diff options
author | Austin S. Hemmelgarn <austin@netdata.cloud> | 2022-04-13 13:27:29 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-13 13:27:29 -0400 |
commit | ac0fe6cf07d613623ac1edf35c3791a1f17256a9 (patch) | |
tree | 416d7451adeeb94e8079742f22c607abc50ad05f | |
parent | 91051b8ac8441fad0074af5d27896062a6aab9cd (diff) |
Fix the static build code in light of CVE-2022-24765 (#12683)
Also, fix handling of the source directory in the builds so that we
don’t leave behind a dirty source directory.
-rwxr-xr-x | packaging/makeself/build-static.sh | 16 | ||||
-rwxr-xr-x | packaging/makeself/build.sh | 19 |
2 files changed, 15 insertions, 20 deletions
diff --git a/packaging/makeself/build-static.sh b/packaging/makeself/build-static.sh index e4c92a7ba8..f383537212 100755 --- a/packaging/makeself/build-static.sh +++ b/packaging/makeself/build-static.sh @@ -45,8 +45,8 @@ if ! docker inspect "${DOCKER_CONTAINER_NAME}" > /dev/null 2>&1; then run docker pull --platform=${platform} alpine:3.15 fi - run docker run --platform=${platform} -v "$(pwd)":/usr/src/netdata.git:rw alpine:3.15 \ - /bin/sh /usr/src/netdata.git/packaging/makeself/install-alpine-packages.sh + run docker run --platform=${platform} -v "$(pwd)":/netdata:rw alpine:3.15 \ + /bin/sh /netdata/packaging/makeself/install-alpine-packages.sh # save the changes made permanently id=$(docker ps -l -q) @@ -55,15 +55,11 @@ fi # Run the build script inside the container if [ -t 1 ]; then - run docker run -e BUILDARCH="${BUILDARCH}" -a stdin -a stdout -a stderr -i -t -v "$(pwd)":/usr/src/netdata.git:rw \ + run docker run -e BUILDARCH="${BUILDARCH}" -a stdin -a stdout -a stderr -i -t -v "$(pwd)":/netdata:rw \ "${DOCKER_CONTAINER_NAME}" \ - /bin/sh /usr/src/netdata.git/packaging/makeself/build.sh "${@}" + /bin/sh /netdata/packaging/makeself/build.sh "${@}" else - run docker run -e BUILDARCH="${BUILDARCH}" -v "$(pwd)":/usr/src/netdata.git:rw \ + run docker run -e BUILDARCH="${BUILDARCH}" -v "$(pwd)":/netdata:rw \ -e GITHUB_ACTIONS="${GITHUB_ACTIONS}" "${DOCKER_CONTAINER_NAME}" \ - /bin/sh /usr/src/netdata.git/packaging/makeself/build.sh "${@}" -fi - -if [ "${USER}" ]; then - sudo chown -R "${USER}" . + /bin/sh /netdata/packaging/makeself/build.sh "${@}" fi diff --git a/packaging/makeself/build.sh b/packaging/makeself/build.sh index 4eb2c9f412..3ac600ed4a 100755 --- a/packaging/makeself/build.sh +++ b/packaging/makeself/build.sh @@ -27,16 +27,11 @@ done # the required packages. build-x86_64-static.sh will do this for you # using docker. -cd "$(dirname "$0")" || exit 1 - -# if we don't run inside the netdata repo -# download it and run from it -if [ ! -f ../../netdata-installer.sh ]; then - git clone https://github.com/netdata/netdata.git netdata.git || exit 1 - cd netdata.git/makeself || exit 1 - ./build.sh "$@" - exit $? -fi +mkdir -p /usr/src +cp -va /netdata /usr/src/netdata +chown -R root:root /usr/src/netdata + +cd /usr/src/netdata/packaging/makeself || exit 1 git clean -dxf git submodule foreach --recursive git clean -dxf @@ -64,3 +59,7 @@ if ! ./run-all-jobs.sh "$@"; then printf >&2 "Build failed." exit 1 fi + +mkdir -p /netdata/artifacts +cp -va /usr/src/netdata/artifacts/* /netdata/artifacts/ +chown -R "$(stat -c '%u:%g' /netdata)" /netdata/artifacts/ |