[arch-commits] Commit in podman/trunk (0001-Revert-SELinux-support.patch PKGBUILD)

Bartłomiej Piotrowski bpiotrowski at archlinux.org
Fri Mar 8 09:45:12 UTC 2019


    Date: Friday, March 8, 2019 @ 09:45:11
  Author: bpiotrowski
Revision: 438045

1.1.2-1

Modified:
  podman/trunk/PKGBUILD
Deleted:
  podman/trunk/0001-Revert-SELinux-support.patch

-----------------------------------+
 0001-Revert-SELinux-support.patch |  159 ------------------------------------
 PKGBUILD                          |   17 +--
 2 files changed, 6 insertions(+), 170 deletions(-)

Deleted: 0001-Revert-SELinux-support.patch
===================================================================
--- 0001-Revert-SELinux-support.patch	2019-03-08 08:24:27 UTC (rev 438044)
+++ 0001-Revert-SELinux-support.patch	2019-03-08 09:45:11 UTC (rev 438045)
@@ -1,159 +0,0 @@
-From 0dcc87af0cdd484480e8cc3f968b9e3d44758f15 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= <b at bpiotrowski.pl>
-Date: Wed, 23 Jan 2019 08:55:02 +0100
-Subject: [PATCH] Revert SELinux support
-
----
- ostree/ostree_dest.go | 62 +++++--------------------------------------
- 1 file changed, 7 insertions(+), 55 deletions(-)
-
-diff --git a/ostree/ostree_dest.go b/ostree/ostree_dest.go
-index d69f4fa..78b15e5 100644
---- a/ostree/ostree_dest.go
-+++ b/ostree/ostree_dest.go
-@@ -15,32 +15,26 @@ import (
- 	"path/filepath"
- 	"runtime"
- 	"strconv"
--	"strings"
--	"syscall"
- 	"time"
--	"unsafe"
- 
- 	"github.com/containers/image/manifest"
- 	"github.com/containers/image/types"
- 	"github.com/containers/storage/pkg/archive"
- 	"github.com/klauspost/pgzip"
- 	"github.com/opencontainers/go-digest"
--	selinux "github.com/opencontainers/selinux/go-selinux"
- 	"github.com/ostreedev/ostree-go/pkg/otbuiltin"
- 	"github.com/pkg/errors"
- 	"github.com/vbatts/tar-split/tar/asm"
- 	"github.com/vbatts/tar-split/tar/storage"
- )
- 
--// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux
-+// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1
- // #include <glib.h>
- // #include <glib-object.h>
- // #include <gio/gio.h>
- // #include <stdlib.h>
- // #include <ostree.h>
- // #include <gio/ginputstream.h>
--// #include <selinux/selinux.h>
--// #include <selinux/label.h>
- import "C"
- 
- type blobToImport struct {
-@@ -179,7 +173,7 @@ func (d *ostreeImageDestination) PutBlob(ctx context.Context, stream io.Reader,
- 	return types.BlobInfo{Digest: computedDigest, Size: size}, nil
- }
- 
--func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, usermode bool) error {
-+func fixFiles(dir string, usermode bool) error {
- 	entries, err := ioutil.ReadDir(dir)
- 	if err != nil {
- 		return err
-@@ -194,42 +188,13 @@ func fixFiles(selinuxHnd *C.struct_selabel_handle, root string, dir string, user
- 			continue
- 		}
- 
--		if selinuxHnd != nil {
--			relPath, err := filepath.Rel(root, fullpath)
--			if err != nil {
--				return err
--			}
--			// Handle /exports/hostfs as a special case.  Files under this directory are copied to the host,
--			// thus we benefit from maintaining the same SELinux label they would have on the host as we could
--			// use hard links instead of copying the files.
--			relPath = fmt.Sprintf("/%s", strings.TrimPrefix(relPath, "exports/hostfs/"))
--
--			relPathC := C.CString(relPath)
--			defer C.free(unsafe.Pointer(relPathC))
--			var context *C.char
--
--			res, err := C.selabel_lookup_raw(selinuxHnd, &context, relPathC, C.int(info.Mode()&os.ModePerm))
--			if int(res) < 0 && err != syscall.ENOENT {
--				return errors.Wrapf(err, "cannot selabel_lookup_raw %s", relPath)
--			}
--			if int(res) == 0 {
--				defer C.freecon(context)
--				fullpathC := C.CString(fullpath)
--				defer C.free(unsafe.Pointer(fullpathC))
--				res, err = C.lsetfilecon_raw(fullpathC, context)
--				if int(res) < 0 {
--					return errors.Wrapf(err, "cannot setfilecon_raw %s", fullpath)
--				}
--			}
--		}
--
- 		if info.IsDir() {
- 			if usermode {
- 				if err := os.Chmod(fullpath, info.Mode()|0700); err != nil {
- 					return err
- 				}
- 			}
--			err = fixFiles(selinuxHnd, root, fullpath, usermode)
-+			err = fixFiles(fullpath, usermode)
- 			if err != nil {
- 				return err
- 			}
-@@ -285,9 +250,7 @@ func generateTarSplitMetadata(output *bytes.Buffer, file string) (digest.Digest,
- 	return digester.Digest(), written, nil
- }
- 
--func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle, repo *otbuiltin.Repo, blob *blobToImport) error {
--	// TODO: This can take quite some time, and should ideally be cancellable using a context.Context.
--
-+func (d *ostreeImageDestination) importBlob(repo *otbuiltin.Repo, blob *blobToImport) error {
- 	ostreeBranch := fmt.Sprintf("ociimage/%s", blob.Digest.Hex())
- 	destinationPath := filepath.Join(d.tmpDirPath, blob.Digest.Hex(), "root")
- 	if err := ensureDirectoryExists(destinationPath); err != nil {
-@@ -308,7 +271,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle,
- 		if err := archive.UntarPath(blob.BlobPath, destinationPath); err != nil {
- 			return err
- 		}
--		if err := fixFiles(selinuxHnd, destinationPath, destinationPath, false); err != nil {
-+		if err := fixFiles(destinationPath, false); err != nil {
- 			return err
- 		}
- 	} else {
-@@ -317,7 +280,7 @@ func (d *ostreeImageDestination) importBlob(selinuxHnd *C.struct_selabel_handle,
- 			return err
- 		}
- 
--		if err := fixFiles(selinuxHnd, destinationPath, destinationPath, true); err != nil {
-+		if err := fixFiles(destinationPath, true); err != nil {
- 			return err
- 		}
- 	}
-@@ -430,17 +393,6 @@ func (d *ostreeImageDestination) Commit(ctx context.Context) error {
- 		return err
- 	}
- 
--	var selinuxHnd *C.struct_selabel_handle
--
--	if os.Getuid() == 0 && selinux.GetEnabled() {
--		selinuxHnd, err = C.selabel_open(C.SELABEL_CTX_FILE, nil, 0)
--		if selinuxHnd == nil {
--			return errors.Wrapf(err, "cannot open the SELinux DB")
--		}
--
--		defer C.selabel_close(selinuxHnd)
--	}
--
- 	checkLayer := func(hash string) error {
- 		blob := d.blobs[hash]
- 		// if the blob is not present in d.blobs then it is already stored in OSTree,
-@@ -448,7 +400,7 @@ func (d *ostreeImageDestination) Commit(ctx context.Context) error {
- 		if blob == nil {
- 			return nil
- 		}
--		err := d.importBlob(selinuxHnd, repo, blob)
-+		err := d.importBlob(repo, blob)
- 		if err != nil {
- 			return err
- 		}
--- 
-2.20.1
-

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-03-08 08:24:27 UTC (rev 438044)
+++ PKGBUILD	2019-03-08 09:45:11 UTC (rev 438045)
@@ -1,9 +1,9 @@
-# Maintainer: Bartłomiej Piotrowski
+# Maintainer: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
 
 pkgbase=podman
 pkgname=(podman podman-docker)
-pkgver=1.0.0
-pkgrel=2
+pkgver=1.1.2
+pkgrel=1
 pkgdesc='Tool and library for running OCI-based containers in pods'
 arch=(x86_64)
 url='https://github.com/containers/libpod'
@@ -11,15 +11,10 @@
 depends=(cni-plugins conmon device-mapper iptables libseccomp ostree runc skopeo
          btrfs-progs slirp4netns)
 makedepends=(go-pie go-md2man git)
-source=(libpod-$pkgver.tar.gz::$url/archive/v${pkgver}.tar.gz
-        0001-Revert-SELinux-support.patch)
-sha256sums=('f7a462563dd587208eff3c3c0689bc4d01071a8f7933bec2a13126be123f63a8'
-            '441380487cb62895d878084f98210affc30f65c2237c8ee9a1eae1adef7fa566')
+source=(libpod-$pkgver.tar.gz::$url/archive/v${pkgver}.tar.gz)
+sha256sums=('d70ac478be5403919f4d03d3dd2f1223d42d1995f4b80c74599778a804ab6b1a')
 
 prepare() {
-  patch -p1 -i "$srcdir/0001-Revert-SELinux-support.patch" \
-    -d libpod-$pkgver/vendor/github.com/containers/image
-
   mkdir -p src/github.com/containers src/github.com/varlink
   cp -r libpod-$pkgver src/github.com/containers/libpod
 }
@@ -26,7 +21,7 @@
 
 build() {
   export GOPATH="$srcdir"
-  export BUILDTAGS='seccomp ostree varlink'
+  export BUILDTAGS='seccomp ostree varlink containers_image_ostree_stub'
 
   # buildsystem passes LDFLAGS to GO's -ldflags, which isn't really compatible
   unset LDFLAGS


More information about the arch-commits mailing list