Hi, a quick thing I want to highlight about this release here: https://github.com/projectatomic/rpm-ostree/releases/tag/v2018.1 " On the flip side, we have made a mostly-compatible change to drop most Linux "capabilities" during RPM script invocation. For example, it is no longer supported to e.g. load a kernel module as part of a %post. We don't believe there are any packages that *currently* work that this would break, but please do report any issues. PR: #1099 " Direct link to PR: https://github.com/projectatomic/rpm-ostree/pull/1099 I did a quick search across the spec files and came across only a few cases: i2c-tools.spec: %post # load i2c-dev after the first install if [ "$1" = 1 ] ; then /usr/sbin/modprobe i2c-dev fi exit 0 soundtracker.spec %post # load OSS after the first install if [ "$1" = 1 ] ; then /usr/sbin/modprobe snd_pcm_oss fi exit 0 One additional thing here is that unlike librpm (i.e. yum/dnf), rpm-ostree *always* exits with a fatal error if any script fails. We want to catch e.g. a cache updating hitting ENOSPC or being killed by the OOM killer, etc. We can do this because (again) we're building a new root and then providing an atomic swap to it - not editing the live filesystem by default (although there is an experimental `livefs` command). Anyways so at some point I may file bugs, but at the moment those two packages aren't very high on my compatibility radar. At some point if people agree with this I'd say we update the package guidelines to suggest the better mechanism to do this (at systemd service start time if you must). To clarify again, the reason we're making this change is so that we can support and improve our "image-like" upgrades that prepare a new root while not affecting your running system. Having package %posts load kernel modules or do other CAP_SYS_ADMIN ("real root") things would break that. There's a lot of other stuff in this release of course! We've built a pretty powerful foundation (libostree and lots of rpm+ostree integration) and are now building on top of that. This update should coming to Fedora Atomic {Host,Workstation} pretty soon, here's the F27 update: https://bodhi.fedoraproject.org/updates/FEDORA-2018-325f84e2bb _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
