[Ovirt-devel] [PATCH node-image] common-post.ks: factor, fix quoting, handle case of no policy files

[Jim Meyering]

Mainly clean-up, this also avoids problems with unusual $TMPDIR,
no *.pp or *.pp.bz2 files, and with a base policy file but no others.
Minor changes: prefer bzip2 over bunzip, remove unnecessary use of
xargs, remove a /usr/sbin prefix (PATH includes that at top).

I'm testing it now...

---
 common-post.ks |   33 ++++++++++++++++++++++-----------
 1 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/common-post.ks b/common-post.ks
index 1cb5922..f785efd 100644
--- a/common-post.ks
+++ b/common-post.ks
@@ -14,21 +14,33 @@ lokkit -v --selinuxtype=minimum
 tmpdir=$(mktemp -d)

 for semodule in $SEMODULES; do
-    if [ -f /usr/share/selinux/minimum/$semodule.pp.bz2 ]; then
-        mv /usr/share/selinux/minimum/$semodule.pp.bz2 $tmpdir
-        bunzip2 $tmpdir/$semodule.pp.bz2
-    elif [ -f /usr/share/selinux/minimum/$semodule.pp ]; then
-        mv /usr/share/selinux/minimum/$semodule.pp $tmpdir
+    found=0
+    pp_file=/usr/share/selinux/minimum/$semodule.pp
+    if [ -f $pp_file.bz2 ]; then
+        bzip2 -dc $pp_file.bz2 > "$tmpdir/$semodule.pp"
+        rm $pp_file.bz2
+        found=1
+    elif [ -f $pp_file ]; then
+        mv $pp_file "$tmpdir"
+        found=1
     fi
+    # Don't put "base.pp" on the list.
+    test $semodule = base \
+        && continue
+    test $found=1 \
+        && modules="$modules $semodule.pp"
 done

-ls $tmpdir/*.pp | grep -Ev "base.pp|enableaudit.pp" \
-    | xargs semodule -v -b $tmpdir/base.pp -i
-semodule -v -B
-rm -Rf $tmpdir
+if test -n "$modules"; then
+    (cd "$tmpdir" \
+        && test -f base.pp \
+        && semodule -v -b base.pp -i $modules \
+        && semodule -v -B )
+fi
+rm -rf "$tmpdir"

 echo "Running ovirt-install-host stateless"
-/usr/sbin/ovirt-install-node stateless
+ovirt-install-node stateless

 echo "Creating shadow files"
 # because we aren't installing authconfig, we aren't setting up shadow
@@ -66,4 +78,3 @@ cat > /etc/sysconfig/iptables << \EOF
 -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
 COMMIT
 EOF
-
--
1.6.1.rc1.279.g45d11