From 722d9e4292f2013c4c13ce391778b902c88d83f1 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Fri, 4 Aug 2017 13:28:17 -0400 Subject: [PATCH] Remove isolated-build element The element is no longer used in the undercloud install as it's not contained in any of the json files under json-files or included by any element dependencies. This is a fix for the security issue where the /tmp path is used. Change-Id: Ib8013fa33cd14d7e4a66e07bd6f3a280c41a7f15 Closes-Bug: #1712380 --- elements/isolated-build/README.md | 13 ------------- .../environment.d/no-source-repositories.bash | 1 - .../pre-install.d/00-disable-external-installs | 10 ---------- 3 files changed, 24 deletions(-) delete mode 100644 elements/isolated-build/README.md delete mode 100644 elements/isolated-build/environment.d/no-source-repositories.bash delete mode 100755 elements/isolated-build/pre-install.d/00-disable-external-installs diff --git a/elements/isolated-build/README.md b/elements/isolated-build/README.md deleted file mode 100644 index 58b83a285..000000000 --- a/elements/isolated-build/README.md +++ /dev/null @@ -1,13 +0,0 @@ -Build images isolated from any external sources of software. - -This is necessary for doing builds in things like Koji and Brew, -where only installation sources known to the build system are -allowed. This element enables that by removing/blacklisting -Git and Pip and disabling source repositories. - -Note that this method is not perfect - it's still possible for -Git or Pip to be pulled in as a dependency of another package, -but since currently this requirement is on a best-effort basis -this is our best effort to meet it. At some point this will be -enforced by the build system itself and we won't be responsible -for ensuring compliance. diff --git a/elements/isolated-build/environment.d/no-source-repositories.bash b/elements/isolated-build/environment.d/no-source-repositories.bash deleted file mode 100644 index 8aa7a6ff8..000000000 --- a/elements/isolated-build/environment.d/no-source-repositories.bash +++ /dev/null @@ -1 +0,0 @@ -export NO_SOURCE_REPOSITORIES=1 diff --git a/elements/isolated-build/pre-install.d/00-disable-external-installs b/elements/isolated-build/pre-install.d/00-disable-external-installs deleted file mode 100755 index 506505cf0..000000000 --- a/elements/isolated-build/pre-install.d/00-disable-external-installs +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -set -eu -set -o pipefail - -echo git >> /tmp/yum-blacklist -echo python-pip >> /tmp/yum-blacklist -echo python-virtualenv >> /tmp/yum-blacklist - -yum -y erase git python-pip python-virtualenv