aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2022-04-26 14:38:43 -0400
committerChris Evich <cevich@redhat.com>2022-04-27 12:13:54 -0400
commit9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab (patch)
treeed32277d4c8c78fbf0f51283f71801508fea8c11
parentd4e30b33a167dd02ba097aa4dfd1e7a4c1776a0a (diff)
downloadpodman-9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab.tar.gz
podman-9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab.tar.bz2
podman-9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab.zip
Cirrus: Fix ownership of repos. to keep git happy
Newer versions of git are much more pedantic about who owns the repository files. When setting up to run rootless, prior to this commit, the repo. ownership was changed from root. This causes all subsequent git-operations as root to fail: ``` fatal: unsafe repository ('<$GOSRC>' is owned by someone else) ``` Fix this by re-ordering operations, such that the change in ownership is done immediately before executing as a user. Also disable the git-ownership check on the source repository assuming the CI environment is disposable. Signed-off-by: Chris Evich <cevich@redhat.com>
-rw-r--r--contrib/cirrus/lib.sh4
-rwxr-xr-xcontrib/cirrus/runner.sh7
-rwxr-xr-xcontrib/cirrus/setup_environment.sh5
3 files changed, 12 insertions, 4 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 583f85fc1..0f02c166f 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -169,10 +169,6 @@ setup_rootless() {
groupadd -g $rootless_gid $ROOTLESS_USER
useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
- # We also set up rootless user for image-scp tests (running as root)
- if [[ $PRIV_NAME = "rootless" ]]; then
- chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
- fi
echo "$ROOTLESS_USER ALL=(root) NOPASSWD: ALL" > /etc/sudoers.d/ci-rootless
mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh"
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index 832339d07..101270703 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -449,6 +449,13 @@ if [[ "$PRIV_NAME" == "rootless" ]] && [[ "$UID" -eq 0 ]]; then
# https://github.com/containers/podman/issues/10857
rm -rf /var/lib/cni
+ # This must be done at the last second, otherwise `make` calls
+ # in setup_environment (as root) will balk about ownership.
+ msg "Recursively chowning \$GOPATH and \$GOSRC to $ROOTLESS_USER"
+ if [[ $PRIV_NAME = "rootless" ]]; then
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+ fi
+
req_env_vars ROOTLESS_USER
msg "Re-executing runner through ssh as user '$ROOTLESS_USER'"
msg "************************************************************"
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index cf53dfcc8..e3eb46783 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -42,6 +42,8 @@ cp hack/podman-registry /bin
_gc='git config --file /root/.gitconfig'
$_gc user.email "TMcTestFace@example.com"
$_gc user.name "Testy McTestface"
+# Bypass git safety/security checks when operating in a throwaway environment
+git config --system --add safe.directory $GOSRC
# Ensure that all lower-level contexts and child-processes have
# ready access to higher level orchestration (e.g Cirrus-CI)
@@ -304,6 +306,9 @@ case "$TEST_FLAVOR" in
# Guarantee the docker daemon can't be started, even by accident
rm -vf $(type -P dockerd)
+ msg "Recursively chowning source to $ROOTLESS_USER"
+ chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
+
msg "Obtaining necessary gitlab-runner testing bits"
slug="gitlab.com/gitlab-org/gitlab-runner"
helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh"