From 92f79885ced727500f1a0aa1c66cdaa043c87f70 Mon Sep 17 00:00:00 2001 From: Nathan Blackham Date: Fri, 4 Oct 2024 21:32:15 -0600 Subject: [PATCH 1/5] add selinux context to container run cmds --- iso/empanadas/empanadas/util/dnf_utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/iso/empanadas/empanadas/util/dnf_utils.py b/iso/empanadas/empanadas/util/dnf_utils.py index 0c7ab30..38a33f1 100644 --- a/iso/empanadas/empanadas/util/dnf_utils.py +++ b/iso/empanadas/empanadas/util/dnf_utils.py @@ -568,7 +568,7 @@ class RepoSync: #print(entry_name_list) for pod in entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, @@ -722,7 +722,7 @@ class RepoSync: self.log.info('Spawning pods for %s' % repo) for pod in repoclosure_entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, @@ -1518,7 +1518,7 @@ class RepoSync: self.log.info('Spawning pods for %s' % repo) for pod in repoclosure_entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, @@ -2054,7 +2054,7 @@ class SigRepoSync: #print(entry_name_list) for pod in entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}:z" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, -- 2.43.5 From 68f06d38e061344722243393639dcd6a8ad5f001 Mon Sep 17 00:00:00 2001 From: Nathan Blackham Date: Fri, 4 Oct 2024 22:08:55 -0600 Subject: [PATCH 2/5] limit repoclosure to archs on the command line --- iso/empanadas/empanadas/util/dnf_utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/iso/empanadas/empanadas/util/dnf_utils.py b/iso/empanadas/empanadas/util/dnf_utils.py index 38a33f1..42a5907 100644 --- a/iso/empanadas/empanadas/util/dnf_utils.py +++ b/iso/empanadas/empanadas/util/dnf_utils.py @@ -669,7 +669,10 @@ class RepoSync: repoclosure_entry_name_list = [] self.log.info('Setting up repoclosure for {}'.format(repo)) - for arch in self.repoclosure_map['arches']: + arches_for_repoclosure = self.arches + if self.arch: + arches_for_repoclosure = self.arch.split(',') + for arch in arches_for_repoclosure: repo_combination = [] repoclosure_entry_name = f'repoclosure-{repo}-{arch}' repoclosure_entry_name_list.append(repoclosure_entry_name) -- 2.43.5 From 1376c91f6de43695a0472dd060fded522eb216f0 Mon Sep 17 00:00:00 2001 From: Nathan Blackham Date: Fri, 4 Oct 2024 22:20:03 -0600 Subject: [PATCH 3/5] fix if statement to include else when repos are a dict --- iso/empanadas/empanadas/util/shared.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/iso/empanadas/empanadas/util/shared.py b/iso/empanadas/empanadas/util/shared.py index 7849d5c..3c58c50 100644 --- a/iso/empanadas/empanadas/util/shared.py +++ b/iso/empanadas/empanadas/util/shared.py @@ -969,7 +969,8 @@ class Shared: for idx, candidate in enumerate(extra_repos): if isinstance(candidate, dict): url, priority = candidate['url'], candidate.get('priority', None) - url, priority = candidate.split(',') + else: + url, priority = candidate.split(',') if not priority: priority = 100 result.append({ -- 2.43.5 From 27c649c1410f1d145bebf62843d351f4648785e7 Mon Sep 17 00:00:00 2001 From: Nathan Blackham Date: Sat, 5 Oct 2024 01:06:50 -0600 Subject: [PATCH 4/5] add release version to extrasisotemplate mock config --- iso/empanadas/empanadas/util/iso_utils.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/iso/empanadas/empanadas/util/iso_utils.py b/iso/empanadas/empanadas/util/iso_utils.py index d52ba44..eac5078 100644 --- a/iso/empanadas/empanadas/util/iso_utils.py +++ b/iso/empanadas/empanadas/util/iso_utils.py @@ -858,6 +858,7 @@ class IsoBuild: mock_iso_template_output = mock_iso_template.render( arch=self.current_arch, major=self.major_version, + releasever=self.release, fullname=self.fullname, shortname=self.shortname, required_pkgs=required_pkgs, @@ -871,6 +872,7 @@ class IsoBuild: mock_sh_template_output = mock_sh_template.render( arch=self.current_arch, major=self.major_version, + releasever=self.release, isolation=self.mock_isolation, builddir=self.mock_work_root, shortname=self.shortname, -- 2.43.5 From 9951a998036cc0f347198f91762de15678270c07 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Mon, 7 Oct 2024 15:09:06 -0700 Subject: [PATCH 5/5] Use label=disable to prevent context changes --- iso/empanadas/empanadas/util/dnf_utils.py | 8 ++++---- iso/empanadas/empanadas/util/iso_utils.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/iso/empanadas/empanadas/util/dnf_utils.py b/iso/empanadas/empanadas/util/dnf_utils.py index 42a5907..9c21558 100644 --- a/iso/empanadas/empanadas/util/dnf_utils.py +++ b/iso/empanadas/empanadas/util/dnf_utils.py @@ -568,7 +568,7 @@ class RepoSync: #print(entry_name_list) for pod in entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, @@ -725,7 +725,7 @@ class RepoSync: self.log.info('Spawning pods for %s' % repo) for pod in repoclosure_entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, @@ -1521,7 +1521,7 @@ class RepoSync: self.log.info('Spawning pods for %s' % repo) for pod in repoclosure_entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, @@ -2057,7 +2057,7 @@ class SigRepoSync: #print(entry_name_list) for pod in entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}:z" -v "{}:{}:z" -v "{}:{}:z" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, diff --git a/iso/empanadas/empanadas/util/iso_utils.py b/iso/empanadas/empanadas/util/iso_utils.py index eac5078..7d08b62 100644 --- a/iso/empanadas/empanadas/util/iso_utils.py +++ b/iso/empanadas/empanadas/util/iso_utils.py @@ -1028,7 +1028,7 @@ class IsoBuild: checksum_list.append(latestname) for pod in entry_name_list: - podman_cmd_entry = '{} run -d -it -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( + podman_cmd_entry = '{} run -d -it --security-opt label=disable -v "{}:{}" -v "{}:{}" --name {} --entrypoint {}/{} {}'.format( cmd, self.compose_root, self.compose_root, -- 2.43.5