From 8562e667e5969f3aba30ba7e04b11d1ce507d89e Mon Sep 17 00:00:00 2001 From: Daniel Noland Date: Tue, 22 Oct 2024 22:17:45 -0600 Subject: [PATCH] hack 17 sigh --- justfile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/justfile b/justfile index e6cd96d9..a342a8d9 100644 --- a/justfile +++ b/justfile @@ -114,8 +114,10 @@ compile-env *args: fill-out-dev-env-template declare tmp_link tmp_link="$(mktemp -p "$(pwd)/sterile" -d --suffix=dataplane-compile-env.link)" declare -r tmp_link + mkdir -p FAKE_HOME; cleanup() { rm -r "${tmp_link}" + rm -r FAKE_HOME } trap cleanup EXIT declare tmp_targetdir @@ -125,16 +127,16 @@ compile-env *args: fill-out-dev-env-template ln -s /lib "${tmp_link}/lib" ln -s /sysroot "${tmp_link}/sysroot" ln -s /nix "${tmp_link}/nix" - mkdir I_HATE_YOU; docker run \ --rm \ + --read-only \ --name dataplane-compile-env \ --tmpfs "/tmp:uid=$(id -u),gid=$(id -g),nodev,noexec,nosuid" \ - --mount "type=bind,source=$(pwd)/I_HATE_YOU,destination=/home/runner,bind-propagation=rprivate" \ - --mount type=bind,source="$(pwd),destination=/work,bind-propagation=rprivate" \ - --mount type=bind,source="${tmp_link},destination=/work/compile-env,bind-propagation=rprivate" \ - --mount type=bind,source="$(pwd)/dev-env-template/etc/passwd,destination=/etc/passwd" \ - --mount type=bind,source="$(pwd)/dev-env-template/etc/group,destination=/etc/group" \ + --mount "type=bind,source=$(pwd)/FAKE_HOME,destination=/home/runner,bind-propagation=rprivate" \ + --mount type=bind,source="$(pwd),destination=/work,bind-propagation=rprivate,readonly" \ + --mount type=bind,source="${tmp_link},destination=/work/compile-env,bind-propagation=rprivate,readonly" \ + --mount type=bind,source="$(pwd)/dev-env-template/etc/passwd,destination=/etc/passwd,readonly" \ + --mount type=bind,source="$(pwd)/dev-env-template/etc/group,destination=/etc/group,readonly" \ --mount type=bind,source="${tmp_targetdir},destination=/work/target,bind-propagation=rprivate" \ --user "$(id -u):$(id -g)" \ --workdir /work \