[PATCH 09/10] ci: Run $(CI_PREPARE_SCRIPT) as root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In order for the prepare script to be really useful, it needs
to be able to perform privileged operations such as installing
additional packages or setting up custom mount points.

In order to achieve that, we now run the container as root,
run the prepare script with full privilege, and only then
switch to the unprivileged account with sudo.

Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
 ci/Makefile   | 19 +++++++++++--------
 ci/prepare.sh |  4 ++++
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/ci/Makefile b/ci/Makefile
index 17d85d407f..86a07049ac 100644
--- a/ci/Makefile
+++ b/ci/Makefile
@@ -174,7 +174,6 @@ CI_GIT_ARGS = \
 #   --tty     Ensure we have ability to Ctrl-C the build
 CI_ENGINE_ARGS = \
 	--rm \
-	--user $(CI_UID):$(CI_GID) \
 	--interactive \
 	--tty \
 	$(CI_PODMAN_ARGS) \
@@ -215,13 +214,17 @@ ci-run-command@%: ci-prepare-tree
 	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
 		/bin/bash -c ' \
 		$(CI_USER_HOME)/prepare || exit 1; \
-		export CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)"; \
-		export CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)"; \
-		export CI_SMP="$(CI_SMP)"; \
-		export CI_CONFIGURE="$(CI_CONFIGURE)"; \
-		export CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)"; \
-		export CI_MAKE_ARGS="$(CI_MAKE_ARGS)"; \
-		$(CI_COMMAND) || exit 1'
+		sudo \
+		  --login \
+		  --user="#$(CI_UID)" \
+		  --group="#$(CI_GID)" \
+		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
+		  CI_SMP="$(CI_SMP)" \
+		  CI_CONFIGURE="$(CI_CONFIGURE)" \
+		  CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)" \
+		  CI_MAKE_ARGS="$(CI_MAKE_ARGS)" \
+		  $(CI_COMMAND) || exit 1'
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
 
 ci-shell@%:
diff --git a/ci/prepare.sh b/ci/prepare.sh
index f70107bd62..da6fc9a1b5 100644
--- a/ci/prepare.sh
+++ b/ci/prepare.sh
@@ -7,3 +7,7 @@
 #  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
 #
 # to make.
+#
+# Note that this script will have root privileges inside the
+# container, so it can be used for things like installing additional
+# packages.
-- 
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux