From 7de89044c70f0416befca987bc8bc2b597358b48 Mon Sep 17 00:00:00 2001
From: Kai Lueke <kailuke@microsoft.com>
Date: Thu, 24 Mar 2022 12:49:06 +0100
Subject: [PATCH] build_library/build_image_util.sh: move image modification
 before trim

The trim should be the last action before the image is finalized,
otherwise it may not result in the minimal size.
---
 build_library/build_image_util.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh
index e99d266b05..7927e89b04 100755
--- a/build_library/build_image_util.sh
+++ b/build_library/build_image_util.sh
@@ -686,6 +686,11 @@ EOF
         "${BUILD_DIR}/${image_kconfig}"
   fi
 
+  # Build the selinux policy
+  if pkg_use_enabled coreos-base/coreos selinux; then
+      sudo chroot "${root_fs_dir}" bash -c "cd /usr/share/selinux/mcs && semodule -s mcs -i *.pp"
+  fi
+
   write_contents "${root_fs_dir}" "${BUILD_DIR}/${image_contents}"
 
   # Zero all fs free space to make it more compressible so auto-update
@@ -695,11 +700,6 @@ EOF
     sudo fstrim "${root_fs_dir}/usr" || true
   fi
 
-  # Build the selinux policy
-  if pkg_use_enabled coreos-base/coreos selinux; then
-      sudo chroot "${root_fs_dir}" bash -c "cd /usr/share/selinux/mcs && semodule -s mcs -i *.pp"
-  fi
-
   # Make the filesystem un-mountable as read-write and setup verity.
   if [[ ${disable_read_write} -eq ${FLAGS_TRUE} ]]; then
     # Unmount /usr partition