Remove isolated-build element
The element is no longer used in the undercloud install as it's not
contained in any of the json files under json-files or included by any
element dependencies.
This is a fix for the security issue where the /tmp path is used.
Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
Closes-Bug: #1712380
(cherry picked from commit 722d9e4292
)
This commit is contained in:
parent
b86f03e3b5
commit
02d25849aa
|
@ -1,13 +0,0 @@
|
|||
Build images isolated from any external sources of software.
|
||||
|
||||
This is necessary for doing builds in things like Koji and Brew,
|
||||
where only installation sources known to the build system are
|
||||
allowed. This element enables that by removing/blacklisting
|
||||
Git and Pip and disabling source repositories.
|
||||
|
||||
Note that this method is not perfect - it's still possible for
|
||||
Git or Pip to be pulled in as a dependency of another package,
|
||||
but since currently this requirement is on a best-effort basis
|
||||
this is our best effort to meet it. At some point this will be
|
||||
enforced by the build system itself and we won't be responsible
|
||||
for ensuring compliance.
|
|
@ -1 +0,0 @@
|
|||
export NO_SOURCE_REPOSITORIES=1
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
echo git >> /tmp/yum-blacklist
|
||||
echo python-pip >> /tmp/yum-blacklist
|
||||
echo python-virtualenv >> /tmp/yum-blacklist
|
||||
|
||||
yum -y erase git python-pip python-virtualenv
|
Loading…
Reference in New Issue