From 5532900887bc5a7a8dcd4becea697e3e6b0201bc Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Wed, 24 Jan 2024 13:34:16 +0100 Subject: [PATCH] many: exclude /sysroot in bootc container-deploy stage When using bootc based images as buildroots we need to exclude the `/sysroot` to prevent selinux errors. See https://github.com/osbuild/osbuild/pull/1552 --- pkg/manifest/build.go | 6 +++++- pkg/osbuild/container_deploy_stage.go | 13 ++++++++++--- pkg/osbuild/container_deploy_stage_test.go | 21 ++++++++++++++++++--- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/pkg/manifest/build.go b/pkg/manifest/build.go index e50fba1bd0..b80c5c6a11 100644 --- a/pkg/manifest/build.go +++ b/pkg/manifest/build.go @@ -217,7 +217,11 @@ func (p *BuildrootFromContainer) serialize() osbuild.Pipeline { pipeline := p.Base.serialize() pipeline.Runner = p.runner.String() - stage, err := osbuild.NewContainerDeployStage(osbuild.NewContainersInputForSources(p.containerSpecs)) + inputs := osbuild.NewContainersInputForSources(p.containerSpecs) + options := &osbuild.ContainerDeployOptions{ + Exclude: []string{"/sysroot"}, + } + stage, err := osbuild.NewContainerDeployStage(inputs, options) if err != nil { panic(err) } diff --git a/pkg/osbuild/container_deploy_stage.go b/pkg/osbuild/container_deploy_stage.go index 38b3eacf26..55d510b921 100644 --- a/pkg/osbuild/container_deploy_stage.go +++ b/pkg/osbuild/container_deploy_stage.go @@ -8,6 +8,12 @@ type ContainerDeployInputs struct { func (ContainerDeployInputs) isStageInputs() {} +type ContainerDeployOptions struct { + Exclude []string `json:"exclude"` +} + +func (ContainerDeployOptions) isStageOptions() {} + func (inputs ContainerDeployInputs) validate() error { if inputs.Images.References == nil { return fmt.Errorf("stage requires exactly 1 input container (got nil References)") @@ -18,7 +24,7 @@ func (inputs ContainerDeployInputs) validate() error { return nil } -func NewContainerDeployStage(images ContainersInput) (*Stage, error) { +func NewContainerDeployStage(images ContainersInput, options *ContainerDeployOptions) (*Stage, error) { inputs := ContainerDeployInputs{ Images: images, } @@ -26,7 +32,8 @@ func NewContainerDeployStage(images ContainersInput) (*Stage, error) { return nil, err } return &Stage{ - Type: "org.osbuild.container-deploy", - Inputs: inputs, + Type: "org.osbuild.container-deploy", + Inputs: inputs, + Options: options, }, nil } diff --git a/pkg/osbuild/container_deploy_stage_test.go b/pkg/osbuild/container_deploy_stage_test.go index d1c567de51..08af04ad93 100644 --- a/pkg/osbuild/container_deploy_stage_test.go +++ b/pkg/osbuild/container_deploy_stage_test.go @@ -18,7 +18,7 @@ func TestContainersDeployStageInputs(t *testing.T) { Source: "registry.example.org/reg/img", }, }) - stage, err := osbuild.NewContainerDeployStage(inputs) + stage, err := osbuild.NewContainerDeployStage(inputs, nil) require.NotNil(t, stage) require.Nil(t, err) @@ -26,7 +26,7 @@ func TestContainersDeployStageInputs(t *testing.T) { assert.Equal(t, stage.Inputs.(osbuild.ContainerDeployInputs).Images, inputs) } -func TestContainersDeployStageOptionsJson(t *testing.T) { +func TestContainersDeployStageInputsInputsJson(t *testing.T) { expectedJson := `{ "images": { "type": "org.osbuild.containers", @@ -55,6 +55,21 @@ func TestContainersDeployStageOptionsJson(t *testing.T) { assert.Equal(t, string(json), expectedJson) } +func TestContainersDeployStageOptionsJson(t *testing.T) { + expectedJson := `{ + "exclude": [ + "/sysroot", + "/other" + ] +}` + cdi := osbuild.ContainerDeployOptions{ + Exclude: []string{"/sysroot", "/other"}, + } + json, err := json.MarshalIndent(cdi, "", " ") + require.Nil(t, err) + assert.Equal(t, string(json), expectedJson) +} + func TestContainersDeployStageInputsValidate(t *testing.T) { type testCase struct { inputs osbuild.ContainerDeployInputs @@ -109,7 +124,7 @@ func TestContainersDeployStageInputsValidate(t *testing.T) { for name := range testCases { tc := testCases[name] t.Run(name, func(t *testing.T) { - stage, err := osbuild.NewContainerDeployStage(tc.inputs.Images) + stage, err := osbuild.NewContainerDeployStage(tc.inputs.Images, nil) if tc.err == "" { require.NotNil(t, stage) require.Nil(t, err)