22048b25a7
We don't want to expose the host's `/tmp` since that means scripts could potentially find things like the X11 socket or whatever. To debug things better, add a quick bash script to run bwrap like the C code does. Perhaps down the line we can add `rpm-ostree internals run-bwrap` or so. Closes: #647 Approved by: jlebon
47 lines
867 B
RPMSpec
47 lines
867 B
RPMSpec
Summary: An app that uses useradd in its %pre
|
|
Name: scriptpkg1
|
|
Version: 1.0
|
|
Release: 1
|
|
License: GPL+
|
|
Group: Development/Tools
|
|
URL: http://foo.bar.com
|
|
BuildArch: x86_64
|
|
|
|
%description
|
|
%{summary}
|
|
|
|
%prep
|
|
|
|
%build
|
|
cat > scriptpkg1 << EOF
|
|
#!/bin/sh
|
|
echo "Hello!"
|
|
EOF
|
|
chmod a+x scriptpkg1
|
|
|
|
%pre
|
|
# Test our /etc/passwd handling
|
|
groupadd -r scriptpkg1
|
|
|
|
%posttrans
|
|
# Firewalld; https://github.com/projectatomic/rpm-ostree/issues/638
|
|
. /etc/os-release || :
|
|
# See https://github.com/projectatomic/rpm-ostree/pull/647
|
|
for path in /tmp /var/tmp; do
|
|
if test -f ${path}/file-in-host-tmp-not-for-scripts; then echo "found file from host /tmp"; exit 1; fi
|
|
done
|
|
|
|
%install
|
|
mkdir -p %{buildroot}/usr/bin
|
|
install scriptpkg1 %{buildroot}/usr/bin
|
|
|
|
%clean
|
|
rm -rf %{buildroot}
|
|
|
|
%files
|
|
/usr/bin/scriptpkg1
|
|
|
|
%changelog
|
|
* Wed Aug 17 2016 Jonathan Lebon <jlebon@redhat.com> 1.0-1
|
|
- First Build
|