SiegfriedSiegert/PTU5KAS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kas-container: mount host paths below /var/kas

Browse Source 
As we no longer create the builder user at runtime, placing data into
/etc/skel at runtime is semantically not correct anymore. Instead, we
bind mount host paths below /var/kas/userdata. By that, we now place
the data into a directory which is fully handled by us.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This commit is contained in:
Felix Moessbauer 2023-02-27 13:21:31 +01:00 committed by Jan Kiszka
parent f971cd363b
commit 06fad464b5
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
container-entrypoint
View File

@ -52,8 +52,8 @@ else
usermod -o --uid "$USER_ID" --gid "$GROUP_ID" builder >/dev/null
chown -R "$USER_ID":"$GROUP_ID" /builder
# copy host SSH config into home of builder
if [ -d /etc/skel/.ssh ]; then
cp -a /etc/skel/.ssh /builder/
if [ -d /var/kas/userdata/.ssh ]; then
cp -a /var/kas/userdata/.ssh /builder/
fi
GOSU="gosu builder"

16
kas-container
View File

@ -411,7 +411,7 @@ if [ -n "${KAS_SSH_DIR}" ] ; then
echo "Passed KAS_SSH_DIR '${KAS_SSH_DIR}' is not a directory"
exit 1
fi
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/etc/skel/.ssh:ro
set -- "$@" -v "$(readlink -f "${KAS_SSH_DIR}")":/var/kas/userdata/.ssh:ro
fi
if [ -n "${KAS_SSH_AUTH_SOCK}" ]; then
@ -428,9 +428,9 @@ if [ -n "${KAS_AWS_DIR}" ] ; then
echo "Passed KAS_AWS_DIR '${KAS_AWS_DIR}' is not a directory"
exit 1
fi
set -- "$@" -v "$(readlink -f "${KAS_AWS_DIR}")":/etc/skel/.aws:ro \
-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/etc/skel/.aws/config}" \
-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/etc/skel/.aws/credentials}"
set -- "$@" -v "$(readlink -f "${KAS_AWS_DIR}")":/var/kas/userdata/.aws:ro \
-e AWS_CONFIG_FILE="${AWS_CONFIG_FILE:-/var/kas/userdata/.aws/config}" \
-e AWS_SHARED_CREDENTIALS_FILE="${AWS_SHARED_CREDENTIALS_FILE:-/var/kas/userdata/.aws/credentials}"
fi
KAS_GIT_CREDENTIAL_HELPER_DEFAULT=""
@ -440,8 +440,8 @@ if [ -n "${KAS_GIT_CREDENTIAL_STORE}" ] ; then
echo "Passed KAS_GIT_CREDENTIAL_STORE '${KAS_GIT_CREDENTIAL_STORE}' is not a file"
exit 1
fi
KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/etc/skel/.git-credentials"
set -- "$@" -v "$(readlink -f "${KAS_GIT_CREDENTIAL_STORE}")":/etc/skel/.git-credentials:ro
KAS_GIT_CREDENTIAL_HELPER_DEFAULT="store --file=/var/kas/userdata/.git-credentials"
set -- "$@" -v "$(readlink -f "${KAS_GIT_CREDENTIAL_STORE}")":/var/kas/userdata/.git-credentials:ro
fi
GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER:-${KAS_GIT_CREDENTIAL_HELPER_DEFAULT}}"
@ -451,8 +451,8 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
fi
if [ -f "${NETRC_FILE}" ]; then
set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
-e NETRC_FILE="/etc/skel/.netrc"
set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/var/kas/userdata/.netrc:ro \
-e NETRC_FILE="/var/kas/userdata/.netrc"
fi
if [ -t 1 ]; then