mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-13 22:42:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

buildserver: /vagrant/cache writeable only by root

Browse source 
Prevent build processes from modifying the cache, it is only needed
during provisioning anyway. A malicious build could still use sudo to
change the cache, but this is more to prevent mistaken modifications.
This commit is contained in:
Hans-Christoph Steiner 2016-06-15 12:47:16 +02:00
parent 6ea2508127
commit d0bb6f73bf
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
makebuildserver
View file

@ -363,7 +363,8 @@ if 'aptproxy' in config and config['aptproxy']:
# does not need a custom mount # does not need a custom mount
if cachedir != 'buildserver/cache': if cachedir != 'buildserver/cache':
vagrantfile += """ vagrantfile += """
config.vm.synced_folder '{0}', '/vagrant/cache' config.vm.synced_folder '{0}', '/vagrant/cache',
owner: 'root', group: 'root', create: true
""".format(cachedir) """.format(cachedir)
# cache .deb packages on the host via a mount trick # cache .deb packages on the host via a mount trick