manifests: set proper SELinux labels for '/boot/efi' and '/boot/lost+…

…found' Issue: osbuild/osbuild#1877
coreos · Oct 30, 2024 · 11db312 · 11db312
1 parent af1468c
commit 11db312
Show file tree

Hide file tree

Showing 11 changed files with 835 additions and 45 deletions.
diff --git a/build.sh b/build.sh
@@ -173,7 +173,12 @@ patch_osbuild() {
     mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/
 
     # Now all the software is under the /usr/lib/osbuild dir and we can patch
-    patch -d /usr/lib/osbuild -p1 < /usr/lib/coreos-assembler/0001-hacks-for-coreos-selinux-issues.patch
+    cat /usr/lib/coreos-assembler/0001-org.osbuild.mkdir-support-creating-dirs-on-mounts.patch    \
+        /usr/lib/coreos-assembler/0001-parsing-add-parse_location_into_parts.patch                \
+        /usr/lib/coreos-assembler/0002-parsing-treat-locations-without-scheme-as-belonging-.patch \
+        /usr/lib/coreos-assembler/0003-org.osbuild.selinux-support-operating-on-mounts.patch      \
+        /usr/lib/coreos-assembler/0004-org.osbuild.selinux-support-for-specifying-where-fil.patch \
+            | patch -d /usr/lib/osbuild -p1
 
     # And then move the files back; supermin appliance creation will need it back
     # in the places delivered by the RPM.

diff --git a/src/0001-hacks-for-coreos-selinux-issues.patch b/src/0001-hacks-for-coreos-selinux-issues.patch
diff --git a/src/0001-org.osbuild.mkdir-support-creating-dirs-on-mounts.patch b/src/0001-org.osbuild.mkdir-support-creating-dirs-on-mounts.patch
@@ -0,0 +1,109 @@
+From 362a1ea2485ea2c49e6c250a0446bd5a33b2062c Mon Sep 17 00:00:00 2001
+From: Nikita Dubrovskii <[email protected]>
+Date: Mon, 30 Sep 2024 15:46:31 +0200
+Subject: [PATCH] org.osbuild.mkdir: support creating dirs on mounts
+
+This allows creating new directories on mounts:
+```
+- type: org.osbuild.mkdir
+  options:
+    paths:
+      - path: mount:///boot/efi
+  devices:
+    disk: ...
+  mounts:
+    - name: boot
+      target: /boot
+      ...
+```
+---
+ stages/org.osbuild.mkdir           | 22 ++++++++++++----------
+ stages/org.osbuild.mkdir.meta.json | 21 ++++++++++++++++++---
+ 2 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/stages/org.osbuild.mkdir b/stages/org.osbuild.mkdir
+index f04549f6..d2d11a7a 100755
+--- a/stages/org.osbuild.mkdir
++++ b/stages/org.osbuild.mkdir
+@@ -3,23 +3,26 @@ import os
+ import sys
+
+ import osbuild.api
+-from osbuild.util.path import in_tree
++from osbuild.util import parsing
+
+
+-def main(tree, options):
++def main(args):
++    options = args["options"]
++
+     for item in options["paths"]:
+         path = item["path"]
+         mode = item.get("mode", 0o777)
+         parents = item.get("parents", False)
+         exist_ok = item.get("exist_ok", False)
+
+-        if not path.startswith("/"):
+-            print("WARNING: relative path used, this is discouraged!")
+-
+-        target = os.path.join(tree, path.lstrip("/"))
+-        if not in_tree(target, tree):
+-            raise ValueError(f"path {path} not in tree")
++        if "://" not in path:
++            if not path.startswith("/"):
++                print("WARNING: relative path used, this is discouraged!")
++                path = f"tree:///{path}"
++            else:
++                path = f"tree://{path}"
+
++        target = parsing.parse_location(path, args)
+         if parents:
+             os.makedirs(target, mode=mode, exist_ok=exist_ok)
+         else:
+@@ -33,5 +36,4 @@ def main(tree, options):
+
+
+ if __name__ == "__main__":
+-    args = osbuild.api.arguments()
+-    sys.exit(main(args["tree"], args["options"]))
++    sys.exit(main(osbuild.api.arguments()))
+diff --git a/stages/org.osbuild.mkdir.meta.json b/stages/org.osbuild.mkdir.meta.json
+index 5534120a..6cebaaf5 100644
+--- a/stages/org.osbuild.mkdir.meta.json
++++ b/stages/org.osbuild.mkdir.meta.json
+@@ -1,5 +1,5 @@
+ {
+-  "summary": "Create directories within the tree.",
++  "summary": "Create directories within the tree or mount.",
+   "description": [
+     "Can create one or more directories, optionally also the",
+     "intermediate directories. The stage can gracefully handle",
+@@ -31,8 +31,23 @@
+             ],
+             "properties": {
+               "path": {
+-                "type": "string",
+-                "pattern": "^\\/?(?!\\.\\.)((?!\\/\\.\\.\\/).)+$"
++                "anyOf": [
++                  {
++                    "type": "string",
++                    "description": "Target path, if a tree",
++                    "pattern": "^\\/?(?!\\.\\.)((?!\\/\\.\\.\\/).)+$"
++                  },
++                  {
++                    "type": "string",
++                    "description": "Target path, if a mount",
++                    "pattern": "^mount://.+"
++                  },
++                  {
++                    "type": "string",
++                    "description": "Target path, if a tree",
++                    "pattern": "^tree://.+"
++                  }
++                ]
+               },
+               "mode": {
+                 "type": "number",
+-- 
+2.47.0
+
diff --git a/src/0001-parsing-add-parse_location_into_parts.patch b/src/0001-parsing-add-parse_location_into_parts.patch
@@ -0,0 +1,68 @@
+From 762ef314a0da81cf33da750e3208007704459e59 Mon Sep 17 00:00:00 2001
+From: Nikita Dubrovskii <[email protected]>
+Date: Fri, 18 Oct 2024 12:28:32 +0200
+Subject: [PATCH 1/4] parsing: add parse_location_into_parts
+
+New fucntion returns tuple of 'root' and relative 'file path', which could be
+useful in contexts, where knowing 'root' is required, for example setting
+selinux labels.
+---
+ osbuild/util/parsing.py | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/osbuild/util/parsing.py b/osbuild/util/parsing.py
+index f8fb2768..f75ffd67 100644
+--- a/osbuild/util/parsing.py
++++ b/osbuild/util/parsing.py
+@@ -2,7 +2,7 @@
+
+ import os
+ import re
+-from typing import Dict, Union
++from typing import Dict, Tuple, Union
+ from urllib.parse import ParseResult, urlparse
+
+
+@@ -72,9 +72,9 @@ def parse_input(url: ParseResult, args: Dict) -> os.PathLike:
+     return root
+
+
+-def parse_location(location: str, args: Dict) -> str:
++def parse_location_into_parts(location: str, args: Dict) -> Tuple[str, str]:
+     """
+-    Parses the location URL to derive the corresponding file path.
++    Parses the location URL to derive the corresponding root and url path.
+
+     Parameters:
+     - location (str): The location URL to be parsed.
+@@ -97,11 +97,24 @@ def parse_location(location: str, args: Dict) -> str:
+     if not url.path.startswith("/"):
+         raise ValueError(f"url.path from location must start with '/', got: {url.path}")
+
+-    path = os.path.relpath(url.path, "/")
++    return root, url.path
++
++
++def parse_location(location: str, args: Dict) -> str:
++    """
++    Parses the location URL to derive the corresponding file path.
++
++    Parameters:
++    - location (str): The location URL to be parsed.
++    - args (Dict): A dictionary containing arguments including mounts and
++    path information as passed by osbuild.api.arguments()
++    """
++
++    root, urlpath = parse_location_into_parts(location, args)
++    path = os.path.relpath(urlpath, "/")
+     path = os.path.join(root, path)
+     path = os.path.normpath(path)
+-
+-    if url.path.endswith("/"):
++    if urlpath.endswith("/"):
+         path = os.path.join(path, ".")
+
+     return path
+-- 
+2.47.0
+
diff --git a/src/0002-parsing-treat-locations-without-scheme-as-belonging-.patch b/src/0002-parsing-treat-locations-without-scheme-as-belonging-.patch
@@ -0,0 +1,51 @@
+From 14f0d823d4541a564df5fc6624c149b50fb8e88b Mon Sep 17 00:00:00 2001
+From: Nikita Dubrovskii <[email protected]>
+Date: Mon, 28 Oct 2024 11:20:23 +0100
+Subject: [PATCH 2/4] parsing: treat locations without scheme as belonging to
+ 'tree://'
+
+---
+ osbuild/util/parsing.py  | 8 ++++++++
+ stages/org.osbuild.mkdir | 7 -------
+ 2 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/osbuild/util/parsing.py b/osbuild/util/parsing.py
+index f75ffd67..6a907a1d 100644
+--- a/osbuild/util/parsing.py
++++ b/osbuild/util/parsing.py
+@@ -82,6 +82,14 @@ def parse_location_into_parts(location: str, args: Dict) -> Tuple[str, str]:
+     path information as passed by osbuild.api.arguments()
+     """
+
++    if "://" not in location:
++        print("INFO: location has no scheme, assuming 'tree://'")
++        if location.startswith("/"):
++            location = f"tree://{location}"
++        else:
++            print("WARNING: relative path used, this is discouraged!")
++            location = f"tree:///{location}"
++
+     url = urlparse(location)
+
+     scheme = url.scheme
+diff --git a/stages/org.osbuild.mkdir b/stages/org.osbuild.mkdir
+index d2d11a7a..6861b131 100755
+--- a/stages/org.osbuild.mkdir
++++ b/stages/org.osbuild.mkdir
+@@ -15,13 +15,6 @@ def main(args):
+         parents = item.get("parents", False)
+         exist_ok = item.get("exist_ok", False)
+
+-        if "://" not in path:
+-            if not path.startswith("/"):
+-                print("WARNING: relative path used, this is discouraged!")
+-                path = f"tree:///{path}"
+-            else:
+-                path = f"tree://{path}"
+-
+         target = parsing.parse_location(path, args)
+         if parents:
+             os.makedirs(target, mode=mode, exist_ok=exist_ok)
+-- 
+2.47.0
+