[Git-commits] [grml/grml-debootstrap] be5c2e: Implement clean_chroot to avoid host env variables...
Patrick Schleizer
noreply at github.com
Fri Nov 22 13:11:45 CET 2024
Branch: refs/heads/mika/clean_chroot
Home: https://github.com/grml/grml-debootstrap
Commit: be5c2e899aa0c7a9f9f7e27ed7dc86b675fb4d92
https://github.com/grml/grml-debootstrap/commit/be5c2e899aa0c7a9f9f7e27ed7dc86b675fb4d92
Author: Patrick Schleizer <adrelanos at whonix.org>
Date: 2024-11-22 (Fri, 22 Nov 2024)
Changed paths:
M chroot-script
M grml-debootstrap
Log Message:
-----------
Implement clean_chroot to avoid host env variables like TMP to leak into the chroot
Some implementation notes:
If we use `env -i`, then we can no longer export shell functions.
So export -f "error_handler" had to be removed.
`PATH` needs to be set, otherwise `clean_chroot "$MNTPOINT" grub-install`
would fail, because grub-install is in /usr/sbin/grub-install in the
chroot.
http_proxy has to be passed otherwise apt-cacher-ng would be broken by
this commit. While at it, I completed it and added https_proxy, and
ALL_PROXY there too for completeness sake.
Which environment variables are passed into the chroot is currently
hardcoded.
FTR, I was also wondering if it was better to use a similar mechanism to
the one you're using for CHROOT_VARIABLES, but that would not work
because only the chroot-script reads those. But we're not only using
that but also other calls from grml-debootstrap to chroot (now
clean_chroot), so the environment variables need to be set at the
grml-debootstrap level.
Closes: grml/grml-debootstrap#232
To unsubscribe from these emails, change your notification settings at https://github.com/grml/grml-debootstrap/settings/notifications
More information about the Git-commits
mailing list