aboutsummaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2019-09-21 06:31:33 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2019-09-21 06:31:33 -0700
commitd1d44edaafb652ae97759e39163202e8c725abc0 (patch)
tree94c36a67bd384fb93336dd82679fd7dff651bdb1 /bin
parentAdd missing then. (diff)
downloadpackages-5-d1d44edaafb652ae97759e39163202e8c725abc0.tar.gz
packages-5-d1d44edaafb652ae97759e39163202e8c725abc0.tar.bz2
packages-5-d1d44edaafb652ae97759e39163202e8c725abc0.zip
bin/update-all: handle non-docker dev environmentv7.0.1
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Diffstat (limited to 'bin')
-rwxr-xr-xbin/update-all.sh11
1 files changed, 10 insertions, 1 deletions
diff --git a/bin/update-all.sh b/bin/update-all.sh
index 920f1f3..2c1781f 100755
--- a/bin/update-all.sh
+++ b/bin/update-all.sh
@@ -1,9 +1,18 @@
#!/bin/bash
-if [[ ${1} != "production" ]]; then
+# This script runs as the gpackages user normally!
+
+# Outside of a docker environment, it cannot call emerge --sync because that
+# requires the 'portage' group, and opens up attacks to escalate from gpackages
+# to portage-owned files. However, in a Docker environment, the other files
+# from Portage are NOT available unless --sync IS used.
+
+# Stuff that we have to do inside Docker:
+if grep -qa docker /proc/1/cgroups && [[ ${1} != "production" ]]; then
emerge --sync
fi
+# This is the copy of the tree used to run gpackages against.
if [[ ! -d /mnt/packages-tree/gentoo/ ]]; then
cd /mnt/packages-tree || exit 1
git clone https://anongit.gentoo.org/git/repo/gentoo.git