crtxcr/looqs-bundle
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

build: Run as root generally, drop privs on download/bundle

Browse Source
This commit is contained in:
Albert S. 2022-06-28 23:36:04 +02:00
parent 4903470b15
commit 1a92cb5963
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
build
View File

@ -2,13 +2,13 @@
set -e set -e
[ -d cache ] || mkdir cache [ -d cache ] || mkdir cache
SPAWN="systemd-nspawn -M gentoolooqsbuilder -D gentoo --bind=$(realpath ./out):/out --bind=$(realpath scripts):/scripts --bind=$(realpath cache):/var/cache/distfiles" SPAWN="systemd-nspawn -M gentoolooqsbuilder -D gentoo --bind=$(realpath ./out):/out --bind=$(realpath scripts):/scripts --bind=$(realpath cache):/var/cache/distfiles"
export UNPRIVUSER="user"
su $UNPRIVUSER -c ./scripts/1-create.sh
SETUPSCRIPT="/scripts/3-setup-gentoo.sh" ./scripts/2-create.sh
BUILDSCRIPT="/scripts/4-build-looqs.sh" ${SPAWN} /scripts/3-setup-gentoo.sh
./scripts/1-create.sh chown "$UNPRIVUSER" -R out
sudo ./scripts/2-create.sh `whoami` ${SPAWN} su - builder -c /scripts/4-build-looqs.sh
sudo ${SPAWN} /${SETUPSCRIPT} chown "$UNPRIVUSER" -R out
sudo ${SPAWN} su - builder -c /${BUILDSCRIPT} su $UNPRIVUSER -c "cd $(pwd); ./scripts/5-bundle.sh"
./scripts/5-bundle.sh

1
scripts/2-create.sh
View File

@ -6,5 +6,4 @@ mkdir out
mkdir out/lib mkdir out/lib
mkdir out/bin mkdir out/bin
chmod -R 755 out chmod -R 755 out
chown -R "$1" out
tar xfp hardened.tar.xz -C gentoo tar xfp hardened.tar.xz -C gentoo