From 943fb0606d1807913c42d212a7f93ae5fe178244 Mon Sep 17 00:00:00 2001 From: gursewak1997 Date: Mon, 25 Nov 2024 15:05:44 -0800 Subject: [PATCH] Bump to Fedora 41 F41 is out let's update COSA to be based on Fedora 41. --- Dockerfile | 2 +- build.sh | 10 +- ...arsing-add-parse_location_into_parts.patch | 68 ---------- ...cations-without-scheme-as-belonging-.patch | 55 --------- ....selinux-support-operating-on-mounts.patch | 116 ------------------ ...nux-support-for-specifying-where-fil.patch | 92 -------------- src/cmd-generate-release-meta | 4 +- src/cosalib/cmdlib.py | 8 +- tests/containers/tang/Containerfile | 4 +- 9 files changed, 12 insertions(+), 347 deletions(-) delete mode 100644 src/0001-parsing-add-parse_location_into_parts.patch delete mode 100644 src/0002-parsing-treat-locations-without-scheme-as-belonging-.patch delete mode 100644 src/0003-org.osbuild.selinux-support-operating-on-mounts.patch delete mode 100644 src/0004-org.osbuild.selinux-support-for-specifying-where-fil.patch diff --git a/Dockerfile b/Dockerfile index 146d2cba3e..57037791a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # When rebasing to new Fedora, also update openshift/release: # https://github.com/openshift/release/tree/master/ci-operator/config/coreos/coreos-assembler/coreos-coreos-assembler-main.yaml -FROM quay.io/fedora/fedora:40 +FROM quay.io/fedora/fedora:41 WORKDIR /root/containerbuild # Keep this Dockerfile idempotent for local development rebuild use cases. diff --git a/build.sh b/build.sh index c0e97b1c20..30ad6f80ee 100755 --- a/build.sh +++ b/build.sh @@ -168,16 +168,12 @@ patch_osbuild() { # To make it easier to apply patches we'll move around the osbuild # code on the system first: rmdir /usr/lib/osbuild/osbuild - mv /usr/lib/python3.12/site-packages/osbuild /usr/lib/osbuild/ + mv /usr/lib/python3.13/site-packages/osbuild /usr/lib/osbuild/ mkdir /usr/lib/osbuild/tools mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/ # Now all the software is under the /usr/lib/osbuild dir and we can patch - cat /usr/lib/coreos-assembler/0001-parsing-add-parse_location_into_parts.patch \ - /usr/lib/coreos-assembler/0002-parsing-treat-locations-without-scheme-as-belonging-.patch \ - /usr/lib/coreos-assembler/0003-org.osbuild.selinux-support-operating-on-mounts.patch \ - /usr/lib/coreos-assembler/0004-org.osbuild.selinux-support-for-specifying-where-fil.patch \ - /usr/lib/coreos-assembler/0001-osbuild-remoteloop-add-more-loop-device-options.patch \ + cat /usr/lib/coreos-assembler/0001-osbuild-remoteloop-add-more-loop-device-options.patch \ /usr/lib/coreos-assembler/0002-osbuild-loop-make-the-loop-device-if-missing.patch \ /usr/lib/coreos-assembler/0003-util-osrelease.py-improve-whitespace-and-quote-strip.patch \ /usr/lib/coreos-assembler/0004-util-chroot-Add-support-for-custom-directory-bind-mo.patch \ @@ -187,7 +183,7 @@ patch_osbuild() { # And then move the files back; supermin appliance creation will need it back # in the places delivered by the RPM. mv /usr/lib/osbuild/tools/osbuild-mpp /usr/bin/osbuild-mpp - mv /usr/lib/osbuild/osbuild /usr/lib/python3.12/site-packages/osbuild + mv /usr/lib/osbuild/osbuild /usr/lib/python3.13/site-packages/osbuild mkdir /usr/lib/osbuild/osbuild } diff --git a/src/0001-parsing-add-parse_location_into_parts.patch b/src/0001-parsing-add-parse_location_into_parts.patch deleted file mode 100644 index 6e8b6b969f..0000000000 --- a/src/0001-parsing-add-parse_location_into_parts.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 077244e3b9f4a3ba46244a1b3e056cb70609e265 Mon Sep 17 00:00:00 2001 -From: Nikita Dubrovskii -Date: Fri, 18 Oct 2024 12:28:32 +0200 -Subject: [PATCH 1/4] parsing: add parse_location_into_parts - -New fucntion returns tuple of 'root' and relative 'file path', which could be -useful in contexts, where knowing 'root' is required, for example setting -selinux labels. ---- - osbuild/util/parsing.py | 25 +++++++++++++++++++------ - 1 file changed, 19 insertions(+), 6 deletions(-) - -diff --git a/osbuild/util/parsing.py b/osbuild/util/parsing.py -index f8fb2768..f75ffd67 100644 ---- a/osbuild/util/parsing.py -+++ b/osbuild/util/parsing.py -@@ -2,7 +2,7 @@ - - import os - import re --from typing import Dict, Union -+from typing import Dict, Tuple, Union - from urllib.parse import ParseResult, urlparse - - -@@ -72,9 +72,9 @@ def parse_input(url: ParseResult, args: Dict) -> os.PathLike: - return root - - --def parse_location(location: str, args: Dict) -> str: -+def parse_location_into_parts(location: str, args: Dict) -> Tuple[str, str]: - """ -- Parses the location URL to derive the corresponding file path. -+ Parses the location URL to derive the corresponding root and url path. - - Parameters: - - location (str): The location URL to be parsed. -@@ -97,11 +97,24 @@ def parse_location(location: str, args: Dict) -> str: - if not url.path.startswith("/"): - raise ValueError(f"url.path from location must start with '/', got: {url.path}") - -- path = os.path.relpath(url.path, "/") -+ return root, url.path -+ -+ -+def parse_location(location: str, args: Dict) -> str: -+ """ -+ Parses the location URL to derive the corresponding file path. -+ -+ Parameters: -+ - location (str): The location URL to be parsed. -+ - args (Dict): A dictionary containing arguments including mounts and -+ path information as passed by osbuild.api.arguments() -+ """ -+ -+ root, urlpath = parse_location_into_parts(location, args) -+ path = os.path.relpath(urlpath, "/") - path = os.path.join(root, path) - path = os.path.normpath(path) -- -- if url.path.endswith("/"): -+ if urlpath.endswith("/"): - path = os.path.join(path, ".") - - return path --- -2.47.0 - diff --git a/src/0002-parsing-treat-locations-without-scheme-as-belonging-.patch b/src/0002-parsing-treat-locations-without-scheme-as-belonging-.patch deleted file mode 100644 index ef7680507e..0000000000 --- a/src/0002-parsing-treat-locations-without-scheme-as-belonging-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 6a59e740e4ccb761f9d87c2c6f837fa748908a90 Mon Sep 17 00:00:00 2001 -From: Nikita Dubrovskii -Date: Mon, 28 Oct 2024 11:20:23 +0100 -Subject: [PATCH 2/4] parsing: treat locations without scheme as belonging to - 'tree://' - ---- - osbuild/util/parsing.py | 6 +++++- - stages/org.osbuild.mkdir | 9 +++------ - 2 files changed, 8 insertions(+), 7 deletions(-) - -diff --git a/osbuild/util/parsing.py b/osbuild/util/parsing.py -index f75ffd67..d6d16f22 100644 ---- a/osbuild/util/parsing.py -+++ b/osbuild/util/parsing.py -@@ -77,11 +77,15 @@ def parse_location_into_parts(location: str, args: Dict) -> Tuple[str, str]: - Parses the location URL to derive the corresponding root and url path. - - Parameters: -- - location (str): The location URL to be parsed. -+ - location (str): The location URL to be parsed. If the URL has no scheme, -+ then 'tree://' is implied - - args (Dict): A dictionary containing arguments including mounts and - path information as passed by osbuild.api.arguments() - """ - -+ if "://" not in location: -+ location = f"tree://{location}" -+ - url = urlparse(location) - - scheme = url.scheme -diff --git a/stages/org.osbuild.mkdir b/stages/org.osbuild.mkdir -index d2d11a7a..01f5f431 100755 ---- a/stages/org.osbuild.mkdir -+++ b/stages/org.osbuild.mkdir -@@ -15,12 +15,9 @@ def main(args): - parents = item.get("parents", False) - exist_ok = item.get("exist_ok", False) - -- if "://" not in path: -- if not path.startswith("/"): -- print("WARNING: relative path used, this is discouraged!") -- path = f"tree:///{path}" -- else: -- path = f"tree://{path}" -+ if "://" not in path and not path.startswith("/"): -+ print("WARNING: relative path used, this is discouraged!") -+ path = f"tree:///{path}" - - target = parsing.parse_location(path, args) - if parents: --- -2.47.0 - diff --git a/src/0003-org.osbuild.selinux-support-operating-on-mounts.patch b/src/0003-org.osbuild.selinux-support-operating-on-mounts.patch deleted file mode 100644 index e8408ae9a4..0000000000 --- a/src/0003-org.osbuild.selinux-support-operating-on-mounts.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 84d4de577057f66e1ad1c8e91631c441c0294532 Mon Sep 17 00:00:00 2001 -From: Nikita Dubrovskii -Date: Thu, 17 Oct 2024 12:57:00 +0200 -Subject: [PATCH 3/4] org.osbuild.selinux: support operating on mounts - -This adds support for specifying paths to operate on, -rather than just the root of the target: -``` -- type: org.osbuild.selinux - options: - file_contexts: etc/selinux/targeted/contexts/files/file_contexts - target: mount://root/path/to/dir - mounts: - - name: root - source: disk - target: / -``` - -or - -``` -- type: org.osbuild.selinux - options: - labels: - mount://root/path/to/file: system_u:object_r:boot_t:s0 - mount://root/path/to/other/file: system_u:object_r:var_t:s0 - mounts: - - name: root - source: disk - target: / - -``` ---- - stages/org.osbuild.selinux | 21 ++++++++++++--------- - stages/org.osbuild.selinux.meta.json | 8 +++++++- - 2 files changed, 19 insertions(+), 10 deletions(-) - -diff --git a/stages/org.osbuild.selinux b/stages/org.osbuild.selinux -index 563d827b..40487599 100755 ---- a/stages/org.osbuild.selinux -+++ b/stages/org.osbuild.selinux -@@ -4,26 +4,30 @@ import pathlib - import sys - - import osbuild.api --from osbuild.util import selinux -+from osbuild.util import parsing, selinux - - --def main(tree, options): -+def main(args): -+ # Get the path where the tree is -+ options = args["options"] - file_contexts = options.get("file_contexts") - exclude_paths = options.get("exclude_paths") -+ target = options.get("target", "tree:///") -+ root, target = parsing.parse_location_into_parts(target, args) - - if file_contexts: -- file_contexts = os.path.join(f"{tree}", options["file_contexts"]) -+ file_contexts = os.path.join(args["tree"], options["file_contexts"]) - if exclude_paths: -- exclude_paths = [os.path.join(tree, p.lstrip("/")) for p in exclude_paths] -- selinux.setfiles(file_contexts, os.fspath(tree), "", exclude_paths=exclude_paths) -+ exclude_paths = [os.path.normpath(f"{root}/{target}/{p}") for p in exclude_paths] -+ selinux.setfiles(file_contexts, os.path.normpath(root), target, exclude_paths=exclude_paths) - - labels = options.get("labels", {}) - for path, label in labels.items(): -- fullpath = os.path.join(tree, path.lstrip("/")) -+ fullpath = parsing.parse_location(path, args) - selinux.setfilecon(fullpath, label) - - if options.get("force_autorelabel", False): -- stamp = pathlib.Path(tree, ".autorelabel") -+ stamp = pathlib.Path(root, ".autorelabel") - # Creating just empty /.autorelabel resets only the type of files. - # To ensure that the full context is reset, we write "-F" into the file. - # This mimics the behavior of `fixfiles -F boot`. The "-F" option is -@@ -34,6 +38,5 @@ def main(tree, options): - - - if __name__ == '__main__': -- args = osbuild.api.arguments() -- r = main(args["tree"], args["options"]) -+ r = main(osbuild.api.arguments()) - sys.exit(r) -diff --git a/stages/org.osbuild.selinux.meta.json b/stages/org.osbuild.selinux.meta.json -index 30dbddae..e536cead 100644 ---- a/stages/org.osbuild.selinux.meta.json -+++ b/stages/org.osbuild.selinux.meta.json -@@ -33,6 +33,12 @@ - } - ], - "properties": { -+ "target": { -+ "type": "string", -+ "description": "Target path in the tree or on a mount", -+ "pattern": "^mount://[^/]+/|^tree:///", -+ "default": "tree:///" -+ }, - "file_contexts": { - "type": "string", - "description": "Path to the active SELinux policy's `file_contexts`" -@@ -53,7 +59,7 @@ - }, - "force_autorelabel": { - "type": "boolean", -- "description": "Do not use. Forces auto-relabelling on first boot.", -+ "description": "Do not use. Forces auto-relabelling on first boot. Affects target's root or tree:/// by default", - "default": false - } - } --- -2.47.0 - diff --git a/src/0004-org.osbuild.selinux-support-for-specifying-where-fil.patch b/src/0004-org.osbuild.selinux-support-for-specifying-where-fil.patch deleted file mode 100644 index d41c825373..0000000000 --- a/src/0004-org.osbuild.selinux-support-for-specifying-where-fil.patch +++ /dev/null @@ -1,92 +0,0 @@ -From a8e8ebde4400e94036df35f72b08708f00bd4ffe Mon Sep 17 00:00:00 2001 -From: Nikita Dubrovskii -Date: Fri, 18 Oct 2024 17:04:07 +0200 -Subject: [PATCH 4/4] org.osbuild.selinux: support for specifying where - file_contexts comes from - -file_context now can come from -- tree (current default) -- mount -- input - -Example: -``` -- type: org.osbuild.selinux - inputs: - tree: - type: org.osbuild.tree - origin: org.osbuild.pipeline - references: - - name:tree - options: - file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts -``` ---- - stages/org.osbuild.selinux | 6 +++++- - stages/org.osbuild.selinux.meta.json | 12 ++++++++---- - 2 files changed, 13 insertions(+), 5 deletions(-) - -diff --git a/stages/org.osbuild.selinux b/stages/org.osbuild.selinux -index 40487599..8e25a281 100755 ---- a/stages/org.osbuild.selinux -+++ b/stages/org.osbuild.selinux -@@ -9,6 +9,7 @@ from osbuild.util import parsing, selinux - - def main(args): - # Get the path where the tree is -+ tree = args["tree"] - options = args["options"] - file_contexts = options.get("file_contexts") - exclude_paths = options.get("exclude_paths") -@@ -16,7 +17,10 @@ def main(args): - root, target = parsing.parse_location_into_parts(target, args) - - if file_contexts: -- file_contexts = os.path.join(args["tree"], options["file_contexts"]) -+ if "://" not in file_contexts: -+ file_contexts = os.path.normpath(f"{tree}/{file_contexts}") -+ else: -+ file_contexts = parsing.parse_location(file_contexts, args) - if exclude_paths: - exclude_paths = [os.path.normpath(f"{root}/{target}/{p}") for p in exclude_paths] - selinux.setfiles(file_contexts, os.path.normpath(root), target, exclude_paths=exclude_paths) -diff --git a/stages/org.osbuild.selinux.meta.json b/stages/org.osbuild.selinux.meta.json -index e536cead..9a9d7bb1 100644 ---- a/stages/org.osbuild.selinux.meta.json -+++ b/stages/org.osbuild.selinux.meta.json -@@ -1,8 +1,8 @@ - { - "summary": "Set SELinux file contexts", - "description": [ -- "Sets correct SELinux labels for every file in the tree, according to the", -- "SELinux policy installed inside the tree.", -+ "Sets correct SELinux labels for every file in the tree or on mount, according to", -+ "the SELinux policy.", - "Uses the host's `setfiles` program and the tree's `file_contexts`, usually", - " /etc/selinux//contexts/files/file_contexts", - "where is the value set in /etc/selinux/config (usually \"targeted\"", -@@ -40,8 +40,8 @@ - "default": "tree:///" - }, - "file_contexts": { -- "type": "string", -- "description": "Path to the active SELinux policy's `file_contexts`" -+ "description": "Path to the active SELinux policy's `file_contexts`. Supports `tree://`, `mount://`, and `input://` schemes. Plain paths imply `tree://`.", -+ "type": "string" - }, - "exclude_paths": { - "type": "array", -@@ -70,6 +70,10 @@ - }, - "mounts": { - "type": "array" -+ }, -+ "inputs": { -+ "type": "object", -+ "additionalProperties": true - } - } - } --- -2.47.0 - diff --git a/src/cmd-generate-release-meta b/src/cmd-generate-release-meta index 8be2b61ac6..234ba8b762 100755 --- a/src/cmd-generate-release-meta +++ b/src/cmd-generate-release-meta @@ -96,10 +96,10 @@ def get_floating_tag(rel, tags): for tag in tags: if rel not in tag: if found != "": - raise f"multiple floating tags within: {tags}" + raise ValueError(f"multiple floating tags within: {tags}") found = tag if found == "": - raise f"failed to find floating tag within: {tags}" + raise ValueError(f"failed to find floating tag within: {tags}") return found diff --git a/src/cosalib/cmdlib.py b/src/cosalib/cmdlib.py index a022f152fb..8d73b0e5c8 100644 --- a/src/cosalib/cmdlib.py +++ b/src/cosalib/cmdlib.py @@ -106,10 +106,10 @@ def merge_dicts(x, y): if k in sd: # the key is only present in one dict, add it directly ret.update({k: v}) - elif type(x[k]) == dict and type(y[k]) == dict: + elif isinstance(x[k], dict) and isinstance(y[k], dict): # recursively merge ret.update({k: merge_dicts(x[k], y[k])}) - elif type(x[k]) == list and type(y[k]) == list: + elif isinstance(x[k], list) and isinstance(y[k], list): ret.update({k: x[k]}) merge_lists(ret, y, k) else: @@ -460,9 +460,9 @@ def write_image_json(srcfile, outfile): # but we have no use case for them right now in our official images. def merge_lists(x, y, k): x[k] = x.get(k, []) - assert type(x[k]) == list + assert isinstance(x[k], list) y[k] = y.get(k, []) - assert type(y[k]) == list + assert isinstance(y[k], list) x[k].extend([i for i in y[k] if i not in x[k]]) diff --git a/tests/containers/tang/Containerfile b/tests/containers/tang/Containerfile index f36fe9132c..fb7dfdce00 100644 --- a/tests/containers/tang/Containerfile +++ b/tests/containers/tang/Containerfile @@ -1,6 +1,6 @@ -FROM registry.fedoraproject.org/fedora-minimal:40 +FROM registry.fedoraproject.org/fedora-minimal:41 -RUN microdnf -y install tang && microdnf clean all && rm -rf /var/cache/yum +RUN dnf -y install tang && dnf clean all && rm -rf /var/cache/yum EXPOSE 80 RUN systemctl enable tangd.socket