Filter environment exposed to template build scripts

Do not expose host envionment there. This, among other things, fixes some packages that create/modify /home/user ($HOME) in post-installation script...
2017-06-14 10:51:03 +02:00 · 2017-06-14 10:51:03 +02:00 · a97fe13c1b
commit a97fe13c1b
parent bb836e5d46
1 changed files with 12 additions and 2 deletions
--- a/14
+++ b/14
@ -3,6 +3,7 @@ $(error "You must set DIST variable, e.g. DIST=fc14")
 endif
 export DIST

+TEMPLATE_ENV_WHITELIST ?=
 TEMPLATE_BUILDER = 1
 -include $(addsuffix /Makefile.builder,$(BUILDER_PLUGINS_DIRS))

@ -11,6 +12,13 @@ ifdef TEMPLATE_FLAVOR
 TEMPLATE_NAME := $(TEMPLATE_NAME)-$(TEMPLATE_FLAVOR)
 endif

+# expose those variables to template-building scripts
+TEMPLATE_ENV_WHITELIST += \
+	DIST DISTRIBUTION TEMPLATE_SCRIPTS TEMPLATE_NAME TEMPLATE_FLAVOR \
+	TEMPLATE_FLAVOR_DIR VERBOSE DEBUG PATH BUILDER_DIR \
+	TEMPLATE_ROOT_WITH_PARTITIONS USE_QUBES_REPO_VERSION \
+	USE_QUBES_REPO_TESTING BUILDER_TURBO_MODE REPO_PROXY
+
 # Make sure names are < 32 characters, process aliases
 fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames)
 TEMPLATE_NAME := $(word 1,$(fix_up))
@ -44,8 +52,10 @@ rootimg-build:
 ifeq (,$(TEMPLATE_SCRIPTS))
 	$(error Building template $(DIST) not supported by any of configured plugins)
 endif
-	sudo -E ./prepare_image prepared_images/$(TEMPLATE_NAME).img
-	sudo -E ./qubeize_image prepared_images/$(TEMPLATE_NAME).img $(TEMPLATE_NAME)
+	sudo env -i $(foreach var,$(TEMPLATE_ENV_WHITELIST),$(var)="$($(var))") \
+		./prepare_image prepared_images/$(TEMPLATE_NAME).img
+	sudo env -i $(foreach var,$(TEMPLATE_ENV_WHITELIST),$(var)="$($(var))") \
+		./qubeize_image prepared_images/$(TEMPLATE_NAME).img $(TEMPLATE_NAME)

 update-repo-installer:	
 	[ -z "$$UPDATE_REPO" ] && UPDATE_REPO=../installer/yum/qubes-dom0;\