Remove isolated-build element

The element is no longer used in the undercloud install as it's not
contained in any of the json files under json-files or included by any
element dependencies.

This is a fix for the security issue where the /tmp path is used.

Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15
Closes-Bug: #1712380
(cherry picked from commit 722d9e4292)
This commit is contained in:
James Slagle 2017-08-04 13:28:17 -04:00 committed by Alex Schultz
parent e9a5137e7e
commit 808c89b924
3 changed files with 0 additions and 24 deletions

View File

@ -1,13 +0,0 @@
Build images isolated from any external sources of software.
This is necessary for doing builds in things like Koji and Brew,
where only installation sources known to the build system are
allowed. This element enables that by removing/blacklisting
Git and Pip and disabling source repositories.
Note that this method is not perfect - it's still possible for
Git or Pip to be pulled in as a dependency of another package,
but since currently this requirement is on a best-effort basis
this is our best effort to meet it. At some point this will be
enforced by the build system itself and we won't be responsible
for ensuring compliance.

View File

@ -1 +0,0 @@
export NO_SOURCE_REPOSITORIES=1

View File

@ -1,10 +0,0 @@
#!/bin/bash
set -eu
set -o pipefail
echo git >> /tmp/yum-blacklist
echo python-pip >> /tmp/yum-blacklist
echo python-virtualenv >> /tmp/yum-blacklist
yum -y erase git python-pip python-virtualenv