Backport upstream patch to workaround problem booting on live systems

- https://github.com/coreos/fedora-coreos-tracker/issues/339
- https://github.com/coreos/ignition/pull/907
This commit is contained in:
Dusty Mabe 2019-12-20 14:59:31 -05:00
parent 367cb35982
commit 1017665935
No known key found for this signature in database
GPG Key ID: 3302DBD73952E671
2 changed files with 53 additions and 1 deletions

View File

@ -0,0 +1,44 @@
From 5028460bba73b7580cb9198474358cb65afcbe0e Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Thu, 19 Dec 2019 16:21:19 -0500
Subject: [PATCH] stages/files: don't relabel /home and /root symlinks
On OSTree systems, those are just symlinks in the deployment root. If
they're not labeled correctly already, it signals an issue with the disk
creation process itself (and might also signal that the next time a
deployment root is created, it'll also be mislabeled).
Anyway, even on non-OSTree systems, it seems reasonable to expect that
`/home` and `/root` at least already exist and don't need to be created
(and thus don't need to be relabeld).
It's possible that [fixing `getxattr` without a policy
loaded](https://github.com/coreos/fedora-coreos-config/pull/245#issuecomment-560578750)
would also fix this, since `setfiles` would see that the symlinks were
already correctly labeled.
In effect, this is completing what #632 started.
Closes: https://github.com/coreos/fedora-coreos-tracker/issues/339
---
internal/exec/stages/files/passwd.go | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/internal/exec/stages/files/passwd.go b/internal/exec/stages/files/passwd.go
index 8ba6cb1..c3d4737 100644
--- a/internal/exec/stages/files/passwd.go
+++ b/internal/exec/stages/files/passwd.go
@@ -68,9 +68,7 @@ func (s *stage) createPasswd(config types.Config) error {
s.relabel(deglobbed...)
s.relabel(
"/etc/.pwd.lock",
- "/home",
- "/root",
- // for OSTree-based systems (newer restorecon doesn't follow symlinks)
+ // for OSTree-based systems
"/var/home",
"/var/roothome",
)
--
2.20.1

View File

@ -73,13 +73,15 @@
Name: ignition Name: ignition
Version: 2.1.1 Version: 2.1.1
Release: 2.git%{shortcommit}%{?dist} Release: 3.git%{shortcommit}%{?dist}
Summary: First boot installer and configuration tool Summary: First boot installer and configuration tool
License: ASL 2.0 and BSD License: ASL 2.0 and BSD
URL: https://%{provider_prefix} URL: https://%{provider_prefix}
Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
Source1: https://%{dracutprovider_prefix}/archive/%{dracutcommit}/%{dracutrepo}-%{dracutshortcommit}.tar.gz Source1: https://%{dracutprovider_prefix}/archive/%{dracutcommit}/%{dracutrepo}-%{dracutshortcommit}.tar.gz
Patch0: 0001-stages-files-don-t-relabel-home-and-root-symlinks.patch
%define gopath %{_datadir}/gocode %define gopath %{_datadir}/gocode
ExcludeArch: ppc64 ExcludeArch: ppc64
BuildRequires: golang >= 1.10 BuildRequires: golang >= 1.10
@ -375,6 +377,7 @@ Ignition project's Github releases page.
# setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html # setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html
# unpack source0 and apply patches # unpack source0 and apply patches
%setup -T -b 0 -q -n %{repo}-%{commit} %setup -T -b 0 -q -n %{repo}-%{commit}
%patch0 -p1
# unpack source1 (dracut modules) # unpack source1 (dracut modules)
%setup -T -D -a 1 -q -n %{repo}-%{commit} %setup -T -D -a 1 -q -n %{repo}-%{commit}
@ -543,6 +546,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%endif %endif
%changelog %changelog
* Fri Dec 20 2019 Dusty Mabe <dusty@dustymabe.com> - 2.1.1-3.git40c0b57
- Backport upstream patch to workaround problem booting on live systems
- https://github.com/coreos/fedora-coreos-tracker/issues/339
- https://github.com/coreos/ignition/pull/907
* Tue Dec 17 2019 Andrew Jeddeloh <ajeddelo@redhat.com> - 2.1.1-2.git40c0b57 * Tue Dec 17 2019 Andrew Jeddeloh <ajeddelo@redhat.com> - 2.1.1-2.git40c0b57
- Add ignition-validate-nonlinux subpackage. This should not be installed. It - Add ignition-validate-nonlinux subpackage. This should not be installed. It
is only used for building binaries to sign by Fedora release engineering and is only used for building binaries to sign by Fedora release engineering and