[arch-commits] Commit in buildah/repos/community-testing-x86_64 (4 files)

Bartłomiej Piotrowski bpiotrowski at archlinux.org
Fri May 11 06:21:58 UTC 2018


    Date: Friday, May 11, 2018 @ 06:21:57
  Author: bpiotrowski
Revision: 320504

archrelease: copy trunk to community-testing-x86_64

Added:
  buildah/repos/community-testing-x86_64/0001-Revert-ostree-add-selinux-label-for-each-file.patch
    (from rev 320503, buildah/trunk/0001-Revert-ostree-add-selinux-label-for-each-file.patch)
  buildah/repos/community-testing-x86_64/PKGBUILD
    (from rev 320503, buildah/trunk/PKGBUILD)
Deleted:
  buildah/repos/community-testing-x86_64/0001-Revert-ostree-add-selinux-label-for-each-file.patch
  buildah/repos/community-testing-x86_64/PKGBUILD

----------------------------------------------------------+
 0001-Revert-ostree-add-selinux-label-for-each-file.patch |  301 ++++++-------
 PKGBUILD                                                 |   88 +--
 2 files changed, 188 insertions(+), 201 deletions(-)

Deleted: 0001-Revert-ostree-add-selinux-label-for-each-file.patch
===================================================================
--- 0001-Revert-ostree-add-selinux-label-for-each-file.patch	2018-05-11 06:21:52 UTC (rev 320503)
+++ 0001-Revert-ostree-add-selinux-label-for-each-file.patch	2018-05-11 06:21:57 UTC (rev 320504)
@@ -1,157 +0,0 @@
-From 6b8fffe3e9a8525679b8a653fcd9b05dc2f5984a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= <b at bpiotrowski.pl>
-Date: Sat, 17 Mar 2018 21:33:23 +0100
-Subject: [PATCH] Revert "ostree: add selinux label for each file"
-
-This reverts commit 9b4510f6d1627c8e53c3303a8fe48ca7842c2ace.
----
- ostree/ostree_dest.go | 60 ++++++---------------------------------------------
- 1 file changed, 7 insertions(+), 53 deletions(-)
-
-diff --git a/ostree/ostree_dest.go b/ostree/ostree_dest.go
-index 1d97daf..c1c8557 100644
---- a/ostree/ostree_dest.go
-+++ b/ostree/ostree_dest.go
-@@ -14,31 +14,25 @@ import (
- 	"os/exec"
- 	"path/filepath"
- 	"strconv"
--	"strings"
--	"syscall"
- 	"time"
--	"unsafe"
- 
- 	"github.com/containers/image/manifest"
- 	"github.com/containers/image/types"
- 	"github.com/containers/storage/pkg/archive"
- 	"github.com/opencontainers/go-digest"
--	selinux "github.com/opencontainers/selinux/go-selinux"
- 	"github.com/ostreedev/ostree-go/pkg/otbuiltin"
- 	"github.com/pkg/errors"
- 	"github.com/vbatts/tar-split/tar/asm"
- 	"github.com/vbatts/tar-split/tar/storage"
- )
- 
--// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux
-+// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1
- // #include <glib.h>
- // #include <glib-object.h>
- // #include <gio/gio.h>
- // #include <stdlib.h>
- // #include <ostree.h>
- // #include <gio/ginputstream.h>
--// #include <selinux/selinux.h>
--// #include <selinux/label.h>
- import "C"
- 
- type blobToImport struct {
-@@ -156,7 +150,7 @@ func (d *ostreeImageDestination) PutBlob(stream io.Reader, inputInfo types.BlobI
- 	return types.BlobInfo{Digest: computedDigest, Size: size}, nil
- }
- 
--func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, usermode bool) error {
-+func fixFiles(dir string, usermode bool) error {
- 	entries, err := ioutil.ReadDir(dir)
- 	if err != nil {
- 		return err
-@@ -171,42 +165,13 @@ func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, user
- 			continue
- 		}
- 
--		if selinuxHnd != nil {
--			relPath, err := filepath.Rel(root, fullpath)
--			if err != nil {
--				return err
--			}
--			// Handle /exports/hostfs as a special case.  Files under this directory are copied to the host,
--			// thus we benefit from maintaining the same SELinux label they would have on the host as we could
--			// use hard links instead of copying the files.
--			relPath = fmt.Sprintf("/%s", strings.TrimPrefix(relPath, "exports/hostfs/"))
--
--			relPathC := C.CString(relPath)
--			defer C.free(unsafe.Pointer(relPathC))
--			var context *C.char
--
--			res, err := C.selabel_lookup_raw(selinuxHnd, &context, relPathC, C.int(info.Mode()&os.ModePerm))
--			if int(res) < 0 && err != syscall.ENOENT {
--				return errors.Wrapf(err, "cannot selabel_lookup_raw %s", relPath)
--			}
--			if int(res) == 0 {
--				defer C.freecon(context)
--				fullpathC := C.CString(fullpath)
--				defer C.free(unsafe.Pointer(fullpathC))
--				res, err = C.lsetfilecon_raw(fullpathC, context)
--				if int(res) < 0 {
--					return errors.Wrapf(err, "cannot setfilecon_raw %s", fullpath)
--				}
--			}
--		}
--
- 		if info.IsDir() {
- 			if usermode {
- 				if err := os.Chmod(fullpath, info.Mode()|0700); err != nil {
- 					return err
- 				}
- 			}
--			err = fixFiles(selinuxHnd, root, fullpath, usermode)
-+			err = fixFiles(fullpath, usermode)
- 			if err != nil {
- 				return err
- 			}
-@@ -262,7 +227,7 @@ func generateTarSplitMetadata(output *bytes.Buffer, file string) (digest.Digest,
- 	return digester.Digest(), written, nil
- }
- 
--func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error {
-+func (d *ostreeImageDestination) importBlob(repo *otbuiltin.Repo, blob *blobToImport) error {
- 	ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex())
- 	destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Hex(), "root")
- 	if err := ensureDirectoryExists(destinationPath); err != nil {
-@@ -283,7 +248,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle,
- 		if err := archive.UntarPath(blob.BlobPath, destinationPath); err != nil {
- 			return err
- 		}
--		if err := fixFiles(selinuxHnd, destinationPath, destinationPath, false); err != nil {
-+		if err := fixFiles(destinationPath, false); err != nil {
- 			return err
- 		}
- 	} else {
-@@ -292,7 +257,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle,
- 			return err
- 		}
- 
--		if err := fixFiles(selinuxHnd, destinationPath, destinationPath, true); err != nil {
-+		if err := fixFiles(destinationPath, true); err != nil {
- 			return err
- 		}
- 	}
-@@ -400,17 +365,6 @@ func (d *ostreeImageDestination) Commit() error {
- 		return err
- 	}
- 
--	var selinuxHnd *C.struct_selabel_handle
--
--	if os.Getuid() == 0 && selinux.GetEnabled() {
--		selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0)
--		if selinuxHnd == nil {
--			return errors.Wrapf(err, "cannot open the SELinux DB")
--		}
--
--		defer C.selabel_close(selinuxHnd)
--	}
--
- 	checkLayer := func(hash string) error {
- 		blob := d.blobs[hash]
- 		// if the blob is not present in d.blobs then it is already stored in OSTree,
-@@ -418,7 +372,7 @@ func (d *ostreeImageDestination) Commit() error {
- 		if blob == nil {
- 			return nil
- 		}
--		err := d.importBlob(selinuxHnd, repo, blob)
-+		err := d.importBlob(repo, blob)
- 		if err != nil {
- 			return err
- 		}
--- 
-2.16.2
-

Copied: buildah/repos/community-testing-x86_64/0001-Revert-ostree-add-selinux-label-for-each-file.patch (from rev 320503, buildah/trunk/0001-Revert-ostree-add-selinux-label-for-each-file.patch)
===================================================================
--- 0001-Revert-ostree-add-selinux-label-for-each-file.patch	                        (rev 0)
+++ 0001-Revert-ostree-add-selinux-label-for-each-file.patch	2018-05-11 06:21:57 UTC (rev 320504)
@@ -0,0 +1,144 @@
+diff --git a/ostree/ostree_dest.go b/ostree/ostree_dest.go
+index 2e0d7fcf..a8e879ed 100644
+--- a/ostree/ostree_dest.go
++++ b/ostree/ostree_dest.go
+@@ -15,31 +15,25 @@ import (
+ 	"os/exec"
+ 	"path/filepath"
+ 	"strconv"
+-	"strings"
+-	"syscall"
+ 	"time"
+-	"unsafe"
+ 
+ 	"github.com/containers/image/manifest"
+ 	"github.com/containers/image/types"
+ 	"github.com/containers/storage/pkg/archive"
+ 	"github.com/opencontainers/go-digest"
+-	selinux "github.com/opencontainers/selinux/go-selinux"
+ 	"github.com/ostreedev/ostree-go/pkg/otbuiltin"
+ 	"github.com/pkg/errors"
+ 	"github.com/vbatts/tar-split/tar/asm"
+ 	"github.com/vbatts/tar-split/tar/storage"
+ )
+ 
+-// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux
++// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1
+ // #include <glib.h>
+ // #include <glib-object.h>
+ // #include <gio/gio.h>
+ // #include <stdlib.h>
+ // #include <ostree.h>
+ // #include <gio/ginputstream.h>
+-// #include <selinux/selinux.h>
+-// #include <selinux/label.h>
+ import "C"
+ 
+ type blobToImport struct {
+@@ -158,7 +152,7 @@ func (d *ostreeImageDestination) PutBlob(ctx context.Context, stream io.Reader,
+ 	return types.BlobInfo{Digest: computedDigest, Size: size}, nil
+ }
+ 
+-func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, usermode bool) error {
++func fixFiles(dir string, usermode bool) error {
+ 	entries, err := ioutil.ReadDir(dir)
+ 	if err != nil {
+ 		return err
+@@ -173,42 +167,13 @@ func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, user
+ 			continue
+ 		}
+ 
+-		if selinuxHnd != nil {
+-			relPath, err := filepath.Rel(root, fullpath)
+-			if err != nil {
+-				return err
+-			}
+-			// Handle /exports/hostfs as a special case.  Files under this directory are copied to the host,
+-			// thus we benefit from maintaining the same SELinux label they would have on the host as we could
+-			// use hard links instead of copying the files.
+-			relPath = fmt.Sprintf("/%s", strings.TrimPrefix(relPath, "exports/hostfs/"))
+-
+-			relPathC := C.CString(relPath)
+-			defer C.free(unsafe.Pointer(relPathC))
+-			var context *C.char
+-
+-			res, err := C.selabel_lookup_raw(selinuxHnd, &context, relPathC, C.int(info.Mode()&os.ModePerm))
+-			if int(res) < 0 && err != syscall.ENOENT {
+-				return errors.Wrapf(err, "cannot selabel_lookup_raw %s", relPath)
+-			}
+-			if int(res) == 0 {
+-				defer C.freecon(context)
+-				fullpathC := C.CString(fullpath)
+-				defer C.free(unsafe.Pointer(fullpathC))
+-				res, err = C.lsetfilecon_raw(fullpathC, context)
+-				if int(res) < 0 {
+-					return errors.Wrapf(err, "cannot setfilecon_raw %s", fullpath)
+-				}
+-			}
+-		}
+-
+ 		if info.IsDir() {
+ 			if usermode {
+ 				if err := os.Chmod(fullpath, info.Mode()|0700); err != nil {
+ 					return err
+ 				}
+ 			}
+-			err = fixFiles(selinuxHnd, root, fullpath, usermode)
++			err = fixFiles(fullpath, usermode)
+ 			if err != nil {
+ 				return err
+ 			}
+@@ -264,7 +229,7 @@ func generateTarSplitMetadata(output *bytes.Buffer, file string) (digest.Digest,
+ 	return digester.Digest(), written, nil
+ }
+ 
+-func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error {
++func (d *ostreeImageDestination) importBlob(repo *otbuiltin.Repo, blob *blobToImport) error {
+ 	// TODO: This can take quite some time, and should ideally be cancellable using a context.Context.
+ 
+ 	ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex())
+@@ -287,7 +252,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle,
+ 		if err := archive.UntarPath(blob.BlobPath, destinationPath); err != nil {
+ 			return err
+ 		}
+-		if err := fixFiles(selinuxHnd, destinationPath, destinationPath, false); err != nil {
++		if err := fixFiles(destinationPath, false); err != nil {
+ 			return err
+ 		}
+ 	} else {
+@@ -296,7 +261,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle,
+ 			return err
+ 		}
+ 
+-		if err := fixFiles(selinuxHnd, destinationPath, destinationPath, true); err != nil {
++		if err := fixFiles(destinationPath, true); err != nil {
+ 			return err
+ 		}
+ 	}
+@@ -404,17 +369,6 @@ func (d *ostreeImageDestination) Commit(ctx context.Context) error {
+ 		return err
+ 	}
+ 
+-	var selinuxHnd *C.struct_selabel_handle
+-
+-	if os.Getuid() == 0 && selinux.GetEnabled() {
+-		selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0)
+-		if selinuxHnd == nil {
+-			return errors.Wrapf(err, "cannot open the SELinux DB")
+-		}
+-
+-		defer C.selabel_close(selinuxHnd)
+-	}
+-
+ 	checkLayer := func(hash string) error {
+ 		blob := d.blobs[hash]
+ 		// if the blob is not present in d.blobs then it is already stored in OSTree,
+@@ -422,7 +376,7 @@ func (d *ostreeImageDestination) Commit(ctx context.Context) error {
+ 		if blob == nil {
+ 			return nil
+ 		}
+-		err := d.importBlob(selinuxHnd, repo, blob)
++		err := d.importBlob(repo, blob)
+ 		if err != nil {
+ 			return err
+ 		}

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2018-05-11 06:21:52 UTC (rev 320503)
+++ PKGBUILD	2018-05-11 06:21:57 UTC (rev 320504)
@@ -1,44 +0,0 @@
-# $Id$
-# Maintainer: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
-
-pkgname=buildah
-pkgver=0.12
-pkgrel=1
-pkgdesc="A tool which facilitates building OCI images"
-arch=(x86_64)
-url="https://github.com/projectatomic/buildah"
-license=(Apache)
-depends=(ostree runc)
-makedepends=('go-pie' 'git' 'bash-bats' 'btrfs-progs' 'device-mapper' 'gpgme'
-             'libassuan' 'bzip2' 'go-md2man' 'runc' 'skopeo')
-_commit=e073df11aa75bd20a8e01cad1956e1fabc7c9895  # tags/v0.12
-source=(git://github.com/projectatomic/buildah.git#commit=$_commit
-        0001-Revert-ostree-add-selinux-label-for-each-file.patch)
-md5sums=('SKIP'
-         'f59d0b2a1def58f509b277706533c393')
-
-pkgver() {
-  cd buildah
-  git describe --tags | sed 's/^v//;s/-/+/g'
-}
-
-prepare() {
-  pushd buildah/vendor/github.com/containers/image/
-  patch -p1 -i "$srcdir/0001-Revert-ostree-add-selinux-label-for-each-file.patch"
-  popd
-
-  mkdir -p src/github.com/projectatomic
-  cp -r $pkgname src/github.com/projectatomic
-}
-
-build() {
-  export GOPATH="${srcdir}"
-  cd src/github.com/projectatomic/buildah
-  make PREFIX=/usr
-}
-
-package() {
-  cd src/github.com/projectatomic/buildah
-  make DESTDIR="$pkgdir" PREFIX=usr install
-  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
-}

Copied: buildah/repos/community-testing-x86_64/PKGBUILD (from rev 320503, buildah/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2018-05-11 06:21:57 UTC (rev 320504)
@@ -0,0 +1,44 @@
+# $Id$
+# Maintainer: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+
+pkgname=buildah
+pkgver=1.0
+pkgrel=1
+pkgdesc="A tool which facilitates building OCI images"
+arch=(x86_64)
+url="https://github.com/projectatomic/buildah"
+license=(Apache)
+depends=(ostree runc)
+makedepends=('go-pie' 'git' 'bash-bats' 'btrfs-progs' 'device-mapper' 'gpgme'
+             'libassuan' 'bzip2' 'go-md2man' 'runc' 'skopeo')
+_commit=1ab80bcd88929a94c52268a5af8443c0055a42cb  # tags/V1.0
+source=(git://github.com/projectatomic/buildah.git#commit=$_commit
+        0001-Revert-ostree-add-selinux-label-for-each-file.patch)
+md5sums=('SKIP'
+         'aed8c1169e73161220c49de34f1acfdf')
+
+pkgver() {
+  cd buildah
+  git describe --tags | sed 's/^[vV]//;s/-/+/g'
+}
+
+prepare() {
+  pushd buildah/vendor/github.com/containers/image/
+  patch -p1 -i "$srcdir/0001-Revert-ostree-add-selinux-label-for-each-file.patch"
+  popd
+
+  mkdir -p src/github.com/projectatomic
+  cp -r $pkgname src/github.com/projectatomic
+}
+
+build() {
+  export GOPATH="${srcdir}"
+  cd src/github.com/projectatomic/buildah
+  make PREFIX=/usr
+}
+
+package() {
+  cd src/github.com/projectatomic/buildah
+  make DESTDIR="$pkgdir" PREFIX=usr install
+  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+}



More information about the arch-commits mailing list