Date: Thursday, March 17, 2022 @ 18:03:47 Author: jelle Revision: 1156765
Fix FS#74147 add missing udev Added: osbuild/trunk/no-selinux-distro-fix.patch Modified: osbuild/trunk/PKGBUILD -----------------------------+ PKGBUILD | 19 ++++++++++++++----- no-selinux-distro-fix.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 5 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-03-17 17:57:25 UTC (rev 1156764) +++ PKGBUILD 2022-03-17 18:03:47 UTC (rev 1156765) @@ -4,7 +4,7 @@ pkgname=osbuild pkgdesc='Build Pipelines for Operating System Artifacts' pkgver=52 -pkgrel=3 +pkgrel=4 url="https://www.osbuild.org"; arch=(any) license=(Apache) @@ -12,9 +12,16 @@ makedepends=(make python-docutils python-setuptools) optdepends=('dnf: build rpm/dnf images' 'pacman: build pacman images') -source=($pkgname-$pkgver.tar.gz::https://github.com/osbuild/osbuild/archive/refs/tags/v${pkgver}.tar.gz) -sha256sums=('f0cfc3ddf22833b334773dd8b1275b2e2ec3ff192797a362a8c030676ba4abb8') +source=($pkgname-$pkgver.tar.gz::https://github.com/osbuild/osbuild/archive/refs/tags/v${pkgver}.tar.gz + ./no-selinux-distro-fix.patch) +sha256sums=('f0cfc3ddf22833b334773dd8b1275b2e2ec3ff192797a362a8c030676ba4abb8' + 'f2b4cf3910673beb8d229ed436cdd6d5f9b35c8ceea28c6dbc4f022c96db0a26') +prepare() { + cd $pkgname-$pkgver + patch -Np1 -i ${srcdir}/no-selinux-distro-fix.patch +} + build() { cd $pkgname-$pkgver python setup.py build @@ -25,10 +32,12 @@ make man python setup.py install --skip-build --root="$pkgdir" - install -m 0755 -d "$pkgdir/usr/lib/osbuild" - mkdir "${pkgdir}/usr/lib/osbuild/osbuild" + install -m 0755 -d "$pkgdir/usr/lib/osbuild/osbuild" for group in assemblers devices inputs runners schemas sources stages mounts ; do cp -vdr --no-preserve=ownership "$group" "$pkgdir/usr/lib/osbuild/" done + + # udev rules + install -Dm644 data/10-osbuild-inhibitor.rules "$pkgdir"/usr/lib/udev/rules.d/10-osbuild-inhibitor.rules } Added: no-selinux-distro-fix.patch =================================================================== --- no-selinux-distro-fix.patch (rev 0) +++ no-selinux-distro-fix.patch 2022-03-17 18:03:47 UTC (rev 1156765) @@ -0,0 +1,42 @@ +From 5cde83a7f8ec29f3aa8c214c6e74921cd734a387 Mon Sep 17 00:00:00 2001 +From: Christian Kellner <[email protected]> +Date: Thu, 17 Mar 2022 15:22:12 +0100 +Subject: [PATCH] stages/selinux: directly call setfilecon + +Instead of using `chcon`, directly call `selinux.setfilecon`. On +systems without SELinux support, i.e. coreutils was built without +<selinux.h> present, `chcon` will return `ENOTSUP` for all selinux +related calls like `setfilecon` even if the selinux libraries are +later installed. Therefore we directly call the library function +which should ensure that we don't error out as long as the library +is present. The only other thing `chcon` is doing besides a cal to +the `setfilecon` method is to convert the context string to a +`contex_t` and back to validate it. This should not be needed since +the kernel will do this for us. On system without SELinux support +`context_new` will also not validate the context. +--- + stages/org.osbuild.selinux | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/stages/org.osbuild.selinux b/stages/org.osbuild.selinux +index 2ca277e7a..64d4fb66f 100755 +--- a/stages/org.osbuild.selinux ++++ b/stages/org.osbuild.selinux +@@ -25,6 +25,8 @@ import pathlib + import subprocess + import sys + ++import selinux ++ + import osbuild.api + + +@@ -60,7 +62,7 @@ def main(tree, options): + + for path, label in labels.items(): + fullpath = os.path.join(tree, path.lstrip("/")) +- subprocess.run(["chcon", "-v", label, fullpath], check=True) ++ selinux.setfilecon(fullpath, label) + + if options.get("force_autorelabel", False): + stamp = pathlib.Path(tree, ".autorelabel")
