Do not sudo everything

README.md

@@ -60,6 +60,12 @@ sudo ln -s /snap/bin/lxc /usr/local/bin/lxc
 sudo ln -s /snap/bin/lxd /usr/local/bin/lxd
 ```
 
+NB. : you should **make sure that your user is in the `lxd` group** so that it's
+able to run `lxc` commands without sudo... You can check this with the command
+`groups` where you should see `lxd`. Otherwise, add your user to this group
+(don't forget that you may need to reload your entire graphical session for this
+to propagate (sigh))
+
 Then you shall initialize LXD which will ask you a bunch of question. Usually
 answering the default (just pressing enter) to all questions is fine.
 

build_base_lxc.sh

@@ -8,14 +8,14 @@ function rebuild_base_lxc()
     check_lxd_setup
 
     set -x
-    sudo lxc info $LXC_BASE >/dev/null && sudo lxc delete $LXC_BASE --force
-    sudo lxc launch images:debian/$DIST/$ARCH $LXC_BASE
-    sudo lxc config set $LXC_BASE security.privileged true
-    sudo lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason
-    sudo lxc restart $LXC_BASE
+    lxc info $LXC_BASE >/dev/null && lxc delete $LXC_BASE --force
+    lxc launch images:debian/$DIST/$ARCH $LXC_BASE
+    lxc config set $LXC_BASE security.privileged true
+    lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason
+    lxc restart $LXC_BASE
     sleep 5
     
-    IN_LXC="sudo lxc exec $LXC_BASE --"
+    IN_LXC="lxc exec $LXC_BASE --"
     
     INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
     $IN_LXC apt install curl -y
@@ -44,9 +44,9 @@ function rebuild_base_lxc()
 
     $IN_LXC yunohost --version
 
-    sudo lxc stop $LXC_BASE
-    sudo lxc image delete $LXC_BASE
-    sudo lxc publish $LXC_BASE --alias $LXC_BASE
+    lxc stop $LXC_BASE
+    lxc image delete $LXC_BASE
+    lxc publish $LXC_BASE --alias $LXC_BASE
     set +x
 }
 

lib/common.sh

@@ -219,7 +219,7 @@ function self_upgrade()
 # Clone in another directory
 git clone --quiet $git_repository "./upgrade"
 cp -a "./upgrade/." "./."
-sudo rm -r "./upgrade"
+rm -r "./upgrade"
 # Update the version file
 echo "$check_version" > "$version_file"
 rm "./pcheck.lock"
@@ -265,7 +265,7 @@ function fetch_or_upgrade_package_linter()
 
             # And replace
             cp -a "./package_linter_tmp/." "./package_linter/."
-            sudo rm -r "./package_linter_tmp"
+            rm -r "./package_linter_tmp"
         fi
     else
         log_info "Installing Package linter"

lib/lxc.sh

@@ -5,17 +5,17 @@
 #=================================================
 
 LXC_CREATE () {
-    sudo lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" 
-    sudo lxc launch $LXC_BASE $LXC_NAME || clean_exit 1
-    sudo lxc config set "$LXC_NAME" security.nesting true
+    lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" 
+    lxc launch $LXC_BASE $LXC_NAME || clean_exit 1
+    lxc config set "$LXC_NAME" security.nesting true
     _LXC_START_AND_WAIT $LXC_NAME
     set_witness_files
-    sudo lxc snapshot $LXC_NAME snap0
+    lxc snapshot $LXC_NAME snap0
 }
 
 LXC_SNAPSHOT_EXISTS() {
     local snapname=$1
-    sudo lxc list --format json \
+    lxc list --format json \
         | jq -e --arg LXC_NAME $LXC_NAME --arg snapname $snapname \
         '.[] | select(.name==$LXC_NAME) | .snapshots[] | select(.name==$snapname)' \
             >/dev/null
@@ -32,16 +32,16 @@ CREATE_LXC_SNAPSHOT () {
     check_witness_files >&2
 
     # Remove swap files to avoid killing the CI with huge snapshots.
-    sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done'
-    sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done'
+    lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done'
+    lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done'
     
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
 
     # Check if the snapshot already exist
     if ! LXC_SNAPSHOT_EXISTS "$snapname"
     then
         log_debug "Creating snapshot $snapname ..."
-        sudo lxc snapshot $LXC_NAME $snapname
+        lxc snapshot $LXC_NAME $snapname
     fi
 
     _LXC_START_AND_WAIT $LXC_NAME
@@ -52,9 +52,9 @@ CREATE_LXC_SNAPSHOT () {
 LOAD_LXC_SNAPSHOT () {
     local snapname=$1
     log_debug "Loading snapshot $snapname ..."
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
-    sudo lxc restore $LXC_NAME $snapname
-    sudo lxc start $LXC_NAME
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc restore $LXC_NAME $snapname
+    lxc start $LXC_NAME
     _LXC_START_AND_WAIT $LXC_NAME
 }
 
@@ -82,12 +82,12 @@ LXC_START () {
 }
 
 LXC_STOP () {
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
 }
 
 LXC_RESET () {
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
-    sudo lxc delete $LXC_NAME 2>/dev/null
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc delete $LXC_NAME 2>/dev/null
 }
 
 
@@ -95,8 +95,8 @@ _LXC_START_AND_WAIT() {
 
 	restart_container()
 	{
-		sudo lxc stop "$1" --timeout 15 &>/dev/null
-		sudo lxc start "$1"
+		lxc stop "$1" --timeout 15 &>/dev/null
+		lxc start "$1"
 	}
 
 	# Try to start the container 3 times.
@@ -160,7 +160,7 @@ _LXC_START_AND_WAIT() {
 
 
 RUN_INSIDE_LXC() {
-    sudo lxc exec $LXC_NAME -- $@
+    lxc exec $LXC_NAME -- $@
 }
 
 

lib/tests.sh

@@ -47,7 +47,7 @@ _INSTALL_APP () {
         sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script"
         sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script"
         # Copy the pre-install script into the container.
-        sudo lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh
+        lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh
         # Then execute the script to execute the pre-install commands.
         LXC_START "bash /preinstall.sh"
     fi
@@ -237,7 +237,7 @@ _VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
     If you see this page, you have failed the test for alias_traversal issue.</body></html>" \
     > $TEST_CONTEXT/alias_traversal.html
 
-    sudo lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html
+    lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html
 
     curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \
         | grep "title" | grep --quiet "alias_traversal test" \
@@ -359,7 +359,7 @@ TEST_UPGRADE () {
     else
         # Make a backup of the directory
         # and Change to the specified commit
-        sudo cp -a "$package_path" "${package_path}_back"
+        cp -a "$package_path" "${package_path}_back"
         (cd "$package_path"; git checkout --force --quiet "$commit")
 
         LOAD_LXC_SNAPSHOT snap0
@@ -369,8 +369,8 @@ TEST_UPGRADE () {
         local ret=$?
 
         # Then replace the backup
-        sudo rm -r "$package_path"
-        sudo mv "${package_path}_back" "$package_path"
+        rm -r "$package_path"
+        mv "${package_path}_back" "$package_path"
     fi
 
     # Check if the install worked
@@ -401,10 +401,10 @@ TEST_PORT_ALREADY_USED () {
     echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n
     [Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service
 
-    sudo lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service
+    lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service
 
     # Then start this service to block this port.
-    LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat"
+    LXC_START "systemctl enable netcat & systemctl start netcat"
 
     # Install the application in a LXC container
    _INSTALL_APP "path=$check_path" "port=$check_port" \
@@ -450,7 +450,7 @@ TEST_BACKUP_RESTORE () {
     [ $ret -eq 0 ] || main_result=1
 
     # Grab the backup archive into the LXC container, and keep a copy
-    sudo lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups
+    lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups
 
     # RESTORE
     # Try the restore process in 2 times, first after removing the app, second after a restore of the container.
@@ -475,7 +475,7 @@ TEST_BACKUP_RESTORE () {
             RUN_INSIDE_LXC rm -rf /home/yunohost.backup/archives
 
             # Place the copy of the backup archive in the container.
-            sudo lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/
+            lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/
 
             log_small_title "Restore on a fresh YunoHost system..."
         fi

lib/tests_coordination.sh

@@ -267,7 +267,7 @@ run_all_tests() {
 
     # Print the version of YunoHost from the LXC container
     log_small_title "YunoHost versions"
-    LXC_START "sudo yunohost --version"
+    LXC_START "yunohost --version"
 
     # Init the value for the current test
     current_test_number=1
@@ -356,7 +356,7 @@ break_before_continue () {
     if [ $interactive -eq 1 ]
     then
         echo "To enter a shell on the lxc:"
-        echo "     sudo lxc exec $LXC_NAME bash"
+        echo "     lxc exec $LXC_NAME bash"
         read -p "Press a key to delete the application and continue...." < /dev/tty
     fi
 }