particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

pipeline: don't bind-mount /boot from the host

Browse source 
When setting up the build root, only bind mount the `/boot` dir
from the supplied build tree, if the build tree is not the host
itself, since we never want to leak any host specific data and
the `/boot` directory should never be needed when building the
build root. The only reason `/boot` is mounted at all is for
the grub2 stage to copy efi binaries to the tree since they
directly installed to `/boot` by the respective bootloader
packages.
This commit is contained in:
Christian Kellner 2021-10-29 10:32:21 +00:00 committed by Tom Gundersen
parent ccb26806fc
commit 4a7e49c20b
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
osbuild/pipeline.py
View file

@ -108,6 +108,10 @@ class Stage:
build_root = buildroot.BuildRoot(build_tree, runner, libdir, store.tmp)
cm.enter_context(build_root)
# if we have a build root, then also bind-mount the boot
# directory from it, since it may contain efi binaries
build_root.mount_boot = bool(self.build)
tmpdir = store.tempdir(prefix="buildroot-tmp-")
tmpdir = cm.enter_context(tmpdir)