diff options
author | Chris Evich <cevich@redhat.com> | 2019-02-25 11:06:29 -0500 |
---|---|---|
committer | Chris Evich <cevich@redhat.com> | 2019-03-01 12:12:46 -0500 |
commit | 0666d25b4fa0477b62bc1d9b823793c830e8053a (patch) | |
tree | 4e137ff0809822e12eb768f9c1eced824a3fd4bb /docs/podman-image-trust.1.md | |
parent | 0bf06b9e3b2af08c4cb2f4d6f6d598671f326051 (diff) | |
download | podman-0666d25b4fa0477b62bc1d9b823793c830e8053a.tar.gz podman-0666d25b4fa0477b62bc1d9b823793c830e8053a.tar.bz2 podman-0666d25b4fa0477b62bc1d9b823793c830e8053a.zip |
get_ci_vm.sh: Fix conflicting homedir files
Previously, the script would bind mount the user's home directory into
the container in order to execute gcloud commands. This was done
to preserve the `.config/gcloud` directory and new ssh keys in `.ssh`.
However, it's possible the user has modified `.bash*` or `.ssh/config`
files which do not play nicely with gcloud and/or the container.
Fix this by mounting the existing temporary directory on the host, as
the user's home directory. Then bind mount in a dedicated `gcloud/ssh`
sub-directory, and the libpod repo directory on top. Pre-create the
necessary mount-points as the user, so later removal does not require
root on the host.
The gcloud tool takes minutes to setup/manage its ssh-keys, so preserving
that work between runs is a necessary optimization. Similarly, saving the
`.gcloud` directory prevents repeatedly going through the lengthy
client-auth process.
Overall, these changes make the container environment much more selective
with the host-side data it has access to use/modify. Preventing unrelated
details from getting in the way, and preserving only the bare-minimum of
details on the host, between runs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Diffstat (limited to 'docs/podman-image-trust.1.md')
0 files changed, 0 insertions, 0 deletions