From e6f93dfb9f0580bf0f15501e424c99cf3355c4f5 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 20 Aug 2025 10:36:48 +0100
Subject: [PATCH] Update common submodule

Pulls in the commits listed below.  This has no effect as all changes
are confined to the common/mlcustomize subdirectory which we do not
use or ship.

  Richard W.M. Jones (4):
      mlcustomize/SELinux_relabel.ml: Add comment
      mlcustomize/SELinux_relabel.ml: Use new guestfs_setfiles API
      mlcustomize/SELinux_relabel.ml: Relabel every mountpoint
      mlcustomize/firstboot.ml: Use quoted string literals for firstboot

  Vadim Rozenfeld (1):
      Modify the firstboot script to check the scripts execution return status
---
 common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Submodule common 0e9caa175..7ecf3992b:
diff --git a/common/mlcustomize/SELinux_relabel.ml b/common/mlcustomize/SELinux_relabel.ml
index 2f3a09b..f1729e3 100644
--- a/common/mlcustomize/SELinux_relabel.ml
+++ b/common/mlcustomize/SELinux_relabel.ml
@@ -1,5 +1,5 @@
 (* virt-customize
- * Copyright (C) 2016 Red Hat Inc.
+ * Copyright (C) 2016-2025 Red Hat Inc.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -24,6 +24,10 @@ open Printf
 
 module G = Guestfs
 
+(* XXX A lot of this code could usefully be moved into
+ * [libguestfs.git/daemon/selinux.ml].
+ *)
+
 let rec relabel (g : G.guestfs) =
   (* Is the guest using SELinux?  (Otherwise this is a no-op). *)
   if is_selinux_guest g then (
@@ -109,5 +113,13 @@ and use_setfiles g =
     g#copy_attributes ~all:true old_specfile specfile
   );
 
+  (* Get the list of mountpoints, since setfiles does not cross
+   * filesystems (RHEL-108174).
+   *)
+  let mps = g#mountpoints () |>
+            List.map snd |>       (* the list of directories *)
+            List.sort compare |>  (* sort them for consistency *)
+            Array.of_list in
+
   (* Relabel everything. *)
-  g#selinux_relabel ~force:true specfile "/"
+  g#setfiles ~force:true specfile mps
diff --git a/common/mlcustomize/firstboot.ml b/common/mlcustomize/firstboot.ml
index 6aca4c3..360c33d 100644
--- a/common/mlcustomize/firstboot.ml
+++ b/common/mlcustomize/firstboot.ml
@@ -35,8 +35,7 @@ let sanitize_name =
 module Linux = struct
   let firstboot_dir = "/usr/lib/virt-sysprep"
 
-  let firstboot_sh = sprintf "\
-#!/bin/sh -
+  let firstboot_sh = sprintf {|#!/bin/sh -
 
 ### BEGIN INIT INFO
 # Provides:          virt-sysprep
@@ -57,14 +56,14 @@ d=%s/scripts
 d_done=%s/scripts-done
 logfile=~root/virt-sysprep-firstboot.log
 
-echo \"$0\" \"$@\" 2>&1 | tee -a $logfile
-echo \"Scripts dir: $d\" 2>&1 | tee -a $logfile
+echo "$0" "$@" 2>&1 | tee -a $logfile
+echo "Scripts dir: $d" 2>&1 | tee -a $logfile
 
-if test \"$1\" = \"start\"
+if test "$1" = "start"
 then
   mkdir -p $d_done
   for f in $d/* ; do
-    if test -x \"$f\"
+    if test -x "$f"
     then
       # move the script to the 'scripts-done' directory, so it is not
       # executed again at the next boot
@@ -75,7 +74,7 @@ then
   done
   rm -f $d_done/*
 fi
-" firstboot_dir firstboot_dir
+|} firstboot_dir firstboot_dir
 
   let systemd_target = "multi-user.target"
 
@@ -282,36 +281,41 @@ module Windows = struct
      * XXX It would be better to use powershell here.  For some ideas see
      * https://github.com/HCK-CI/HLK-Setup-Scripts/
      *)
-    let firstboot_script = sprintf "\
-@echo off
+    let firstboot_script = sprintf {|@echo off
 
 setlocal EnableDelayedExpansion
 set firstboot=%s
-set log=%%firstboot%%\\log.txt
+set log=%%firstboot%%\log.txt
 
-set scripts=%%firstboot%%\\scripts
-set scripts_done=%%firstboot%%\\scripts-done
+set scripts=%%firstboot%%\scripts
+set scripts_done=%%firstboot%%\scripts-done
 
-call :main >> \"%%log%%\" 2>&1
+call :main >> "%%log%%" 2>&1
 exit /b
 
 :main
 echo starting firstboot service
 
-if not exist \"%%scripts_done%%\" (
-  mkdir \"%%scripts_done%%\"
+if not exist "%%scripts_done%%" (
+  mkdir "%%scripts_done%%"
 )
 
 :: Pick the next script to run.
-for %%%%f in (\"%%scripts%%\"\\*.bat) do (
-  echo running \"%%%%f\"
-  move \"%%%%f\" \"%%scripts_done%%\"
-  pushd \"%%scripts_done%%\"
-  call \"%%%%~nf\"
+for %%%%f in ("%%scripts%%"\*.bat) do (
+  echo running "%%%%f"
+  pushd "%%scripts%%"
+  call "%%%%~nf"
   set elvl=!errorlevel!
   echo .... exit code !elvl!
   popd
 
+  if !elvl! NEQ 249 (
+    echo Script succeeded, moving to scripts-done
+    move "%%%%f" "%%scripts_done%%"
+  ) else (
+    echo Script failed, will retry on next boot
+  )
+
   :: Reboot the computer.  This is necessary to free any locked
   :: files which may prevent later scripts from running.
   shutdown /r /t 0 /y
@@ -323,8 +327,8 @@ for %%%%f in (\"%%scripts%%\"\\*.bat) do (
 
 :: Fallthrough here if there are no scripts.
 echo uninstalling firstboot service
-\"%%firstboot%%\\%s\" -s firstboot uninstall
-" firstboot_dir_win srvany in
+"%%firstboot%%\%s" -s firstboot uninstall
+|} firstboot_dir_win srvany in
 
     g#write (firstboot_dir // "firstboot.bat")
             (String.unix2dos firstboot_script);
-- 
2.47.1