cirrus: Update to Fedora 32 proper

Now that it's officially released, update to it from the beta.  Also
(and significant), adjust the SELinux context of the GCP metadata
service.  Add a comment to the code explaining why this is necessary.

Signed-off-by: Chris Evich <cevich@redhat.com>

.cirrus.yml

@@ -39,7 +39,7 @@ env:
     UBUNTU_NAME: "ubuntu-19"
     PRIOR_UBUNTU_NAME: "ubuntu-18"
 
-    _BUILT_IMAGE_SUFFIX: "libpod-6220812239765504"
+    _BUILT_IMAGE_SUFFIX: "FIXME"
     FEDORA_CACHE_IMAGE_NAME: "${FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "${PRIOR_FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}"
     UBUNTU_CACHE_IMAGE_NAME: "${UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}"

contrib/cirrus/lib.sh

@@ -69,7 +69,7 @@ export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-32,fedora-31}"
 export UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211"
 export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20200218"
 # Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export FEDORA_BASE_IMAGE="fedora-cloud-base-32-n-0-1586202964"
+export FEDORA_BASE_IMAGE="FIXME"
 export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1586202964"
 export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
 # IN_PODMAN container image

contrib/cirrus/packer/fedora_base-setup.sh

@@ -8,16 +8,14 @@ set -e
 # Load in library (copied by packer, before this script was run)
 source $GOSRC/$SCRIPT_BASE/lib.sh
 
-install_ooe
-
 echo "Updating packages"
-ooe.sh dnf -y update
+dnf -y update
 
 echo "Installing necessary packages and google services"
-ooe.sh dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool
+dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool
 
 echo "Enabling services"
-ooe.sh systemctl enable rngd
+systemctl enable rngd
 
 # There is a race that can happen on boot between the GCE services configuring
 # the VM, and cloud-init trying to do similar activities.  Use a customized
@@ -25,6 +23,19 @@ ooe.sh systemctl enable rngd
 echo "Setting cloud-init service to start after google-network-daemon.service"
 cp -v $GOSRC/$PACKER_BASE/cloud-init/fedora/cloud-init.service /etc/systemd/system/
 
+# ref: https://cloud.google.com/compute/docs/startupscript
+# The mechanism used by Cirrus-CI to execute tasks on the system is through an
+# "agent" process launched as a GCP startup-script (from the metadata service).
+# This agent is responsible for cloning the repository and executing all task
+# scripts and other operations.  Therefor, on SELinux-enforcing systems, the
+# service must be labeled properly to ensure it's child processes can
+# run with the proper contexts.
+METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0
+METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service
+sed -r -e \
+    "s/Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \
+    /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH
+
 # Ensure there are no disruptive periodic services enabled by default in image
 systemd_banish
 

contrib/cirrus/packer/libpod_base_images.yml

@@ -17,9 +17,9 @@ variables:
     PRIOR_UBUNTU_BASE_IMAGE:
 
     # Latest Fedora release
-    FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-20200406.n.0.x86_64.qcow2"
-    FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-32-x86_64-20200406.n.0-CHECKSUM"
-    FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-n-0'
+    FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-1.6.x86_64.qcow2"
+    FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-32-1.6-x86_64-CHECKSUM"
+    FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-1-6'
 
     # Prior Fedora release
     PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2"