From 76206dac38f35dce6adc20ca89afc7a3380e9cce Mon Sep 17 00:00:00 2001 From: galal-hussein Date: Fri, 10 Feb 2023 21:15:24 +0200 Subject: [PATCH 1/6] Add coreos and sle micro to selinux support Signed-off-by: galal-hussein --- install.sh | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 8039611c8295..ae05b20f68d4 100755 --- a/install.sh +++ b/install.sh @@ -470,16 +470,29 @@ setup_selinux() { rpm_target=sle rpm_site_infix=microos package_installer=zypper + if [ "${ID_LIKE:-}" == suse ] && [ "${VARIANT_ID:-}" == sle-micro ]; then + rpm_target=sle + rpm_site_infix=slemicro + package_installer=zypper + fi elif [ "${VERSION_ID%%.*}" = "7" ]; then rpm_target=el7 rpm_site_infix=centos/7 package_installer=yum + elif [ "${ID_LIKE:-}" == coreos ] || [ "${VARIANT_ID:-}" == coreos ]; then + rpm_target=coreos + rpm_site_infix=coreos + package_installer=rpm-os-tree else rpm_target=el8 rpm_site_infix=centos/8 package_installer=yum fi + if [ "${package_installer}" = "rpm-os-tree" ] && [ -x /bin/yum ]; then + package_installer=yum + fi + if [ "${package_installer}" = "yum" ] && [ -x /usr/bin/dnf ]; then package_installer=dnf fi @@ -491,7 +504,7 @@ setup_selinux() { if [ "$INSTALL_K3S_SKIP_SELINUX_RPM" = true ] || can_skip_download_selinux || [ ! -d /usr/share/selinux ]; then info "Skipping installation of SELinux RPM" - elif [ "${ID_LIKE:-}" != coreos ] && [ "${VARIANT_ID:-}" != coreos ]; then + else install_selinux_rpm ${rpm_site} ${rpm_channel} ${rpm_target} ${rpm_site_infix} fi @@ -514,7 +527,7 @@ setup_selinux() { } install_selinux_rpm() { - if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ "${ID_LIKE%%[ ]*}" = "suse" ]; then + if [ -r /etc/redhat-release ] || [ -r /etc/centos-release ] || [ -r /etc/oracle-release ] || [ -r /etc/fedora-release ] || [ "${ID_LIKE%%[ ]*}" = "suse" ]; then repodir=/etc/yum.repos.d if [ -d /etc/zypp/repos.d ]; then repodir=/etc/zypp/repos.d From 115caf5bfa74d35be44590418e21961e97d2c74f Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Tue, 21 Feb 2023 09:53:21 -0800 Subject: [PATCH 2/6] Add fix for rpm-ostree Signed-off-by: Derek Nola --- install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index ae05b20f68d4..d3f5b7c9783c 100755 --- a/install.sh +++ b/install.sh @@ -482,14 +482,14 @@ setup_selinux() { elif [ "${ID_LIKE:-}" == coreos ] || [ "${VARIANT_ID:-}" == coreos ]; then rpm_target=coreos rpm_site_infix=coreos - package_installer=rpm-os-tree + package_installer=rpm-ostree else rpm_target=el8 rpm_site_infix=centos/8 package_installer=yum fi - if [ "${package_installer}" = "rpm-os-tree" ] && [ -x /bin/yum ]; then + if [ "${package_installer}" = "rpm-ostree" ] && [ -x /bin/yum ]; then package_installer=yum fi @@ -556,6 +556,9 @@ EOF : "${INSTALL_K3S_SKIP_START:=true}" fi ;; + coreos) + rpm_installer="rpm-ostree" + ;; *) rpm_installer="yum" ;; From 2d7fe838c342f4bc5b528f5844899871ba03bf23 Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Thu, 23 Feb 2023 11:41:40 -0800 Subject: [PATCH 3/6] Add uninstall for rpm-ostree (coreos) Signed-off-by: Derek Nola --- install.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index d3f5b7c9783c..d65e5c5155bc 100755 --- a/install.sh +++ b/install.sh @@ -470,7 +470,7 @@ setup_selinux() { rpm_target=sle rpm_site_infix=microos package_installer=zypper - if [ "${ID_LIKE:-}" == suse ] && [ "${VARIANT_ID:-}" == sle-micro ]; then + if [ "${ID_LIKE:-}" = suse ] && [ "${VARIANT_ID:-}" = sle-micro ]; then rpm_target=sle rpm_site_infix=slemicro package_installer=zypper @@ -479,7 +479,7 @@ setup_selinux() { rpm_target=el7 rpm_site_infix=centos/7 package_installer=yum - elif [ "${ID_LIKE:-}" == coreos ] || [ "${VARIANT_ID:-}" == coreos ]; then + elif [ "${ID_LIKE:-}" = coreos ] || [ "${VARIANT_ID:-}" = coreos ]; then rpm_target=coreos rpm_site_infix=coreos package_installer=rpm-ostree @@ -497,9 +497,15 @@ setup_selinux() { package_installer=dnf fi + if [ "${rpm_channel}" = "testing" ]; then + avaliable_version=$(curl -s https://api.github.com/repos/k3s-io/k3s-selinux/releases | grep -oP '(?<="browser_download_url": ")[^"]*' | grep -oE "[^\/]+${rpm_target}\.noarch\.rpm" | head -n 1) + else + avaliable_version=$(curl -s https://api.github.com/repos/k3s-io/k3s-selinux/releases/latest | grep -oP '(?<="browser_download_url": ")[^"]*' | grep -oE "[^\/]+${rpm_target}\.noarch\.rpm" ) + fi + policy_hint="please install: ${package_installer} install -y container-selinux - ${package_installer} install -y https://${rpm_site}/k3s/${rpm_channel}/common/${rpm_site_infix}/noarch/k3s-selinux-1.2-2.${rpm_target}.noarch.rpm + ${package_installer} install -y https://${rpm_site}/k3s/${rpm_channel}/common/${rpm_site_infix}/noarch/${avaliable_version} " if [ "$INSTALL_K3S_SKIP_SELINUX_RPM" = true ] || can_skip_download_selinux || [ ! -d /usr/share/selinux ]; then @@ -754,6 +760,9 @@ rm -f ${KILLALL_K3S_SH} if type yum >/dev/null 2>&1; then yum remove -y k3s-selinux rm -f /etc/yum.repos.d/rancher-k3s-common*.repo +elif type rpm-ostree >/dev/null 2>&1; then + rpm-ostree uninstall k3s-selinux + rm -f /etc/yum.repos.d/rancher-k3s-common*.repo elif type zypper >/dev/null 2>&1; then uninstall_cmd="zypper remove -y k3s-selinux" if [ "\${TRANSACTIONAL_UPDATE=false}" != "true" ] && [ -x /usr/sbin/transactional-update ]; then From f26d892630e4c81ef8a1943d61e78324dd58739a Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Thu, 23 Feb 2023 11:53:54 -0800 Subject: [PATCH 4/6] Don't start k3s on coreos Signed-off-by: Derek Nola --- install.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index d65e5c5155bc..828916443f24 100755 --- a/install.sh +++ b/install.sh @@ -564,6 +564,8 @@ EOF ;; coreos) rpm_installer="rpm-ostree" + rpm_install_extra_args="--apply-live" + : "${INSTALL_K3S_SKIP_START:=true}" ;; *) rpm_installer="yum" @@ -573,7 +575,7 @@ EOF rpm_installer=dnf fi # shellcheck disable=SC2086 - $SUDO ${rpm_installer} install -y "k3s-selinux" + $SUDO ${rpm_installer} install ${rpm_install_extra_args} -y "k3s-selinux" fi return } @@ -761,7 +763,7 @@ if type yum >/dev/null 2>&1; then yum remove -y k3s-selinux rm -f /etc/yum.repos.d/rancher-k3s-common*.repo elif type rpm-ostree >/dev/null 2>&1; then - rpm-ostree uninstall k3s-selinux + rpm-ostree uninstall --apply-live k3s-selinux rm -f /etc/yum.repos.d/rancher-k3s-common*.repo elif type zypper >/dev/null 2>&1; then uninstall_cmd="zypper remove -y k3s-selinux" From 6adebaca9b4a502343912ad3aeb9857456b0d352 Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Thu, 23 Feb 2023 12:31:53 -0800 Subject: [PATCH 5/6] Don't apply live Signed-off-by: Derek Nola --- install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index 828916443f24..fce904a28941 100755 --- a/install.sh +++ b/install.sh @@ -564,7 +564,7 @@ EOF ;; coreos) rpm_installer="rpm-ostree" - rpm_install_extra_args="--apply-live" + # rpm_install_extra_args="--apply-live" : "${INSTALL_K3S_SKIP_START:=true}" ;; *) @@ -575,7 +575,7 @@ EOF rpm_installer=dnf fi # shellcheck disable=SC2086 - $SUDO ${rpm_installer} install ${rpm_install_extra_args} -y "k3s-selinux" + $SUDO ${rpm_installer} install -y "k3s-selinux" fi return } @@ -763,7 +763,7 @@ if type yum >/dev/null 2>&1; then yum remove -y k3s-selinux rm -f /etc/yum.repos.d/rancher-k3s-common*.repo elif type rpm-ostree >/dev/null 2>&1; then - rpm-ostree uninstall --apply-live k3s-selinux + rpm-ostree uninstall k3s-selinux rm -f /etc/yum.repos.d/rancher-k3s-common*.repo elif type zypper >/dev/null 2>&1; then uninstall_cmd="zypper remove -y k3s-selinux" From 62eab2c87ef285f70b17821c4f7668e4c8586dac Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Wed, 8 Mar 2023 13:44:43 -0800 Subject: [PATCH 6/6] Typo fix Signed-off-by: Derek Nola --- install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install.sh b/install.sh index fce904a28941..227a9dc94177 100755 --- a/install.sh +++ b/install.sh @@ -498,14 +498,14 @@ setup_selinux() { fi if [ "${rpm_channel}" = "testing" ]; then - avaliable_version=$(curl -s https://api.github.com/repos/k3s-io/k3s-selinux/releases | grep -oP '(?<="browser_download_url": ")[^"]*' | grep -oE "[^\/]+${rpm_target}\.noarch\.rpm" | head -n 1) + available_version=$(curl -s https://api.github.com/repos/k3s-io/k3s-selinux/releases | grep -oP '(?<="browser_download_url": ")[^"]*' | grep -oE "[^\/]+${rpm_target}\.noarch\.rpm" | head -n 1) else - avaliable_version=$(curl -s https://api.github.com/repos/k3s-io/k3s-selinux/releases/latest | grep -oP '(?<="browser_download_url": ")[^"]*' | grep -oE "[^\/]+${rpm_target}\.noarch\.rpm" ) + available_version=$(curl -s https://api.github.com/repos/k3s-io/k3s-selinux/releases/latest | grep -oP '(?<="browser_download_url": ")[^"]*' | grep -oE "[^\/]+${rpm_target}\.noarch\.rpm" ) fi policy_hint="please install: ${package_installer} install -y container-selinux - ${package_installer} install -y https://${rpm_site}/k3s/${rpm_channel}/common/${rpm_site_infix}/noarch/${avaliable_version} + ${package_installer} install -y https://${rpm_site}/k3s/${rpm_channel}/common/${rpm_site_infix}/noarch/${available_version} " if [ "$INSTALL_K3S_SKIP_SELINUX_RPM" = true ] || can_skip_download_selinux || [ ! -d /usr/share/selinux ]; then