maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

internal/rosa: stricter cure-script options

Browse Source 
This change also moves .cure-script out of /system/bin.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-02-28 23:29:22 +09:00
parent ef130adb27
commit 2a34a269d0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/rosa/rosa.go
View File

@@ -218,7 +218,7 @@ func fixupEnviron(env, extras []string, paths ...string) []string {
// absCureScript is the absolute pathname [Toolchain.New] places the fixed-up
// build script under.
var absCureScript = AbsSystem.Append("bin", ".cure-script")
var absCureScript = AbsSystem.Append(".cure-script")
const (
// TExclusive denotes an exclusive [pkg.Artifact].
@@ -348,7 +348,7 @@ mkdir -vp /work/system/bin
support...,
), pkg.Path(
absCureScript, false,
pkg.NewFile(".cure-script", []byte("set -e\n"+script)),
pkg.NewFile(".cure-script", []byte("set -eu -o pipefail\n"+script)),
)}, paths)...,
)
}