From d1fb9865c269037d6580f4649886a27d612643c8 Mon Sep 17 00:00:00 2001
From: Saripalli Lavanya <Saripalli.Lavanya@ibm.com>
Date: Sun, 28 Jul 2024 20:50:33 +0530
Subject: [PATCH] podvm: Temporary fix for installing cryptsetup in SE-enabled
 PodVM image

Due to issue https://gitlab.com/qemu-project/qemu/-/issues/2054, we can't install packages on RHEL s390x base machines. As a temporary fix, we're downloading cryptsetup in a container and copying the binaries to the VM image.

Signed-off-by: ANJANA-A-R-K <ANJANA.A.R.K1@ibm.com>

Signed-off-by: Saripalli Lavanya <Saripalli.Lavanya@ibm.com>
---
 src/cloud-api-adaptor/podvm/Makefile                      | 7 +++++++
 src/cloud-api-adaptor/podvm/qcow2/build-s390x-se-image.sh | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/src/cloud-api-adaptor/podvm/Makefile b/src/cloud-api-adaptor/podvm/Makefile
index 877185d69e..84e855f4d0 100644
--- a/src/cloud-api-adaptor/podvm/Makefile
+++ b/src/cloud-api-adaptor/podvm/Makefile
@@ -84,6 +84,13 @@ $(IMAGE_FILE): $(BINARIES) $(FILES) setopts
 	mkdir -p toupload
 	if [ "${SE_BOOT}" = "1" ] && [ "${ARCH}" = "s390x" ]; then \
 		qemu-img create -f qcow2 "se-${IMAGE_FILE}" 100G; \
+		# Temporary workaround for installing cryptsetup on RHEL 9.4 and below s390x base images for enabling se \
+		# Due to issue: https://gitlab.com/qemu-project/qemu/-/issues/2054 \ 
+		# Remove this if using the latest QEMU version (v9.0.0) \
+		if [ "${PODVM_DISTRO}" = "rhel" ]; then \
+			yum install -y cryptsetup; \
+			cp /usr/sbin/cryptsetup ./files; \
+		fi \
 	fi
 	packer init ./qcow2/${PODVM_DISTRO}
 	if [ "${ARCH}" = "x86_64" ]; then \
diff --git a/src/cloud-api-adaptor/podvm/qcow2/build-s390x-se-image.sh b/src/cloud-api-adaptor/podvm/qcow2/build-s390x-se-image.sh
index 9ffaeb36ad..d31ef15aae 100755
--- a/src/cloud-api-adaptor/podvm/qcow2/build-s390x-se-image.sh
+++ b/src/cloud-api-adaptor/podvm/qcow2/build-s390x-se-image.sh
@@ -19,6 +19,10 @@ done
 
 if [ "${PODVM_DISTRO}" = "rhel" ]; then
     export LANG=C.UTF-8
+    # Below is the tmp work-around to install cryptsetup on rhel9.4 and below s390x version base images,
+    #due to the issue : https://gitlab.com/qemu-project/qemu/-/issues/2054
+    cp /tmp/files/cryptsetup /usr/bin/cryptsetup
+    chmod +x /usr/bin/cryptsetup
     if ! command -v jq &> /dev/null || ! command -v cryptsetup &> /dev/null; then
         if ! command -v jq &> /dev/null; then
             echo >&2 "jq is required but it's not installed. Installing now..."