diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2019-09-21 06:31:33 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2019-09-21 06:31:33 -0700 |
| commit | d1d44edaafb652ae97759e39163202e8c725abc0 (patch) | |
| tree | 94c36a67bd384fb93336dd82679fd7dff651bdb1 | |
| parent | Add missing then. (diff) | |
| download | packages-5-d1d44edaafb652ae97759e39163202e8c725abc0.tar.gz packages-5-d1d44edaafb652ae97759e39163202e8c725abc0.tar.bz2 packages-5-d1d44edaafb652ae97759e39163202e8c725abc0.zip | |
bin/update-all: handle non-docker dev environmentv7.0.1
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
| -rwxr-xr-x | bin/update-all.sh | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/bin/update-all.sh b/bin/update-all.sh index 920f1f3..2c1781f 100755 --- a/bin/update-all.sh +++ b/bin/update-all.sh @@ -1,9 +1,18 @@ #!/bin/bash -if [[ ${1} != "production" ]]; then +# This script runs as the gpackages user normally! + +# Outside of a docker environment, it cannot call emerge --sync because that +# requires the 'portage' group, and opens up attacks to escalate from gpackages +# to portage-owned files. However, in a Docker environment, the other files +# from Portage are NOT available unless --sync IS used. + +# Stuff that we have to do inside Docker: +if grep -qa docker /proc/1/cgroups && [[ ${1} != "production" ]]; then emerge --sync fi +# This is the copy of the tree used to run gpackages against. if [[ ! -d /mnt/packages-tree/gentoo/ ]]; then cd /mnt/packages-tree || exit 1 git clone https://anongit.gentoo.org/git/repo/gentoo.git |