From 7f689a638e6510e95467f2522b9209711b0ac40c Mon Sep 17 00:00:00 2001 From: Tracey Jaquith Date: Wed, 6 Nov 2024 16:57:49 -0800 Subject: [PATCH] avoid HTTPS_PROXY env vars "leaking" in --- Dockerfile | 4 ---- install.sh | 10 ++++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1eba0f0..79e896f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,10 +19,6 @@ ENV HOST_UNAME Linux ENV HIND_N "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk=" ENV HIND_C "VEhJUy1HRVRTLVJFUExBQ0VELUlULURPRVMtUklMTFk=" -# avoid later issues inside the `hind` container if the `install.sh` was run with these set -ENV HTTPS_PROXY "" -ENV HTTP_PROXY "" - ENV DEBIAN_FRONTEND noninteractive ENV TZ Etc/UTC ENV TERM xterm diff --git a/install.sh b/install.sh index 8a16ad0..ea91c76 100755 --- a/install.sh +++ b/install.sh @@ -42,9 +42,11 @@ if [ $HOST_UNAME = Darwin ]; then ARGS_RUN="$ARGS_SEC $ARGS_RUN -p 8000:80 -p 4000:443" else PV=/pv - ARGS_NET="--net=host --cgroupns=host" - ARGS_INIT="$ARGS_NET" - ARGS_RUN="$ARGS_NET $ARGS_RUN" + # Use host characteristics + # Avoid HTTP(S)_PROXY vars automatically "leaking" in to built or run container image + ARGS_MISC="--net=host --cgroupns=host --http-proxy=false" + ARGS_INIT="$ARGS_MISC" + ARGS_RUN="$ARGS_MISC $ARGS_RUN" fi @@ -74,7 +76,7 @@ fi mkdir -p -m777 /opt/nomad/data/alloc podman pull $QUIET $IMG > $OUT - podman run --privileged $ARGS_INIT $ARGS_SOCK -e FQDN -e HOST_UNAME -e HTTPS_PROXY='' -e HTTP_PROXY='' --name hind-init $QUIET "$@" $IMG + podman run --privileged $ARGS_INIT $ARGS_SOCK -e FQDN -e HOST_UNAME --name hind-init $QUIET "$@" $IMG podman commit $QUIET hind-init localhost/hind > $OUT 2>&1 podman rm -v hind-init > $OUT 2>&1 )