diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2023-09-07 01:57:00 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2023-09-07 01:57:00 +0200 |
commit | a405d0c026582375448fe87c6e440eb0fd428dd7 (patch) | |
tree | fa5c3d1a0df3a90217c8c48b1d73525278993262 /tap.c | |
parent | 63a8302961a421a67d38c52285be3c2ef149e6cc (diff) | |
download | passt-a405d0c026582375448fe87c6e440eb0fd428dd7.tar passt-a405d0c026582375448fe87c6e440eb0fd428dd7.tar.gz passt-a405d0c026582375448fe87c6e440eb0fd428dd7.tar.bz2 passt-a405d0c026582375448fe87c6e440eb0fd428dd7.tar.lz passt-a405d0c026582375448fe87c6e440eb0fd428dd7.tar.xz passt-a405d0c026582375448fe87c6e440eb0fd428dd7.tar.zst passt-a405d0c026582375448fe87c6e440eb0fd428dd7.zip |
fedora: Replace pasta hard links by separate builds
The hard link trick didn't actually fix the issue with SELinux file
contexts properly: as opposed to symbolic links, SELinux now
correctly associates types to the labels that are set -- except that
those labels are now shared, so we can end up (depending on how
rpm(8) extracts the archives) with /usr/bin/passt having a
pasta_exec_t context.
This got rather confusing as running restorecon(8) seemed to fix up
labels -- but that's simply toggling between passt_exec_t and
pasta_exec_t for both links, because each invocation will just "fix"
the file with the mismatching context.
Replace the hard links with two separate builds of the binary, as
suggested by David. The build is reproducible, so we pass "-pasta" in
the VERSION for pasta's build. This is wasteful but better than the
alternative.
Just copying the binary over would otherwise cause issues with
debuginfo packages due to duplicate Build-IDs -- and rpmbuild(8) also
warns about them.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tap.c')
0 files changed, 0 insertions, 0 deletions