2018.9-3: Backport patch for https://pagure.io/dusty/failed-composes/issue/956
This commit is contained in:
parent
3ce3a4b5d5
commit
d8a5bf5d7a
@ -0,0 +1,93 @@
|
|||||||
|
From 62a3ffcb42d9af23715f21a8c9b5d688c31c999d Mon Sep 17 00:00:00 2001
|
||||||
|
From: rpm-build <rpm-build>
|
||||||
|
Date: Fri, 2 Nov 2018 11:46:26 -0400
|
||||||
|
Subject: [PATCH] compose: Don't require SELinux policy in legacy path
|
||||||
|
|
||||||
|
In #1630, we lowered SELinux policy loading into the core. However, this
|
||||||
|
also enabled SELinux policy loading from the host system even in the
|
||||||
|
legacy (non-unified) compose path. This meant that compose systems now
|
||||||
|
needed to have the policy installed even though we didn't need it at
|
||||||
|
all. This caused regressions in pungi:
|
||||||
|
|
||||||
|
https://pagure.io/dusty/failed-composes/issue/956
|
||||||
|
|
||||||
|
Just make the binding of the "selinux" member conditional on whether or
|
||||||
|
not we're in unified mode (which is really when we even care about
|
||||||
|
having it loaded from the start for pkgcache purposes).
|
||||||
|
|
||||||
|
Closes: #1656
|
||||||
|
Approved by: cgwalters
|
||||||
|
---
|
||||||
|
src/app/rpmostree-compose-builtin-tree.c | 1 +
|
||||||
|
src/app/rpmostree-composeutil.c | 16 ++++++++++++++--
|
||||||
|
src/app/rpmostree-composeutil.h | 1 +
|
||||||
|
3 files changed, 16 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/app/rpmostree-compose-builtin-tree.c b/src/app/rpmostree-compose-builtin-tree.c
|
||||||
|
index 620fa36..4e9d45c 100644
|
||||||
|
--- a/src/app/rpmostree-compose-builtin-tree.c
|
||||||
|
+++ b/src/app/rpmostree-compose-builtin-tree.c
|
||||||
|
@@ -576,6 +576,7 @@ rpm_ostree_compose_context_new (const char *treefile_pathstr,
|
||||||
|
self->treespec = rpmostree_composeutil_get_treespec (self->corectx,
|
||||||
|
self->treefile_rs,
|
||||||
|
self->treefile,
|
||||||
|
+ opt_unified_core,
|
||||||
|
error);
|
||||||
|
if (!self->treespec)
|
||||||
|
return FALSE;
|
||||||
|
diff --git a/src/app/rpmostree-composeutil.c b/src/app/rpmostree-composeutil.c
|
||||||
|
index 820ecfd..621bc85 100644
|
||||||
|
--- a/src/app/rpmostree-composeutil.c
|
||||||
|
+++ b/src/app/rpmostree-composeutil.c
|
||||||
|
@@ -241,6 +241,7 @@ RpmOstreeTreespec *
|
||||||
|
rpmostree_composeutil_get_treespec (RpmOstreeContext *ctx,
|
||||||
|
RORTreefile *treefile_rs,
|
||||||
|
JsonObject *treedata,
|
||||||
|
+ gboolean bind_selinux,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
GLNX_AUTO_PREFIX_ERROR ("Parsing treefile", error);
|
||||||
|
@@ -255,8 +256,6 @@ rpmostree_composeutil_get_treespec (RpmOstreeContext *ctx,
|
||||||
|
return FALSE;
|
||||||
|
if (!treespec_bind_bool (treedata, treespec, "recommends", TRUE, error))
|
||||||
|
return FALSE;
|
||||||
|
- if (!treespec_bind_bool (treedata, treespec, "selinux", TRUE, error))
|
||||||
|
- return FALSE;
|
||||||
|
if (!treespec_bind_array (treedata, treespec, "install-langs", "instlangs", FALSE, error))
|
||||||
|
return FALSE;
|
||||||
|
{ const char *releasever;
|
||||||
|
@@ -267,6 +266,19 @@ rpmostree_composeutil_get_treespec (RpmOstreeContext *ctx,
|
||||||
|
g_key_file_set_string (treespec, "tree", "releasever", releasever);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (bind_selinux)
|
||||||
|
+ {
|
||||||
|
+ if (!treespec_bind_bool (treedata, treespec, "selinux", TRUE, error))
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /* In the legacy compose path, we don't want to use any of the core's selinux stuff,
|
||||||
|
+ * e.g. importing, relabeling, etc... so just disable it. We do still set the policy
|
||||||
|
+ * to the final one right before commit as usual. */
|
||||||
|
+ g_key_file_set_boolean (treespec, "tree", "selinux", FALSE);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
const char *input_ref = NULL;
|
||||||
|
if (!_rpmostree_jsonutil_object_get_optional_string_member (treedata, "ref", &input_ref, error))
|
||||||
|
return FALSE;
|
||||||
|
diff --git a/src/app/rpmostree-composeutil.h b/src/app/rpmostree-composeutil.h
|
||||||
|
index e3e64c6..3d91f58 100644
|
||||||
|
--- a/src/app/rpmostree-composeutil.h
|
||||||
|
+++ b/src/app/rpmostree-composeutil.h
|
||||||
|
@@ -47,6 +47,7 @@ RpmOstreeTreespec *
|
||||||
|
rpmostree_composeutil_get_treespec (RpmOstreeContext *ctx,
|
||||||
|
RORTreefile *treefile_rs,
|
||||||
|
JsonObject *treedata,
|
||||||
|
+ gboolean bind_selinux,
|
||||||
|
GError **error);
|
||||||
|
|
||||||
|
GHashTable *
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
@ -14,7 +14,7 @@
|
|||||||
Summary: Hybrid image/package system
|
Summary: Hybrid image/package system
|
||||||
Name: rpm-ostree
|
Name: rpm-ostree
|
||||||
Version: 2018.9
|
Version: 2018.9
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
#VCS: https://github.com/cgwalters/rpm-ostree
|
#VCS: https://github.com/cgwalters/rpm-ostree
|
||||||
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
|
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
|
||||||
# in the upstream git. If rust is enabled, it contains vendored sources.
|
# in the upstream git. If rust is enabled, it contains vendored sources.
|
||||||
@ -23,6 +23,7 @@ License: LGPLv2+
|
|||||||
URL: https://github.com/projectatomic/rpm-ostree
|
URL: https://github.com/projectatomic/rpm-ostree
|
||||||
|
|
||||||
Patch0: 0001-rust-Drop-crates-io-patch-and-use-0.4.0.patch
|
Patch0: 0001-rust-Drop-crates-io-patch-and-use-0.4.0.patch
|
||||||
|
Patch1: 0001-compose-Don-t-require-SELinux-policy-in-legacy-path.patch
|
||||||
|
|
||||||
%if %{with rust}
|
%if %{with rust}
|
||||||
%if !%{defined rust_arches}
|
%if !%{defined rust_arches}
|
||||||
@ -201,6 +202,9 @@ $PYTHON autofiles.py > files.devel \
|
|||||||
%files devel -f files.devel
|
%files devel -f files.devel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Nov 02 2018 Jonathan Lebon <jonathan@jlebon.com> - 2018.9-3
|
||||||
|
- Backport patch for https://pagure.io/dusty/failed-composes/issue/956
|
||||||
|
|
||||||
* Tue Oct 30 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2018.9-2
|
* Tue Oct 30 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2018.9-2
|
||||||
- Rebuild for libsolv 0.7
|
- Rebuild for libsolv 0.7
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user