-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfinalize
executable file
·33 lines (23 loc) · 1.06 KB
/
finalize
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/usr/bin/env bash
set -eufo pipefail
IFS=',' read -r -a features <<< "$BUILDER_FEATURES"
mkdir /chroot
# tmpfs is required to allow setting security xattrs in user namespace
mount -t tmpfs tmpfs /chroot
chmod 755 /chroot
chcon system_u:object_r:unlabeled_t:s0 /chroot
tar --extract --xattrs --xattrs-include 'security.*' --directory /chroot < /input
rm -rf /chroot/builder
mount --rbind /proc /chroot/proc
mount --bind /native_bin /chroot/native_bin
for feature in "${features[@]}"; do
if [ -e "/builder/features/$feature/exec.post" ]; then
printf 'exec: %s\n' "/builder/features/$feature/exec.post"
"/builder/features/$feature/exec.post" /chroot 2>&1 | sed 's/^/ /'
fi
done
umount /chroot/native_bin
rmdir /chroot/native_bin
umount -l /chroot/proc
find /chroot/proc /chroot/sys /chroot/dev /chroot/run /chroot/tmp -mindepth 1 -delete
tar --create --mtime="@$BUILDER_TIMESTAMP" --sort name --xattrs --xattrs-include 'security.*' --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime --transform 's|^\./||' --directory /chroot . > /output