diskimage-builder/elements/dpkg
Ian Wienand 672705831f Add a best-effort sudo safety check
As motivation for this; we have had two breakouts of dib in recent
memory.  One was a failure to unmount through symlinks in the core
code (I335316019ef948758392b03e91f9869102a472b9) and the other was
removing host keys on the build-system
(Ib01d71ff9415a0ae04d963f6e380aab9ac2260ce).

For the most part, dib runs unprivileged.  Bits of the core code are
hopefully well tested (modulo bugs like the first one!).  We give free
reign inside the chroot (although there is still some potential there
for adverse external affects via bind mounts).  Where we could be a
bit safer (and could have prevented at least the second of these
breakouts) is with some better checking that the "sudo" calls
*outside* the chroot at least looked sane.

This adds a basic check that we're using chroot or image paths when
calling sudo in those parts of elements that run *outside* the chroot.
Various files are updated to accomodate this check; mostly by just
ignoring it for existing code (I have not audited these calls).

Nobody is pretending this type of checking makes dib magically safe,
or removes the issues with it needing to do things as root during the
build.  But this can help find egregious errors like the key removal.

Change-Id: I161a5aea1d29dcdc7236f70d372c53246ec73749
2016-05-09 15:41:38 +10:00
..
bin Add force-confdef in debian package install 2016-02-16 14:10:19 +01:00
cleanup.d Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
extra-data.d Add a best-effort sudo safety check 2016-05-09 15:41:38 +10:00
finalise.d Allow disabling apt-get clean 2015-03-06 17:07:29 +00:00
pre-install.d Standarise tracing for scripts 2015-02-12 10:41:32 +11:00
root.d Fix dpkg element for Ubuntu Xenial 2016-02-10 12:50:43 -08:00
element-deps Use package-installs on dpkg-based elements 2015-03-03 09:24:14 +01:00
README.rst Update dpkg elements README from free text to table formatting 2015-08-31 13:43:04 -07:00

====
dpkg
====
Provide dpkg specific image building glue.

The ubuntu element needs customisations at the start and end of the image build
process that do not apply to RPM distributions, such as using the host machine
HTTP proxy when installing packages. These customisations live here, where they
can be used by any dpkg based element.

The dpkg specific version of install-packages is also kept here.

Environment Variables
---------------------

DIB_APT_KEYS
  :Required: No
  :Default: None
  :Description: If an extra or updated apt key is needed then define
    ``DIB_ADD_APT_KEYS`` with the path to a folder. Any key files inside will be
    added to the key ring before any apt-get commands take place.
  :Example: ``DIB_APT_KEYS=/etc/apt/trusted.gpg.d``

DIB_APT_LOCAL_CACHE
  :Required: No
  :Default: 1
  :Description: By default the ``$DIB_IMAGE_CACHE/apt/$DISTRO_NAME`` directory is
    mounted in ``/var/cache/apt/archives`` to cache the .deb files downloaded
    during the image creation. Use this variable if you wish to disable the
    internal cache of the ``/var/cache/apt/archives`` directory
  :Example: ``DIB_APT_LOCAL_CACHE=0`` will disable internal caching.

DIB_DISABLE_APT_CLEANUP
  :Required: No
  :Default: 0
  :Description: At the end of a dib run we clean the apt cache to keep the image
    size as small as possible. Use this variable to prevent cleaning the apt cache
    at the end of a dib run.
  :Example: ``DIB_DISABLE_APT_CLEANUP=1`` will disable cleanup.