1
0
mirror of https://github.com/tommytran732/Fedora-CoreOS-Ignition synced 2024-11-22 17:21:34 -05:00

Fix gVisor Updater

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-02-07 10:37:36 -07:00
parent 4bad3e63a0
commit 461e4bca05
Signed by: Tomster
GPG Key ID: 555C902A34EC968F
2 changed files with 22 additions and 3 deletions

View File

@ -221,7 +221,12 @@
"name": "setsebool.service" "name": "setsebool.service"
}, },
{ {
"contents": "[Unit]\nDescription=gVisor Update\nRequires=network-online.target\nBefore=docker.service\n\n[Service]\nWorkingDirectory=/var/home/unpriv\nType=oneshot\nExecStart=/usr/bin/sleep 5\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc.sha512\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1.sha512\nExecStart=/usr/bin/sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512\nExecStart=/usr/bin/rm -f runsc.sha512 containerd-shim-runsc-v1.sha512\nExecStart=/usr/bin/chown root:root runsc containerd-shim-runsc-v1\nExecStart=/usr/bin/chmod a+rx runsc containerd-shim-runsc-v1\nExecStart=/usr/bin/mv runsc containerd-shim-runsc-v1 /var/usrlocal/bin\nExecStart=/usr/bin/chcon system_u:object_r:container_runtime_exec_t:s0 /var/usrlocal/bin/runsc\n\n[Install]\nWantedBy=multi-user.target\n", "contents": "[Unit]\nDescription=gVisor Download\nRequires=network-online.target\nBefore=docker.service\n\n[Service]\nUser=unpriv\nWorkingDirectory=/var/home/unpriv\nType=oneshot\nExecStart=/usr/bin/sleep 5\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc.sha512\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1\nExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1.sha512\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "gvisor-download.service"
},
{
"contents": "[Unit]\nDescription=Copy gVisor to the correct location\nAfter=gvisor-download.service\n\n[Service]\nWorkingDirectory=/var/home/unpriv\nType=oneshot\nExecStart=/usr/bin/sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512\nExecStart=/usr/bin/rm -f runsc.sha512 containerd-shim-runsc-v1.sha512\nExecStart=/usr/bin/chown root:root runsc containerd-shim-runsc-v1\nExecStart=/usr/bin/chmod a+rx runsc containerd-shim-runsc-v1\nExecStart=/usr/bin/mv runsc containerd-shim-runsc-v1 /var/usrlocal/bin\nExecStart=/usr/bin/chcon system_u:object_r:container_runtime_exec_t:s0 /var/usrlocal/bin/runsc\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true, "enabled": true,
"name": "gvisor-updater.service" "name": "gvisor-updater.service"
}, },

View File

@ -85,15 +85,16 @@ systemd:
RemainAfterExit=yes RemainAfterExit=yes
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
- name: gvisor-updater.service - name: gvisor-download.service
enabled: true enabled: true
contents: | contents: |
[Unit] [Unit]
Description=gVisor Update Description=gVisor Download
Requires=network-online.target Requires=network-online.target
Before=docker.service Before=docker.service
[Service] [Service]
User=unpriv
WorkingDirectory=/var/home/unpriv WorkingDirectory=/var/home/unpriv
Type=oneshot Type=oneshot
ExecStart=/usr/bin/sleep 5 ExecStart=/usr/bin/sleep 5
@ -101,6 +102,19 @@ systemd:
ExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc.sha512 ExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/runsc.sha512
ExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1 ExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1
ExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1.sha512 ExecStart=/usr/bin/sudo -u unpriv /usr/bin/curl -O https://storage.googleapis.com/gvisor/releases/release/latest/x86_64/containerd-shim-runsc-v1.sha512
[Install]
WantedBy=multi-user.target
- name: gvisor-updater.service
enabled: true
contents: |
[Unit]
Description=Copy gVisor to the correct location
After=gvisor-download.service
[Service]
WorkingDirectory=/var/home/unpriv
Type=oneshot
ExecStart=/usr/bin/sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512 ExecStart=/usr/bin/sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512
ExecStart=/usr/bin/rm -f runsc.sha512 containerd-shim-runsc-v1.sha512 ExecStart=/usr/bin/rm -f runsc.sha512 containerd-shim-runsc-v1.sha512
ExecStart=/usr/bin/chown root:root runsc containerd-shim-runsc-v1 ExecStart=/usr/bin/chown root:root runsc containerd-shim-runsc-v1