Merge pull request #21985 from n1hility/fin-policy-json

Complete policy.json inclusion (Also add to win installer)

Makefile

@@ -103,6 +103,8 @@ FISHINSTALLDIR=${PREFIX}/share/fish/vendor_completions.d
 
 SELINUXOPT ?= $(shell test -x /usr/sbin/selinuxenabled && selinuxenabled && echo -Z)
 
+MACHINE_POLICY_JSON_DIR ?= .
+
 COMMIT_NO ?= $(shell git rev-parse HEAD 2> /dev/null || true)
 GIT_COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),$(call err_if_empty,COMMIT_NO)-dirty,$(COMMIT_NO))
 DATE_FMT = %s
@@ -766,10 +768,10 @@ podman-remote-release-%.zip: test/version/version ## Build podman-remote for %=$
 	$(MAKE) GOOS=$(GOOS) GOARCH=$(GOARCH) \
 		clean-binaries podman-remote-$(GOOS)-docs
 	if [[ "$(GOARCH)" != "$(NATIVE_GOARCH)" ]]; then \
-		$(MAKE) CGO_ENABLED=0 $(GOPLAT) BUILDTAGS="$(BUILDTAGS_CROSS)" MACHINE_POLICY_JSON_DIR="." \
+		$(MAKE) CGO_ENABLED=0 $(GOPLAT) BUILDTAGS="$(BUILDTAGS_CROSS)" \
 			clean-binaries podman-remote; \
 	else \
-		$(MAKE) $(GOPLAT) MACHINE_POLICY_JSON_DIR="." podman-remote; \
+		$(MAKE) $(GOPLAT) podman-remote; \
 	fi
 	if [[ "$(GOOS)" == "windows" ]]; then \
 		$(MAKE) $(GOPLAT) TMPDIR="" win-gvproxy; \
@@ -779,8 +781,11 @@ podman-remote-release-%.zip: test/version/version ## Build podman-remote for %=$
 	fi
 	cp -r ./docs/build/remote/$(GOOS) "$(tmpsubdir)/$(releasedir)/docs/"
 	cp ./contrib/remote/containers.conf "$(tmpsubdir)/$(releasedir)/"
-	cp ./pkg/machine/ocipull/policy.json "$(tmpsubdir)/$(releasedir)/"
 	$(MAKE) $(GOPLAT) $(_dstargs) SELINUXOPT="" install.remote
+	# Placing the policy file in the bin directory is intentional This
+	# could be changed in the future to mirror LSB on Linux/Unix but would
+	# require path resolution logic changes to sustain the Win flat model
+	cp ./pkg/machine/ocipull/policy.json "$(tmpsubdir)/$(releasedir)/$(RELEASE_PREFIX)/bin"
 	cd "$(tmpsubdir)" && \
 		zip --recurse-paths "$(CURDIR)/$@" "./$(releasedir)"
 	if [[ "$(GOARCH)" != "$(NATIVE_GOARCH)" ]]; then $(MAKE) clean-binaries; fi

contrib/win-installer/build.ps1

@@ -139,10 +139,18 @@ SignItem @("artifacts/win-sshproxy.exe",
 $gvExists = Test-Path "artifacts/gvproxy.exe"
 if ($gvExists) {
     SignItem @("artifacts/gvproxy.exe")
+    Remove-Item Env:\UseGVProxy -ErrorAction SilentlyContinue
 } else {
     $env:UseGVProxy = "Skip"
 }
 
+$pExists = Test-Path "artifacts/policy.json"
+if ($pExists) {
+    Remove-Item Env:\IncludePolicyJSON -ErrorAction SilentlyContinue
+} else {
+    $env:IncludePolicyJSON = "Skip"
+}
+
 .\build-msi.bat $ENV:INSTVER; ExitOnError
 SignItem @("podman.msi")
 

contrib/win-installer/podman.wxs

@@ -12,6 +12,12 @@
     <?define UseGVProxy = ""?>
   <?endif?>
 
+  <?ifdef env.IncludePolicyJSON?>
+    <?define IncludePolicyJSON = "$(env.IncludePolicyJSON)"?>
+  <?else?>
+    <?define IncludePolicyJSON = ""?>
+  <?endif?>
+
   <Product Name="Podman $(var.VERSION)" Id="*" UpgradeCode="696BAB5D-CA1F-4B05-B123-320F245B8D6D" Version="$(var.VERSION)" Language="1033" Manufacturer="Red Hat Inc.">
 
     <Package Id="*" Platform="x64" Keywords="Installer" Description="Red Hat's Podman $(var.VERSION) Installer" Comments="Apache 2.0 License" Manufacturer="Red Hat Inc." InstallScope="perMachine" InstallerVersion="200" Compressed="yes"/>
@@ -41,6 +47,11 @@
               <File Id="GvProxyExecutableFile" Name="gvproxy.exe" Source="artifacts/gvproxy.exe" KeyPath="yes"/>
             </Component>
             <?endif?>
+            <?if $(var.IncludePolicyJSON) != Skip?>
+            <Component Id="PolicyJSON" Guid="C6135EDA-7C17-4A0E-BC52-5AB38BD54A61" Win64="yes">
+              <File Id="PolicyJSONFile" Name="policy.json" Source="artifacts/policy.json" KeyPath="yes"/>
+            </Component>
+            <?endif?>
             <Component Id="GuideHTMLComponent" Guid="8B23C76B-F7D4-4030-8C46-1B5729E616B5" Win64="yes">
               <File Id="GuideHTMLFile"  Name="welcome-podman.html" Source="docs/podman-for-windows.html" KeyPath="yes"/>
             </Component>
@@ -74,6 +85,9 @@
       <?if $(var.UseGVProxy) != Skip?>
       <ComponentRef Id="GvProxyExecutable"/>
       <?endif?>
+      <?if $(var.IncludePolicyJSON) != Skip?>
+      <ComponentRef Id="PolicyJSON"/>
+      <?endif?>
       <ComponentRef Id="GuideHTMLComponent"/>
       <ComponentGroupRef Id="ManFiles"/>
       <ComponentGroupRef Id="WSLFeature"/>

contrib/win-installer/process-release.ps1

@@ -135,6 +135,13 @@ try {
         Copy-Artifact("gvproxy.exe")
     }
 
+    $loc = Get-ChildItem -Recurse -Path . -Name policy.json
+    if (!$loc) {
+        Write-Host "Skipping policy.json artifact"
+    } else {
+        Copy-Artifact("policy.json")
+    }
+
     $docsloc = Get-ChildItem -Path . -Name docs -Recurse
     $loc = Get-ChildItem -Recurse -Path . -Name podman-for-windows.html
     if (!$loc) {