coreos
diff --git a/‎build.sh‎
Lines changed: 6 additions & 1 deletion b/‎build.sh‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/0001-hacks-for-coreos-selinux-issues.patch‎
Lines changed: 0 additions & 44 deletions b/‎src/0001-hacks-for-coreos-selinux-issues.patch‎
Lines changed: 0 additions & 44 deletions
diff --git a/‎src/0001-org.osbuild.mkdir-support-creating-dirs-on-mounts.patch‎
Lines changed: 109 additions & 0 deletions b/‎src/0001-org.osbuild.mkdir-support-creating-dirs-on-mounts.patch‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎src/0001-parsing-add-parse_location_ext.patch‎
Lines changed: 68 additions & 0 deletions b/‎src/0001-parsing-add-parse_location_ext.patch‎
Lines changed: 68 additions & 0 deletions
diff --git a/‎src/0002-org.osbuild.selinux-support-operating-on-mounts.patch‎
Lines changed: 130 additions & 0 deletions b/‎src/0002-org.osbuild.selinux-support-operating-on-mounts.patch‎
Lines changed: 130 additions & 0 deletions
@@ -173,7 +173,12 @@ patch_osbuild() {
     mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/
 
     # Now all the software is under the /usr/lib/osbuild dir and we can patch
-    patch -d /usr/lib/osbuild -p1 < /usr/lib/coreos-assembler/0001-hacks-for-coreos-selinux-issues.patch
+    cat /usr/lib/coreos-assembler/0001-org.osbuild.mkdir-support-creating-dirs-on-mounts.patch    \
+        /usr/lib/coreos-assembler/0001-parsing-add-parse_location_ext.patch                       \
+        /usr/lib/coreos-assembler/0002-org.osbuild.selinux-support-operating-on-mounts.patch      \
+        /usr/lib/coreos-assembler/0003-org.osbuild.selinux-support-for-specifying-where-fil.patch \
+            | patch -d /usr/lib/osbuild -p1
+
 
     # And then move the files back; supermin appliance creation will need it back
     # in the places delivered by the RPM.
 
@@ -0,0 +1,109 @@
+From 362a1ea2485ea2c49e6c250a0446bd5a33b2062c Mon Sep 17 00:00:00 2001
+From: Nikita Dubrovskii <[email protected]>
+Date: Mon, 30 Sep 2024 15:46:31 +0200
+Subject: [PATCH] org.osbuild.mkdir: support creating dirs on mounts
+
+This allows creating new directories on mounts:
+```
+- type: org.osbuild.mkdir
+  options:
+    paths:
+      - path: mount:///boot/efi
+  devices:
+    disk: ...
+  mounts:
+    - name: boot
+      target: /boot
+      ...
+```
+---
+ stages/org.osbuild.mkdir           | 22 ++++++++++++----------
+ stages/org.osbuild.mkdir.meta.json | 21 ++++++++++++++++++---
+ 2 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/stages/org.osbuild.mkdir b/stages/org.osbuild.mkdir
+index f04549f6..d2d11a7a 100755
+--- a/stages/org.osbuild.mkdir
++++ b/stages/org.osbuild.mkdir
+@@ -3,23 +3,26 @@ import os
+ import sys
+ 
+ import osbuild.api
+-from osbuild.util.path import in_tree
++from osbuild.util import parsing
+ 
+ 
+-def main(tree, options):
++def main(args):
++    options = args["options"]
++
+     for item in options["paths"]:
+         path = item["path"]
+         mode = item.get("mode", 0o777)
+         parents = item.get("parents", False)
+         exist_ok = item.get("exist_ok", False)
+ 
+-        if not path.startswith("/"):
+-            print("WARNING: relative path used, this is discouraged!")
+-
+-        target = os.path.join(tree, path.lstrip("/"))
+-        if not in_tree(target, tree):
+-            raise ValueError(f"path {path} not in tree")
++        if "://" not in path:
++            if not path.startswith("/"):
++                print("WARNING: relative path used, this is discouraged!")
++                path = f"tree:///{path}"
++            else:
++                path = f"tree://{path}"
+ 
++        target = parsing.parse_location(path, args)
+         if parents:
+             os.makedirs(target, mode=mode, exist_ok=exist_ok)
+         else:
+@@ -33,5 +36,4 @@ def main(tree, options):
+ 
+ 
+ if __name__ == "__main__":
+-    args = osbuild.api.arguments()
+-    sys.exit(main(args["tree"], args["options"]))
++    sys.exit(main(osbuild.api.arguments()))
+diff --git a/stages/org.osbuild.mkdir.meta.json b/stages/org.osbuild.mkdir.meta.json
+index 5534120a..6cebaaf5 100644
+--- a/stages/org.osbuild.mkdir.meta.json
++++ b/stages/org.osbuild.mkdir.meta.json
+@@ -1,5 +1,5 @@
+ {
+-  "summary": "Create directories within the tree.",
++  "summary": "Create directories within the tree or mount.",
+   "description": [
+     "Can create one or more directories, optionally also the",
+     "intermediate directories. The stage can gracefully handle",
+@@ -31,8 +31,23 @@
+             ],
+             "properties": {
+               "path": {
+-                "type": "string",
+-                "pattern": "^\\/?(?!\\.\\.)((?!\\/\\.\\.\\/).)+$"
++                "anyOf": [
++                  {
++                    "type": "string",
++                    "description": "Target path, if a tree",
++                    "pattern": "^\\/?(?!\\.\\.)((?!\\/\\.\\.\\/).)+$"
++                  },
++                  {
++                    "type": "string",
++                    "description": "Target path, if a mount",
++                    "pattern": "^mount://.+"
++                  },
++                  {
++                    "type": "string",
++                    "description": "Target path, if a tree",
++                    "pattern": "^tree://.+"
++                  }
++                ]
+               },
+               "mode": {
+                 "type": "number",
+-- 
+2.47.0
+
@@ -0,0 +1,68 @@
+From e36f51ff5787a62323c0a9ad8987c81c9a6aba09 Mon Sep 17 00:00:00 2001
+From: Nikita Dubrovskii <[email protected]>
+Date: Fri, 18 Oct 2024 12:28:32 +0200
+Subject: [PATCH 1/3] parsing: add parse_location_ext
+
+New fucntion returns tuple of 'root' and 'url path', which could be
+useful in contexts, where knowing 'root' is required, for example setting
+selinux labels.
+---
+ osbuild/util/parsing.py | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/osbuild/util/parsing.py b/osbuild/util/parsing.py
+index f8fb2768..2c03b123 100644
+--- a/osbuild/util/parsing.py
++++ b/osbuild/util/parsing.py
+@@ -2,7 +2,7 @@
+ 
+ import os
+ import re
+-from typing import Dict, Union
++from typing import Dict, Tuple, Union
+ from urllib.parse import ParseResult, urlparse
+ 
+ 
+@@ -72,9 +72,9 @@ def parse_input(url: ParseResult, args: Dict) -> os.PathLike:
+     return root
+ 
+ 
+-def parse_location(location: str, args: Dict) -> str:
++def parse_location_ext(location: str, args: Dict) -> Tuple[str, str]:
+     """
+-    Parses the location URL to derive the corresponding file path.
++    Parses the location URL to derive the corresponding root and file path.
+ 
+     Parameters:
+     - location (str): The location URL to be parsed.
+@@ -97,11 +97,24 @@ def parse_location(location: str, args: Dict) -> str:
+     if not url.path.startswith("/"):
+         raise ValueError(f"url.path from location must start with '/', got: {url.path}")
+ 
+-    path = os.path.relpath(url.path, "/")
++    return root, url.path
++
++
++def parse_location(location: str, args: Dict) -> str:
++    """
++    Parses the location URL to derive the corresponding file path.
++
++    Parameters:
++    - location (str): The location URL to be parsed.
++    - args (Dict): A dictionary containing arguments including mounts and
++    path information as passed by osbuild.api.arguments()
++    """
++
++    root, urlpath = parse_location_ext(location, args)
++    path = os.path.relpath(urlpath, "/")
+     path = os.path.join(root, path)
+     path = os.path.normpath(path)
+-
+-    if url.path.endswith("/"):
++    if urlpath.endswith("/"):
+         path = os.path.join(path, ".")
+ 
+     return path
+-- 
+2.47.0
+
@@ -0,0 +1,130 @@
+From beacc9e146cb3c104ff69a06e439e76656dc8df3 Mon Sep 17 00:00:00 2001
+From: Nikita Dubrovskii <[email protected]>
+Date: Thu, 17 Oct 2024 12:57:00 +0200
+Subject: [PATCH 2/3] org.osbuild.selinux: support operating on mounts
+
+This adds support for specifying paths to operate on,
+rather than just the root of the target:
+```
+- type: org.osbuild.selinux
+  options:
+    file_contexts: etc/selinux/targeted/contexts/files/file_contexts
+    targets:
+     - tree:///path/to/dir
+     - mount://root/path/to/dir
+  devices:
+    disk: ...
+  mounts:
+    - name: root
+      source: disk
+      target: /
+```
+---
+ stages/org.osbuild.selinux           | 52 ++++++++++++++++------------
+ stages/org.osbuild.selinux.meta.json | 19 ++++++++++
+ 2 files changed, 49 insertions(+), 22 deletions(-)
+
+diff --git a/stages/org.osbuild.selinux b/stages/org.osbuild.selinux
+index 563d827b..da1ad39a 100755
+--- a/stages/org.osbuild.selinux
++++ b/stages/org.osbuild.selinux
+@@ -4,36 +4,44 @@ import pathlib
+ import sys
+ 
+ import osbuild.api
+-from osbuild.util import selinux
++from osbuild.util import parsing, selinux
+ 
+ 
+-def main(tree, options):
++def main(args, options):
+     file_contexts = options.get("file_contexts")
+     exclude_paths = options.get("exclude_paths")
+ 
+-    if file_contexts:
+-        file_contexts = os.path.join(f"{tree}", options["file_contexts"])
+-        if exclude_paths:
+-            exclude_paths = [os.path.join(tree, p.lstrip("/")) for p in exclude_paths]
+-        selinux.setfiles(file_contexts, os.fspath(tree), "", exclude_paths=exclude_paths)
++    # Get the path where the tree is
++    tree = args["tree"]
+ 
+-    labels = options.get("labels", {})
+-    for path, label in labels.items():
+-        fullpath = os.path.join(tree, path.lstrip("/"))
+-        selinux.setfilecon(fullpath, label)
++    # Set labels on each target
++    for target in options.get("targets", ["tree:///"]):
++        root, target = parsing.parse_location_ext(target, args)
++        target = target.lstrip("/")
+ 
+-    if options.get("force_autorelabel", False):
+-        stamp = pathlib.Path(tree, ".autorelabel")
+-        # Creating just empty /.autorelabel resets only the type of files.
+-        # To ensure that the full context is reset, we write "-F" into the file.
+-        # This mimics the behavior of `fixfiles -F boot`. The "-F" option is
+-        # then passed to `selinux-autorelabel` script [0].
+-        # Note that this is missing from the selinux(8) and selinux_config(5) man-pages
+-        # [0] https://src.fedoraproject.org/rpms/policycoreutils/blob/rawhide/f/selinux-autorelabel#_54
+-        stamp.write_text("-F", encoding="utf-8")
++        if file_contexts:
++            file_contexts = os.path.join(f"{tree}", options["file_contexts"])
++            if exclude_paths:
++                exclude_paths = [os.path.join(root, target, p.lstrip("/")) for p in exclude_paths]
++            selinux.setfiles(file_contexts, os.fspath(root), target, exclude_paths=exclude_paths)
++
++        labels = options.get("labels", {})
++        for path, label in labels.items():
++            fullpath = os.path.join(root, path.lstrip("/"))
++            selinux.setfilecon(fullpath, label)
++
++        if options.get("force_autorelabel", False):
++            stamp = pathlib.Path(root, ".autorelabel")
++            # Creating just empty /.autorelabel resets only the type of files.
++            # To ensure that the full context is reset, we write "-F" into the file.
++            # This mimics the behavior of `fixfiles -F boot`. The "-F" option is
++            # then passed to `selinux-autorelabel` script [0].
++            # Note that this is missing from the selinux(8) and selinux_config(5) man-pages
++            # [0] https://src.fedoraproject.org/rpms/policycoreutils/blob/rawhide/f/selinux-autorelabel#_54
++            stamp.write_text("-F", encoding="utf-8")
+ 
+ 
+ if __name__ == '__main__':
+-    args = osbuild.api.arguments()
+-    r = main(args["tree"], args["options"])
++    _args = osbuild.api.arguments()
++    r = main(_args, _args["options"])
+     sys.exit(r)
+diff --git a/stages/org.osbuild.selinux.meta.json b/stages/org.osbuild.selinux.meta.json
+index 30dbddae..3476df9d 100644
+--- a/stages/org.osbuild.selinux.meta.json
++++ b/stages/org.osbuild.selinux.meta.json
+@@ -33,6 +33,25 @@
+         }
+       ],
+       "properties": {
++        "targets": {
++          "description": "Array of target paths to operate on",
++          "type": "array",
++          "additionalItems": false,
++          "items": {
++            "oneOf": [
++              {
++                "type": "string",
++                "description": "Target path, if a mount",
++                "pattern": "^mount://.+"
++              },
++              {
++                "type": "string",
++                "description": "Target path, if a tree",
++                "pattern": "^tree://.+"
++              }
++            ]
++          }
++        },
+         "file_contexts": {
+           "type": "string",
+           "description": "Path to the active SELinux policy's `file_contexts`"
+-- 
+2.47.0
+