From 5597ff7efcd65d36628913eb504acae4c0672c61 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 15 Aug 2018 10:55:56 -0400 Subject: [PATCH] Backport patch for /root relabeling upstream: https://github.com/coreos/ignition/pull/613 --- ...ges-files-also-relabel-root-home-dir.patch | 28 +++++++++++++++++++ ignition.spec | 10 ++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 0001-stages-files-also-relabel-root-home-dir.patch diff --git a/0001-stages-files-also-relabel-root-home-dir.patch b/0001-stages-files-also-relabel-root-home-dir.patch new file mode 100644 index 0000000..61ebfe6 --- /dev/null +++ b/0001-stages-files-also-relabel-root-home-dir.patch @@ -0,0 +1,28 @@ +From bff783ab7995370b254b9b461060f573ed031a80 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Tue, 14 Aug 2018 15:38:25 -0400 +Subject: [PATCH] stages/files: also relabel /root home dir + +For the same reasons that `/home` is in that list. The difference is +that the "root" user will always exist, but we might be touching and +creating files there. For example, we might be adding an +`.ssh/authorized_keys`, which will need to be relabeled. +--- + internal/exec/stages/files/passwd.go | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/internal/exec/stages/files/passwd.go b/internal/exec/stages/files/passwd.go +index df16559..2eecd40 100644 +--- a/internal/exec/stages/files/passwd.go ++++ b/internal/exec/stages/files/passwd.go +@@ -40,6 +40,7 @@ func (s *stage) createPasswd(config types.Config) error { + "/etc/gshadow*", + "/etc/.pwd.lock", + "/home", ++ "/root", + ) + } + +-- +2.17.1 + diff --git a/ignition.spec b/ignition.spec index ee71209..9ad599d 100644 --- a/ignition.spec +++ b/ignition.spec @@ -79,12 +79,14 @@ Name: ignition Version: 0.27.0 -Release: 1.git%{shortcommit}%{?dist} +Release: 2.git%{shortcommit}%{?dist} Summary: First boot installer and configuration tool License: ASL 2.0 URL: https://%{provider_prefix} Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz +Patch0: 0001-stages-files-also-relabel-root-home-dir.patch + # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}} # If go_compiler is not set to 1, there is no virtual provide. Use golang instead. @@ -327,6 +329,8 @@ initramfs on boot. # setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html # unpack source0 and apply patches %setup -T -b 0 -q -n %{repo}-%{commit} +%patch0 -p1 + # unpack source1 (dracut modules) %setup -T -D -a 1 -q -n %{repo}-%{commit} @@ -470,6 +474,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %endif %changelog +* Wed Aug 15 2018 Jonathan Lebon - 0.27.0-2.gitcc7ebe0 +- Backport patch for /root relabeling + https://github.com/coreos/ignition/pull/613 + * Fri Aug 10 2018 Jonathan Lebon - 0.27.0-1.gitcc7ebe0 - New release 0.27.0