Skip to content

Commit

Permalink
avoid HTTPS_PROXY env vars "leaking" in
Browse files Browse the repository at this point in the history
  • Loading branch information
@traceypooh
traceypooh committed Nov 7, 2024
1 parent 924f079 commit 7f689a6
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 8 deletions.
4 changes: 0 additions & 4 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@ ENV HOST_UNAME Linux
ENV HIND_N "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk="
ENV HIND_C "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk="

# avoid later issues inside the `hind` container if the `install.sh` was run with these set
ENV HTTPS_PROXY ""
ENV HTTP_PROXY ""

ENV DEBIAN_FRONTEND noninteractive
ENV TZ Etc/UTC
ENV TERM xterm
Expand Down
10 changes: 6 additions & 4 deletions install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,11 @@ if [ $HOST_UNAME = Darwin ]; then
ARGS_RUN="$ARGS_SEC $ARGS_RUN -p 8000:80 -p 4000:443"
else
PV=/pv
ARGS_NET="--net=host --cgroupns=host"
ARGS_INIT="$ARGS_NET"
ARGS_RUN="$ARGS_NET $ARGS_RUN"
# Use host characteristics
# Avoid HTTP(S)_PROXY vars automatically "leaking" in to built or run container image
ARGS_MISC="--net=host --cgroupns=host --http-proxy=false"
ARGS_INIT="$ARGS_MISC"
ARGS_RUN="$ARGS_MISC $ARGS_RUN"
fi


Expand Down Expand Up @@ -74,7 +76,7 @@ fi
mkdir -p -m777 /opt/nomad/data/alloc

podman pull $QUIET $IMG > $OUT
podman run --privileged $ARGS_INIT $ARGS_SOCK -e FQDN -e HOST_UNAME -e HTTPS_PROXY='' -e HTTP_PROXY='' --name hind-init $QUIET "$@" $IMG
podman run --privileged $ARGS_INIT $ARGS_SOCK -e FQDN -e HOST_UNAME --name hind-init $QUIET "$@" $IMG
podman commit $QUIET hind-init localhost/hind > $OUT 2>&1
podman rm -v hind-init > $OUT 2>&1
)
Expand Down

0 comments on commit 7f689a6

Please sign in to comment.