From d54a3739960b01468ba929445f9f7ec516803f35 Mon Sep 17 00:00:00 2001 From: "Jason T. Greene" Date: Thu, 7 Mar 2024 11:13:53 -0600 Subject: [PATCH] Complete policy.json inclusion - Sets default search location to always be the peer directory + make podman-remote now creates binaries that work the same as release zips - Updates release zip to match expected search location - Updates win installer to include the file if present in the repo cross-build archive [NO NEW TESTS NEEDED] Signed-off-by: Jason T. Greene --- Makefile | 11 ++++++++--- contrib/win-installer/build.ps1 | 8 ++++++++ contrib/win-installer/podman.wxs | 14 ++++++++++++++ contrib/win-installer/process-release.ps1 | 7 +++++++ 4 files changed, 37 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index e73638bda4..5b1ffcd2d3 100644 --- a/Makefile +++ b/Makefile @@ -103,6 +103,8 @@ FISHINSTALLDIR=${PREFIX}/share/fish/vendor_completions.d SELINUXOPT ?= $(shell test -x /usr/sbin/selinuxenabled && selinuxenabled && echo -Z) +MACHINE_POLICY_JSON_DIR ?= . + COMMIT_NO ?= $(shell git rev-parse HEAD 2> /dev/null || true) GIT_COMMIT ?= $(if $(shell git status --porcelain --untracked-files=no),$(call err_if_empty,COMMIT_NO)-dirty,$(COMMIT_NO)) DATE_FMT = %s @@ -766,10 +768,10 @@ podman-remote-release-%.zip: test/version/version ## Build podman-remote for %=$ $(MAKE) GOOS=$(GOOS) GOARCH=$(GOARCH) \ clean-binaries podman-remote-$(GOOS)-docs if [[ "$(GOARCH)" != "$(NATIVE_GOARCH)" ]]; then \ - $(MAKE) CGO_ENABLED=0 $(GOPLAT) BUILDTAGS="$(BUILDTAGS_CROSS)" MACHINE_POLICY_JSON_DIR="." \ + $(MAKE) CGO_ENABLED=0 $(GOPLAT) BUILDTAGS="$(BUILDTAGS_CROSS)" \ clean-binaries podman-remote; \ else \ - $(MAKE) $(GOPLAT) MACHINE_POLICY_JSON_DIR="." podman-remote; \ + $(MAKE) $(GOPLAT) podman-remote; \ fi if [[ "$(GOOS)" == "windows" ]]; then \ $(MAKE) $(GOPLAT) TMPDIR="" win-gvproxy; \ @@ -779,8 +781,11 @@ podman-remote-release-%.zip: test/version/version ## Build podman-remote for %=$ fi cp -r ./docs/build/remote/$(GOOS) "$(tmpsubdir)/$(releasedir)/docs/" cp ./contrib/remote/containers.conf "$(tmpsubdir)/$(releasedir)/" - cp ./pkg/machine/ocipull/policy.json "$(tmpsubdir)/$(releasedir)/" $(MAKE) $(GOPLAT) $(_dstargs) SELINUXOPT="" install.remote + # Placing the policy file in the bin directory is intentional This + # could be changed in the future to mirror LSB on Linux/Unix but would + # require path resolution logic changes to sustain the Win flat model + cp ./pkg/machine/ocipull/policy.json "$(tmpsubdir)/$(releasedir)/$(RELEASE_PREFIX)/bin" cd "$(tmpsubdir)" && \ zip --recurse-paths "$(CURDIR)/$@" "./$(releasedir)" if [[ "$(GOARCH)" != "$(NATIVE_GOARCH)" ]]; then $(MAKE) clean-binaries; fi diff --git a/contrib/win-installer/build.ps1 b/contrib/win-installer/build.ps1 index 1c5200b48d..8764a78149 100644 --- a/contrib/win-installer/build.ps1 +++ b/contrib/win-installer/build.ps1 @@ -139,10 +139,18 @@ SignItem @("artifacts/win-sshproxy.exe", $gvExists = Test-Path "artifacts/gvproxy.exe" if ($gvExists) { SignItem @("artifacts/gvproxy.exe") + Remove-Item Env:\UseGVProxy -ErrorAction SilentlyContinue } else { $env:UseGVProxy = "Skip" } +$pExists = Test-Path "artifacts/policy.json" +if ($pExists) { + Remove-Item Env:\IncludePolicyJSON -ErrorAction SilentlyContinue +} else { + $env:IncludePolicyJSON = "Skip" +} + .\build-msi.bat $ENV:INSTVER; ExitOnError SignItem @("podman.msi") diff --git a/contrib/win-installer/podman.wxs b/contrib/win-installer/podman.wxs index 9c4fa2780e..85b206a918 100644 --- a/contrib/win-installer/podman.wxs +++ b/contrib/win-installer/podman.wxs @@ -12,6 +12,12 @@ + + + + + + @@ -41,6 +47,11 @@ + + + + + @@ -74,6 +85,9 @@ + + + diff --git a/contrib/win-installer/process-release.ps1 b/contrib/win-installer/process-release.ps1 index 5706558a6d..d9fb0a86c0 100644 --- a/contrib/win-installer/process-release.ps1 +++ b/contrib/win-installer/process-release.ps1 @@ -135,6 +135,13 @@ try { Copy-Artifact("gvproxy.exe") } + $loc = Get-ChildItem -Recurse -Path . -Name policy.json + if (!$loc) { + Write-Host "Skipping policy.json artifact" + } else { + Copy-Artifact("policy.json") + } + $docsloc = Get-ChildItem -Path . -Name docs -Recurse $loc = Get-ChildItem -Recurse -Path . -Name podman-for-windows.html if (!$loc) {