* [igt-dev] [PATCH i-g-t] gitlab-ci: Run ninja test as non-root
@ 2019-02-12 16:58 Arkadiusz Hiler via igt-dev
2019-02-12 17:01 ` arkadiusz.hiler--- via igt-dev
0 siblings, 1 reply; 2+ messages in thread
From: Arkadiusz Hiler via igt-dev @ 2019-02-12 16:58 UTC (permalink / raw)
To: igt-dev; +Cc: Petri Latvala, Daniel Vetter
igt_command_line.sh now fails if it is run as root, which breaks 'ninja
test' in GitLab's CI with our current setup.
There's no convenient means of switching users yet:
- USER in Dockerfile file won't do it, we would lack permissions for the src
- each line of script is execute separately, so no `setuid()`
- no facilities for juggling users in the gitlab-runner itself
So will just `useradd && chmod && su -c "ninja test"` in the testing
steps. At least for now.
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Petri Latvala <petri.latvala@intel.com>
Signed-off-by: Arkadiusz Hiler <arkadiusz.hiler@intel.com>
---
.gitlab-ci.yml | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4bd4130f..08e8e6cc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -86,7 +86,10 @@ test:ninja-test:
dependencies:
- build:tests-fedora
stage: test
- script: ninja -C build test
+ script:
+ - useradd igt
+ - chown -R igt:igt build
+ - su igt -c "ninja -C build test"
test:ninja-test-arm64:
image: $CI_REGISTRY/$CI_PROJECT_PATH/igt-debian-arm64:latest
@@ -96,7 +99,9 @@ test:ninja-test-arm64:
script:
- export PKG_CONFIG_PATH=/usr/lib/aarch64-linux-gnu/pkgconfig/
- env > build/envdump.txt
- - ninja -C build test
+ - useradd igt
+ - chown -R igt:igt build
+ - su igt -c "ninja -C build test"
artifacts:
paths:
- build
--
2.20.1
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [igt-dev] [PATCH i-g-t] gitlab-ci: Run ninja test as non-root
2019-02-12 16:58 [igt-dev] [PATCH i-g-t] gitlab-ci: Run ninja test as non-root Arkadiusz Hiler via igt-dev
@ 2019-02-12 17:01 ` arkadiusz.hiler--- via igt-dev
0 siblings, 0 replies; 2+ messages in thread
From: arkadiusz.hiler--- via igt-dev @ 2019-02-12 17:01 UTC (permalink / raw)
To: igt-dev, Petri Latvala
On Tue, Feb 12, 2019 at 06:58:35PM +0200, Arkadiusz Hiler via igt-dev wrote:
> igt_command_line.sh now fails if it is run as root, which breaks 'ninja
> test' in GitLab's CI with our current setup.
>
> There's no convenient means of switching users yet:
> - USER in Dockerfile file won't do it, we would lack permissions for the src
> - each line of script is execute separately, so no `setuid()`
> - no facilities for juggling users in the gitlab-runner itself
>
> So will just `useradd && chmod && su -c "ninja test"` in the testing
> steps. At least for now.
>
> Cc: Daniel Vetter <daniel@ffwll.ch>
> Cc: Petri Latvala <petri.latvala@intel.com>
> Signed-off-by: Arkadiusz Hiler <arkadiusz.hiler@intel.com>
Tested in my fork:
https://gitlab.freedesktop.org/ivyl/igt/pipelines/18748
I'll cancel i915 CI's run over this, no need to waste machine time.
--
Cheers,
Arek
_______________________________________________
igt-dev mailing list
igt-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/igt-dev
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-12 17:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-02-12 16:58 [igt-dev] [PATCH i-g-t] gitlab-ci: Run ninja test as non-root Arkadiusz Hiler via igt-dev
2019-02-12 17:01 ` arkadiusz.hiler--- via igt-dev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox