babbarc/workspaces
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(buildah): reorganize commands and set immutable bit only on files

Browse Source
This commit is contained in:
yeti 2025-04-17 16:54:06 +01:00
parent 28f4229768
commit 954cee98db
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
build-workspace.sh
View File

@ -17,8 +17,7 @@ buildah run "$ctr" -- bash -c "\
useradd -ms /bin/zsh $DEV_USER && \
useradd --system --no-create-home --shell /usr/sbin/nologin viewer && \
usermod -aG $DEV_USER viewer && mkdir -p /tmp/tmux-shared && \
chmod 750 /tmp/tmux-shared && \
mkdir -p $DEV_HOME/.gnupg && chmod 700 $DEV_HOME/.gnupg
mkdir -p $DEV_HOME/.gnupg
"
# copy start script
buildah copy "$ctr" start.sh /start.sh
@ -34,9 +33,13 @@ buildah copy "$ctr" local $DEV_HOME/.local
# zsh and tmux config (immutable)
buildah run "$ctr" -- bash -c "
find $DEV_HOME -type f -exec chmod 400 {} + && \
find $DEV_HOME -type d -exec chmod 500 {} + && \
chmod -R 500 $SECURE && \
chmod +x /start.sh
find $DEV_HOME -type f -exec chattr +i {} + && \
find $DEV_HOME -type d -exec chmod 700 {} + && \
chmod 750 /tmp/tmux-shared && chmod -R 500 $SECURE && \
chmod +x /start.sh && \
chown -R $DEV_USER:$DEV_USER $DEV_HOME && \
chattr -R +x $DEV_HOME && chattr +x /tmp/tmux-shared && \
chown -R $DEV_USER:$DEV_USER /tmp/tmux-shared
"
buildah config \