commit combustion for openSUSE:Factory

Sat, 19 Jun 2021 17:44:05 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package combustion for openSUSE:Factory 
checked in at 2021-06-19 23:03:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/combustion (Old)
 and      /work/SRC/openSUSE:Factory/.combustion.new.2625 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "combustion"

Sat Jun 19 23:03:21 2021 rev:9 rq:900741 version:0.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/combustion/combustion.changes    2021-01-25 
18:25:35.088599980 +0100
+++ /work/SRC/openSUSE:Factory/.combustion.new.2625/combustion.changes  
2021-06-19 23:03:55.459753111 +0200
@@ -1,0 +2,11 @@
+Mon Jun  7 14:13:14 UTC 2021 - Fabian Vogt <fv...@suse.com>
+
+- combustion: Relabel the old snapshot (if necessary) and explicitly
+  trigger autorelabel for the new snapshot
+
+-------------------------------------------------------------------
+Fri Mar  5 13:35:22 UTC 2021 - Fabian Vogt <fv...@suse.com>
+
+- Expand and clarify README
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ README ++++++
--- /var/tmp/diff_new_pack.Putw5k/_old  2021-06-19 23:03:55.899753790 +0200
+++ /var/tmp/diff_new_pack.Putw5k/_new  2021-06-19 23:03:55.903753796 +0200
@@ -19,11 +19,25 @@
 It expects a directory "combustion" at the root level of the filesystem and
 a file "script" inside, which is executed inside a transactional-update shell.
 
+ <root directory>
+ ????????? combustion
+ ???   ????????? script
+ ???   ????????? ... other files
+ ????????? ignition (optional)
+     ????????? config.ign
+
 If a QEMU fw_cfg blob with the name "opt/org.opensuse.combustion/script" is
 found, it is preferred and the content of that is used as script.
 Example parameter for QEMU:
 -fw_cfg name=opt/org.opensuse.combustion/script,file=/var/combustion-script
 
+You can do everything necessary for initial system configuration from this
+script, including addition of ssh keys, adding users, changing passwords
+or even doing partitioning changes.
+
+Simple example
+--------------
+
 Example for formatting a USB drive and adding a config, which installs the
 "vim-small" package and creates a /root/welcome file:
 
@@ -43,12 +57,34 @@
 umount /mnt
 ```
 
-The "# combustion: network" comment indicates that network needs to be
-configured before running the script.
+The "# combustion: network" comment triggers networking initialization before
+running the script. This is equivalent to passing "rd.neednet=1" on the kernel
+cmdline and so the network configuration parameters (man dracut.cmdline) apply
+here as well. If those aren't specified, it defaults to "ip=dhcp" for each
+available interface.
 
-You can do everything necessary for initial system configuration from this
-script, including addition of ssh keys, adding users, changing passwords
-or even doing partitioning changes.
+More complex configuration example
+----------------------------------
+
+This script additionally provides visible feedback during boot, sets a password
+and copies a public ssh key (which has to be in the "combustion" folder).
+
+```
+#!/bin/bash
+# combustion: network
+# Redirect output to the console
+exec > >(exec tee -a /dev/tty0) 2>&1
+# Set a password for root, generate the hash with "openssl passwd -6"
+echo 'root:$5$.wn2BZHlEJ5R3B1C$TAHEchlU.h2tvfOpOki54NaHpGYKwdNhjaBuSpDotD7' | 
chpasswd -e
+# Add a public ssh key and enable sshd
+mkdir -pm700 /root/.ssh/
+cat id_rsa_new.pub >> /root/.ssh/authorized_keys
+systemctl enable sshd.service
+# Install vim-small
+zypper --non-interactive install vim-small
+# Leave a marker
+echo "Configured with combustion" > /etc/issue.d/combustion
+```
 
 How it works
 ------------

++++++ combustion ++++++
--- /var/tmp/diff_new_pack.Putw5k/_old  2021-06-19 23:03:55.911753808 +0200
+++ /var/tmp/diff_new_pack.Putw5k/_new  2021-06-19 23:03:55.915753814 +0200
@@ -106,6 +106,14 @@
        exit 1
 fi
 
+# Have to take care of x-initrd.mount first and from the outside
+awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || 
mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab
+
+# Make sure the old snapshot is relabeled too, otherwise syncing its /etc 
fails.
+if [ -e /sysroot/etc/selinux/.autorelabel ]; then
+       NEWROOT=/sysroot bash -c '. /lib/dracut-lib.sh; . 
/lib/dracut/hooks/pre-pivot/50-selinux-microos-relabel.sh'
+fi
+
 # Prepare chroot
 for i in proc sys dev; do
        mount --rbind /$i /sysroot/$i
@@ -113,8 +121,6 @@
 mount --make-rslave /sysroot
 
 # Mount everything we can, errors deliberately ignored
-# Have to take care of x-initrd.mount first and from the outside
-awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || 
mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab
 chroot /sysroot mount -a || true
 # t-u needs writable /var/run and /tmp
 findmnt /sysroot/run >/dev/null || mount -t tmpfs tmpfs /sysroot/run
@@ -150,6 +156,9 @@
                chroot /sysroot transactional-update --no-selfupdate rollback
                exit 1
        fi
+
+       # Snapshot got touched while the policy isn't active, needs relabeling 
again.
+       [ -e /sysroot/etc/selinux/.relabelled ] && >> 
/sysroot/etc/selinux/.autorelabel
 else
        mount -o remount,rw /sysroot
        if ! chroot /sysroot sh -e -c "cd '${config_dir}'; chmod a+x script; 
./script"; then

Reply via email to