-
|
Hi, While working on issue #6935 to add support, I encountered an unexpected behavior in the dietpi-builder process. It appears that during the build process, the script is reaching out to the GitHub repository to execute several scripts rather than utilizing the local versions already present in the repository. This was discovered when my modifications to the dietpi-installer were not being executed as expected. After some debugging I noticed the external CURL calls . Specifically these remote curl calls listed below.
Ideally, there should be no need to access the original GitHub repository during the build when these scripts are available in the local working directory. This approach not only raises security concerns but also hinders local development and testing. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Indeed, the topic came up elsewhere already. Originally, I wrote these scripts for our GitHub workflows, which execute it just via It is on my list to make it aware of being executed from a local repo/archive and execute the other local versions then. Feel free to open a PR for this, as I am currently busy with an own APT repo. My idea was a simple approach to check for the other scripts in the same dir as the |
Beta Was this translation helpful? Give feedback.
Indeed, the topic came up elsewhere already. Originally, I wrote these scripts for our GitHub workflows, which execute it just via
bash -c "$(curl ...)", without cloning the repo.It is on my list to make it aware of being executed from a local repo/archive and execute the other local versions then. Feel free to open a PR for this, as I am currently busy with an own APT repo. My idea was a simple approach to check for the other scripts in the same dir as the
$0script path. Same could be done fordietpi-globalsif it is no DietPi host system, but the relative path is more conplex then.