Update README.md
Add note about security.
This commit is contained in:
parent
6324df6f9b
commit
d7f5eb1fe5
1 changed files with 12 additions and 0 deletions
12
README.md
12
README.md
|
@ -17,6 +17,18 @@ define hooks that are run when the package is installed.
|
||||||
|
|
||||||
# Things to know before using the helper
|
# Things to know before using the helper
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
Apparently `makechrootpkg` (provided by `devtools` pkg and used by this script)
|
||||||
|
sources PKGBUILD files directly, meaning that if a malicious PKGBUILD is
|
||||||
|
attempted to be built, it may cause an RCE kind of exploit with the current
|
||||||
|
user. Thus, it is recommended to run this script in a container (like Docker or
|
||||||
|
LXC) so that even if a malicious PKGBUILD is sourced, it will only affect the
|
||||||
|
container. Though if you do set up a container, you may have to set up a
|
||||||
|
directory mount to access the built packages.
|
||||||
|
|
||||||
|
## Soft-lock due to multiple possible dependencies
|
||||||
|
|
||||||
Sometimes if a package prompts a user to select between alternate package
|
Sometimes if a package prompts a user to select between alternate package
|
||||||
dependencies, makechrootpkg will fail to select one by default (it will
|
dependencies, makechrootpkg will fail to select one by default (it will
|
||||||
constantly output "y" to stdin when a selection requires an integer). This
|
constantly output "y" to stdin when a selection requires an integer). This
|
||||||
|
|
Loading…
Reference in a new issue