Date: Thursday, March 17, 2022 @ 18:03:55 Author: jelle Revision: 1156766
archrelease: copy trunk to community-any Added: osbuild/repos/community-any/PKGBUILD (from rev 1156765, osbuild/trunk/PKGBUILD) osbuild/repos/community-any/no-selinux-distro-fix.patch (from rev 1156765, osbuild/trunk/no-selinux-distro-fix.patch) Deleted: osbuild/repos/community-any/PKGBUILD -----------------------------+ PKGBUILD | 77 +++++++++++++++++++++++------------------- no-selinux-distro-fix.patch | 42 ++++++++++++++++++++++ 2 files changed, 85 insertions(+), 34 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2022-03-17 18:03:47 UTC (rev 1156765) +++ PKGBUILD 2022-03-17 18:03:55 UTC (rev 1156766) @@ -1,34 +0,0 @@ -# Maintainer: Jelle van der Waa <je...@archlinux.org> -# Contributor: Achilleas Koutsou <achill...@koutsou.net> - -pkgname=osbuild -pkgdesc='Build Pipelines for Operating System Artifacts' -pkgver=52 -pkgrel=3 -url="https://www.osbuild.org" -arch=(any) -license=(Apache) -depends=(bubblewrap curl e2fsprogs qemu python util-linux python-yaml python-jsonschema) -makedepends=(make python-docutils python-setuptools) -optdepends=('dnf: build rpm/dnf images' - 'pacman: build pacman images') -source=($pkgname-$pkgver.tar.gz::https://github.com/osbuild/osbuild/archive/refs/tags/v${pkgver}.tar.gz) -sha256sums=('f0cfc3ddf22833b334773dd8b1275b2e2ec3ff192797a362a8c030676ba4abb8') - -build() { - cd $pkgname-$pkgver - python setup.py build -} - -package() { - cd $pkgname-$pkgver - make man - python setup.py install --skip-build --root="$pkgdir" - - install -m 0755 -d "$pkgdir/usr/lib/osbuild" - mkdir "${pkgdir}/usr/lib/osbuild/osbuild" - - for group in assemblers devices inputs runners schemas sources stages mounts ; do - cp -vdr --no-preserve=ownership "$group" "$pkgdir/usr/lib/osbuild/" - done -} Copied: osbuild/repos/community-any/PKGBUILD (from rev 1156765, osbuild/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2022-03-17 18:03:55 UTC (rev 1156766) @@ -0,0 +1,43 @@ +# Maintainer: Jelle van der Waa <je...@archlinux.org> +# Contributor: Achilleas Koutsou <achill...@koutsou.net> + +pkgname=osbuild +pkgdesc='Build Pipelines for Operating System Artifacts' +pkgver=52 +pkgrel=4 +url="https://www.osbuild.org" +arch=(any) +license=(Apache) +depends=(bubblewrap curl e2fsprogs qemu python util-linux python-yaml python-jsonschema) +makedepends=(make python-docutils python-setuptools) +optdepends=('dnf: build rpm/dnf images' + 'pacman: build pacman images') +source=($pkgname-$pkgver.tar.gz::https://github.com/osbuild/osbuild/archive/refs/tags/v${pkgver}.tar.gz + ./no-selinux-distro-fix.patch) +sha256sums=('f0cfc3ddf22833b334773dd8b1275b2e2ec3ff192797a362a8c030676ba4abb8' + 'f2b4cf3910673beb8d229ed436cdd6d5f9b35c8ceea28c6dbc4f022c96db0a26') + +prepare() { + cd $pkgname-$pkgver + patch -Np1 -i ${srcdir}/no-selinux-distro-fix.patch +} + +build() { + cd $pkgname-$pkgver + python setup.py build +} + +package() { + cd $pkgname-$pkgver + make man + python setup.py install --skip-build --root="$pkgdir" + + install -m 0755 -d "$pkgdir/usr/lib/osbuild/osbuild" + + for group in assemblers devices inputs runners schemas sources stages mounts ; do + cp -vdr --no-preserve=ownership "$group" "$pkgdir/usr/lib/osbuild/" + done + + # udev rules + install -Dm644 data/10-osbuild-inhibitor.rules "$pkgdir"/usr/lib/udev/rules.d/10-osbuild-inhibitor.rules +} Copied: osbuild/repos/community-any/no-selinux-distro-fix.patch (from rev 1156765, osbuild/trunk/no-selinux-distro-fix.patch) =================================================================== --- no-selinux-distro-fix.patch (rev 0) +++ no-selinux-distro-fix.patch 2022-03-17 18:03:55 UTC (rev 1156766) @@ -0,0 +1,42 @@ +From 5cde83a7f8ec29f3aa8c214c6e74921cd734a387 Mon Sep 17 00:00:00 2001 +From: Christian Kellner <christ...@kellner.me> +Date: Thu, 17 Mar 2022 15:22:12 +0100 +Subject: [PATCH] stages/selinux: directly call setfilecon + +Instead of using `chcon`, directly call `selinux.setfilecon`. On +systems without SELinux support, i.e. coreutils was built without +<selinux.h> present, `chcon` will return `ENOTSUP` for all selinux +related calls like `setfilecon` even if the selinux libraries are +later installed. Therefore we directly call the library function +which should ensure that we don't error out as long as the library +is present. The only other thing `chcon` is doing besides a cal to +the `setfilecon` method is to convert the context string to a +`contex_t` and back to validate it. This should not be needed since +the kernel will do this for us. On system without SELinux support +`context_new` will also not validate the context. +--- + stages/org.osbuild.selinux | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/stages/org.osbuild.selinux b/stages/org.osbuild.selinux +index 2ca277e7a..64d4fb66f 100755 +--- a/stages/org.osbuild.selinux ++++ b/stages/org.osbuild.selinux +@@ -25,6 +25,8 @@ import pathlib + import subprocess + import sys + ++import selinux ++ + import osbuild.api + + +@@ -60,7 +62,7 @@ def main(tree, options): + + for path, label in labels.items(): + fullpath = os.path.join(tree, path.lstrip("/")) +- subprocess.run(["chcon", "-v", label, fullpath], check=True) ++ selinux.setfilecon(fullpath, label) + + if options.get("force_autorelabel", False): + stamp = pathlib.Path(tree, ".autorelabel")