Allow isolated build via kiwi's boxbuild

The kiwi boxbuild plugin allows to build the image as normal user inside of a KVM box. The boxes are provided by the plugin and fetched once or on update. This is useful to decouple the build from host operating system requirements. The calling user must have permissions to run KVM instances. Also see: https://osinside.github.io/kiwi/plugins/self_contained.html for setting up the sshfs sharing backend
2024-05-31 13:30:42 +02:00 · 2024-05-31 13:30:42 +02:00 · 818914d495
commit 818914d495
parent 7ddf908a6f
1 changed files with 13 additions and 6 deletions
--- a/19
+++ b/19
@ -8,16 +8,18 @@ set -eu -o pipefail
 kiwibuildsh="$(basename "$0")"
 usage() {
-	echo >&2 "usage: $kiwibuildsh [--kiwi-description-dir=DIR] --output-dir=DIR --image-type=TYPE --image-profile=PROFILE [--debug]"
+	echo >&2 "usage: $kiwibuildsh [--kiwi-description-dir=DIR] [--isolated] --output-dir=DIR --image-type=TYPE --image-profile=PROFILE [--debug]"
-	echo >&2 "   eg: $kiwibuildsh --kiwi-description-dir=/var/tmp/desc --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud --debug"
+	echo >&2 "   eg: $kiwibuildsh --kiwi-description-dir=/var/tmp/desc --output-dir=/var/tmp/work --image-type=oem --image-profile=Cloud-Base-Generic --debug"
-	echo >&2 "   eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud"
+	echo >&2 "   eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=Cloud-Base-Generic"
 	echo >&2 "   eg: $kiwibuildsh --isolated --output-dir=/var/tmp/work --image-type=oem --image-profile=Cloud-Base-Generic"
 	exit 255
 }
-optTemp=$(getopt --options '+k:,o:,t:,p:,d,h' --longoptions 'kiwi-description-dir:,output-dir:,image-type:,image-profile:,debug,help' --name "$kiwibuildsh" -- "$@")
+optTemp=$(getopt --options '+k:,i,o:,t:,p:,d,h' --longoptions 'isolated,kiwi-description-dir:,output-dir:,image-type:,image-profile:,debug,help' --name "$kiwibuildsh" -- "$@")
 eval set -- "$optTemp"
 unset optTemp
 kiwi_isolated=
 kiwi_description_dir="./"
 output_dir=
 image_type=
@ -26,6 +28,7 @@ debug=
 while true; do
 	case "$1" in
 		-i|--isolated) kiwi_isolated=1; shift ;;
 		-k|--kiwi-description-dir) kiwi_description_dir="$2" ; shift 2 ;;
 		-o|--output-dir) output_dir="$2" ; shift 2 ;;
 		-t|--image-type) image_type="$2" ; shift 2 ;;
@ -41,7 +44,7 @@ if [ -z "$output_dir" ] || [ -z "$image_type" ] || [ -z "$image_profile" ]; then
 	usage
 fi
-if [ -e "/sys/fs/selinux/enforce" ]; then
+if [ ! ${kiwi_isolated} ] && [ -e "/sys/fs/selinux/enforce" ]; then
 	# Disable SELinux enforcement during the image build if it's enforcing
 	selinux_enforcing="$(cat /sys/fs/selinux/enforce)"
 	if [ "$selinux_enforcing" = "1" ]; then
@ -50,11 +53,15 @@ if [ -e "/sys/fs/selinux/enforce" ]; then
 fi
 set +e
 if [ ! ${kiwi_isolated} ]; then
 kiwi-ng ${debug} --type="${image_type}" --profile="${image_profile}" --color-output system build --description "${kiwi_description_dir}" --target-dir "${output_dir}"
 else
 kiwi-ng ${debug} --type="${image_type}" --profile="${image_profile}" --color-output system boxbuild --box universal --sshfs-sharing -- --description "${kiwi_description_dir}" --target-dir "${output_dir}"
 fi
 kiwi_status=$?
 set -e
-if [ -e "/sys/fs/selinux/enforce" ]; then
+if [ ! ${kiwi_isolated} ] && [ -e "/sys/fs/selinux/enforce" ]; then
 	# Re-enable SELinux enforcement now that image build is done
 	if [ "$selinux_enforcing" = "1" ]; then
 		setenforce 1