Commit graph

9 commits

Author SHA1 Message Date
Richard Su
4e68a7965b Remove fixfiles from rpm-distro finalize
Running fixfiles after setfiles is redundant. setfiles
already corrected the SELinux file security contexts.

Change-Id: I48067f06968c5add48fa91a1496b9bf36944546c
Closes-Bug: #1316241
2014-07-03 11:47:10 +10:00
Dan Prince
3145e4a970 Name 01-install-bin uniquely
While an end user would never use these elements at the same time we
should always use unique names for things per DIB conventions.

Change-Id: I53b10522183e8566c62922b91878e5cf767fe2c6
2014-06-11 08:16:41 -04:00
Gonéri Le Bouder
ea3f4dd459 4 spaces indent
ensure 4 spaces indentation is used everywhere.

Change-Id: Ieb48faacb4c96b7b358771d70c17f2f22d0354f4
2014-05-10 11:17:29 +02:00
Ben Nemec
16be6d7ce0 set -u and -o pipefail everywhere
As with the previous similar changes, this is intended to catch
problems as they happen instead of ignoring them and continuing on
to potentially fail later.  Setting this on all existing scripts
will allow us to enforce use via Jenkins.

Change-Id: Iad2d490c86dceab148ea9ab08f457c49a5d5352e
2014-05-06 15:51:07 -05:00
Ben Nemec
f6ba2aeaf4 set -e all the things
Using set -e in all of our scripts will prevent some subtle bugs
from slipping in, and will allow us to enforce use of set -e with
tooling.

This change also adds -u and set -o pipefail in the less complex
scripts where it is unlikely to cause problems.  A follow-up change
will enable those options in the complex scripts so that if it
breaks something it can be reverted easily.

Change-Id: I0ad358ccb98da7277a0ee2e9ce8fda98438675eb
2014-04-25 17:38:51 -05:00
James Slagle
ea257c96d9 Skip relabel unless SELinux is enforcing
The SELinux relabel of the filesystem is taking almost 2 minutes and
isn't needed unless you actually plan to run with SELinux enforcing.
Plus, it appears to "leak" out of the chroot, referencing filesystems on
partitions that aren't even mounted in the chroot.

Note you just can't use getenforce or selinuxenabled here to get the
state of SELinux because those commands are not accurate inside a
chroot.

TBH, a downside of this is that if someone goes to try to enable SELinux
in an image where it was built with it not enabled, the file contexts
are going to be wrong. So they'd need to relabel themselves at that
point. However, this saves me quite a bit of time during image builds,
so I thought I'd submit to get other folks opinion on it.

Change-Id: I2132060d573fc93cf974f3560fdc651ff8ba38b4
2014-01-23 15:29:29 -05:00
Victor Lowther
43b70ce224 /bin/bash all the things.
Since we are using bash syntax in some of the element fragments,
we should make sure we use bash for all of them, so that things don't
break on systems where /bin/sh != /bin/bash.

Change-Id: If2f043c57aa4e1492b7f9839213ef6123f683612
2013-11-17 16:59:31 -06:00
Derek Higgins
64f4323ae7 Allow heat-admin to sudo without tty
This is needed to run scripts from devtest, in particular so that
swift ring files can be distributed.

Change-Id: Icbe8c5b24a0d494730357983f230a37a7f078de7
2013-11-12 20:26:11 +00:00
Chris Alfonso
301c3c4475 Extracting common functionality for rpm based distros
Rather than dublicating code to implement rhel or any
other derivitive, this patch introduces an rpm-distro
element that should be used as a dependency.

Change-Id: I8a92bb041764d03f430b438f0013704f79a8674c
2013-08-20 16:44:19 -04:00