Date: Wednesday, January 23, 2019 @ 19:37:37
Author: bpiotrowski
Revision: 427324
archrelease: copy trunk to community-testing-x86_64
Added:
podman/repos/community-testing-x86_64/
podman/repos/community-testing-x86_64/0001-Revert-SELinux-support.patch
(from rev 427323, podman/trunk/0001-Revert-SELinux-support.patch)
podman/repos/community-testing-x86_64/PKGBUILD
(from rev 427323, podman/trunk/PKGBUILD)
-----------------------------------+
0001-Revert-SELinux-support.patch | 159 ++++++++++++++++++++++++++++++++++++
PKGBUILD | 51 +++++++++++
2 files changed, 210 insertions(+)
Copied: podman/repos/community-testing-x86_64/0001-Revert-SELinux-support.patch
(from rev 427323, podman/trunk/0001-Revert-SELinux-support.patch)
===================================================================
--- community-testing-x86_64/0001-Revert-SELinux-support.patch
(rev 0)
+++ community-testing-x86_64/0001-Revert-SELinux-support.patch 2019-01-23
19:37:37 UTC (rev 427324)
@@ -0,0 +1,159 @@
+From 0dcc87af0cdd484480e8cc3f968b9e3d44758f15 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= <[email protected]>
+Date: Wed, 23 Jan 2019 08:55:02 +0100
+Subject: [PATCH] Revert SELinux support
+
+---
+ ostree/ostree_dest.go | 62 +++++--------------------------------------
+ 1 file changed, 7 insertions(+), 55 deletions(-)
+
+diff --git a/ostree/ostree_dest.go b/ostree/ostree_dest.go
+index d69f4fa..78b15e5 100644
+--- a/ostree/ostree_dest.go
++++ b/ostree/ostree_dest.go
+@@ -15,32 +15,26 @@ import (
+ "path/filepath"
+ "runtime"
+ "strconv"
+- "strings"
+- "syscall"
+ "time"
+- "unsafe"
+
+ "github.com/containers/image/manifest"
+ "github.com/containers/image/types"
+ "github.com/containers/storage/pkg/archive"
+ "github.com/klauspost/pgzip"
+ "github.com/opencontainers/go-digest"
+- selinux "github.com/opencontainers/selinux/go-selinux"
+ "github.com/ostreedev/ostree-go/pkg/otbuiltin"
+ "github.com/pkg/errors"
+ "github.com/vbatts/tar-split/tar/asm"
+ "github.com/vbatts/tar-split/tar/storage"
+ )
+
+-// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux
++// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1
+ // #include <glib.h>
+ // #include <glib-object.h>
+ // #include <gio/gio.h>
+ // #include <stdlib.h>
+ // #include <ostree.h>
+ // #include <gio/ginputstream.h>
+-// #include <selinux/selinux.h>
+-// #include <selinux/label.h>
+ import "C"
+
+ type blobToImport struct {
+@@ -179,7 +173,7 @@ func (d *ostreeImageDestination) PutBlob(ctx
context.Context, stream io.Reader,
+ return types.BlobInfo{Digest: computedDigest, Size: size}, nil
+ }
+
+-func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string,
usermode bool) error {
++func fixFiles(dir string, usermode bool) error {
+ entries, err := ioutil.ReadDir(dir)
+ if err != nil {
+ return err
+@@ -194,42 +188,13 @@ func fixFiles(selinuxHnd *C.struct_selabel_handle, root
string, dir string, user
+ continue
+ }
+
+- if selinuxHnd != nil {
+- relPath, err := filepath.Rel(root, fullpath)
+- if err != nil {
+- return err
+- }
+- // Handle /exports/hostfs as a special case. Files
under this directory are copied to the host,
+- // thus we benefit from maintaining the same SELinux
label they would have on the host as we could
+- // use hard links instead of copying the files.
+- relPath = fmt.Sprintf("/%s",
strings.TrimPrefix(relPath, "exports/hostfs/"))
+-
+- relPathC := C.CString(relPath)
+- defer C.free(unsafe.Pointer(relPathC))
+- var context *C.char
+-
+- res, err := C.selabel_lookup_raw(selinuxHnd, &context,
relPathC, C.int(info.Mode()&os.ModePerm))
+- if int(res) < 0 && err != syscall.ENOENT {
+- return errors.Wrapf(err, "cannot
selabel_lookup_raw %s", relPath)
+- }
+- if int(res) == 0 {
+- defer C.freecon(context)
+- fullpathC := C.CString(fullpath)
+- defer C.free(unsafe.Pointer(fullpathC))
+- res, err = C.lsetfilecon_raw(fullpathC, context)
+- if int(res) < 0 {
+- return errors.Wrapf(err, "cannot
setfilecon_raw %s", fullpath)
+- }
+- }
+- }
+-
+ if info.IsDir() {
+ if usermode {
+ if err := os.Chmod(fullpath, info.Mode()|0700);
err != nil {
+ return err
+ }
+ }
+- err = fixFiles(selinuxHnd, root, fullpath, usermode)
++ err = fixFiles(fullpath, usermode)
+ if err != nil {
+ return err
+ }
+@@ -285,9 +250,7 @@ func generateTarSplitMetadata(output *bytes.Buffer, file
string) (digest.Digest,
+ return digester.Digest(), written, nil
+ }
+
+-func (d *ostreeImageDestination) importBlob(selinuxHnd
*C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error {
+- // TODO: This can take quite some time, and should ideally be
cancellable using a context.Context.
+-
++func (d *ostreeImageDestination) importBlob(repo *otbuiltin.Repo, blob
*blobToImport) error {
+ ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex())
+ destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Hex(),
"root")
+ if err := ensureDirectoryExists(destinationPath); err != nil {
+@@ -308,7 +271,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd
*C.struct_selabel_handle,
+ if err := archive.UntarPath(blob.BlobPath, destinationPath);
err != nil {
+ return err
+ }
+- if err := fixFiles(selinuxHnd, destinationPath,
destinationPath, false); err != nil {
++ if err := fixFiles(destinationPath, false); err != nil {
+ return err
+ }
+ } else {
+@@ -317,7 +280,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd
*C.struct_selabel_handle,
+ return err
+ }
+
+- if err := fixFiles(selinuxHnd, destinationPath,
destinationPath, true); err != nil {
++ if err := fixFiles(destinationPath, true); err != nil {
+ return err
+ }
+ }
+@@ -430,17 +393,6 @@ func (d *ostreeImageDestination) Commit(ctx
context.Context) error {
+ return err
+ }
+
+- var selinuxHnd *C.struct_selabel_handle
+-
+- if os.Getuid() == 0 && selinux.GetEnabled() {
+- selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0)
+- if selinuxHnd == nil {
+- return errors.Wrapf(err, "cannot open the SELinux DB")
+- }
+-
+- defer C.selabel_close(selinuxHnd)
+- }
+-
+ checkLayer := func(hash string) error {
+ blob := d.blobs[hash]
+ // if the blob is not present in d.blobs then it is already
stored in OSTree,
+@@ -448,7 +400,7 @@ func (d *ostreeImageDestination) Commit(ctx
context.Context) error {
+ if blob == nil {
+ return nil
+ }
+- err := d.importBlob(selinuxHnd, repo, blob)
++ err := d.importBlob(repo, blob)
+ if err != nil {
+ return err
+ }
+--
+2.20.1
+
Copied: podman/repos/community-testing-x86_64/PKGBUILD (from rev 427323,
podman/trunk/PKGBUILD)
===================================================================
--- community-testing-x86_64/PKGBUILD (rev 0)
+++ community-testing-x86_64/PKGBUILD 2019-01-23 19:37:37 UTC (rev 427324)
@@ -0,0 +1,51 @@
+# Maintainer: Bartłomiej Piotrowski
+
+pkgbase=podman
+pkgname=(podman podman-docker)
+pkgver=1.0.0
+pkgrel=1
+pkgdesc='Tool and library for running OCI-based containers in pods'
+arch=(x86_64)
+url='https://github.com/containers/libpod'
+license=(Apache)
+depends=(cni-plugins conmon device-mapper iptables libseccomp ostree runc
skopeo
+ btrfs-progs slirp4netns)
+makedepends=(go-pie go-md2man git)
+source=(libpod-$pkgver.tar.gz::$url/archive/v${pkgver}.tar.gz
+ 0001-Revert-SELinux-support.patch)
+sha256sums=('f7a462563dd587208eff3c3c0689bc4d01071a8f7933bec2a13126be123f63a8'
+ '441380487cb62895d878084f98210affc30f65c2237c8ee9a1eae1adef7fa566')
+
+prepare() {
+ patch -p1 -i "$srcdir/0001-Revert-SELinux-support.patch" \
+ -d libpod-$pkgver/vendor/github.com/containers/image
+
+ mkdir -p src/github.com/containers src/github.com/varlink
+ cp -r libpod-$pkgver src/github.com/containers/libpod
+}
+
+build() {
+ export GOPATH="$srcdir"
+ export BUILDTAGS='seccomp ostree varlink'
+ unset LDFLAGS
+
+ cd src/github.com/containers/libpod
+ make install.tools
+ make
+}
+
+package_podman() {
+ optdepends=('podman-docker: for Docker-compatible CLI')
+
+ cd src/github.com/containers/libpod
+ make install install.completions install.config DESTDIR="$pkgdir"
PREFIX="$pkgdir/usr"
+}
+
+package_podman-docker() {
+ pkgdesc='Emulate Docker CLI using podman'
+ depends=(podman)
+ conflicts=(docker)
+
+ cd src/github.com/containers/libpod
+ make install.docker DESTDIR="$pkgdir" PREFIX="$pkgdir/usr"
+}
