Backport patch for sysctl.d handling

This was required before by just https://github.com/coreos/coreos-assembler/pull/128 which could wait. But now this showed up in the machine-config-operator as well: https://github.com/openshift/machine-config-operator/pull/123 So let's just backport it now to make sure the new installer doesn't get bitten by this.
2018-10-10 15:45:17 -04:00 · 2018-10-10 15:45:17 -04:00 · 0d1e132c3e
commit 0d1e132c3e
parent 42544b245f
2 changed files with 43 additions and 1 deletions
--- a/0001-stages-files-relabel-files-before-systemd-sysctl.patch
+++ b/0001-stages-files-relabel-files-before-systemd-sysctl.patch
@ -0,0 +1,35 @@
+From bab77f2fa4ecbc1d0428dd6e8a54d34848d78fd1 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Thu, 27 Sep 2018 16:40:24 -0400
+Subject: [PATCH] stages/files: relabel files before systemd-sysctl
+
+This is a workaround for an inherent issue with the current relabeling
+approach (see #635). `systemd-sysctl.service` is definitely one of those
+early services that have a high probability of reading files from `/etc`
+before it's relabeled.
+
+They're both pulled in by `sysinit.target`, but
+`ignition-relabel.service` has an additional `After=local-fs.target`
+which makes it likelier to run later (also see #635 about that). So for
+now, let's just hack around this by making sure `systemd-sysctl` runs
+after us.
+---
+ internal/exec/stages/files/files.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/internal/exec/stages/files/files.go b/internal/exec/stages/files/files.go
+index 609a0e8..24676bc 100644
+--- a/internal/exec/stages/files/files.go
+++ b/internal/exec/stages/files/files.go
+@@ -138,7 +138,7 @@ func (s *stage) addRelabelUnit(config types.Config) error {
+ Description=Relabel files created by Ignition
+ DefaultDependencies=no
+ After=local-fs.target
+-Before=sysinit.target
+Before=sysinit.target systemd-sysctl.service
+ ConditionSecurity=selinux
+ ConditionPathExists=/etc/selinux/ignition.relabel
+ OnFailure=emergency.target
+-- 
+2.17.1
+
--- a/ignition.spec
+++ b/ignition.spec
@ -73,13 +73,14 @@

 Name:           ignition
 Version:        0.28.0
-Release:        6.git%{shortcommit}%{?dist}
+Release:        7.git%{shortcommit}%{?dist}
 Summary:        First boot installer and configuration tool
 License:        ASL 2.0
 URL:            https://%{provider_prefix}
 Source0:        https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz

 Patch0: 0001-stages-files-relabel-var-home-and-var-roothome.patch
+Patch1: 0001-stages-files-relabel-files-before-systemd-sysctl.patch

 # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
 ExclusiveArch:  %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
@ -331,6 +332,7 @@ initramfs on boot.
 # unpack source0 and apply patches
 %setup -T -b 0 -q -n %{repo}-%{commit}
 %patch0 -p1
+%patch1 -p1

 # unpack source1 (dracut modules)
 %setup -T -D -a 1 -q -n %{repo}-%{commit}
@ -474,6 +476,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %endif

 %changelog
+* Wed Oct 10 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.28.0-7.gitf707912
+- Backport patch for handling sysctl files correctly
+  https://github.com/coreos/coreos-assembler/pull/128
+  https://github.com/openshift/machine-config-operator/pull/123
+
 * Wed Sep 26 2018 Dusty Mabe <dusty@dustymabe.com> - 0.28.0-6.gitf707912
 - Bump to ignition-dracut c09ce6f
 - * ce9f648 30ignition: add support for ignition-disks