internal/manifest: restorecon after registering

When the first boot service runs insights-client, /root/.gnupg gets
created with the wrong selinux context.

internal/manifest/os.go

@@ -499,12 +499,16 @@ func (p *OS) serialize() osbuild.Pipeline {
 		if p.Subscription.Rhc {
 			// Use rhc for registration instead of subscription manager
 			commands = []string{fmt.Sprintf("/usr/bin/rhc connect -o=%s -a=%s --server %s", p.Subscription.Organization, p.Subscription.ActivationKey, p.Subscription.ServerUrl)}
+			// insights-client creates the .gnupg directory during boot process, and is labeled incorrectly
+			commands = append(commands, "restorecon -R /root/.gnupg")
 		} else {
 			commands = []string{fmt.Sprintf("/usr/sbin/subscription-manager register --org=%s --activationkey=%s --serverurl %s --baseurl %s", p.Subscription.Organization, p.Subscription.ActivationKey, p.Subscription.ServerUrl, p.Subscription.BaseUrl)}
 
 			// Insights is optional when using subscription-manager
 			if p.Subscription.Insights {
 				commands = append(commands, "/usr/bin/insights-client --register")
+				// insights-client creates the .gnupg directory during boot process, and is labeled incorrectly
+				commands = append(commands, "restorecon -R /root/.gnupg")
 			}
 		}
 

internal/manifest/os_test.go

@@ -94,6 +94,7 @@ func TestSubscriptionManagerInsightsCommands(t *testing.T) {
 	CheckFirstBootStageOptions(t, pipeline.Stages, []string{
 		"/usr/sbin/subscription-manager register --org=2040324 --activationkey=my-secret-key --serverurl subscription.rhsm.redhat.com --baseurl http://cdn.redhat.com/",
 		"/usr/bin/insights-client --register",
+		"restorecon -R /root/.gnupg",
 	})
 }
 
@@ -110,6 +111,7 @@ func TestRhcInsightsCommands(t *testing.T) {
 	pipeline := os.serialize()
 	CheckFirstBootStageOptions(t, pipeline.Stages, []string{
 		"/usr/bin/rhc connect -o=2040324 -a=my-secret-key --server subscription.rhsm.redhat.com",
+		"restorecon -R /root/.gnupg",
 	})
 }