Page MenuHomeFreeBSD

Cirrus-CI: let build user run git
ClosedPublic

Authored by brooks on Dec 5 2023, 1:41 AM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 2 2024, 12:43 AM
Unknown Object (File)
Jan 10 2024, 11:06 PM
Unknown Object (File)
Jan 7 2024, 12:20 AM
Unknown Object (File)
Dec 23 2023, 6:03 AM
Unknown Object (File)
Dec 5 2023, 8:02 PM

Details

Summary

The git checkout it owned by root, but builds are run as "user". git
refuses to operating in such an environment unless the directory is
trusted.

Fixes CI after 99b8c0c35b0fcc633649209621243d678a13542a.

Sponsored by: DARPA

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks requested review of this revision.Dec 5 2023, 1:41 AM

This commit message is a lie in that it only exposes the next problem https://cirrus-ci.com/task/5157804504252416?logs=package#L4435

Maybe worth a comment -- we're collecting quite a bit of magic lore in here.

This revision is now accepted and ready to land.Dec 5 2023, 4:23 AM

https://cirrus-ci.com/task/5157804504252416?logs=setup#L15 states that pkg version is 1.20.8, so @override_prefix is not yet available (starting on 1.20.9):

  • Upgrade pkg first (this step can be reverted next quarter):
xxx_upgrade_pkg_script:
- fetch http://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/pkg-1.20.9.pkg
- pkg install -y ./pkg-1.20.9.pkg
- rm -f pkg-1.20.9.pkg
  • Use -m in pw useradd, so it creates the /home/user directory with the proper permissions (saves a few steps)
  • chown -R user:user $CIRRUS_WORKING_DIR else it's owned by root (however, make sysent will fail unless it is run as user, and check-ldirs, and makeman so those should be wrapped in su user -c as well?)
.cirrus.yml
83

Creates the /home/user directory with the right ownership.

87
This revision now requires review to proceed.Dec 5 2023, 6:01 PM

I've chosen to retain the git config change and not do chown of the source tree (only one of them is required). IMO it's useful to test with a read-only tree to since any such write is a bug in the normal build process.

I've also created D42903 with the pkg fix to make it more revertible and plan to commit it with Author: Jose Luis Duran <jlduran@gmail.com>

I've chosen to retain the git config change and not do chown of the source tree (only one of them is required). IMO it's useful to test with a read-only tree to since any such write is a bug in the normal build process.

Yes!

I've also created D42903 with the pkg fix to make it more revertible and plan to commit it with Author: Jose Luis Duran <jlduran@gmail.com>

Don't worry much about my name/authorship... Thank you!

This revision was not accepted when it landed; it landed in state Needs Review.Dec 5 2023, 7:05 PM
This revision was automatically updated to reflect the committed changes.