Fossil SCM
Another fixup to the nojail patch to track the previous. (Can't reliably create these patches without having a committed version to diff against, alas.)
Commit
c9e4b3d254531d4c7a6e609c6c2d2359f7c45f9c7d0277eac4a9e022adc99d97
Parent
d778a023922249e…
1 file changed
+12
-6
+12
-6
| --- containers/Dockerfile-nojail.patch | ||
| +++ containers/Dockerfile-nojail.patch | ||
| @@ -16,18 +16,24 @@ | ||
| 16 | 16 | |
| 17 | 17 | ### Lay BusyBox down as the first base layer. Coupled with the host's |
| 18 | 18 | ### kernel, this is the "OS" used to RUN the subsequent setup script. |
| 19 | 19 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 20 | 20 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 21 | -@@ -78,19 +78,17 @@ | |
| 21 | +@@ -72,23 +72,23 @@ | |
| 22 | + ### anything likely to change often. So long as the user leaves | |
| 23 | + ### UID alone, this layer will be durable. | |
| 24 | + RUN set -x \ | |
| 25 | + && echo "root:x:0:0:Admin:/:/false" > /etc/passwd \ | |
| 26 | + && echo "root:x:0:root" > /etc/group \ | |
| 27 | +- && echo "fossil:x:${UID}:${UID}:User:/jail:/false" >> /etc/passwd \ | |
| 28 | ++ && echo "fossil:x:${UID}:${UID}:User:/:/false" >> /etc/passwd \ | |
| 22 | 29 | && echo "fossil:x:${UID}:fossil" >> /etc/group \ |
| 23 | 30 | && install -d -m 700 -o fossil -g fossil log museum \ |
| 24 | 31 | && install -d -m 755 -o fossil -g fossil dev \ |
| 25 | -- && install -d -m 1777 -o root -g root /tmp \ | |
| 26 | -- && mknod -m 666 dev/null c 1 3 \ | |
| 27 | -- && mknod -m 444 dev/urandom c 1 9 | |
| 28 | -+ && install -d -m 1777 -o root -g root /tmp | |
| 32 | + && install -d -m 1777 -o root -g root /tmp \ | |
| 33 | + && mknod -m 666 dev/null c 1 3 \ | |
| 34 | + && mknod -m 444 dev/urandom c 1 9 | |
| 29 | 35 | |
| 30 | 36 | ### Do Fossil-specific things atop those base layers; this will change |
| 31 | 37 | ### as often as the Fossil build-from-source layer above. |
| 32 | 38 | -COPY --from=builder /tmp/fossil bin/ |
| 33 | 39 | +COPY --from=builder /tmp/fossil /bin/ |
| @@ -37,11 +43,11 @@ | ||
| 37 | 43 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 38 | 44 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 39 | 45 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \ |
| 40 | 46 | /bin/sqlite3 \ |
| 41 | 47 | && chmod +x /bin/sha?sum /bin/sqlite3 |
| 42 | -@@ -101,10 +99,9 @@ | |
| 48 | +@@ -99,10 +99,9 @@ | |
| 43 | 49 | ## --------------------------------------------------------------------- |
| 44 | 50 | |
| 45 | 51 | EXPOSE 8080/tcp |
| 46 | 52 | CMD [ \ |
| 47 | 53 | "fossil", "server", \ |
| 48 | 54 |
| --- containers/Dockerfile-nojail.patch | |
| +++ containers/Dockerfile-nojail.patch | |
| @@ -16,18 +16,24 @@ | |
| 16 | |
| 17 | ### Lay BusyBox down as the first base layer. Coupled with the host's |
| 18 | ### kernel, this is the "OS" used to RUN the subsequent setup script. |
| 19 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 20 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 21 | @@ -78,19 +78,17 @@ |
| 22 | && echo "fossil:x:${UID}:fossil" >> /etc/group \ |
| 23 | && install -d -m 700 -o fossil -g fossil log museum \ |
| 24 | && install -d -m 755 -o fossil -g fossil dev \ |
| 25 | - && install -d -m 1777 -o root -g root /tmp \ |
| 26 | - && mknod -m 666 dev/null c 1 3 \ |
| 27 | - && mknod -m 444 dev/urandom c 1 9 |
| 28 | + && install -d -m 1777 -o root -g root /tmp |
| 29 | |
| 30 | ### Do Fossil-specific things atop those base layers; this will change |
| 31 | ### as often as the Fossil build-from-source layer above. |
| 32 | -COPY --from=builder /tmp/fossil bin/ |
| 33 | +COPY --from=builder /tmp/fossil /bin/ |
| @@ -37,11 +43,11 @@ | |
| 37 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 38 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 39 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \ |
| 40 | /bin/sqlite3 \ |
| 41 | && chmod +x /bin/sha?sum /bin/sqlite3 |
| 42 | @@ -101,10 +99,9 @@ |
| 43 | ## --------------------------------------------------------------------- |
| 44 | |
| 45 | EXPOSE 8080/tcp |
| 46 | CMD [ \ |
| 47 | "fossil", "server", \ |
| 48 |
| --- containers/Dockerfile-nojail.patch | |
| +++ containers/Dockerfile-nojail.patch | |
| @@ -16,18 +16,24 @@ | |
| 16 | |
| 17 | ### Lay BusyBox down as the first base layer. Coupled with the host's |
| 18 | ### kernel, this is the "OS" used to RUN the subsequent setup script. |
| 19 | COPY --from=builder /tmp/bbx/busybox /bin/ |
| 20 | RUN [ "/bin/busybox", "--install", "/bin" ] |
| 21 | @@ -72,23 +72,23 @@ |
| 22 | ### anything likely to change often. So long as the user leaves |
| 23 | ### UID alone, this layer will be durable. |
| 24 | RUN set -x \ |
| 25 | && echo "root:x:0:0:Admin:/:/false" > /etc/passwd \ |
| 26 | && echo "root:x:0:root" > /etc/group \ |
| 27 | - && echo "fossil:x:${UID}:${UID}:User:/jail:/false" >> /etc/passwd \ |
| 28 | + && echo "fossil:x:${UID}:${UID}:User:/:/false" >> /etc/passwd \ |
| 29 | && echo "fossil:x:${UID}:fossil" >> /etc/group \ |
| 30 | && install -d -m 700 -o fossil -g fossil log museum \ |
| 31 | && install -d -m 755 -o fossil -g fossil dev \ |
| 32 | && install -d -m 1777 -o root -g root /tmp \ |
| 33 | && mknod -m 666 dev/null c 1 3 \ |
| 34 | && mknod -m 444 dev/urandom c 1 9 |
| 35 | |
| 36 | ### Do Fossil-specific things atop those base layers; this will change |
| 37 | ### as often as the Fossil build-from-source layer above. |
| 38 | -COPY --from=builder /tmp/fossil bin/ |
| 39 | +COPY --from=builder /tmp/fossil /bin/ |
| @@ -37,11 +43,11 @@ | |
| 43 | && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /bin/sha1sum \ |
| 44 | && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /bin/sha3sum \ |
| 45 | && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \ |
| 46 | /bin/sqlite3 \ |
| 47 | && chmod +x /bin/sha?sum /bin/sqlite3 |
| 48 | @@ -99,10 +99,9 @@ |
| 49 | ## --------------------------------------------------------------------- |
| 50 | |
| 51 | EXPOSE 8080/tcp |
| 52 | CMD [ \ |
| 53 | "fossil", "server", \ |
| 54 |