rpms/ignition
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport patch for /root relabeling

Browse Source 
upstream: https://github.com/coreos/ignition/pull/613
This commit is contained in:
Jonathan Lebon 2018-08-15 10:55:56 -04:00
parent 6cb4a05cfc
commit 5597ff7efc
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0001-stages-files-also-relabel-root-home-dir.patch Normal file
View File

@ -0,0 +1,28 @@
From bff783ab7995370b254b9b461060f573ed031a80 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Tue, 14 Aug 2018 15:38:25 -0400
Subject: [PATCH] stages/files: also relabel /root home dir
For the same reasons that `/home` is in that list. The difference is
that the "root" user will always exist, but we might be touching and
creating files there. For example, we might be adding an
`.ssh/authorized_keys`, which will need to be relabeled.
---
internal/exec/stages/files/passwd.go | 1 +
1 file changed, 1 insertion(+)
diff --git a/internal/exec/stages/files/passwd.go b/internal/exec/stages/files/passwd.go
index df16559..2eecd40 100644
--- a/internal/exec/stages/files/passwd.go
+++ b/internal/exec/stages/files/passwd.go
@@ -40,6 +40,7 @@ func (s *stage) createPasswd(config types.Config) error {
"/etc/gshadow*",
"/etc/.pwd.lock",
"/home",
+ "/root",
)
}
--
2.17.1

10
ignition.spec
View File

@ -79,12 +79,14 @@
Name: ignition Name: ignition
Version: 0.27.0 Version: 0.27.0
Release: 1.git%{shortcommit}%{?dist} Release: 2.git%{shortcommit}%{?dist}
Summary: First boot installer and configuration tool Summary: First boot installer and configuration tool
License: ASL 2.0 License: ASL 2.0
URL: https://%{provider_prefix} URL: https://%{provider_prefix}
Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz Source0: https://%{provider_prefix}/archive/%{commit}/%{repo}-%{shortcommit}.tar.gz
Patch0: 0001-stages-files-also-relabel-root-home-dir.patch
# e.g. el6 has ppc64 arch without gcc-go, so EA tag is required # e.g. el6 has ppc64 arch without gcc-go, so EA tag is required
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}} ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. # If go_compiler is not set to 1, there is no virtual provide. Use golang instead.
@ -327,6 +329,8 @@ initramfs on boot.
# setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html # setup command reference: http://ftp.rpm.org/max-rpm/s1-rpm-inside-macros.html
# unpack source0 and apply patches # unpack source0 and apply patches
%setup -T -b 0 -q -n %{repo}-%{commit} %setup -T -b 0 -q -n %{repo}-%{commit}
%patch0 -p1
# unpack source1 (dracut modules) # unpack source1 (dracut modules)
%setup -T -D -a 1 -q -n %{repo}-%{commit} %setup -T -D -a 1 -q -n %{repo}-%{commit}
@ -470,6 +474,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%endif %endif
%changelog %changelog
* Wed Aug 15 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.27.0-2.gitcc7ebe0
- Backport patch for /root relabeling
https://github.com/coreos/ignition/pull/613
* Fri Aug 10 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.27.0-1.gitcc7ebe0 * Fri Aug 10 2018 Jonathan Lebon <jonathan@jlebon.com> - 0.27.0-1.gitcc7ebe0
- New release 0.27.0 - New release 0.27.0