Fossil SCM

Removed the two "mknod" calls from the Dockerfile in the nojail patch used by Podman rootless containers. Not only is the build user not allowed to run mknod in that case, there will be a /dev tree mapped into the container, causing the commands to fail due to these two basic dev nodes preexisting.

wyoung 2023-01-17 20:37 trunk
Commit d97a8fb17e52c2c118557754a90b35bfa1821436889cf03c10247dd3b9d52379
Parent 80faedbc519b175…
1 file changed +12 -5
~ containers/Dockerfile-nojail.patch
M containers/Dockerfile-nojail.patch
+12 -5
--- containers/Dockerfile-nojail.patch
+++ containers/Dockerfile-nojail.patch
@@ -1,10 +1,10 @@
11
 Index: Dockerfile
22
 ==================================================================
33
 --- Dockerfile
44
 +++ Dockerfile
5
-@@ -73,13 +73,13 @@
5
+@@ -62,13 +62,13 @@
66
 ## ---------------------------------------------------------------------
77
 ## STAGE 2: Pare that back to the bare essentials.
88
 ## ---------------------------------------------------------------------
99
1010
 FROM scratch
@@ -16,13 +16,20 @@
1616
1717
 ### Lay BusyBox down as the first base layer. Coupled with the host's
1818
 ### kernel, this is the "OS."
1919
 COPY --from=builder /tmp/bbx/busybox /bin/
2020
 COPY --from=builder /etc/os-release /etc/
21
-@@ -101,13 +101,13 @@
22
- && mknod -m 666 dev/null c 1 3 \
23
- && mknod -m 444 dev/urandom c 1 9
21
+@@ -84,19 +84,17 @@
22
+ && adduser -S -h `pwd` -g 'Fossil User' -G fossil -u ${UID} fossil \
23
+ && install -d -m 700 -o fossil -g fossil log museum \
24
+ && install -d -m 755 -o fossil -g fossil dev \
25
+ && install -d -m 755 -o root -g root /usr/bin \
26
+ && install -d -m 400 -o root -g root /run \
27
+- && install -d -m 1777 -o root -g root /tmp \
28
+- && mknod -m 666 dev/null c 1 3 \
29
+- && mknod -m 444 dev/urandom c 1 9
30
++ && install -d -m 1777 -o root -g root /tmp
2431
2532
 ### Do Fossil-specific things atop those base layers; this will change
2633
 ### as often as the Fossil build-from-source layer above.
2734
 -COPY --from=builder /tmp/fossil bin/
2835
 +COPY --from=builder /tmp/fossil /usr/bin/
@@ -32,11 +39,11 @@
3239
 && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /usr/bin/sha1sum \
3340
 && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /usr/bin/sha3sum \
3441
 && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \
3542
 /usr/bin/sqlite3 \
3643
 && chmod +x /usr/bin/sha?sum /usr/bin/sqlite3
37
-@@ -118,10 +118,9 @@
44
+@@ -107,10 +105,9 @@
3845
 ## ---------------------------------------------------------------------
3946
4047
 EXPOSE 8080/tcp
4148
 CMD [ \
4249
 "bin/fossil", "server", \
4350
--- containers/Dockerfile-nojail.patch
+++ containers/Dockerfile-nojail.patch
@@ -1,10 +1,10 @@
1 Index: Dockerfile
2 ==================================================================
3 --- Dockerfile
4 +++ Dockerfile
5 @@ -73,13 +73,13 @@
6 ## ---------------------------------------------------------------------
7 ## STAGE 2: Pare that back to the bare essentials.
8 ## ---------------------------------------------------------------------
9
10 FROM scratch
@@ -16,13 +16,20 @@
16
17 ### Lay BusyBox down as the first base layer. Coupled with the host's
18 ### kernel, this is the "OS."
19 COPY --from=builder /tmp/bbx/busybox /bin/
20 COPY --from=builder /etc/os-release /etc/
21 @@ -101,13 +101,13 @@
22 && mknod -m 666 dev/null c 1 3 \
23 && mknod -m 444 dev/urandom c 1 9
 
 
 
 
 
 
 
24
25 ### Do Fossil-specific things atop those base layers; this will change
26 ### as often as the Fossil build-from-source layer above.
27 -COPY --from=builder /tmp/fossil bin/
28 +COPY --from=builder /tmp/fossil /usr/bin/
@@ -32,11 +39,11 @@
32 && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /usr/bin/sha1sum \
33 && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /usr/bin/sha3sum \
34 && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \
35 /usr/bin/sqlite3 \
36 && chmod +x /usr/bin/sha?sum /usr/bin/sqlite3
37 @@ -118,10 +118,9 @@
38 ## ---------------------------------------------------------------------
39
40 EXPOSE 8080/tcp
41 CMD [ \
42 "bin/fossil", "server", \
43
--- containers/Dockerfile-nojail.patch
+++ containers/Dockerfile-nojail.patch
@@ -1,10 +1,10 @@
1 Index: Dockerfile
2 ==================================================================
3 --- Dockerfile
4 +++ Dockerfile
5 @@ -62,13 +62,13 @@
6 ## ---------------------------------------------------------------------
7 ## STAGE 2: Pare that back to the bare essentials.
8 ## ---------------------------------------------------------------------
9
10 FROM scratch
@@ -16,13 +16,20 @@
16
17 ### Lay BusyBox down as the first base layer. Coupled with the host's
18 ### kernel, this is the "OS."
19 COPY --from=builder /tmp/bbx/busybox /bin/
20 COPY --from=builder /etc/os-release /etc/
21 @@ -84,19 +84,17 @@
22 && adduser -S -h `pwd` -g 'Fossil User' -G fossil -u ${UID} fossil \
23 && install -d -m 700 -o fossil -g fossil log museum \
24 && install -d -m 755 -o fossil -g fossil dev \
25 && install -d -m 755 -o root -g root /usr/bin \
26 && install -d -m 400 -o root -g root /run \
27 - && install -d -m 1777 -o root -g root /tmp \
28 - && mknod -m 666 dev/null c 1 3 \
29 - && mknod -m 444 dev/urandom c 1 9
30 + && install -d -m 1777 -o root -g root /tmp
31
32 ### Do Fossil-specific things atop those base layers; this will change
33 ### as often as the Fossil build-from-source layer above.
34 -COPY --from=builder /tmp/fossil bin/
35 +COPY --from=builder /tmp/fossil /usr/bin/
@@ -32,11 +39,11 @@
39 && echo -e '#!/bin/sh\nfossil sha1sum "$@"' > /usr/bin/sha1sum \
40 && echo -e '#!/bin/sh\nfossil sha3sum "$@"' > /usr/bin/sha3sum \
41 && echo -e '#!/bin/sh\nfossil sqlite3 --no-repository "$@"' > \
42 /usr/bin/sqlite3 \
43 && chmod +x /usr/bin/sha?sum /usr/bin/sqlite3
44 @@ -107,10 +105,9 @@
45 ## ---------------------------------------------------------------------
46
47 EXPOSE 8080/tcp
48 CMD [ \
49 "bin/fossil", "server", \
50

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button