From 631e50a7f2f553daf3b16a61f5ee146ced5f4eee Mon Sep 17 00:00:00 2001
From: Nikita Dubrovskii <nikita@linux.ibm.com>
Date: Thu, 19 Sep 2024 12:34:01 +0200
Subject: [PATCH 1/2] Revert "Add osbuild patch for org.osbuild.dmverity stage
 fix"

This reverts commit daa7046a4f8003bc602a519303c51ae53c7e8d79.
---
 build.sh                                      |  3 +-
 ...ity-make-device-objects-more-generic.patch | 58 -------------------
 2 files changed, 1 insertion(+), 60 deletions(-)
 delete mode 100644 src/0001-stages-dmverity-make-device-objects-more-generic.patch

diff --git a/build.sh b/build.sh
index e719d7d384..7c8e20c418 100755
--- a/build.sh
+++ b/build.sh
@@ -173,8 +173,7 @@ patch_osbuild() {
     mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/
 
     # Now all the software is under the /usr/lib/osbuild dir and we can patch
-    cat /usr/lib/coreos-assembler/0001-stages-dmverity-make-device-objects-more-generic.patch     \
-        /usr/lib/coreos-assembler/0001-stages-coreos.platform-use-shutil.copy.patch               \
+    cat /usr/lib/coreos-assembler/0001-stages-coreos.platform-use-shutil.copy.patch               \
         /usr/lib/coreos-assembler/0001-stages-selinux-don-t-require-file_contexts-if-labels.patch \
         /usr/lib/coreos-assembler/0001-hacks-for-coreos-selinux-issues.patch                      \
             | patch -d /usr/lib/osbuild -p1
diff --git a/src/0001-stages-dmverity-make-device-objects-more-generic.patch b/src/0001-stages-dmverity-make-device-objects-more-generic.patch
deleted file mode 100644
index 358f50218f..0000000000
--- a/src/0001-stages-dmverity-make-device-objects-more-generic.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 5ccbe720ace34866931e2af7f248d5e5c632f9da Mon Sep 17 00:00:00 2001
-From: Jonathan Lebon <jonathan@jlebon.com>
-Date: Wed, 14 Aug 2024 10:56:11 -0400
-Subject: [PATCH] stages/dmverity: make device objects more generic
-
-We need to pass loopback devices for these properties, but the schema
-says that there will be a `path` property, so osbuild complains.
-
-osbuild is right of course, but this definitely *did* work in an earlier
-version, so something changed. Ideally, we'd narrow down here what
-happened exactly, but at the same time this approach of just making the
-property more generic matches what's done in e.g. the `zipl.inst` stage
-where we also use a loopback device.
-
-For reference, this is where we use this stage:
-
-https://github.com/coreos/coreos-assembler/blob/ba45b296ec11734bafcae7728915016f17137a3d/src/osbuild-manifests/platform.qemu.ipp.yaml#L100-L119
----
- stages/org.osbuild.dmverity.meta.json | 20 ++------------------
- 1 file changed, 2 insertions(+), 18 deletions(-)
-
-diff --git a/stages/org.osbuild.dmverity.meta.json b/stages/org.osbuild.dmverity.meta.json
-index 213b5855..4c470838 100644
---- a/stages/org.osbuild.dmverity.meta.json
-+++ b/stages/org.osbuild.dmverity.meta.json
-@@ -30,27 +30,11 @@
-       "properties": {
-         "data_device": {
-           "type": "object",
--          "additionalProperties": false,
--          "required": [
--            "path"
--          ],
--          "properties": {
--            "path": {
--              "type": "string"
--            }
--          }
-+          "additionalProperties": true
-         },
-         "hash_device": {
-           "type": "object",
--          "additionalProperties": false,
--          "required": [
--            "path"
--          ],
--          "properties": {
--            "path": {
--              "type": "string"
--            }
--          }
-+          "additionalProperties": true
-         }
-       }
-     }
--- 
-2.46.0
-

From 7a4b5125ada501ac9d6ec6f46ef35fa59505fae8 Mon Sep 17 00:00:00 2001
From: Nikita Dubrovskii <nikita@linux.ibm.com>
Date: Thu, 19 Sep 2024 12:42:56 +0200
Subject: [PATCH 2/2] Drop osbuild patches for platform and selinux stages

 - 'stages/coreos.platform: use shutil.copy'
 - 'stages/selinux: don't require file_contexts if labels passed'

Both are merged and come with osbuild-130.rpm
---
 build.sh                                      |  5 +-
 ...ages-coreos.platform-use-shutil.copy.patch | 31 ---------
 ...on-t-require-file_contexts-if-labels.patch | 65 -------------------
 3 files changed, 1 insertion(+), 100 deletions(-)
 delete mode 100644 src/0001-stages-coreos.platform-use-shutil.copy.patch
 delete mode 100644 src/0001-stages-selinux-don-t-require-file_contexts-if-labels.patch

diff --git a/build.sh b/build.sh
index 7c8e20c418..9ec701a0b9 100755
--- a/build.sh
+++ b/build.sh
@@ -173,10 +173,7 @@ patch_osbuild() {
     mv /usr/bin/osbuild-mpp /usr/lib/osbuild/tools/
 
     # Now all the software is under the /usr/lib/osbuild dir and we can patch
-    cat /usr/lib/coreos-assembler/0001-stages-coreos.platform-use-shutil.copy.patch               \
-        /usr/lib/coreos-assembler/0001-stages-selinux-don-t-require-file_contexts-if-labels.patch \
-        /usr/lib/coreos-assembler/0001-hacks-for-coreos-selinux-issues.patch                      \
-            | patch -d /usr/lib/osbuild -p1
+    patch -d /usr/lib/osbuild -p1 < /usr/lib/coreos-assembler/0001-hacks-for-coreos-selinux-issues.patch
 
     # And then move the files back; supermin appliance creation will need it back
     # in the places delivered by the RPM.
diff --git a/src/0001-stages-coreos.platform-use-shutil.copy.patch b/src/0001-stages-coreos.platform-use-shutil.copy.patch
deleted file mode 100644
index a516f52be7..0000000000
--- a/src/0001-stages-coreos.platform-use-shutil.copy.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 6b48c91e26efb448b2f2121b4179a1b79e15ce6d Mon Sep 17 00:00:00 2001
-From: Dusty Mabe <dusty@dustymabe.com>
-Date: Tue, 17 Sep 2024 12:18:45 -0400
-Subject: [PATCH 1/3] stages/coreos.platform: use shutil.copy
-
-Switch from shutil.copy2 so that we don't copy over the
-SELinux labels from the source file.
----
- stages/org.osbuild.coreos.platform | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/stages/org.osbuild.coreos.platform b/stages/org.osbuild.coreos.platform
-index a88951cc..7e66c26c 100755
---- a/stages/org.osbuild.coreos.platform
-+++ b/stages/org.osbuild.coreos.platform
-@@ -52,8 +52,10 @@ def main(paths, options):
-     json_grub_args, json_kargs = None, None
-     if os.path.exists(platforms_source_path):
-         os.makedirs(os.path.dirname(platforms_dest_path), mode=0o755, exist_ok=True)
--        # Copy platforms.json to the boot partition
--        shutil.copy2(platforms_source_path, platforms_dest_path)
-+        # Copy platforms.json to the boot partition. Use shutil.copy here and not
-+        # shutil.copy2 because we don't want the selinux labels from the source
-+        # to be copied over, but rather the defaults for the destination.
-+        shutil.copy(platforms_source_path, platforms_dest_path)
-         json_grub_args, json_kargs = process_platforms_json(platforms_dest_path, platform)
-     if json_kargs:
-         kernel_arguments.extend(json_kargs)
--- 
-2.46.0
-
diff --git a/src/0001-stages-selinux-don-t-require-file_contexts-if-labels.patch b/src/0001-stages-selinux-don-t-require-file_contexts-if-labels.patch
deleted file mode 100644
index 6cb8ffff6c..0000000000
--- a/src/0001-stages-selinux-don-t-require-file_contexts-if-labels.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 281b0795fb4cc43ea05039627ebb5ff7130d70e9 Mon Sep 17 00:00:00 2001
-From: Dusty Mabe <dusty@dustymabe.com>
-Date: Tue, 17 Sep 2024 12:22:16 -0400
-Subject: [PATCH 2/3] stages/selinux: don't require file_contexts if labels
- passed
-
-With the labels option the user is specifying the exact context
-they want to set on the path so it's not necessary to supply a
-context here. This can be also useful in the case where you want
-to set some labels and you haven't yet populated the tree yet.
----
- stages/org.osbuild.selinux           | 11 +++++++----
- stages/org.osbuild.selinux.meta.json | 13 +++++++++++--
- 2 files changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/stages/org.osbuild.selinux b/stages/org.osbuild.selinux
-index bb45298d..563d827b 100755
---- a/stages/org.osbuild.selinux
-+++ b/stages/org.osbuild.selinux
-@@ -8,11 +8,14 @@ from osbuild.util import selinux
- 
- 
- def main(tree, options):
--    file_contexts = os.path.join(f"{tree}", options["file_contexts"])
-+    file_contexts = options.get("file_contexts")
-     exclude_paths = options.get("exclude_paths")
--    if exclude_paths:
--        exclude_paths = [os.path.join(tree, p.lstrip("/")) for p in exclude_paths]
--    selinux.setfiles(file_contexts, os.fspath(tree), "", exclude_paths=exclude_paths)
-+
-+    if file_contexts:
-+        file_contexts = os.path.join(f"{tree}", options["file_contexts"])
-+        if exclude_paths:
-+            exclude_paths = [os.path.join(tree, p.lstrip("/")) for p in exclude_paths]
-+        selinux.setfiles(file_contexts, os.fspath(tree), "", exclude_paths=exclude_paths)
- 
-     labels = options.get("labels", {})
-     for path, label in labels.items():
-diff --git a/stages/org.osbuild.selinux.meta.json b/stages/org.osbuild.selinux.meta.json
-index ea1bb3ef..151839e5 100644
---- a/stages/org.osbuild.selinux.meta.json
-+++ b/stages/org.osbuild.selinux.meta.json
-@@ -20,8 +20,17 @@
-   "schema_2": {
-     "options": {
-       "additionalProperties": false,
--      "required": [
--        "file_contexts"
-+      "oneOf": [
-+        {
-+          "required": [
-+            "file_contexts"
-+          ]
-+        },
-+        {
-+          "required": [
-+            "labels"
-+          ]
-+        }
-       ],
-       "properties": {
-         "file_contexts": {
--- 
-2.46.0
-