Skip to content

Commit

Permalink
many: exclude /sysroot in bootc container-deploy stage
Browse files Browse the repository at this point in the history
When using bootc based images as buildroots we need to exclude
the `/sysroot` to prevent selinux errors.

See osbuild/osbuild#1552
  • Loading branch information
mvo5 authored and achilleas-k committed Jan 24, 2024
1 parent 3b84315 commit a8de56f
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 7 deletions.
6 changes: 5 additions & 1 deletion pkg/manifest/build.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,11 @@ func (p *BuildrootFromContainer) serialize() osbuild.Pipeline {
pipeline := p.Base.serialize()
pipeline.Runner = p.runner.String()

stage, err := osbuild.NewContainerDeployStage(osbuild.NewContainersInputForSources(p.containerSpecs))
inputs := osbuild.NewContainersInputForSources(p.containerSpecs)
options := &osbuild.ContainerDeployOptions{
Exclude: []string{"/sysroot"},
}
stage, err := osbuild.NewContainerDeployStage(inputs, options)
if err != nil {
panic(err)
}
Expand Down
13 changes: 10 additions & 3 deletions pkg/osbuild/container_deploy_stage.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ type ContainerDeployInputs struct {

func (ContainerDeployInputs) isStageInputs() {}

type ContainerDeployOptions struct {
Exclude []string `json:"exclude"`
}

func (ContainerDeployOptions) isStageOptions() {}

func (inputs ContainerDeployInputs) validate() error {
if inputs.Images.References == nil {
return fmt.Errorf("stage requires exactly 1 input container (got nil References)")
Expand All @@ -18,15 +24,16 @@ func (inputs ContainerDeployInputs) validate() error {
return nil
}

func NewContainerDeployStage(images ContainersInput) (*Stage, error) {
func NewContainerDeployStage(images ContainersInput, options *ContainerDeployOptions) (*Stage, error) {
inputs := ContainerDeployInputs{
Images: images,
}
if err := inputs.validate(); err != nil {
return nil, err
}
return &Stage{
Type: "org.osbuild.container-deploy",
Inputs: inputs,
Type: "org.osbuild.container-deploy",
Inputs: inputs,
Options: options,
}, nil
}
21 changes: 18 additions & 3 deletions pkg/osbuild/container_deploy_stage_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ func TestContainersDeployStageInputs(t *testing.T) {
Source: "registry.example.org/reg/img",
},
})
stage, err := osbuild.NewContainerDeployStage(inputs)
stage, err := osbuild.NewContainerDeployStage(inputs, nil)
require.NotNil(t, stage)
require.Nil(t, err)

assert.Equal(t, stage.Type, "org.osbuild.container-deploy")
assert.Equal(t, stage.Inputs.(osbuild.ContainerDeployInputs).Images, inputs)
}

func TestContainersDeployStageOptionsJson(t *testing.T) {
func TestContainersDeployStageInputsInputsJson(t *testing.T) {
expectedJson := `{
"images": {
"type": "org.osbuild.containers",
Expand Down Expand Up @@ -55,6 +55,21 @@ func TestContainersDeployStageOptionsJson(t *testing.T) {
assert.Equal(t, string(json), expectedJson)
}

func TestContainersDeployStageOptionsJson(t *testing.T) {
expectedJson := `{
"exclude": [
"/sysroot",
"/other"
]
}`
cdi := osbuild.ContainerDeployOptions{
Exclude: []string{"/sysroot", "/other"},
}
json, err := json.MarshalIndent(cdi, "", " ")
require.Nil(t, err)
assert.Equal(t, string(json), expectedJson)
}

func TestContainersDeployStageInputsValidate(t *testing.T) {
type testCase struct {
inputs osbuild.ContainerDeployInputs
Expand Down Expand Up @@ -109,7 +124,7 @@ func TestContainersDeployStageInputsValidate(t *testing.T) {
for name := range testCases {
tc := testCases[name]
t.Run(name, func(t *testing.T) {
stage, err := osbuild.NewContainerDeployStage(tc.inputs.Images)
stage, err := osbuild.NewContainerDeployStage(tc.inputs.Images, nil)
if tc.err == "" {
require.NotNil(t, stage)
require.Nil(t, err)
Expand Down

0 comments on commit a8de56f

Please sign in to comment.