build: Run as root generally, drop privs on download/bundle
This commit is contained in:
16
build
16
build
@@ -2,13 +2,13 @@
|
|||||||
set -e
|
set -e
|
||||||
[ -d cache ] || mkdir cache
|
[ -d cache ] || mkdir cache
|
||||||
SPAWN="systemd-nspawn -M gentoolooqsbuilder -D gentoo --bind=$(realpath ./out):/out --bind=$(realpath scripts):/scripts --bind=$(realpath cache):/var/cache/distfiles"
|
SPAWN="systemd-nspawn -M gentoolooqsbuilder -D gentoo --bind=$(realpath ./out):/out --bind=$(realpath scripts):/scripts --bind=$(realpath cache):/var/cache/distfiles"
|
||||||
|
export UNPRIVUSER="user"
|
||||||
|
|
||||||
|
su $UNPRIVUSER -c ./scripts/1-create.sh
|
||||||
SETUPSCRIPT="/scripts/3-setup-gentoo.sh"
|
./scripts/2-create.sh
|
||||||
BUILDSCRIPT="/scripts/4-build-looqs.sh"
|
${SPAWN} /scripts/3-setup-gentoo.sh
|
||||||
./scripts/1-create.sh
|
chown "$UNPRIVUSER" -R out
|
||||||
sudo ./scripts/2-create.sh `whoami`
|
${SPAWN} su - builder -c /scripts/4-build-looqs.sh
|
||||||
sudo ${SPAWN} /${SETUPSCRIPT}
|
chown "$UNPRIVUSER" -R out
|
||||||
sudo ${SPAWN} su - builder -c /${BUILDSCRIPT}
|
su $UNPRIVUSER -c "cd $(pwd); ./scripts/5-bundle.sh"
|
||||||
./scripts/5-bundle.sh
|
|
||||||
|
|
||||||
|
|||||||
@@ -6,5 +6,4 @@ mkdir out
|
|||||||
mkdir out/lib
|
mkdir out/lib
|
||||||
mkdir out/bin
|
mkdir out/bin
|
||||||
chmod -R 755 out
|
chmod -R 755 out
|
||||||
chown -R "$1" out
|
|
||||||
tar xfp hardened.tar.xz -C gentoo
|
tar xfp hardened.tar.xz -C gentoo
|
||||||
|
|||||||
Reference in New Issue
Block a user