coreos · dustymabe · Nov 15, 2024 · Nov 15, 2024
diff --git a/tests/kola/upgrade/extended/test.sh b/tests/kola/upgrade/extended/test.sh
@@ -162,34 +162,35 @@ wait-for-coreos-fix-selinux-labels() {
         echo "Waited for coreos-fix-selinux-labels.service to finish"
 }
 
-# Check if the rollback deployment has the dtb copy fix, which
-# means that the dtb files should have the correct SELinux labels.
+# We need to drop the rollback deployment. During upgrade
+# `...-> 40.20240906.1.0 (A)-> 41.20241109.1.0 (B)-> 42.20241114.91.0 (C)`
+# 1) A->B, A has the unfixed ostree, the upgrade will copy dtb files
+# to `/boot/ostree` both for current A and new B with wrong label
+# 2) B->C, B has the fixed ostree, the upgrade will prune A, leave B
+# with wrong label, and new C with correct label
+# 3) Finaly booting C and will check that B has the wrong label
+# In this case we need to drop the rollback before checking.
+#
+# If then upgrade to newer D, the upgrade will prune B (wrong label),
+# leave C with correct label, and new D with correct label. (We
+# should remove the drop under this case)
+#
 # https://github.com/coreos/fedora-coreos-tracker/issues/1808
 #
-# NOTE: we can drop this once the newest barrier release for all
-# streams is newer than 41.20241028.x.x.
-has_dtb_cp_fix() {
+# NOTE: we can drop this once moved to F43.
+drop_rollback_on_aarch64() {
     # The dtb copy issue was only ever an issue ever on aarch64
-    [ "$(arch)" != 'aarch64' ] && return 0
-    # We have the dtb copy fix if the rollback deployment is newer than
-    # when the fixed ostree was included. It should be fixed in the
-    # next round of releases after 41.20241028. Note 41.20241028.0.0
-    # is not a real build and uses `0` for the stream identifier, but
-    # should sort accordingly.
-    previous=$(rpm-ostree status --json | jq -r '.deployments[] | select(.booted == false).version')
-    if ! vergt $previous '41.20241028.0.0'; then
-        return 1
-    else
-        return 0
-    fi
+    [ "$(arch)" != 'aarch64' ] && return
+    echo "Dropping rollback deployment because it could have mislabeled dtb files"
+    rpm-ostree cleanup -r
 }
 
 selinux-sanity-check() {
     # First make sure the migrations/fix script has finished if this is the boot
     # where the fixes are taking place.
     wait-for-coreos-fix-selinux-labels
-    # Check to see if we have the dtb copy fix
-    has_dtb_cp_fix || add_dtb_exception='true'
+    # Drop the rooback on aarch64 before checking.
+    drop_rollback_on_aarch64
     # Verify SELinux labels are sane. Migration scripts should have cleaned
     # up https://github.com/coreos/fedora-coreos-tracker/issues/1772
     unlabeled="$(find /sysroot -context '*unlabeled_t*' -print0 | xargs --null -I{} ls -ldZ '{}')"
@@ -230,9 +231,6 @@ selinux-sanity-check() {
             # Add in a few temporary glob exceptions
             # https://github.com/coreos/fedora-coreos-tracker/issues/1806
             [[ "${path}" =~ /etc/selinux/targeted/active/ ]] && continue
-            if [ "${add_dtb_exception:-}" == 'true' ]; then
-                [[ "${path}" =~ /boot/ostree/.*/dtb ]] && continue
-            fi
             if [[ "${exceptions[$path]:-noexception}" == 'noexception' ]]; then
                 echo "Unexpected mislabeled file found: ${path}"
                 found="1"