From ce2a33e8131894c0ba268c4c9aa9165d02fd6bfa Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 8 Nov 2023 19:58:27 -0500
Subject: [PATCH 1/3] build-sys: Enable libsoup3 by default if installed

In f39 we switched to libsoup3 by default; this ensures our CI
picks that up automatically so we still have ostree-trivial-httpd.
---
 configure.ac | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index 96837dd197..4e83a4648e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -155,17 +155,26 @@ AS_IF([test x$enable_http2 != xno ], [
 SOUP3_DEPENDENCY="libsoup-3.0 >= 3.0.0"
 AC_ARG_WITH(soup3,
 	    AS_HELP_STRING([--with-soup3], [Use libsoup3 @<:@default=no@:>@]),
-	    [], [with_soup3=no])
+	    [], [with_soup3=check])
 AS_IF([test x$with_soup3 != xno], [
-    PKG_CHECK_MODULES(OT_DEP_SOUP3, $SOUP3_DEPENDENCY)
-    with_soup3=yes
-    AC_DEFINE([HAVE_LIBSOUP3], 1, [Define if we have libsoup3])
-    OSTREE_FEATURES="$OSTREE_FEATURES libsoup3"
-    with_soup_default=no
-    dnl soup3 always supports client certs
-    have_libsoup_client_certs=yes
+    AC_MSG_CHECKING([for $SOUP3_DEPENDENCY])
+    PKG_CHECK_EXISTS($SOUP3_DEPENDENCY, have_soup3=yes, have_soup3=no)
+    AC_MSG_RESULT([$have_soup3])
+    AS_IF([ test x$have_soup3 = xno && test x$with_soup3 != xcheck], [
+       AC_MSG_ERROR([libsoup3 is enabled but could not be found])
+    ])
+    AS_IF([test x$have_soup3 = xyes], [
+      with_soup3=yes
+      PKG_CHECK_MODULES(OT_DEP_SOUP3, $SOUP3_DEPENDENCY)
+      AC_DEFINE([HAVE_LIBSOUP3], 1, [Define if we have libsoup3])
+      OSTREE_FEATURES="$OSTREE_FEATURES libsoup3"
+      dnl And disable libsoup2
+      with_soup_default=no
+      dnl soup3 always supports client certs
+      have_libsoup_client_certs=yes
+    ], [with_soup3=no])
 ], [with_soup_default=check])
-AM_CONDITIONAL(USE_LIBSOUP3, test x$with_soup3 != xno)
+AM_CONDITIONAL(USE_LIBSOUP3, test x$with_soup3 = xyes)
 
 dnl When bumping the libsoup-2.4 dependency, remember to bump
 dnl SOUP_VERSION_MIN_REQUIRED and SOUP_VERSION_MAX_ALLOWED in
@@ -704,6 +713,8 @@ echo "
     introspection:                                $found_introspection
     rofiles-fuse:                                 $enable_rofiles_fuse
     HTTP backend:                                 $fetcher_backend
+    libsoup:                                      $with_soup
+    libsoup3:                                     $with_soup3
     SELinux:                                      $with_selinux
     fs-verity:                                    $ac_cv_header_linux_fsverity_h
     cryptographic checksums:                      $with_crypto

From c668a8c5314793f20c99edc605730d15d3f76c8f Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 9 Nov 2023 14:08:41 -0500
Subject: [PATCH 2/3] tests: Work around systemd regression for boot id parsing

cc https://github.com/systemd/systemd/issues/29275
---
 tests/kolainst/destructive/boot-automount.sh | 12 +++++++-----
 tests/kolainst/destructive/staged-delay.sh   |  3 ++-
 tests/kolainst/destructive/staged-deploy.sh  |  3 ++-
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/tests/kolainst/destructive/boot-automount.sh b/tests/kolainst/destructive/boot-automount.sh
index d6d1732e7c..17e44acaed 100755
--- a/tests/kolainst/destructive/boot-automount.sh
+++ b/tests/kolainst/destructive/boot-automount.sh
@@ -60,7 +60,8 @@ EOF
     # Check that the finalize and hold services succeeded in the
     # previous boot. Dump them to the test log to help debugging.
     prepare_tmpdir
-    journalctl -b -1 -o short-monotonic \
+    prev_bootid=$(journalctl --list-boots -o json |jq -r '.[] | select(.index == -1) | .boot_id')
+    journalctl -b "${prev_bootid}" -o short-monotonic \
         -u ostree-finalize-staged.service \
         -u ostree-finalize-staged-hold.service \
         -u boot.mount \
@@ -72,10 +73,11 @@ EOF
 
     # Check that the hold service remained active and kept /boot mounted until
     # the finalize service completed.
-    finalize_stopped=$(journalctl -b -1 -o json -g Stopped -u ostree-finalize-staged.service | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
-    hold_stopping=$(journalctl -b -1 -o json -g Stopping -u ostree-finalize-staged-hold.service | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
-    hold_stopped=$(journalctl -b -1 -o json -g Stopped -u ostree-finalize-staged-hold.service | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
-    boot_unmounting=$(journalctl -b -1 -o json -g Unmounting -u boot.mount | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
+    prev_bootid=$(journalctl --list-boots -o json |jq -r '.[] | select(.index == -1) | .boot_id')
+    finalize_stopped=$(journalctl -b $prev_bootid -o json -g Stopped -u ostree-finalize-staged.service | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
+    hold_stopping=$(journalctl -b $prev_bootid -o json -g Stopping -u ostree-finalize-staged-hold.service | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
+    hold_stopped=$(journalctl -b $prev_bootid -o json -g Stopped -u ostree-finalize-staged-hold.service | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
+    boot_unmounting=$(journalctl -b $prev_bootid -o json -g Unmounting -u boot.mount | tail -n1 | jq -r .__MONOTONIC_TIMESTAMP)
     test "${finalize_stopped}" -lt "${hold_stopping}"
     test "${hold_stopped}" -lt "${boot_unmounting}"
     ;;
diff --git a/tests/kolainst/destructive/staged-delay.sh b/tests/kolainst/destructive/staged-delay.sh
index 699c35509f..12cf9d0125 100755
--- a/tests/kolainst/destructive/staged-delay.sh
+++ b/tests/kolainst/destructive/staged-delay.sh
@@ -24,7 +24,8 @@ rpm-ostree kargs --append=somedummykarg=1
 ;;
 
 "2")
-journalctl -b -1 -u ostree-finalize-staged > logs.txt
+prev_bootid=$(journalctl --list-boots -o json |jq -r '.[] | select(.index == -1) | .boot_id')
+journalctl -b $prev_bootid -u ostree-finalize-staged > logs.txt
 assert_file_has_content_literal logs.txt 'ostree-finalize-staged found /boot/loader/entries'
 # older systemd doesn't output the success message
 if systemctl --version | head -1 | grep -qF -e 'systemd 239'; then
diff --git a/tests/kolainst/destructive/staged-deploy.sh b/tests/kolainst/destructive/staged-deploy.sh
index 01c2b48916..ff6f8d7a8d 100755
--- a/tests/kolainst/destructive/staged-deploy.sh
+++ b/tests/kolainst/destructive/staged-deploy.sh
@@ -72,7 +72,8 @@ EOF
     # Check that deploy-staged service worked
     rpm-ostree status
     # Assert that the previous boot had a journal entry for it
-    journalctl -b "-1" -u ostree-finalize-staged.service > svc.txt
+    prev_bootid=$(journalctl --list-boots -o json |jq -r '.[] | select(.index == -1) | .boot_id')
+    journalctl -b $prev_bootid -u ostree-finalize-staged.service > svc.txt
     assert_file_has_content svc.txt 'Bootloader updated; bootconfig swap: yes;.*deployment count change: 1'
     # Also validate ignoring socket and fifo
     assert_file_has_content svc.txt 'Ignoring.*during /etc merge:.*sock-to-ignore'

From bc62fd519631be6591c5c62302f83b45b9d56328 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 9 Nov 2023 20:53:52 -0500
Subject: [PATCH 3/3] unlock: Don't pass options again to overlayfs

There seems to be a tricky regression here with the util-linux
support for the new mount API, plus overlays support for it.

```
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2108]: + unshare -m -- /bin/sh -c 'mount -o remount,rw /usr && echo hello from transient unlock >/usr/share/writable-usr-test'
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]: mount: /usr: mount point not mounted or bad option.
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]:        dmesg(1) may have more information after failed mount system call.
```

OK this seems related to the new mount API support in util-linux and overlayfs.  From a strace:

```
2095  open_tree(AT_FDCWD, "/usr", OPEN_TREE_CLOEXEC) = 3
2095  mount_setattr(-1, NULL, 0, NULL, 0) = -1 EINVAL (Invalid argument)
...
2095  fspick(3, "", FSPICK_NO_AUTOMOUNT|FSPICK_EMPTY_PATH) = 4
2095  fsconfig(4, FSCONFIG_SET_FLAG, "seclabel", NULL, 0) = 0
2095  fsconfig(4, FSCONFIG_SET_STRING, "lowerdir", "usr", 0) = -1 EINVAL (Invalid argument)
```

I think the core problem here is it's trying to reconfigure the mount with existing options,
but in the new mount namespace we can't see the lowerdir.

Here we really really just want to remount writable.  Telling
util-linux to not pass existing options fixes it.
---
 tests/kolainst/destructive/unlock-transient.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/kolainst/destructive/unlock-transient.sh b/tests/kolainst/destructive/unlock-transient.sh
index 8dce222494..19b7b693ad 100755
--- a/tests/kolainst/destructive/unlock-transient.sh
+++ b/tests/kolainst/destructive/unlock-transient.sh
@@ -16,7 +16,7 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in
       fatal "modified /usr"
     fi
     # But, we can affect it in a new mount namespace
-    unshare -m -- /bin/sh -c 'mount -o remount,rw /usr && echo hello from transient unlock >'"${testfile}"
+    unshare -m -- /bin/sh -c 'mount --options-source=disable -o remount,rw /usr && echo hello from transient unlock >'"${testfile}"
     assert_file_has_content "${testfile}" "hello from transient unlock"
     # Still can't write to it from the outer namespace
     if touch ${testfile} || rm -v "${testfile}" 2>/dev/null; then