Hi folks,
it's this time of the year, we should do some major filesystem surgery!
The preparations for https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin have been put in place and I want to do the rebuild of filesystem.rpm rpm.rpm, and other packages that will effectuate the merge.
What has happened so far:
1. The selinux policy has been updated to treat make /usr/sbin equivalent to /usr/bin. This is necessary to avoid selinux becoming very unhappy when paths are changed [0,1].
2. I prepped a pull request for filesystem.rpm to do the merge [2]. This is described in detail below. The patches have been tentatively acked, so I want to merge & build them, after another round of testing. Doing this will be the real beginning of the merge.
3. [3] is the counterpart for rpm; it makes rpm report that %_sbindir==%_bindir.
4. Over the last two months I submitted a bunch of dist-git pull requests with titles like "Fix build when %_bindir==%_sbindir" [e.g. 4] and "Add compat sbin Provides" [e.g. 5]. Both types are written in a way that it's safe to merge them at any time. The maintainers of those packages got notifications and a bunch got merged.
5. As a remnant of the usr-merge transition, we had a packaging rule that packages MUST use pre-usr-merge paths. It turns out that almost no packages got this right. The rule was removed in [6].
6. The packaging guidelines have been updated for the sbin-merge [7].
Big thanks to everyone who responded to the patches, made reviews and merges!
What will happen next week:
0. I'll create a side tag for the builds described below.
1. When filesystem.rpm with the patch [2] is built, new installations with that package will have /usr/sbin as a symlink. This includes buildroots. The patch for rpm [3] will we merged and built right afterwards, so that the declaration by rpm macros matches reality on disk.
2. Some packages (of those that have files in /usr/sbin) will start to FTBFS in a buildroot with merged-sbin. For example, when they cannot move %_sbindir/foo to %_bindir/foo or the other way. Patches like "Fix build when %_bindir==%_sbindir" [4] fix those cases. It's not necessary to merge them immediately, but only if the package actually needs to be rebuilt.
3. Some packages will start to FTI in an merged-sbin installation. The error looks like this: Transaction failed: Rpm transaction failed. - file /usr/sbin/sestatus conflicts between attempted installs of policycoreutils-3.6-5.fc41.x86_64 and policycoreutils-3.6-5.fc41.x86_64 - file /usr/sbin/named-checkzone conflicts between attempted installs of bind-utils-32:9.18.26-1.fc41.x86_64 and bind-utils-32:9.18.26-1.fc41.x86_64 (I guess rpm/dnf could do a slightly better error message here…)
Those packages need to rebuilt ASAP. I'll rebuild them in the side tag too, with a commit title "Rebuilt for the bin-sbin merge". In many cases, the patches to fix FTBFS will need to be applied first. In those cases, I'll merge the "Fix build" pull requests.
4. We have packages which use filepath Requires on paths in %_sbindir. Such packages will FTI when the _providing_ package is rebuilt with the new value of %_sbindir. To keep those packages working, I made a list of all such filepath dependencies in Fedora and prepared patches for the provider packages to add a virtual Provides for the old name, e.g. [5]. This means that the provider package has Provides:/usr/sbin/foo before the merge and Provides:/usr/bin/foo,/usr/sbin/foo when rebuilt after the merge.
I'll rebuild all packages that need to add the virtual Provides in the side tag too.
(In case anyone is wondering, why like this, the answer is that there are few different ways the transition could be handled, but I think this one the least painful. Dependent packages will remain installable in pre-merge and post-merge systems. This means we don't have a flag day when everything needs to be rebuilt. Also, there are many more "consumer" than provider packages so the total number of required changes is relatively small. Also, if we learn about third-party packages or other uses on the filepath provides, we can add more Provides to make the transition easier.)
Those Provides can be removed after the transition is fully complete. I think we shouldn't hurry with that, they can stay around for a few years. We still have virtual Provides for the usr-merge in many packages after all.
5. After the side tag is merged, the merge is on for users. As mentioned above, any new installations will have /bin, /sbin, and /usr/sbin symlinks to /usr/sbin. This means that paths /bin/foo, /sbin/foo, /usr/sbin/foo, and /bin/foo all point to the same file. This is the target state.
On existing installations, we'll have a bunch of packages with files and symlinks in directory /usr/sbin. filesystem.rpm has scriptlets to create symlinks from /usr/sbin/foo to /usr/bin/foo for any packaged files that were in /usr/sbin. (There is a hardcoded list.) This means that on unmerged systems, the old path continues to work, and that if a virtual Provides for the old path is provided, the old path actually continues to work.
filesystem.rpm has a virtual Provides:filesystem(unmerged-sbin-symlinks) to declare that it implements this functionality. Packages which depend on this functionality have Requires:filesystem(unmerged-sbin-symlinks).
On existing installations, as long as /usr/sbin contains real files or symlinks that don't point to /usr/bin, the system remains unmerged. As packages are rebuilt and upgraded, the number of such cases will go down. filesystem.rpm has a %posttrans scriptlet to check, and once it detects that /usr/sbin only contains symlinks to /usr/bin, it'll replace the directory itself by a symlink. At that point, we're at the target state too.
6. systemd has been patched to skip /usr/sbin and /usr/local/sbin in $PATH if those are symlinks. (Strictly speaking, this item belongs in the previous section, but its effect is not visible until after the merge is done.)
Items 1,3,4 specify packages to be rebuilt. I'll prepare an update list and send it out with a CC to maintainers sometime this week.
[0] https://github.com/fedora-selinux/selinux-policy/pull/2077 [1] https://src.fedoraproject.org/rpms/selinux-policy/c/df27da1e6e8a0247924eb968... [2] https://src.fedoraproject.org/rpms/filesystem/pull-request/11 [3] https://src.fedoraproject.org/rpms/rpm/pull-request/56 [4] https://src.fedoraproject.org/rpms/sanlock/pull-request/13 [5] https://src.fedoraproject.org/rpms/e2fsprogs/pull-request/7 [6] https://pagure.io/packaging-committee/pull-request/1355 [7] https://pagure.io/packaging-committee/pull-request/1361 [8] https://github.com/systemd/systemd/pull/32389/commits/0f36a4c897ff53eb0be3bd...
Zbyszek
On 19. 06. 24 12:34, Zbigniew Jędrzejewski-Szmek wrote:
We have packages which use filepath Requires on paths in %_sbindir. Such packages will FTI when the_providing_ package is rebuilt with the new value of %_sbindir. To keep those packages working, I made a list of all such filepath dependencies in Fedora and prepared patches for the provider packages to add a virtual Provides for the old name, e.g. [5]. This means that the provider package has Provides:/usr/sbin/foo before the merge and Provides:/usr/bin/foo,/usr/sbin/foo when rebuilt after the merge.
I'll rebuild all packages that need to add the virtual Provides in the side tag too.
So, recently I saw this:
Requires(post): %{_sbindir}/alternatives Requires(postun): %{_sbindir}/alternatives
And I checked the alternatives package (chkconfig component). It does not manually provide /usr/sbin/alternatives. There is no open pull request. Your email made it sound like this is all ready, but I don't see it.
$ repoquery -q --repo=rawhide --whatrequires /usr/sbin/alternatives | wc -l 128
So, what is the list of the packages and the prepared patches?
On Thu, Jun 20, 2024 at 02:19:57PM +0200, Miro Hrončok wrote:
On 19. 06. 24 12:34, Zbigniew Jędrzejewski-Szmek wrote:
We have packages which use filepath Requires on paths in %_sbindir. Such packages will FTI when the_providing_ package is rebuilt with the new value of %_sbindir. To keep those packages working, I made a list of all such filepath dependencies in Fedora and prepared patches for the provider packages to add a virtual Provides for the old name, e.g. [5]. This means that the provider package has Provides:/usr/sbin/foo before the merge and Provides:/usr/bin/foo,/usr/sbin/foo when rebuilt after the merge.
I'll rebuild all packages that need to add the virtual Provides in the side tag too.
So, recently I saw this:
Requires(post): %{_sbindir}/alternatives Requires(postun): %{_sbindir}/alternatives
And I checked the alternatives package (chkconfig component). It does not manually provide /usr/sbin/alternatives. There is no open pull request. Your email made it sound like this is all ready, but I don't see it.
A general clarification: for packages that were or will be "fixed" to have the new Provides, the Provides are conditionalized on %_sbindir==%_bindir, so they are NOT visible until rebuilt in a build root with the merge. So at this point in time there should be no such provides in any (binary) packages.
In the particular case of alternatives.rpm, the pull request was https://src.fedoraproject.org/rpms/chkconfig/pull-request/13, which then became https://github.com/fedora-sysv/chkconfig/pull/131.
So, what is the list of the packages and the prepared patches?
From the snipped part:
I'll prepare an updated list and send it out with a CC to maintainers sometime this week.
Zbyszek
On 20. 06. 24 22:44, Zbigniew Jędrzejewski-Szmek wrote:
In the particular case of alternatives.rpm, the pull request was https://src.fedoraproject.org/rpms/chkconfig/pull-request/13, which then becamehttps://github.com/fedora-sysv/chkconfig/pull/131.
The Fedora PR was closed. The non-Fedora PR seems merged but this has not landed in Fedora. That is why I have not found it, because it is not there, not because it is guarded by an %if. This needs to land before the merge.
<meta> Insert a general rant about upstream specfiles and not following https://docs.fedoraproject.org/en-US/packaging-guidelines/#_spec_maintenance... </meta>
On Wed, Jun 19, 2024 at 10:34:26AM +0000, Zbigniew Jędrzejewski-Szmek wrote:
Hi folks,
it's this time of the year, we should do some major filesystem surgery!
The preparations for https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin have been put in place and I want to do the rebuild of filesystem.rpm rpm.rpm, and other packages that will effectuate the merge.
What has happened so far:
The selinux policy has been updated to treat make /usr/sbin equivalent to /usr/bin. This is necessary to avoid selinux becoming very unhappy when paths are changed [0,1].
I prepped a pull request for filesystem.rpm to do the merge [2]. This is described in detail below. The patches have been tentatively acked, so I want to merge & build them, after another round of testing. Doing this will be the real beginning of the merge.
[3] is the counterpart for rpm; it makes rpm report that %_sbindir==%_bindir.
Over the last two months I submitted a bunch of dist-git pull requests with titles like "Fix build when %_bindir==%_sbindir" [e.g. 4] and "Add compat sbin Provides" [e.g. 5]. Both types are written in a way that it's safe to merge them at any time. The maintainers of those packages got notifications and a bunch got merged.
As a remnant of the usr-merge transition, we had a packaging rule that packages MUST use pre-usr-merge paths. It turns out that almost no packages got this right. The rule was removed in [6].
The packaging guidelines have been updated for the sbin-merge [7].
Big thanks to everyone who responded to the patches, made reviews and merges!
What will happen next week:
I'll create a side tag for the builds described below.
When filesystem.rpm with the patch [2] is built, new installations with that package will have /usr/sbin as a symlink. This includes buildroots. The patch for rpm [3] will we merged and built right afterwards, so that the declaration by rpm macros matches reality on disk.
Some packages (of those that have files in /usr/sbin) will start to FTBFS in a buildroot with merged-sbin. For example, when they cannot move %_sbindir/foo to %_bindir/foo or the other way. Patches like "Fix build when %_bindir==%_sbindir" [4] fix those cases. It's not necessary to merge them immediately, but only if the package actually needs to be rebuilt.
Some packages will start to FTI in an merged-sbin installation. The error looks like this: Transaction failed: Rpm transaction failed. - file /usr/sbin/sestatus conflicts between attempted installs of policycoreutils-3.6-5.fc41.x86_64 and policycoreutils-3.6-5.fc41.x86_64 - file /usr/sbin/named-checkzone conflicts between attempted installs of bind-utils-32:9.18.26-1.fc41.x86_64 and bind-utils-32:9.18.26-1.fc41.x86_64 (I guess rpm/dnf could do a slightly better error message here…)
Those packages need to rebuilt ASAP. I'll rebuild them in the side tag too, with a commit title "Rebuilt for the bin-sbin merge". In many cases, the patches to fix FTBFS will need to be applied first. In those cases, I'll merge the "Fix build" pull requests.
We have packages which use filepath Requires on paths in %_sbindir. Such packages will FTI when the _providing_ package is rebuilt with the new value of %_sbindir. To keep those packages working, I made a list of all such filepath dependencies in Fedora and prepared patches for the provider packages to add a virtual Provides for the old name, e.g. [5]. This means that the provider package has Provides:/usr/sbin/foo before the merge and Provides:/usr/bin/foo,/usr/sbin/foo when rebuilt after the merge.
I'll rebuild all packages that need to add the virtual Provides in the side tag too.
(In case anyone is wondering, why like this, the answer is that there are few different ways the transition could be handled, but I think this one the least painful. Dependent packages will remain installable in pre-merge and post-merge systems. This means we don't have a flag day when everything needs to be rebuilt. Also, there are many more "consumer" than provider packages so the total number of required changes is relatively small. Also, if we learn about third-party packages or other uses on the filepath provides, we can add more Provides to make the transition easier.)
Those Provides can be removed after the transition is fully complete. I think we shouldn't hurry with that, they can stay around for a few years. We still have virtual Provides for the usr-merge in many packages after all.
After the side tag is merged, the merge is on for users. As mentioned above, any new installations will have /bin, /sbin, and /usr/sbin symlinks to /usr/sbin. This means that paths /bin/foo, /sbin/foo, /usr/sbin/foo, and /bin/foo all point to the same file. This is the target state.
On existing installations, we'll have a bunch of packages with files and symlinks in directory /usr/sbin. filesystem.rpm has scriptlets to create symlinks from /usr/sbin/foo to /usr/bin/foo for any packaged files that were in /usr/sbin. (There is a hardcoded list.) This means that on unmerged systems, the old path continues to work, and that if a virtual Provides for the old path is provided, the old path actually continues to work.
filesystem.rpm has a virtual Provides:filesystem(unmerged-sbin-symlinks) to declare that it implements this functionality. Packages which depend on this functionality have Requires:filesystem(unmerged-sbin-symlinks).
On existing installations, as long as /usr/sbin contains real files or symlinks that don't point to /usr/bin, the system remains unmerged. As packages are rebuilt and upgraded, the number of such cases will go down. filesystem.rpm has a %posttrans scriptlet to check, and once it detects that /usr/sbin only contains symlinks to /usr/bin, it'll replace the directory itself by a symlink. At that point, we're at the target state too.
systemd has been patched to skip /usr/sbin and /usr/local/sbin in $PATH if those are symlinks. (Strictly speaking, this item belongs in the previous section, but its effect is not visible until after the merge is done.)
Items 1,3,4 specify packages to be rebuilt. I'll prepare an update list and send it out with a CC to maintainers sometime this week.
[0] https://github.com/fedora-selinux/selinux-policy/pull/2077 [1] https://src.fedoraproject.org/rpms/selinux-policy/c/df27da1e6e8a0247924eb968... [2] https://src.fedoraproject.org/rpms/filesystem/pull-request/11 [3] https://src.fedoraproject.org/rpms/rpm/pull-request/56 [4] https://src.fedoraproject.org/rpms/sanlock/pull-request/13 [5] https://src.fedoraproject.org/rpms/e2fsprogs/pull-request/7 [6] https://pagure.io/packaging-committee/pull-request/1355 [7] https://pagure.io/packaging-committee/pull-request/1361 [8] https://github.com/systemd/systemd/pull/32389/commits/0f36a4c897ff53eb0be3bd...
A full list of pull requests and packages which do not have a pull request and need to be fixed or retired. Please search by FAS login, if your FAS login is on the list, action is required. Please also merge any pull requests if possible.
List of various pull requests and issues, grouped by package (MERGED/DROPPED/SUPERSEDED annotations may be missing)
https://pagure.io/packaging-committee/pull-request/1355 MERGED https://pagure.io/packaging-committee/pull-request/1361 MERGED
nfs-utils: https://pagure.io/fedora-infrastructure/issue/11876 SOLVED https://src.fedoraproject.org/rpms/nfs-utils/pull-request/15
alternatives: https://src.fedoraproject.org/rpms/chkconfig/pull-request/12 DROPPED https://src.fedoraproject.org/rpms/chkconfig/pull-request/13 SUPERSEDED https://github.com/fedora-sysv/chkconfig/pull/131
systemd, systemd-udev: https://src.fedoraproject.org/rpms/systemd/pull-request/131 https://github.com/systemd/systemd/pull/32337
util-linux, util-linux-core: https://src.fedoraproject.org/rpms/util-linux/pull-request/17
filesystem+rpm: https://src.fedoraproject.org/rpms/filesystem/pull-request/11 https://src.fedoraproject.org/rpms/rpm/pull-request/56 https://github.com/rpm-software-management/rpm/issues/3029 https://github.com/rpm-software-management/rpm/issues/3048
selinux-policy: https://github.com/fedora-selinux/selinux-policy/pull/2077 https://github.com/fedora-selinux/selinux-policy/pull/2087 https://src.fedoraproject.org/rpms/selinux-policy/pull-request/409 https://github.com/fedora-selinux/selinux-policy/pull/2181
initscripts: https://src.fedoraproject.org/rpms/initscripts/pull-request/11 https://github.com/fedora-sysv/initscripts/pull/481
msr-tools: https://bodhi.fedoraproject.org/updates/FEDORA-2024-7b613443db
https://src.fedoraproject.org/rpms/bind/pull-request/20 https://src.fedoraproject.org/rpms/coreutils/pull-request/15 https://src.fedoraproject.org/rpms/cyrus-sasl/pull-request/11 MERGED https://src.fedoraproject.org/rpms/cyrus-sasl/pull-request/12 https://src.fedoraproject.org/rpms/device-mapper-multipath/pull-request/8 https://src.fedoraproject.org/rpms/device-mapper-persistent-data/pull-reques... https://src.fedoraproject.org/rpms/dmidecode/pull-request/8 https://src.fedoraproject.org/rpms/dosfstools/pull-request/4 MERGED https://src.fedoraproject.org/rpms/e2fsprogs/pull-request/7 https://src.fedoraproject.org/rpms/efibootmgr/pull-request/3 https://src.fedoraproject.org/rpms/esmtp/pull-request/1 https://src.fedoraproject.org/rpms/exim/pull-request/16 MERGED https://src.fedoraproject.org/rpms/fping/pull-request/1 MERGED https://src.fedoraproject.org/rpms/glibc/pull-request/91 https://src.fedoraproject.org/rpms/glusterfs/pull-request/9 https://src.fedoraproject.org/rpms/gnupg2/pull-request/21 https://src.fedoraproject.org/rpms/gnupg2/pull-request/21 MERGED https://src.fedoraproject.org/rpms/hdparm/pull-request/1 https://src.fedoraproject.org/rpms/httpd/pull-request/42 https://src.fedoraproject.org/rpms/iproute/pull-request/12 https://src.fedoraproject.org/rpms/iptables/pull-request/9 https://src.fedoraproject.org/rpms/iputils/pull-request/9 https://src.fedoraproject.org/rpms/kexec-tools/pull-request/23 https://src.fedoraproject.org/rpms/kmod/pull-request/12 https://src.fedoraproject.org/rpms/libcap/pull-request/29 MERGED https://src.fedoraproject.org/rpms/libcap/pull-request/30 https://src.fedoraproject.org/rpms/libreswan/pull-request/7 https://src.fedoraproject.org/rpms/lm_sensors/pull-request/5 https://src.fedoraproject.org/rpms/lvm2/pull-request/11 https://src.fedoraproject.org/rpms/msmtp/pull-request/3 https://src.fedoraproject.org/rpms/nbdkit/pull-request/6 https://src.fedoraproject.org/rpms/net-tools/pull-request/8 https://src.fedoraproject.org/rpms/nilfs-utils/pull-request/1 https://src.fedoraproject.org/rpms/ntpsec/pull-request/1 https://src.fedoraproject.org/rpms/ocfs2-tools/pull-request/2 https://src.fedoraproject.org/rpms/opensmtpd/pull-request/1 https://src.fedoraproject.org/rpms/pciutils/pull-request/6 https://src.fedoraproject.org/rpms/policycoreutils/pull-request/41 SUPERSEDED https://src.fedoraproject.org/rpms/policycoreutils/pull-request/42 MERGED https://src.fedoraproject.org/rpms/postfix/pull-request/10 https://src.fedoraproject.org/rpms/ppp/pull-request/9 https://src.fedoraproject.org/rpms/procps-ng/pull-request/7 https://src.fedoraproject.org/rpms/psmisc/pull-request/3 https://src.fedoraproject.org/rpms/rpcbind/pull-request/4 https://src.fedoraproject.org/rpms/sanlock/pull-request/13 https://src.fedoraproject.org/rpms/sendmail/pull-request/8 https://src.fedoraproject.org/rpms/shadow-utils/pull-request/22 https://src.fedoraproject.org/rpms/smartmontools/pull-request/8 https://src.fedoraproject.org/rpms/ssmtp/pull-request/1 https://src.fedoraproject.org/rpms/tcpdump/pull-request/7 https://src.fedoraproject.org/rpms/v4l-utils/pull-request/4 https://src.fedoraproject.org/rpms/wesnoth/pull-request/2 https://src.fedoraproject.org/rpms/xfsprogs/pull-request/11
Packages for which NO PULL REQUEST IS OPEN, AND WHICH WILL NEED SOME FIX: (maintainers in parentheses):
backintime-qt: /usr/bin overlap (hannes) beesu: /usr/bin overlap (raveit65 robert spot) bind9-next, bind9-next-utils: /usr/bin overlap (pemensik) chkrootkit: /usr/bin overlap (limb) etherape: /usr/bin overlap (limb) hddtemp: /usr/bin overlap (rathann) lshw-gui: /usr/bin overlap (terjeros sagarun tuju) mate-system-log: /usr/bin overlap (raveit65 rdieter robert) msktutil: /usr/bin overlap (mooninite orion) rdist: /usr/bin overlap (mruprich luhliarik) subscription-manager: /usr/bin overlap (csnyder jhnidek ptoscano) system-switch-java: /usr/bin overlap (jvanek pmikova) tmpwatch: /usr/bin overlap (jkucera mitr) xawtv: /usr/bin overlap (buc)
setuptool: /usr/bin overlap (mhlavink) retire? Last update: * Wed Sep 22 2010 Michal Hlavinka mhlavink@redhat.com 1.19.11-1 - update translations Doesn't seem to work in quick test: $ sudo /usr/bin/setup ERROR - No tool descriptions found in /etc/setuptool.d or /usr/share/setuptool/setuptool.d.
The full list of packages with files in /sbin or /usr/sbin: https://in.waw.pl/~zbyszek/fedora/sbin-merge.report.txt This was generated with: https://in.waw.pl/~zbyszek/fedora/sbin-merge.report.py -> Packages which have nothing after ':' should be OK with just being rebuilt in a merged environment. -> Packages which have 'foo required by' need to get compat provides, see item 4. in the quoted text. -> Packages which have 'overlap' need to be adjusted. Either an pull request is provided (see list with URLs above) or the maintainers needs to take some action (see list with maintainer names above).
Zbyszek