diff options
author | Justin Worthe <justin@jemstep.com> | 2020-03-03 15:18:25 +0200 |
---|---|---|
committer | Justin Worthe <justin@jemstep.com> | 2020-03-03 15:18:25 +0200 |
commit | 126f5dc06e6ebe8f5eb267cc67f6916c610ab554 (patch) | |
tree | 67dae2673528cca86a831a555efff5ec65ce2583 | |
parent | 35a105bdacae6483098966e21f5015470d647576 (diff) |
Added additional info on the firejail sandbox in the readme
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | github/readme.org | 7 |
2 files changed, 8 insertions, 3 deletions
@@ -4,4 +4,6 @@ # These are backup files generated by rustfmt **/*.rs.bk -/github/capn-pre-receive.tar.gz + +# Pre-receive sandbox environment generated from script +capn-pre-receive.tar.gz diff --git a/github/readme.org b/github/readme.org index b2e0699..4f7375c 100644 --- a/github/readme.org +++ b/github/readme.org @@ -7,18 +7,21 @@ server-side pre-receive hooks. 2. The hook must run within a sandboxed environment, which only lives for the duration of the hook running. The default does not work for Captain Git Hook because it does not include dirmngr. +3. GitHub runs the hook in Firejail, which may impose additional + limitations. The one that I ran into is that gpg could not + communicate with dirmngr over a socket. A suitable sandbox is specified in [[./Dockerfile]]. You can build this Dockerfile into an appropriate tarball for upload to GitHub using the script [[./create-github-pre-receive-environment.sh]]. #+BEGIN_SRC sh - # run this in the same directory as this readme + # we're running the script in the same directory as this readme, but you can run it from anywhere cd github # this produces capn-pre-receive.tar.gz ./create-github-pre-receive-environment.sh - + # you can now upload the tarball to GitHub #+END_SRC |