0.15.stable.1 fails to build on openSUSE: invalid regex in /var/lib/selinux/final/targeted/contexts/files/file_contexts

[johanneskastl]

I updated the openSUSE package for rke2-selinux to 0.15.stable.1, but it fails to build:

[   40s] Executing(rmbuild): /usr/bin/bash -e /var/tmp/rpm-tmp.VzI8Xn
[   40s] + umask 022                                                                          
[   40s] + cd /home/abuild/rpmbuild/BUILD                                                     
[   40s] + rm -rf rke2-selinux-0.15.stable.1 rke2-selinux-0.15.stable.1.gemspec
[   40s] + RPM_EC=0                                                                           
[   40s] ++ jobs -p                                                                           
[   40s] + exit 0                                                                             
[   40s] ... checking for files with abuild user/group
[   40s] ... running 00-check-install-rpms                                                    
[   40s] ... installing all built rpms                                                        
[   40s] Verifying packages...                                                                
[   40s] Preparing packages...                                                                
[   40s] rke2-selinux-0.15.stable.1-0.noarch                                                  
[   49s] /sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts:  line 1 has invalid regex +/var/lib/rancher/rke2/server/tls(/.*)?:  REGEX back-end error: At offset 1:
 quantifier does not follow a repeatable item
[   49s] /sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts:  line 1 has invalid regex +/var/lib/rancher/rke2/server/tls(/.*)?:  REGEX back-end error: At offset 1:
 quantifier does not follow a repeatable item                                                 
[   49s] /var/lib/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
[   49s] libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
[   49s] semodule:  Failed!                                                                   
[   49s] ... running 50-check-binary-kernel-log                                                                                                                                              
[   49s] ... running 50-check-core-files
[   49s] ... running 50-check-debuginfo                                                       
[   49s] ... testing for empty debuginfo packages
[   49s] ... running 50-check-filelist                                                        
[   49s] ... checking filelist                                                                
[   49s] ... running 50-check-gconf-scriptlets                                                
[   49s] ... testing GConf scriptlet presence                                                 
[   49s] ... running 50-check-installtest                                                     
[   49s] ... testing for pre/postinstall scripts that are not idempotent
[   57s] /sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts:  line 1 has invalid regex +/var/lib/rancher/rke2/server/tls(/.*)?:  REGEX back-end error: At offset 1:
 quantifier does not follow a repeatable item
[   57s] /sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts:  line 1 has invalid regex +/var/lib/rancher/rke2/server/tls(/.*)?:  REGEX back-end error: At offset 1:
 quantifier does not follow a repeatable item
[   57s] /var/lib/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
[   57s] libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
[   57s] semodule:  Failed!
[   57s] postinstall script of rke2-selinux-0.15.stable.1-0.noarch.rpm failed

Other than using the new version (tarball, etc.) I have not changed anything in the package, and the packaging does not create this file manually. Hence my guess is that this file is autogenerated by make -f /usr/share/selinux/devel/Makefile rke2.pp.

[jhoelzel]

i can confirm this on MicroOS

transactional update # zypper remove rke2-selinux && zypper install rke2-selinux
Reading installed packages...
Resolving package dependencies...

The following package is going to be REMOVED:
  rke2-selinux

1 package to remove.
After the operation, 110.6 KiB will be freed.
Continue? [y/n/v/...? shows all options] (y): y
(1/1) Removing rke2-selinux-0.15-1.sle.noarch ................................................................................................................................................................................................................[done]

Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following NEW package is going to be installed:
  rke2-selinux

1 new package to install.
Overall download size: 21.1 KiB. Already cached: 0 B. After the operation, additional 110.6 KiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving: rke2-selinux-0.15-1.sle.noarch (Rancher RKE2 Common (stable))                                                                                                                                                                       (1/1),  21.1 KiB    
Retrieving: rke2-selinux-0.15-1.sle.noarch.rpm ..................................................................................................................................................................................................[done (21.1 KiB/s)]

Checking for file conflicts: .................................................................................................................................................................................................................................[done]
/sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts:  line 1 has invalid regex +/var/lib/rancher/rke2/server/tls(/.*)?:  REGEX back-end error: At offset 1: quantifier does not follow a repeatable item
/sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts:  line 1 has invalid regex +/var/lib/rancher/rke2/server/tls(/.*)?:  REGEX back-end error: At offset 1: quantifier does not follow a repeatable item
/var/lib/selinux/final/targeted/contexts/files/file_contexts: Invalid argument
libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 1.
semodule:  Failed!
(1/1) Installing: rke2-selinux-0.15-1.sle.noarch .............................................................................................................................................................................................................[done]
Executing %posttrans scripts .................................................................................................................................................................................................................................[done]
transactional update # 

[dennislapchenko]

Seems like this line is the culprit: https://github.com/rancher/rke2-selinux/blob/f6d5407dbe2dc45a71e2fbcd7d50514ea3f4621d/policy/microos/rke2.fc#L24

+ at the beginning of line, other distros don't have it I have switched my install to zypper install rke2-selinux and it goes with 0.14 from base repos. Will keep as is, but perhaps the fix is really just to remove the +

[johanneskastl]

Any updates on this?

[galal-hussein]

Reopened for testing

[galal-hussein]

@dennislapchenko @johanneskastl Thanks for openning the issue and resolving it, the issue is marked for testing now

[johanneskastl]

Thanks, I just tested building the package and it built successfully

[rancher-max]

Thank you for validating! I am going to close this out and we can revisit if more errors occur.

[johanneskastl]

Any chance this can be released?