particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
823 commits 2 branches 0 tags 60 MiB
Find a file
Christian Kellner 7171eb2bf3 osbuild: add custom selinux policy 
A usual step in creating OS file system trees is to apply the
correct SELinux labels for all files and directories. This is
done by the org.osbuild.selinux stage, which internally uses the
setfiles command in order to do so. The SELiunx policy to be
used for this operation is the one of the newly created system,
not the host one. It therefore can contain labels that are not
known on the host. The kernel will prevent setting invalid,
i.e. unknown, labels unless the caller has the CAP_MAC_ADMIN
capability. By default, setfiles is executed in the setfiles_t
domain, where it lacks that capability. Therefore a custom
osbuild SELinux policy was created, with a special transition
rule that will execute setfiles in the setfiles_mac_t
domain. All stages, sources and assemblers as well as the main
binary are label with the new osbuild_exec_t label.

Additionally, allow a transition from osbuild_t to install_t by
using `anaconda_domtrans_install`, so that ostree and
rpm-ostree, which are labeled as install_exec_t, can transition
to the install_t domain when called form osbuild.  Update the
spec file to build the policy and include it in a new
osbuild-selinux sub-package.
2020-06-10 01:35:05 +02:00
.github/workflows ghci: merge unittest invocations 2020-06-05 09:27:40 +02:00
assemblers osbuild: replace capture_output in subprocess.run 2020-06-09 13:42:35 +02:00
docs cli: drop --build-env argument 2020-05-07 19:52:33 +02:00
osbuild util/ostree: accept typing.List for List[str] 2020-06-09 13:42:35 +02:00
runners modules: drop osbuild symlink 2020-05-04 12:32:25 +02:00
samples assemblers/ostree.commit: support archiving 2020-05-20 14:47:40 +02:00
schemas schema/osbuild1.json: convert to draft4 standard 2020-05-12 22:00:38 +02:00
schutzbot Run image tests in PSI only 2020-06-05 13:14:30 -05:00
selinux osbuild: add custom selinux policy 2020-06-10 01:35:05 +02:00
sources sources/files: don't spam stderr with error messages 2020-06-07 22:08:34 +02:00
stages Take care not to put large content on /tmp 2020-06-09 09:12:05 +02:00
test osbuild: replace capture_output in subprocess.run 2020-06-09 13:42:35 +02:00
tools tools: move tree-diff into ./tools 2020-06-05 09:27:40 +02:00
.editorconfig editorconfig: add one matching current style 2019-12-13 18:15:08 +01:00
.gitignore .gitignore: remove old ignored directory 2020-03-06 11:57:17 +01:00
.pylintrc pylint: disable too-many-arguments rule 2019-07-24 12:55:48 +02:00
.travis.yml ci: move test_boot to github-actions 2020-05-13 22:00:27 +02:00
LICENSE Revert "Fill in the license template" 2019-11-18 12:23:10 +01:00
Makefile build: align makefile targets with test-targets 2020-06-05 09:27:40 +02:00
NEWS.md NEWS.md: update for osbuild version 16 2020-06-04 16:22:59 +02:00
osbuild.spec osbuild: add custom selinux policy 2020-06-10 01:35:05 +02:00
README.md docs: refactor README 2020-03-02 21:34:09 +01:00
requirements.txt osbuild: add meta module for metadata information 2020-05-06 15:42:23 +02:00
setup.py NEWS.md: update for osbuild version 16 2020-06-04 16:22:59 +02:00

README.md

OSBuild

Build-Pipelines for Operating System Artifacts

OSBuild is a pipeline-based build system for operating system artifacts. It defines a universal pipeline description and a build system to execute them, producing artifacts like operating system images, working towards an image build pipeline that is more comprehensible, reproducible, and extendable.

See the osbuild(1) man-page for details on how to run osbuild, the definition of the pipeline description, and more.

Project

Requirements

The requirements for this project are:

  • python >= 3.7
  • systemd-nspawn >= 244

Additionally, the built-in stages require:

  • bash >= 5.0
  • coreutils >= 8.31
  • curl >= 7.68
  • qemu-img >= 4.2.0
  • rpm >= 4.15
  • tar >= 1.32
  • util-linux >= 235

At build-time, the following software is required:

  • python-docutils >= 0.13
  • pkg-config >= 0.29

Build

The standard python package system is used. Consult upstream documentation for detailed help. In most situations the following commands are sufficient to build and install from source:

python setup.py build
python setup.py install --skip-build --root=/

The man-pages require python-docutils and can be built via:

rst2man docs/<input-file>.rst <output-file>

Repository:

License:

  • Apache-2.0
  • See LICENSE file for details.