diff options
author | Chris Evich <cevich@redhat.com> | 2022-04-26 14:38:43 -0400 |
---|---|---|
committer | Chris Evich <cevich@redhat.com> | 2022-04-27 12:13:54 -0400 |
commit | 9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab (patch) | |
tree | ed32277d4c8c78fbf0f51283f71801508fea8c11 | |
parent | d4e30b33a167dd02ba097aa4dfd1e7a4c1776a0a (diff) | |
download | podman-9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab.tar.gz podman-9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab.tar.bz2 podman-9c0c29f0861fea4ac3c76e6c1314e2b44582f3ab.zip |
Cirrus: Fix ownership of repos. to keep git happy
Newer versions of git are much more pedantic about who owns the
repository files. When setting up to run rootless, prior to this
commit, the repo. ownership was changed from root. This causes
all subsequent git-operations as root to fail:
```
fatal: unsafe repository ('<$GOSRC>' is owned by someone else)
```
Fix this by re-ordering operations, such that the change in ownership is
done immediately before executing as a user. Also disable the
git-ownership check on the source repository assuming the CI environment
is disposable.
Signed-off-by: Chris Evich <cevich@redhat.com>
-rw-r--r-- | contrib/cirrus/lib.sh | 4 | ||||
-rwxr-xr-x | contrib/cirrus/runner.sh | 7 | ||||
-rwxr-xr-x | contrib/cirrus/setup_environment.sh | 5 |
3 files changed, 12 insertions, 4 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 583f85fc1..0f02c166f 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -169,10 +169,6 @@ setup_rootless() { groupadd -g $rootless_gid $ROOTLESS_USER useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER - # We also set up rootless user for image-scp tests (running as root) - if [[ $PRIV_NAME = "rootless" ]]; then - chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" - fi echo "$ROOTLESS_USER ALL=(root) NOPASSWD: ALL" > /etc/sudoers.d/ci-rootless mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh" diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index 832339d07..101270703 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -449,6 +449,13 @@ if [[ "$PRIV_NAME" == "rootless" ]] && [[ "$UID" -eq 0 ]]; then # https://github.com/containers/podman/issues/10857 rm -rf /var/lib/cni + # This must be done at the last second, otherwise `make` calls + # in setup_environment (as root) will balk about ownership. + msg "Recursively chowning \$GOPATH and \$GOSRC to $ROOTLESS_USER" + if [[ $PRIV_NAME = "rootless" ]]; then + chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" + fi + req_env_vars ROOTLESS_USER msg "Re-executing runner through ssh as user '$ROOTLESS_USER'" msg "************************************************************" diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index cf53dfcc8..e3eb46783 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -42,6 +42,8 @@ cp hack/podman-registry /bin _gc='git config --file /root/.gitconfig' $_gc user.email "TMcTestFace@example.com" $_gc user.name "Testy McTestface" +# Bypass git safety/security checks when operating in a throwaway environment +git config --system --add safe.directory $GOSRC # Ensure that all lower-level contexts and child-processes have # ready access to higher level orchestration (e.g Cirrus-CI) @@ -304,6 +306,9 @@ case "$TEST_FLAVOR" in # Guarantee the docker daemon can't be started, even by accident rm -vf $(type -P dockerd) + msg "Recursively chowning source to $ROOTLESS_USER" + chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC" + msg "Obtaining necessary gitlab-runner testing bits" slug="gitlab.com/gitlab-org/gitlab-runner" helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh" |