From ec496769c5905bc07264ffdb26f6facb3cb3cdd6 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Fri, 22 Mar 2024 09:15:28 +0100 Subject: [PATCH] stages: allow bootc.install-to-filesystem work without selinux By default "bootc" will refuse to work on a non-selinux system if the bootc container requires selinux. This is a sensible approach in general but for us it's tricky because we want to be able to generate images when running on developer machines or CI machines that may not necessarily have selinux. So make bootc more relaxed. --- stages/org.osbuild.bootc.install-to-filesystem | 14 +++++++++++++- stages/test/test_bootc_install_to_fs.py | 18 ++++++++++-------- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/stages/org.osbuild.bootc.install-to-filesystem b/stages/org.osbuild.bootc.install-to-filesystem index 530ac666..fde611d3 100755 --- a/stages/org.osbuild.bootc.install-to-filesystem +++ b/stages/org.osbuild.bootc.install-to-filesystem @@ -1,4 +1,5 @@ #!/usr/bin/python3 +import os import subprocess import sys import tempfile @@ -12,6 +13,17 @@ def main(options, inputs, paths): assert len(images) == 1 image = list(images.values())[0] + env = os.environ.copy() + # By default "bootc" will refuse to work on a non-selinux system if + # the bootc container requires selinux. This is a sensible approach + # in general but for us it's tricky because we want to be able to + # generate images when running on developer machines or CI machines + # that may not necessarily have selinux. So make bootc more relaxed. + # + # Can be dropped once https://github.com/containers/bootc/pull/420 + # is available in all our downstreams. + env["BOOTC_SKIP_SELINUX_HOST_CHECK"] = "true" + with containers.container_source(image) as (_, source): dst = paths["mounts"] pargs = ["bootc", "install", "to-filesystem", @@ -30,7 +42,7 @@ def main(options, inputs, paths): pargs.extend(["--karg", karg]) # add target and go pargs.append(dst) - subprocess.run(pargs, check=True) + subprocess.run(pargs, env=env, check=True) if __name__ == "__main__": diff --git a/stages/test/test_bootc_install_to_fs.py b/stages/test/test_bootc_install_to_fs.py index be9c48aa..36c53975 100644 --- a/stages/test/test_bootc_install_to_fs.py +++ b/stages/test/test_bootc_install_to_fs.py @@ -2,7 +2,7 @@ import tempfile from contextlib import contextmanager -from unittest.mock import Mock, call, patch +from unittest.mock import Mock, patch import pytest @@ -80,13 +80,15 @@ def test_bootc_install_to_fs(mock_run, mocked_named_tmp, mocked_temp_dir, stage_ stage_module.main(options, inputs, paths) assert len(mock_run.call_args_list) == 1 - assert mock_run.call_args_list == [ - call(["bootc", "install", "to-filesystem", - "--source-imgref", f"oci-archive:{mocked_temp_dir}/image", - "--skip-fetch-check", "--generic-image", - ] + expected_args + ["/path/to/mounts"], - check=True) - ] + args, kwargs = mock_run.call_args_list[0] + assert args == ( + ["bootc", "install", "to-filesystem", + "--source-imgref", f"oci-archive:{mocked_temp_dir}/image", + "--skip-fetch-check", "--generic-image", + ] + expected_args + ["/path/to/mounts"], + ) + assert kwargs["check"] is True + assert kwargs["env"]["BOOTC_SKIP_SELINUX_HOST_CHECK"] == "true" @patch("subprocess.run")