From 7e1775a888af9764d1fae0e524cfa10963846e02 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 19 Mar 2026 14:44:13 -0400 Subject: [PATCH] Update to 1.14.1 Also add rhel-10.3 and rhel-9.9 to os-image-map.json; the OSCI gating tests now run against RHEL-10.3-Nightly but the map only had rhel-10.2, causing provision-packit.sh to fail. Add patch to mark tmt AVC check as informational; bootc probes for mac_admin capability via chcon with an intentionally invalid SELinux label (crates/lib/src/lsm.rs test_install_t), generating expected AVC denials that the rhel-ci policy's injected AVC check was flagging as test failures. Resolves: RHEL-155613 Assisted-by: OpenCode (Claude Opus 4) --- ...-tmt-tests-Mark-AVC-check-as-informational.patch | 13 +++++++++++++ bootc.spec | 7 ++++++- os-image-map.json | 2 ++ sources | 4 ++-- 4 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 0001-tmt-tests-Mark-AVC-check-as-informational.patch diff --git a/0001-tmt-tests-Mark-AVC-check-as-informational.patch b/0001-tmt-tests-Mark-AVC-check-as-informational.patch new file mode 100644 index 0000000..a6a80e0 --- /dev/null +++ b/0001-tmt-tests-Mark-AVC-check-as-informational.patch @@ -0,0 +1,13 @@ +--- a/tmt/tests/tests.fmf ++++ b/tmt/tests/tests.fmf +@@ -1,5 +1,10 @@ + # THIS IS GENERATED CODE - DO NOT EDIT + # Generated by: cargo xtask tmt ++# bootc probes for SELinux mac_admin capability by attempting chcon with ++# an intentionally invalid label, which generates expected AVC denials. ++check: ++ - how: avc ++ result: info + + /test-01-readonly: + summary: Execute booted readonly/nondestructive tests diff --git a/bootc.spec b/bootc.spec index 033f122..0e4b6ce 100644 --- a/bootc.spec +++ b/bootc.spec @@ -22,7 +22,7 @@ %endif Name: bootc -Version: 1.13.0 +Version: 1.14.1 Release: %{autorelease} Summary: Bootable container system @@ -39,6 +39,11 @@ URL: https://github.com/bootc-dev/bootc Source0: %{url}/releases/download/v%{version}/bootc-%{version}.tar.zstd Source1: %{url}/releases/download/v%{version}/bootc-%{version}-vendor.tar.zstd +# Mark the tmt AVC check as informational; bootc probes for mac_admin +# capability via chcon with an intentionally invalid label, which +# generates expected AVC denials (crates/lib/src/lsm.rs test_install_t). +Patch0: 0001-tmt-tests-Mark-AVC-check-as-informational.patch + # https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval ExcludeArch: %{ix86} diff --git a/os-image-map.json b/os-image-map.json index 80ab247..638b52a 100644 --- a/os-image-map.json +++ b/os-image-map.json @@ -1,6 +1,8 @@ { "base": { + "rhel-10.3": "images.paas.redhat.com/bootc/rhel-bootc:latest-10.3", "rhel-10.2": "images.paas.redhat.com/bootc/rhel-bootc:latest-10.2", + "rhel-9.9": "images.paas.redhat.com/bootc/rhel-bootc:latest-9.9", "rhel-9.8": "images.paas.redhat.com/bootc/rhel-bootc:latest-9.8", "centos-9": "quay.io/centos-bootc/centos-bootc:stream9", "centos-10": "quay.io/centos-bootc/centos-bootc:stream10", diff --git a/sources b/sources index c8c2433..02a850e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (bootc-1.13.0-vendor.tar.zstd) = 32c7aa4f66f14a4147d1ce9894d776b3abf31fcfc64227ee32cb14953b52691cdc3d50a4ff8e3651b36a36330e023bdb835ddbaa3fd443227b3be4be292c99fe -SHA512 (bootc-1.13.0.tar.zstd) = 8e58cf1ca10b6e57901ca930016ad7cdabc4e357370ba63ee4e48f3b727563244f17e93e604050ef808358e41dbf3741250121f3022b311906764ae0717409a0 +SHA512 (bootc-1.14.1-vendor.tar.zstd) = 33dcd7e575ec1ce21a172c8ed32c638aacffecfd6bb6c8e563a3670292e1ee61e5e3f72452ee5f89b0c449284652acfda633c2c777bf517df47e07055cc2d14b +SHA512 (bootc-1.14.1.tar.zstd) = c44226f2cffc40688002defa041f920f5be240a39d3704a16c464edd96d1c0c687d173d0da428a5bf6ce24a8b7bd8026176399c393ebfc16effd6ba3cc416e0b