kas-container: mount host paths below /var/kas
As we no longer create the builder user at runtime, placing data into /etc/skel at runtime is semantically not correct anymore. Instead, we bind mount host paths below /var/kas/userdata. By that, we now place the data into a directory which is fully handled by us. Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This commit is contained in:
Felix Moessbauer
Jan Kiszka
parent
f971cd363b
commit
06fad464b5
@ -52,8 +52,8 @@ else
|
||||
usermod -o --uid "$USER_ID" --gid "$GROUP_ID" builder >/dev/null
|
||||
chown -R "$USER_ID":"$GROUP_ID" /builder
|
||||
# copy host SSH config into home of builder
|
||||
if [ -d /etc/skel/.ssh ]; then
|
||||
cp -a /etc/skel/.ssh /builder/
|
||||
if [ -d /var/kas/userdata/.ssh ]; then
|
||||
cp -a /var/kas/userdata/.ssh /builder/
|
||||
fi
|
||||
|
||||
GOSU="gosu builder"
|
||||
|
||||
@ -411,7 +411,7 @@ if [ -n "${KAS_SSH_DIR}" ] ; then
|
||||
echo "Passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory"
|
||||
exit 1
|
||||
fi
|
||||
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
|
||||
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/var/kas/userdata/.ssh:ro
|
||||
fi
|
||||
|
||||
if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
|
||||
@ -428,9 +428,9 @@ if [ -n "${KAS_AWS_DIR}" ] ; then
|
||||
echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
|
||||
exit 1
|
||||
fi
|
||||
set -- "$@" -v "$(readlink -f "${KAS_AWS_DIR}")":/etc/skel/.aws:ro \
|
||||
-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/etc/skel/.aws/config}" \
|
||||
-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/etc/skel/.aws/credentials}"
|
||||
set -- "$@" -v "$(readlink -f "${KAS_AWS_DIR}")":/var/kas/userdata/.aws:ro \
|
||||
-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/config}" \
|
||||
-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/var/kas/userdata/.aws/credentials}"
|
||||
fi
|
||||
|
||||
KAS_GIT_CREDENTIAL_HELPER_DEFAULT=""
|
||||
@ -440,8 +440,8 @@ if [ -n "${KAS_GIT_CREDENTIAL_STORE}" ] ; then
|
||||
echo "Passed KAS_GIT_CREDENTIAL_STORE '${KAS_GIT_CREDENTIAL_STORE}' is not a file"
|
||||
exit 1
|
||||
fi
|
||||
KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/etc/skel/.git-credentials"
|
||||
set -- "$@" -v "$(readlink -f "${KAS_GIT_CREDENTIAL_STORE}")":/etc/skel/.git-credentials:ro
|
||||
KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/var/kas/userdata/.git-credentials"
|
||||
set -- "$@" -v "$(readlink -f "${KAS_GIT_CREDENTIAL_STORE}")":/var/kas/userdata/.git-credentials:ro
|
||||
fi
|
||||
|
||||
GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER:-${KAS_GIT_CREDENTIAL_HELPER_DEFAULT}}"
|
||||
@ -451,8 +451,8 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
|
||||
fi
|
||||
|
||||
if [ -f "${NETRC_FILE}" ]; then
|
||||
set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
|
||||
-e NETRC_FILE="/etc/skel/.netrc"
|
||||
set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/var/kas/userdata/.netrc:ro \
|
||||
-e NETRC_FILE="/var/kas/userdata/.netrc"
|
||||
fi
|
||||
|
||||
if [ -t 1 ]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user