summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2015-05-27 21:11:36 -0400
committerJoey Hess2015-05-27 21:11:36 -0400
commit9ce43e55f8db84ac1111ad29f0c134814f805fed (patch)
treef94c6ba350e2a07c5aeeabe17e0a60f6f9896038
parent672a783d3a2804ceeb6f179f37042eba5248f4c1 (diff)
Improve enter-machine scripts for nspawn containers to unset most environment variables.
-rw-r--r--config-joey.hs4
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/Systemd.hs20
3 files changed, 16 insertions, 10 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 013be113..e01af471 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -134,10 +134,10 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64"
! Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h")
! Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h")
! Docker.docked (GitAnnexBuilder.androidAutoBuilderContainer dockerImage (Cron.Times "1 1 * * *") "3h")
+ ! Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage)
+ ! Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h")
& Docker.garbageCollected -- `period` Daily
& Systemd.nspawned (GitAnnexBuilder.standardAutoBuilderContainerNspawn "amd64" 15 "2h")
- & Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage)
- & Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h")
& Apt.buildDep ["git-annex"] `period` Daily
-- This is not a complete description of kite, since it's a
diff --git a/debian/changelog b/debian/changelog
index 96a9f745..5d70582e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ propellor (2.5.0) UNRELEASED; urgency=medium
* Export CommandParam, boolSystem, safeSystem and shellEscape from
Propellor.Property.Cmd, so they are available for use in constricting
your own Properties when using propellor as a library.
+ * Improve enter-machine scripts for nspawn containers to unset most
+ environment variables.
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 78a99963..b19c08bc 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -215,15 +215,19 @@ enterScript c@(Container name _ _) = setup <!> teardown
where
setup = combineProperties ("generated " ++ enterScriptFile c)
[ scriptfile `File.hasContent`
- [ "#!/bin/sh"
+ [ "#!/usr/bin/perl"
, "# Generated by propellor"
- , "pid=\"$(machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2)\" || true"
- , "if [ -n \"$pid\" ]; then"
- , "\tnsenter -p -u -n -i -m -t \"$pid\" \"$@\""
- , "else"
- , "\techo container not running >&2"
- , "\texit 1"
- , "fi"
+ , "my $pid=`machinectl show " ++ shellEscape name ++ " -p Leader | cut -d= -f2`;"
+ , "chomp $pid;"
+ , "if (length $pid) {"
+ , "\tforeach my $var (keys %ENV) {"
+ , "\t\tdelete $var unless $var eq 'PATH' || $var eq 'TERM';"
+ , "\t}"
+ , "\texec('nsenter', '-p', '-u', '-n', '-i', '-m', '-t', $pid, @ARGV);"
+ , "} else {"
+ , "\tdie 'container not running';"
+ , "}"
+ , "exit(1);"
]
, scriptfile `File.mode` combineModes (readModes ++ executeModes)
]