selinux: specify the build-tag (#273)

- Compile with selinux - Remove `Type=notify` from the systemd unit file - Require root to execute install script
rancher · Aug 31, 2020 · 1e77f6d · 1e77f6d
1 parent fe49d78
commit 1e77f6d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 13 deletions.
diff --git a/bundle/share/rke2/rke2.service b/bundle/share/rke2/rke2.service
@@ -23,4 +23,3 @@ RestartSec=5s
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
 ExecStart=rke2 server
-Type=notify
diff --git a/install.sh b/install.sh
@@ -35,6 +35,12 @@ fatal() {
 
 # setup_env defines needed environment variables.
 setup_env() {
+    # --- bail if we are not root ---
+    if [ ! $(id -u) -eq 0 ]; then
+        fatal "You need to be root to perform this install"
+    fi
+
+    # --- determine if we are installing an agent or a server ---
     if [ -z "${INSTALL_RKE2_TYPE}" ]; then
         if [ -z "${RKE2_URL}" ]; then
             INSTALL_RKE2_TYPE="server"
@@ -52,12 +58,6 @@ setup_env() {
             ${invalid_chars}"
     fi
 
-    # --- use sudo if we are not already root ---
-    SUDO=sudo
-    if [ $(id -u) -eq 0 ]; then
-        SUDO=
-    fi
-
     # --- use yum install method if available
     if [ -z "${INSTALL_RKE2_METHOD}" ] && command -v yum >/dev/null 2>&1; then
         INSTALL_RKE2_METHOD=yum
@@ -172,7 +172,7 @@ download_checksums() {
     else
         CHECKSUMS_URL=${INSTALL_RKE2_GITHUB_URL}/releases/download/${INSTALL_RKE2_VERSION}/sha256sum-${ARCH}.txt
     fi
-    info "downloading checksums at  ${CHECKSUMS_URL}"
+    info "downloading checksums at ${CHECKSUMS_URL}"
     download "${TMP_CHECKSUMS}" "${CHECKSUMS_URL}"
     CHECKSUM_EXPECTED=$(grep "rke2-installer.${SUFFIX}.run" "${TMP_CHECKSUMS}" | awk '{print $1}')
 }
@@ -191,15 +191,15 @@ download_installer() {
 
 # verify_installer verifies the downloaded installer checksum.
 verify_installer() {
-    info "verifying binary download"
+    info "verifying installer"
     CHECKSUM_ACTUAL=$(sha256sum "${TMP_INSTALLER}" | awk '{print $1}')
     if [ "${CHECKSUM_EXPECTED}" != "${CHECKSUM_ACTUAL}" ]; then
         fatal "download sha256 does not match ${CHECKSUM_EXPECTED}, got ${CHECKSUM_ACTUAL}"
     fi
 }
 
 do_rpm() {
-    cat <<-EOF | ${SUDO} tee "/etc/yum.repos.d/rancher-rke2-${1}.repo" >/dev/null
+    cat <<-EOF > "/etc/yum.repos.d/rancher-rke2-${1}.repo"
 [rancher-rke2-common-${1}]
 name=Rancher RKE2 Common (${1})
 baseurl=https://rpm-${1}.rancher.io/rke2/${1}/common/centos/7/noarch
@@ -213,7 +213,7 @@ enabled=1
 gpgcheck=1
 gpgkey=https://rpm-${1}.rancher.io/public.key
 EOF
-    ${SUDO} yum -y install "rke2-${INSTALL_RKE2_TYPE}"
+    yum -y install "rke2-${INSTALL_RKE2_TYPE}"
 }
 
 do_installer() {

diff --git a/scripts/build-binary b/scripts/build-binary
@@ -17,8 +17,8 @@ REVISION=$(git rev-parse HEAD)$(if ! git diff --no-ext-diff --quiet --exit-code;
 RELEASE=${PROG}.${GOOS}-${GOARCH}
 
 
-BUILDTAGS=" netgo osusergo"
-GO_BUILDTAGS=${GO_BUILDTAGS}${BUILDTAGS}${DEBUG_TAGS}
+BUILDTAGS="selinux netgo osusergo"
+GO_BUILDTAGS="${GO_BUILDTAGS} ${BUILDTAGS} ${DEBUG_TAGS}"
 
 VERSION_FLAGS="
         -X ${RKE2_PKG}/pkg/images.KubernetesVersion=${DOCKERIZED_VERSION}