diff options
| author |   Zhijiang Hu <hu.zhijiang@zte.com.cn> | 2018-01-04 17:11:43 -0500 |
|---|---|---|
| committer | Zhijiang Hu <hu.zhijiang@zte.com.cn> | 2018-01-04 17:52:40 -0500 |
| commit | 9da43ddfc09e56b772e4304eef430e56aaf6013e (patch) | |
| tree | 774ef7783c4cd04f1a765433d8ff4b07b196cca6 | |
| parent | 6fecb3948338c57cdd72c9c37491f4aabacd4f26 (diff) | |
Fix tmp dir security risks in image build code
Change-Id: I2b909101ead10e26d2ec00a0ba3eb4ca63dc226a
Signed-off-by: Zhijiang Hu <hu.zhijiang@zte.com.cn>
| -rwxr-xr-x | ci/kolla-build-vm.sh | 13 | ||||
| -rwxr-xr-x | ci/kolla-build.sh | 9 |
2 files changed, 14 insertions, 8 deletions
diff --git a/ci/kolla-build-vm.sh b/ci/kolla-build-vm.sh index 63117242..011537ad 100755 --- a/ci/kolla-build-vm.sh +++ b/ci/kolla-build-vm.sh @@ -20,7 +20,12 @@ KOLLA_TAG= EXT_TAG= KOLLA_GIT_VERSION= KOLLA_IMAGE_VERSION= -WORK_DIR=/tmp + +SCRIPT_PATH=$(readlink -f $(dirname $0)) +WORKSPACE=$(cd ${SCRIPT_PATH}/..; pwd) + +WORK_DIR=$WORKSPACE + REGISTRY_SERVER_NAME=daisy-registry function usage @@ -45,7 +50,7 @@ sudo `basename $0` -l https://git.openstack.org/openstack/kolla -j daisy-docker-build-euphrates -t 4.0.2 -e .1 - -w /tmp + -w /path/to/the/working/dir xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx EOF } @@ -220,8 +225,8 @@ function cleanup_kolla_image { function start_registry_server { echo "Starting registry server" sudo docker run -d -p 5000:5000 --restart=always \ - -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/tmp/registry \ - -v $REGISTRY_VOLUME_DIR:/tmp/registry \ + -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/home/registry \ + -v $REGISTRY_VOLUME_DIR:/home/registry \ --name $REGISTRY_SERVER_NAME registry:2 } diff --git a/ci/kolla-build.sh b/ci/kolla-build.sh index b3b9fca3..cca98db5 100755 --- a/ci/kolla-build.sh +++ b/ci/kolla-build.sh @@ -31,7 +31,10 @@ error_trap() exit $exitcode } -WORK_DIR=/tmp +SCRIPT_PATH=$(readlink -f $(dirname $0)) +WORKSPACE=$(cd ${SCRIPT_PATH}/..; pwd) + +WORK_DIR=$WORKSPACE while getopts "l:b:j:t:e:w:h" OPTION do #Only get what we need @@ -46,8 +49,6 @@ BUILD_OUTPUT_DIR=$WORK_DIR/kolla-build-output ############Builder VM operations################ -SCRIPT_PATH=$(readlink -f $(dirname $0)) -WORKSPACE=$(cd ${SCRIPT_PATH}/..; pwd) DEPLOY_PATH=$WORKSPACE/deploy # VM configurations @@ -64,7 +65,7 @@ PARAS_IMAGE=${PARAS_FROM_DEPLOY#* * * } # qcow2 image modifier location CREATE_QCOW2_PATH=$WORKSPACE/tools # temp storage for qcow2 image modifier -IMWORKDIR=${IMWORKDIR:-/tmp/workdir/daisy} +IMWORKDIR=${IMWORKDIR:-$WORKSPACE/img} # set extra ssh paramters SSH_PARAS="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" |