Merge pull request #45 from cgwalters/config-install

cgwalters · web-flow · commit 76939a7eec9d · 2023-01-27T17:53:45.000-05:00
Add a default-enabled `install` feature
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -30,6 +30,8 @@ jobs:
           key: "tests"
       - name: Build
         run: cargo test --no-run
+      - name: Build lib without default features
+        run: cd lib && cargo check --no-default-features
       - name: Individual checks
         run: (cd cli && cargo check) && (cd lib && cargo check)
       - name: Lints
diff --git a/lib/Cargo.toml b/lib/Cargo.toml
@@ -34,6 +34,10 @@ xshell = { version = "0.2", optional = true }
 uuid = { version = "1.2.2", features = ["v4"] }
 
 [features]
-default = []
+default = ["install"]
+# This feature enables `bootc install`.  Disable if you always want to use an external installer.
+install = []
+# Implementation detail of man page generation.
 docgen = ["clap_mangen"]
+# This feature should only be enabled in CI environments.
 internal-testing-api = ["xshell"]
diff --git a/lib/src/cli.rs b/lib/src/cli.rs
@@ -97,6 +97,7 @@ pub(crate) enum Opt {
     /// Display status
     Status(StatusOpts),
     /// Install to the target block device
+    #[cfg(feature = "install")]
     Install(crate::install::InstallOpts),
     /// Internal integration testing helpers.
     #[clap(hide(true), subcommand)]
@@ -333,6 +334,7 @@ where
     match opt {
         Opt::Upgrade(opts) => upgrade(opts).await,
         Opt::Switch(opts) => switch(opts).await,
+        #[cfg(feature = "install")]
         Opt::Install(opts) => crate::install::install(opts).await,
         Opt::Status(opts) => super::status::status(opts).await,
         #[cfg(feature = "internal-testing-api")]
diff --git a/lib/src/lib.rs b/lib/src/lib.rs
@@ -13,20 +13,29 @@
 #![deny(clippy::dbg_macro)]
 #![deny(clippy::todo)]
 
+pub mod cli;
+mod lsm;
+mod reexec;
+mod status;
+mod utils;
+
+#[cfg(feature = "internal-testing-api")]
+mod privtests;
+
+#[cfg(feature = "install")]
 mod blockdev;
+#[cfg(feature = "install")]
 mod bootloader;
-pub mod cli;
+#[cfg(feature = "install")]
 mod containerenv;
+#[cfg(feature = "install")]
 pub(crate) mod ignition;
+#[cfg(feature = "install")]
 mod install;
-mod lsm;
+#[cfg(feature = "install")]
 mod podman;
-#[cfg(feature = "internal-testing-api")]
-mod privtests;
-mod reexec;
-mod status;
+#[cfg(feature = "install")]
 mod task;
-mod utils;
 
 #[cfg(feature = "docgen")]
 mod docgen;
diff --git a/lib/src/lsm.rs b/lib/src/lsm.rs
@@ -5,14 +5,19 @@ use std::process::Command;
 use anyhow::{Context, Result};
 use camino::{Utf8Path, Utf8PathBuf};
 use fn_error_context::context;
+#[cfg(feature = "install")]
 use gvariant::{aligned_bytes::TryAsAligned, Marker, Structure};
+#[cfg(feature = "install")]
 use ostree_ext::ostree;
 
+#[cfg(feature = "install")]
 use crate::task::Task;
 
 /// The mount path for selinux
+#[cfg(feature = "install")]
 const SELINUXFS: &str = "/sys/fs/selinux";
 /// The SELinux xattr
+#[cfg(feature = "install")]
 const SELINUX_XATTR: &[u8] = b"security.selinux\0";
 
 #[context("Querying selinux availability")]
@@ -59,6 +64,7 @@ pub(crate) fn selinux_ensure_install() -> Result<()> {
 /// Ensure that /sys/fs/selinux is mounted, and ensure we're running
 /// as install_t.
 #[context("Ensuring selinux mount")]
+#[cfg(feature = "install")]
 pub(crate) fn container_setup_selinux() -> Result<()> {
     let path = Utf8Path::new(SELINUXFS);
     if !path.join("enforce").exists() {
@@ -89,14 +95,18 @@ fn selinux_label_for_path(target: &str) -> Result<String> {
 #[context("Labeling {as_path}")]
 pub(crate) fn lsm_label(target: &Utf8Path, as_path: &Utf8Path, recurse: bool) -> Result<()> {
     let label = selinux_label_for_path(as_path.as_str())?;
-    Task::new("Setting SELinux security context (chcon)", "chcon")
-        .quiet()
-        .args(["-h"])
+    let st = Command::new("chcon")
+        .arg("-h")
         .args(recurse.then_some("-R"))
         .args(["-h", label.as_str(), target.as_str()])
-        .run()
+        .status()?;
+    if !st.success() {
+        anyhow::bail!("Failed to invoke chcon: {st:?}");
+    }
+    Ok(())
 }
 
+#[cfg(feature = "install")]
 pub(crate) fn xattrs_have_selinux(xattrs: &ostree::glib::Variant) -> bool {
     let v = xattrs.data_as_bytes();
     let v = v.try_as_aligned().unwrap();
diff --git a/lib/src/utils.rs b/lib/src/utils.rs
@@ -49,6 +49,7 @@ where
 }
 
 /// Run a command in the host mount namespace
+#[allow(dead_code)]
 pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
     let mut c = Command::new("nsenter");
     c.args(["-m", "-t", "1", "--", cmd]);
@@ -57,6 +58,7 @@ pub(crate) fn run_in_host_mountns(cmd: &str) -> Command {
 
 /// Given a possibly tagged image like quay.io/foo/bar:latest and a digest 0ab32..., return
 /// the digested form quay.io/foo/bar@sha256:0ab32...
+#[allow(dead_code)]
 pub(crate) fn digested_pullspec(image: &str, digest: &str) -> String {
     let image = image.rsplit_once(':').map(|v| v.0).unwrap_or(image);
     format!("{image}@{digest}")
