-r--r--.  4 root root 17154 Jan  1  1970 rpmrc
-rw-r--r--.  4 root root   688 Jan  1  1970 rpm.supp
-rwxr-xr-x.  4 root root   929 Jan  1  1970 tgpg

\o/