add --no-same-permissions opt to tar and disable seccomp

travelping · Aug 1, 2024 · a575cae · a575cae
1 parent e6dc5ab
commit a575cae
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml
@@ -89,6 +89,9 @@ jobs:
           # building Erlang/OTP 25.0 for arm64 on QEMU  user emulation is broken,
           # see https://erlangforums.com/t/otp-25-0-rc3-release-candidate-3-is-released/1317/24
           # platforms: linux/amd64,linux/arm64
+          extra-args: |
+            --security-opt seccomp=unconfined
+          oci: true
           containerfiles: |
             ./Containerfile
       -

diff --git a/Containerfile b/Containerfile
@@ -41,7 +41,7 @@ RUN set -xe \
 		quilt \
 	&& export ERL_TOP="/usr/src/otp_src_${OTP_VERSION%%@*}" \
 	&& mkdir -vp $ERL_TOP \
-	&& tar -xzf otp-src.tar.gz -C $ERL_TOP --strip-components=1 --no-same-owner \
+	&& tar -xzf otp-src.tar.gz -C $ERL_TOP --strip-components=1 --no-same-owner --no-same-permissions \
 	&& rm otp-src.tar.gz \
 	&& ( cd $ERL_TOP \
 	  && if [ -f /patches/$OTP_VERSION/series ]; then QUILT_PATCHES=/patches/$OTP_VERSION quilt push -a ; fi \
@@ -67,7 +67,7 @@ RUN set -xe \
 	&& curl -fSL -o rebar3-src.tar.gz "$REBAR3_DOWNLOAD_URL" \
 	&& echo "${REBAR3_DOWNLOAD_SHA256}  rebar3-src.tar.gz" | sha256sum -c - \
 	&& mkdir -p /usr/src/rebar3-src \
-	&& tar -xzf rebar3-src.tar.gz -C /usr/src/rebar3-src --strip-components=1 --no-same-owner \
+	&& tar -xzf rebar3-src.tar.gz -C /usr/src/rebar3-src --strip-components=1 --no-same-owner --no-same-permissions \
 	&& rm rebar3-src.tar.gz \
 	&& cd /usr/src/rebar3-src \
 	&& HOME=$PWD ./bootstrap \