5089e4e541
As described in the comments inline, on a selinux enabled kernel (such as a centos build host) you need to have permissions to change the contexts to those the kernel doesn't understand -- such as when you're building a fedora image. For some reason, setfiles has an arbitrary limit of 10 errors before it stops. I believe we previously had 9 errors (this mean 9 mis-labeled files, which were just waiting to cause problems). Something changed with F26 setfiles and it started erroring immediately, which lead to investigation. Infra builds, on non-selinux Ubuntu kernel's, would not have hit this issue. This means we need to move this to run with a manual chroot into the image under restorecon. I'm really not sure why ironic-agent removes all the selinux tools from the image, it seems like an over-optimisation (it's been like that since Id6333ca5d99716ccad75ea1964896acf371fa72a). Keep them so we can run the relabel. Change-Id: I4f5b591817ffcd776cbee0a0f9ca9f48de72aa6b
31 lines
760 B
Bash
Executable file
31 lines
760 B
Bash
Executable file
#!/bin/bash
|
|
|
|
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
# TODO(lucasagomes): optimize the ramdisk for other OSs
|
|
if [ $DISTRO_NAME = 'fedora' ] ; then
|
|
|
|
_remove_yum=''
|
|
if [ $DIB_RELEASE -ge 22 ]; then
|
|
# if we are on F22, we can remove yum if there, because it has
|
|
# been superseeded by dnf
|
|
_remove_yum='yum'
|
|
fi
|
|
|
|
install-packages -e kernel-debug-devel gcc fedora-logos \
|
|
rsync pykickstart \
|
|
make genisoimage tcpdump \
|
|
man-db kbd-misc \
|
|
plymouth cronie ${_remove_yum}
|
|
|
|
${YUM:-yum} clean all
|
|
|
|
# Rebuilding the rpm database after removing packages will reduce
|
|
# its size
|
|
rpm --rebuilddb
|
|
|
|
fi
|