go.mod: update osbuild/images to v0.148.0

tag v0.145.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.145.0 ---------------- * github: run dependabot gomod action weekly (osbuild/images#1476) * Author: Achilleas Koutsou, Reviewers: Lukáš Zapletal — Somewhere on the Internet, 2025-05-12 --- tag v0.146.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.146.0 ---------------- * Fixes for ESP partition: Make optional, set label (osbuild/images#1525) * Author: Alexander Larsson, Reviewers: Achilleas Koutsou, Brian C. Lane * Initial automotive work: custom selinux policy, separate build container for bootc, and ext4 verity (osbuild/images#1519) * Author: Alexander Larsson, Reviewers: Achilleas Koutsou, Simon de Vlieger * Update snapshots to 20250512 (osbuild/images#1515) * Author: SchutzBot, Reviewers: Achilleas Koutsou, Simon de Vlieger * disk: make auto-generated /boot 1 GiB big (osbuild/images#1499) * Author: Ondřej Budai, Reviewers: Achilleas Koutsou, Michael Vogt * distro.yaml: Clean up yamllint errors and warnings (osbuild/images#1523) * Author: Brian C. Lane, Reviewers: Michael Vogt, Simon de Vlieger * distro/rhel9: make /boot 1 GiB everywhere (osbuild/images#1498) * Author: Ondřej Budai, Reviewers: Michael Vogt, Simon de Vlieger * distro: move disk/container image types into pure YAML (COMPOSER-2533) (osbuild/images#1508) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * fedora: move all image types into pure YAML (osbuild/images#1514) * Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger * fsnode: fix go-1.24 errors (osbuild/images#1521) * Author: Michael Vogt, Reviewers: Ondřej Budai, Tomáš Hozza * osbuild: add JSON/YAML unmarshal to UdevRulesStageOptions (osbuild/images#1489) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Simon de Vlieger * test: Run more distro tests in parallel (osbuild/images#1483) * Author: Brian C. Lane, Reviewers: Michael Vogt, Simon de Vlieger — Somewhere on the Internet, 2025-05-19 --- tag v0.147.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.147.0 ---------------- * Add support for setting partition uuid and label (osbuild/images#1543) * Author: Alexander Larsson, Reviewers: Achilleas Koutsou, Simon de Vlieger * Cleanup of new APIs (mkfs options and build container) (osbuild/images#1526) * Author: Alexander Larsson, Reviewers: Achilleas Koutsou, Simon de Vlieger * distro/rhel: remove the user/group warnings for edge-commits (osbuild/images#1538) * Author: Achilleas Koutsou, Reviewers: Brian C. Lane, Simon de Vlieger — Somewhere on the Internet, 2025-05-20 --- tag v0.148.0 Tagger: imagebuilder-bot <imagebuilder-bots+imagebuilder-bot@redhat.com> Changes with 0.148.0 ---------------- * Makefile: add vet command to check for consistent struct tags (osbuild/images#1554) * Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger * disk: tiny tweaks for the new MkfsOptions support (osbuild/images#1545) * Author: Michael Vogt, Reviewers: Achilleas Koutsou, Alexander Larsson, Lukáš Zapletal * fedora/many: increase `/boot` to 1 GiB (HMS-8604) (osbuild/images#1557) * Author: Simon de Vlieger, Reviewers: Achilleas Koutsou, Ondřej Budai * fedora/wsl: include `wsl-setup` (HMS-8573) (osbuild/images#1550) * Author: Simon de Vlieger, Reviewers: Brian C. Lane, Michael Vogt * fedora: add `anaconda.ModuleUsers` to ImageInstallerImage (osbuild/images#1558) * Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger * fedora: implement setting of the RootfsType via YAML (osbuild/images#1544) * Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger * rhel10: move ImageConfig into pure YAML (osbuild/images#1542) * Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger — Somewhere on the Internet, 2025-05-26 ---
2025-05-27 16:35:51 +02:00 · 2025-05-27 16:35:51 +02:00 · c77ca66191
commit c77ca66191
parent 12dd0b0be4
88 changed files with 5093 additions and 4979 deletions
--- a/vendor/github.com/osbuild/images/pkg/manifest/build.go
+++ b/vendor/github.com/osbuild/images/pkg/manifest/build.go
@ -43,6 +43,8 @@ type BuildrootFromPackages struct {
 	// buildroot itself when running setfiles. Once osbuild has
 	// this then this option would become "useChrootSetfiles"
 	disableSelinux bool
+
+	selinuxPolicy string
 }

 type BuildOptions struct {
@ -54,12 +56,24 @@ type BuildOptions struct {
 	// currently needed when using (experimental) cross-arch building.
 	DisableSELinux bool

+	// The SELinux policy to use in the buildroot, defaults to 'targeted' if not specified
+	SELinuxPolicy string
+
 	// BootstrapPipeline add the given bootstrap pipeline to the
 	// build pipeline. This is only needed when doing cross-arch
 	// building
 	BootstrapPipeline Build
 }

+// policy or default returns the selinuxPolicy or (if unset) the
+// default policy
+func policyOrDefault(selinuxPolicy string) string {
+	if selinuxPolicy != "" {
+		return selinuxPolicy
+	}
+	return "targeted"
+}
+
 // NewBuild creates a new build pipeline from the repositories in repos
 // and the specified packages.
 func NewBuild(m *Manifest, runner runner.Runner, repos []rpmmd.RepoConfig, opts *BuildOptions) Build {
@ -75,6 +89,7 @@ func NewBuild(m *Manifest, runner runner.Runner, repos []rpmmd.RepoConfig, opts
 		repos:              filterRepos(repos, name),
 		containerBuildable: opts.ContainerBuildable,
 		disableSelinux:     opts.DisableSELinux,
+		selinuxPolicy:      policyOrDefault(opts.SELinuxPolicy),
 	}

 	m.addPipeline(pipeline)
@ -93,10 +108,11 @@ func (p *BuildrootFromPackages) addDependent(dep Pipeline) {
 func (p *BuildrootFromPackages) getPackageSetChain(distro Distro) []rpmmd.PackageSet {
 	// TODO: make the /usr/bin/cp dependency conditional
 	// TODO: make the /usr/bin/xz dependency conditional
+	policyPackage := fmt.Sprintf("selinux-policy-%s", p.selinuxPolicy)
 	packages := []string{
-		"selinux-policy-targeted", // needed to build the build pipeline
-		"coreutils",               // /usr/bin/cp - used all over
-		"xz",                      // usage unclear
+		policyPackage, // needed to build the build pipeline
+		"coreutils",   // /usr/bin/cp - used all over
+		"xz",          // usage unclear
 	}

 	packages = append(packages, p.runner.GetBuildPackages()...)
@ -143,7 +159,7 @@ func (p *BuildrootFromPackages) serialize() osbuild.Pipeline {
 	pipeline.AddStage(osbuild.NewRPMStage(osbuild.NewRPMStageOptions(p.repos), osbuild.NewRpmStageSourceFilesInputs(p.packageSpecs)))
 	if !p.disableSelinux {
 		pipeline.AddStage(osbuild.NewSELinuxStage(&osbuild.SELinuxStageOptions{
-			FileContexts: "etc/selinux/targeted/contexts/files/file_contexts",
+			FileContexts: fmt.Sprintf("etc/selinux/%s/contexts/files/file_contexts", p.selinuxPolicy),
 			Labels:       p.getSELinuxLabels(),
 		},
 		))
@ -182,6 +198,7 @@ type BuildrootFromContainer struct {

 	containerBuildable bool
 	disableSelinux     bool
+	selinuxPolicy      string
 }

 // NewBuildFromContainer creates a new build pipeline from the given
@ -200,6 +217,7 @@ func NewBuildFromContainer(m *Manifest, runner runner.Runner, containerSources [

 		containerBuildable: opts.ContainerBuildable,
 		disableSelinux:     opts.DisableSELinux,
+		selinuxPolicy:      policyOrDefault(opts.SELinuxPolicy),
 	}
 	m.addPipeline(pipeline)
 	return pipeline
@ -273,7 +291,7 @@ func (p *BuildrootFromContainer) serialize() osbuild.Pipeline {
 	if !p.disableSelinux {
 		pipeline.AddStage(osbuild.NewSELinuxStage(
 			&osbuild.SELinuxStageOptions{
-				FileContexts: "etc/selinux/targeted/contexts/files/file_contexts",
+				FileContexts: fmt.Sprintf("etc/selinux/%s/contexts/files/file_contexts", p.selinuxPolicy),
 				ExcludePaths: []string{"/sysroot"},
 				Labels:       p.getSELinuxLabels(),
 			},