[cloud-init/f16] Consolidate selinux file context patches

gholms gholms at fedoraproject.org
Tue Oct 4 19:22:10 UTC 2011 

commit a2171c6d7bc909095ff772ff8dd007166407b8d5
Author: Garrett Holmstrom <gholms at fedoraproject.org>
Date:   Wed Sep 28 15:46:10 2011 -0700

    Consolidate selinux file context patches

 cloud-init-0.6.2-filecontext.patch       |   69 ++++++++++++++++++++++++++++++
 cloud-init-0.6.2-puppetcontext.patch     |   35 ---------------
 cloud-init-0.6.2-puppetenable.patch      |    6 +-
 cloud-init-0.6.2-runparts-emptydir.patch |    2 +-
 cloud-init-0.6.2-sshcontext.patch        |   26 -----------
 cloud-init-0.6.2-sshkeytypes.patch       |    2 +-
 cloud-init.spec                          |   12 +++---
 7 files changed, 80 insertions(+), 72 deletions(-)
---
diff --git a/cloud-init-0.6.2-filecontext.patch b/cloud-init-0.6.2-filecontext.patch
new file mode 100644
index 0000000..42fe8c8
--- /dev/null
+++ b/cloud-init-0.6.2-filecontext.patch
@@ -0,0 +1,69 @@
+Index: cloud-init/cloudinit/SshUtil.py
+===================================================================
+--- cloud-init.orig/cloudinit/SshUtil.py
++++ cloud-init/cloudinit/SshUtil.py
+@@ -147,6 +147,7 @@ def setup_user_keys(keys, user, key_pref
+     util.write_file(authorized_keys, content, 0600)
+ 
+     os.chown(authorized_keys, pwent.pw_uid, pwent.pw_gid)
++    util.restorecon_if_possible(ssh_dir, recursive=True)
+ 
+     os.umask(saved_umask)
+ 
+Index: cloud-init/cloudinit/util.py
+===================================================================
+--- cloud-init.orig/cloudinit/util.py
++++ cloud-init/cloudinit/util.py
+@@ -28,6 +28,12 @@ import time
+ import traceback
+ import re
+ 
++try:
++    import selinux
++    HAVE_LIBSELINUX = True
++except ImportError:
++    HAVE_LIBSELINUX = False
++
+ def read_conf(fname):
+     try:
+ 	    stream = open(fname,"r")
+@@ -113,6 +119,11 @@ def write_file(file,content,mode=0644,om
+             os.chmod(file,mode)
+         f.write(content)
+         f.close()
++        restorecon_if_possible(file)
++
++def restorecon_if_possible(path, recursive=False):
++    if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
++        selinux.restorecon(path, recursive=recursive)
+ 
+ # get keyid from keyserver
+ def getkeybyid(keyid,keyserver):
+Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py
+===================================================================
+--- cloud-init.orig/cloudinit/CloudConfig/cc_puppet.py
++++ cloud-init/cloudinit/CloudConfig/cc_puppet.py
+@@ -22,6 +22,7 @@ import subprocess
+ import StringIO
+ import ConfigParser
+ import cloudinit.CloudConfig as cc
++import cloudinit.util as util
+ 
+ def handle(name,cfg,cloud,log,args):
+     # If there isn't a puppet key in the configuration don't do anything
+@@ -58,6 +59,7 @@ def handle(name,cfg,cloud,log,args):
+                 ca_fh.close()
+                 os.chown('/var/lib/puppet/ssl/certs/ca.pem',
+                          pwd.getpwnam('puppet').pw_uid, 0)
++                util.restorecon_if_possible('/var/lib/puppet', recursive=True)
+             else:
+                 #puppet_conf_fh.write("\n[%s]\n" % (cfg_name))
+                 # If puppet.conf already has this section we don't want to write it again
+@@ -81,6 +83,7 @@ def handle(name,cfg,cloud,log,args):
+             os.rename('/etc/puppet/puppet.conf','/etc/puppet/puppet.conf.old')
+             with open('/etc/puppet/puppet.conf', 'wb') as configfile:
+                 puppet_config.write(configfile)
++            util.restorecon_if_possible('/etc/puppet/puppet.conf')
+     # Set puppet default file to automatically start
+     subprocess.check_call(['sed', '-i',
+                            '-e', 's/^START=.*/START=yes/',
diff --git a/cloud-init-0.6.2-puppetenable.patch b/cloud-init-0.6.2-puppetenable.patch
index 0c39b69..655d71a 100644
--- a/cloud-init-0.6.2-puppetenable.patch
+++ b/cloud-init-0.6.2-puppetenable.patch
@@ -10,10 +10,10 @@ Index: cloud-init/cloudinit/CloudConfig/cc_puppet.py
  import pwd
  import socket
  import subprocess
-@@ -91,10 +92,15 @@ def handle(name,cfg,cloud,log,args):
+@@ -84,10 +85,15 @@ def handle(name,cfg,cloud,log,args):
+             with open('/etc/puppet/puppet.conf', 'wb') as configfile:
                  puppet_config.write(configfile)
-             if HAVE_LIBSELINUX and selinux.is_selinux_enabled():
-                 selinux.restorecon('/etc/puppet/puppet.conf')
+             util.restorecon_if_possible('/etc/puppet/puppet.conf')
 -    # Set puppet default file to automatically start
 -    subprocess.check_call(['sed', '-i',
 -                           '-e', 's/^START=.*/START=yes/',
diff --git a/cloud-init-0.6.2-runparts-emptydir.patch b/cloud-init-0.6.2-runparts-emptydir.patch
index a6cf795..97eada3 100644
--- a/cloud-init-0.6.2-runparts-emptydir.patch
+++ b/cloud-init-0.6.2-runparts-emptydir.patch
@@ -2,7 +2,7 @@ Index: cloud-init/cloudinit/util.py
 ===================================================================
 --- cloud-init.orig/cloudinit/util.py
 +++ cloud-init/cloudinit/util.py
-@@ -133,7 +133,8 @@ def getkeybyid(keyid,keyserver):
+@@ -145,7 +145,8 @@ def getkeybyid(keyid,keyserver):
  
  def runparts(dirp, skip_no_exist=True):
      if skip_no_exist and not os.path.isdir(dirp): return
diff --git a/cloud-init-0.6.2-sshkeytypes.patch b/cloud-init-0.6.2-sshkeytypes.patch
index d3eaadc..f2abe09 100644
--- a/cloud-init-0.6.2-sshkeytypes.patch
+++ b/cloud-init-0.6.2-sshkeytypes.patch
@@ -21,7 +21,7 @@ Index: cloud-init/cloudinit/util.py
 ===================================================================
 --- cloud-init.orig/cloudinit/util.py
 +++ cloud-init/cloudinit/util.py
-@@ -77,6 +77,7 @@ def get_cfg_option_str(yobj, key, defaul
+@@ -84,6 +84,7 @@ def get_cfg_option_str(yobj, key, defaul
  
  def get_cfg_option_list_or_str(yobj, key, default=None):
      if not yobj.has_key(key): return default
diff --git a/cloud-init.spec b/cloud-init.spec
index c8c3e44..4ffd553 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -2,7 +2,7 @@
 
 Name:           cloud-init
 Version:        0.6.2
-Release:        0.5.bzr457%{?dist}
+Release:        0.6.bzr457%{?dist}
 Summary:        Cloud instance init scripts
 
 Group:          System Environment/Base
@@ -19,14 +19,12 @@ Patch0:         cloud-init-0.6.2-fedora.patch
 
 # Add systemd support (not yet upstream)
 Patch2:         cloud-init-0.6.2-systemd.patch
-# Restore SSH files' selinux contexts (not yet upstream)
-Patch3:         cloud-init-0.6.2-sshcontext.patch
+# Restore created files' selinux contexts (not yet upstream)
+Patch3:         cloud-init-0.6.2-filecontext.patch
 # Make locale file location configurable (not yet upstream)
 Patch4:         cloud-init-0.6.2-localefile.patch
 # Write timezone data to /etc/sysconfig/clock (not yet upstream)
 Patch5:         cloud-init-0.6.2-tzsysconfig.patch
-# Restore puppet files' selinux contexts (not yet upstream)
-Patch6:         cloud-init-0.6.2-puppetcontext.patch
 # Make enabling the puppet service work on Fedora (not yet upstream)
 Patch7:         cloud-init-0.6.2-puppetenable.patch
 # Make the types of SSH keys to generate configurable (not yet upstream)
@@ -70,7 +68,6 @@ ssh keys and to let the user run various scripts.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
-%patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %patch10 -p1
@@ -155,6 +152,9 @@ fi
 
 
 %changelog
+* Wed Sep 28 2011 Garrett Holmstrom <gholms at fedoraproject.org> - 0.6.2-0.6.bzr457
+- Consolidated selinux file context patches
+
 * Sat Sep 24 2011 Garrett Holmstrom <gholms at fedoraproject.org> - 0.6.2-0.5.bzr457
 - Rebased against upstream rev 457
 - Added missing dependencies

More information about the scm-commits mailing list