Support SELinux in Amazon Linux 2023

Signed-off-by: Balasankar "Balu" C <[email protected]>

Author: balasankarc

.gitlab-ci.yml

@@ -42,7 +42,7 @@ variables:
   # To be used for images that exist only on dev.gitlab.org
   DEV_BUILDER_IMAGE_REGISTRY: 'dev.gitlab.org:5005/cookbooks/gitlab-omnibus-builder'
   PUBLIC_BUILDER_IMAGE_REGISTRY: "registry.gitlab.com/gitlab-org/gitlab-omnibus-builder"
-  BUILDER_IMAGE_REVISION: "4.19.0"
+  BUILDER_IMAGE_REVISION: "4.20.0"
   # The registry to pull the assets image from
   ASSET_REGISTRY: "${CI_REGISTRY}"
   ASSET_SYNC_EXISTING_REMOTE_FILES: "keep"

config/projects/gitlab.rb

@@ -76,10 +76,15 @@
   when '8', '9'
     runtime_dependency 'policycoreutils-python-utils'
   end
+elsif amazon?
+  case OhaiHelper.get_amazon_version
+  when '2'
+    runtime_dependency 'policycoreutils-python'
+  when '2023'
+    runtime_dependency 'policycoreutils-python-utils'
+  end
 end
 
-runtime_dependency 'policycoreutils-python' if amazon? && OhaiHelper.get_amazon_version == '2'
-
 # Arm targets need libatomic
 if OhaiHelper.arm?
   if rhel? || amazon?

config/software/python3.rb

@@ -63,7 +63,7 @@
       (ohai['platform'] =~ /^ubuntu/ && ohai['platform_version'] =~ /^22/)
 
   with_openssl = ''
-  if (ohai['platform'] =~ /^amzn/ || ohai['platform'] =~ /^amazon/) && (ohai['platform_version'] == "2022")
+  if (ohai['platform'] =~ /^amzn/ || ohai['platform'] =~ /^amazon/) && (ohai['platform_version'] == "2023")
     patch source: 'custom-openssl.patch'
     with_openssl = "--with-opensssl=/usr/local/openssl"
   end

files/gitlab-cookbooks/package/libraries/helpers/selinux_distro_helper.rb

@@ -3,7 +3,7 @@ class SELinuxDistroHelper
   OS_RELEASE_FILE = '/etc/os-release'.freeze
 
   def self.selinux_supported?
-    system_is_rhel7? || system_is_rhel8? || system_is_rhel9? || system_is_amazon_linux2? || system_is_amazon_linux2022?
+    system_is_rhel7? || system_is_rhel8? || system_is_rhel9? || system_is_amazon_linux2? || system_is_amazon_linux2023?
   end
 
   def self.system_is_rhel7?
@@ -23,9 +23,9 @@ def self.system_is_amazon_linux2?
     platform_family == 'rhel' && %w[amazon amzn].include?(platform&.downcase) && platform_version == '2'
   end
 
-  def self.system_is_amazon_linux2022?
+  def self.system_is_amazon_linux2023?
     # Extra platform check to ensure we don't enable RHEL 2
-    platform_family == 'rhel' && %w[amazon amzn].include?(platform&.downcase) && platform_version == '2022'
+    platform_family == 'rhel' && %w[amazon amzn].include?(platform&.downcase) && platform_version == '2023'
   end
 
   def self.platform_family

gitlab-ci-config/check-packages.yml

@@ -165,11 +165,11 @@ AmazonLinux-2-arm64-check:
   extends: .yum-install
   tags:
     - docker-arm-builder
-AmazonLinux-2022-check:
-  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2022:${BUILDER_IMAGE_REVISION}"
+AmazonLinux-2023-check:
+  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2023:${BUILDER_IMAGE_REVISION}"
   extends: .yum-install
-AmazonLinux-2022-arm64-check:
-  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2022_arm64:${BUILDER_IMAGE_REVISION}"
+AmazonLinux-2023-arm64-check:
+  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2023_arm64:${BUILDER_IMAGE_REVISION}"
   extends: .yum-install
   tags:
   - docker-arm-builder

gitlab-ci-config/dev-gitlab-org.yml

@@ -353,11 +353,11 @@ AmazonLinux-2-arm64-branch:
   extends: .branch_template
   tags:
   - docker-arm-builder
-AmazonLinux-2022-branch:
-  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2022:${BUILDER_IMAGE_REVISION}"
+AmazonLinux-2023-branch:
+  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2023:${BUILDER_IMAGE_REVISION}"
   extends: .branch_template
-AmazonLinux-2022-arm64-branch:
-  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2022_arm64:${BUILDER_IMAGE_REVISION}"
+AmazonLinux-2023-arm64-branch:
+  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2023_arm64:${BUILDER_IMAGE_REVISION}"
   extends: .branch_template
   tags:
   - docker-arm-builder
@@ -656,11 +656,11 @@ AmazonLinux-2-arm64:
   extends: .tag_template
   tags:
   - docker-arm-builder
-AmazonLinux-2022:
-  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2022:${BUILDER_IMAGE_REVISION}"
+AmazonLinux-2023:
+  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2023:${BUILDER_IMAGE_REVISION}"
   extends: .tag_template
-AmazonLinux-2022-arm64:
-  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2022_arm64:${BUILDER_IMAGE_REVISION}"
+AmazonLinux-2023-arm64:
+  image: "${BUILDER_IMAGE_REGISTRY}/amazonlinux_2023_arm64:${BUILDER_IMAGE_REVISION}"
   extends: .tag_template
   tags:
   - docker-arm-builder
@@ -829,19 +829,19 @@ AmazonLinux-2-arm64-staging:
       optional: true
     - job: AmazonLinux-2-arm64-branch
       optional: true
-AmazonLinux-2022-staging:
+AmazonLinux-2023-staging:
   extends: .staging_upload_template
   needs:
-    - job: AmazonLinux-2022
+    - job: AmazonLinux-2023
       optional: true
-    - job: AmazonLinux-2022-branch
+    - job: AmazonLinux-2023-branch
       optional: true
-AmazonLinux-2022-arm64-staging:
+AmazonLinux-2023-arm64-staging:
   extends: .staging_upload_template
   needs:
-    - job: AmazonLinux-2022-arm64
+    - job: AmazonLinux-2023-arm64
       optional: true
-    - job: AmazonLinux-2022-arm64-branch
+    - job: AmazonLinux-2023-arm64-branch
       optional: true
 SLES-12.5-staging:
   extends: .staging_upload_template
@@ -973,14 +973,14 @@ AmazonLinux-2-arm64-release:
   extends: .production_release_template
   needs:
     - AmazonLinux-2-arm64
-AmazonLinux-2022-release:
+AmazonLinux-2023-release:
   extends: .production_release_template
   needs:
-    - AmazonLinux-2022
-AmazonLinux-2022-arm64-release:
+    - AmazonLinux-2023
+AmazonLinux-2023-arm64-release:
   extends: .production_release_template
   needs:
-    - AmazonLinux-2022-arm64
+    - AmazonLinux-2023-arm64
 SLES-12.5-release:
   extends: .production_release_template
   needs:

gitlab-ci-config/gitlab-com.yml

@@ -401,7 +401,7 @@ Ubuntu 18.04 knapsack: !reference [.knapsack]
 Ubuntu 20.04 knapsack: !reference [.knapsack]
 Ubuntu 22.04 knapsack: !reference [.knapsack]
 AmazonLinux 2 knapsack: !reference [.knapsack]
-AmazonLinux 2022 knapsack: !reference [.knapsack]
+AmazonLinux 2023 knapsack: !reference [.knapsack]
 
 build library specs:
   image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/ubuntu_20.04-ruby:${BUILDER_IMAGE_REVISION}"
@@ -484,12 +484,12 @@ AmazonLinux 2 specs :
   parallel: 6
   needs:
   - AmazonLinux 2 knapsack
-AmazonLinux 2022 specs :
-  image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2022-ruby:${BUILDER_IMAGE_REVISION}"
+AmazonLinux 2023 specs :
+  image: "${PUBLIC_BUILDER_IMAGE_REGISTRY}/amazonlinux_2023-ruby:${BUILDER_IMAGE_REVISION}"
   extends: .chef_spec_template
   parallel: 6
   needs:
-  - AmazonLinux 2022 knapsack
+  - AmazonLinux 2023 knapsack
 
 
 update-knapsack: