search

ostreedev / ostree-rs-ext

Rust library with higher level APIs on top of the core ostree API
Apache License 2.0
74 stars 24 forks source link

http_proxy et al no longer passed to skopeo #582

Closed srd424 closed 7 months ago

srd424 commented 8 months ago

566 added --reset-env to the setpriv call that invokes skopeo, which means information about proxies is no longer passed through.

As a totally horrible hack, putting this in /usr/local/bin/skopeo works:

#! /bin/bash

if [ $(systemctl whoami) = "rpm-ostreed.service" ]; then
    export http_proxy=http://nuc-cache-ostree.lan:3128
    export https_proxy=http://nuc-cache-ostree.lan:3128
fi

/usr/bin/skopeo "$@"

setpriv doesn't seem to support to whitelist env vars - perhaps they could be extracted from the environment before calling it, then passed to env?

cgwalters commented 7 months ago

Urgh yes...messy. Hmmm...now I'm a bit confused since the commit message there says

Otherwise in some cases the containers/image stack can try to look at things like $HOME which might be set to /root if we're running outside of systemd,

Yet, early on in this function we just return if we're not running in systemd, so we shouldn't in theory hit this code path in the conditions I described...