[Git-commits] [grml/grml-debootstrap] 07a5fe: Implement clean_chroot to avoid host env variables...
Patrick Schleizer
noreply at github.com
Wed Aug 14 16:45:40 CEST 2024
Branch: refs/heads/mika/267
Home: https://github.com/grml/grml-debootstrap
Commit: 07a5fe657dff0842b2b1836d75fa0ee3c391da95
https://github.com/grml/grml-debootstrap/commit/07a5fe657dff0842b2b1836d75fa0ee3c391da95
Author: Patrick Schleizer <adrelanos at whonix.org>
Date: 2024-08-14 (Wed, 14 Aug 2024)
Changed paths:
M chroot-script
M grml-debootstrap
Log Message:
-----------
Implement clean_chroot to avoid host env variables like TMP to leak into the chroot
Some implementation notes:
If we use `env -i`, then we can no longer export shell functions.
So export -f "error_handler" had to be removed.
`PATH` needs to be set, otherwise `clean_chroot "$MNTPOINT" grub-install`
would fail, because grub-install is in /usr/sbin/grub-install in the
chroot.
http_proxy has to be passed otherwise apt-cacher-ng would be broken by
this commit. While at it, I completed it and added https_proxy, and
ALL_PROXY there too for completeness sake.
Which environment variables are passed into the chroot is currently
hardcoded.
FTR, I was also wondering if it was better to use a similar mechanism to
the one you're using for CHROOT_VARIABLES, but that would not work
because only the chroot-script reads those. But we're not only using
that but also other calls from grml-debootstrap to chroot (now
clean_chroot), so the environment variables need to be set at the
grml-debootstrap level.
Closes: grml/grml-debootstrap#232
To unsubscribe from these emails, change your notification settings at https://github.com/grml/grml-debootstrap/settings/notifications
More information about the Git-commits
mailing list