Mirror rust setup script for security

Kaggle / docker-rcran

A dockerfile to install all of CRAN

Apache License 2.0

19 stars 15 forks source link

Mirror rust setup script for security #61

Closed mirhagk closed 2 years ago

mirhagk commented 2 years ago

Change curl | sh to instead sh a mirrored version of the file.

No need to trust https://sh.rustup.sh with build-time shell access.

http://b/238367731

rosbo commented 2 years ago

Thank you!

rosbo commented 2 years ago

/gcbrun

rosbo commented 2 years ago

@mirhagk Failed with:

Step #0 - "build": ADD failed: file not found in build context or excluded by .dockerignore: stat rustup.sh: file does not exist
Step #0 - "build": Step 3/9 : ADD rustup.sh rustup.sh

You have a typo in the file you added to the repo. It is named rushup.sh instead of rustup.sh.

mirhagk commented 2 years ago

Ah sorry, I did a couple things after checking that it built, should've caught this. I'll fix

mirhagk commented 2 years ago

/gcbrun