Backport patch for sysctl.d handling

This was required before by just https://github.com/coreos/coreos-assembler/pull/128 which could wait. But now this showed up in the machine-config-operator as well: https://github.com/openshift/machine-config-operator/pull/123 So let's just backport it now to make sure the new installer doesn't get bitten by this.
2018-10-10 15:45:17 -04:00 · 2018-10-10 15:45:17 -04:00 · 0d1e132c3e
commit 0d1e132c3e
parent 42544b245f
2 changed files with 43 additions and 1 deletions
--- a/0001-stages-files-relabel-files-before-systemd-sysctl.patch
+++ b/0001-stages-files-relabel-files-before-systemd-sysctl.patch
@ -0,0 +1,35 @@
 From bab77f2fa4ecbc1d0428dd6e8a54d34848d78fd1 Mon Sep 17 00:00:00 2001
 From: Jonathan Lebon <jonathan@jlebon.com>
 Date: Thu, 27 Sep 2018 16:40:24 -0400
 Subject: [PATCH] stages/files: relabel files before systemd-sysctl
 This is a workaround for an inherent issue with the current relabeling
 approach (see #635). `systemd-sysctl.service` is definitely one of those
 early services that have a high probability of reading files from `/etc`
 before it's relabeled.
 They're both pulled in by `sysinit.target`, but
 `ignition-relabel.service` has an additional `After=local-fs.target`
 which makes it likelier to run later (also see #635 about that). So for
 now, let's just hack around this by making sure `systemd-sysctl` runs
 after us.
 ---
 internal/exec/stages/files/files.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/internal/exec/stages/files/files.go b/internal/exec/stages/files/files.go
 index 609a0e8..24676bc 100644
 --- a/internal/exec/stages/files/files.go
 +++ b/internal/exec/stages/files/files.go
@@ -138,7 +138,7 @@ func (s *stage) addRelabelUnit(config types.Config) error {
 Description=Relabel files created by Ignition
 DefaultDependencies=no
 After=local-fs.target
 -Before=sysinit.target
 +Before=sysinit.target systemd-sysctl.service
 ConditionSecurity=selinux
 ConditionPathExists=/etc/selinux/ignition.relabel
 OnFailure=emergency.target
 -- 
 2.17.1
--- a/ignition.spec
+++ b/ignition.spec
@ -73,13 +73,14 @@
 Name:           ignition
 Version:        0.28.0
-Release:        6.git%{shortcommit}%{?dist}
+Release:        7.git%{shortcommit}%{?dist}
 Summary:        First boot installer and configuration tool
 License:        ASL 2.0
 URL:            https://%{provider_prefix}
 Source0:        https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
 Patch0: 0001-stages-files-relabel-var-home-and-var-roothome.patch
 Patch1: 0001-stages-files-relabel-files-before-systemd-sysctl.patch
 # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
 ExclusiveArch:  %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
@ -331,6 +332,7 @@ initramfs on boot.
 # unpack source0 and apply patches
 %setup -T -b 0 -q -n %{repo}-%{commit}
 %patch0 -p1
 %patch1 -p1
 # unpack source1 (dracut modules)
 %setup -T -D -a 1 -q -n %{repo}-%{commit}
@ -474,6 +476,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %endif
 %changelog
 * Wed Oct 10 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.28.0-7.gitf707912
 - Backport patch for handling sysctl files correctly
  https://github.com/coreos/coreos-assembler/pull/128
  https://github.com/openshift/machine-config-operator/pull/123
 * Wed Sep 26 2018 Dusty Mabe <dusty@dustymabe.com> - 0.28.0-6.gitf707912
 - Bump to ignition-dracut c09ce6f
 - * ce9f648 30ignition: add support for ignition-disks