YunoHost/package_check
1
0
Fork 0
mirror of https://github.com/YunoHost/package_check.git synced 2024-09-03 20:06:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

Do not sudo everything

Browse source
This commit is contained in:
Alexandre Aubin 2020-12-18 23:19:12 +01:00
parent a0be02d592
commit 3620ecc064
6 changed files with 46 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -60,6 +60,12 @@ sudo ln -s /snap/bin/lxc /usr/local/bin/lxc
sudo ln -s /snap/bin/lxd /usr/local/bin/lxd sudo ln -s /snap/bin/lxd /usr/local/bin/lxd
``` ```
NB. : you should **make sure that your user is in the `lxd` group** so that it's
able to run `lxc` commands without sudo... You can check this with the command
`groups` where you should see `lxd`. Otherwise, add your user to this group
(don't forget that you may need to reload your entire graphical session for this
to propagate (sigh))
Then you shall initialize LXD which will ask you a bunch of question. Usually Then you shall initialize LXD which will ask you a bunch of question. Usually
answering the default (just pressing enter) to all questions is fine. answering the default (just pressing enter) to all questions is fine.

18
build_base_lxc.sh
View file

@ -8,14 +8,14 @@ function rebuild_base_lxc()
check_lxd_setup check_lxd_setup
set -x set -x
sudo lxc info $LXC_BASE >/dev/null && sudo lxc delete $LXC_BASE --force lxc info $LXC_BASE >/dev/null && lxc delete $LXC_BASE --force
sudo lxc launch images:debian/$DIST/$ARCH $LXC_BASE lxc launch images:debian/$DIST/$ARCH $LXC_BASE
sudo lxc config set $LXC_BASE security.privileged true lxc config set $LXC_BASE security.privileged true
sudo lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason
sudo lxc restart $LXC_BASE lxc restart $LXC_BASE
sleep 5 sleep 5
IN_LXC="sudo lxc exec $LXC_BASE --" IN_LXC="lxc exec $LXC_BASE --"
INSTALL_SCRIPT="https://install.yunohost.org/$DIST" INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
$IN_LXC apt install curl -y $IN_LXC apt install curl -y
@ -44,9 +44,9 @@ function rebuild_base_lxc()
$IN_LXC yunohost --version $IN_LXC yunohost --version
sudo lxc stop $LXC_BASE lxc stop $LXC_BASE
sudo lxc image delete $LXC_BASE lxc image delete $LXC_BASE
sudo lxc publish $LXC_BASE --alias $LXC_BASE lxc publish $LXC_BASE --alias $LXC_BASE
set +x set +x
} }

4
lib/common.sh
View file

@ -219,7 +219,7 @@ function self_upgrade()
# Clone in another directory # Clone in another directory
git clone --quiet $git_repository "./upgrade" git clone --quiet $git_repository "./upgrade"
cp -a "./upgrade/." "./." cp -a "./upgrade/." "./."
sudo rm -r "./upgrade" rm -r "./upgrade"
# Update the version file # Update the version file
echo "$check_version" > "$version_file" echo "$check_version" > "$version_file"
rm "./pcheck.lock" rm "./pcheck.lock"
@ -265,7 +265,7 @@ function fetch_or_upgrade_package_linter()
# And replace # And replace
cp -a "./package_linter_tmp/." "./package_linter/." cp -a "./package_linter_tmp/." "./package_linter/."
sudo rm -r "./package_linter_tmp" rm -r "./package_linter_tmp"
fi fi
else else
log_info "Installing Package linter" log_info "Installing Package linter"

36
lib/lxc.sh
View file

@ -5,17 +5,17 @@
#================================================= #=================================================
LXC_CREATE () { LXC_CREATE () {
sudo lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first"
sudo lxc launch $LXC_BASE $LXC_NAME || clean_exit 1 lxc launch $LXC_BASE $LXC_NAME || clean_exit 1
sudo lxc config set "$LXC_NAME" security.nesting true lxc config set "$LXC_NAME" security.nesting true
_LXC_START_AND_WAIT $LXC_NAME _LXC_START_AND_WAIT $LXC_NAME
set_witness_files set_witness_files
sudo lxc snapshot $LXC_NAME snap0 lxc snapshot $LXC_NAME snap0
} }
LXC_SNAPSHOT_EXISTS() { LXC_SNAPSHOT_EXISTS() {
local snapname=$1 local snapname=$1
sudo lxc list --format json \ lxc list --format json \
| jq -e --arg LXC_NAME $LXC_NAME --arg snapname $snapname \ | jq -e --arg LXC_NAME $LXC_NAME --arg snapname $snapname \
'.[] | select(.name==$LXC_NAME) | .snapshots[] | select(.name==$snapname)' \ '.[] | select(.name==$LXC_NAME) | .snapshots[] | select(.name==$snapname)' \
>/dev/null >/dev/null
@ -32,16 +32,16 @@ CREATE_LXC_SNAPSHOT () {
check_witness_files >&2 check_witness_files >&2
# Remove swap files to avoid killing the CI with huge snapshots. # Remove swap files to avoid killing the CI with huge snapshots.
sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done' lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done'
sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done' lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done'
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null lxc stop --timeout 15 $LXC_NAME 2>/dev/null
# Check if the snapshot already exist # Check if the snapshot already exist
if ! LXC_SNAPSHOT_EXISTS "$snapname" if ! LXC_SNAPSHOT_EXISTS "$snapname"
then then
log_debug "Creating snapshot $snapname ..." log_debug "Creating snapshot $snapname ..."
sudo lxc snapshot $LXC_NAME $snapname lxc snapshot $LXC_NAME $snapname
fi fi
_LXC_START_AND_WAIT $LXC_NAME _LXC_START_AND_WAIT $LXC_NAME
@ -52,9 +52,9 @@ CREATE_LXC_SNAPSHOT () {
LOAD_LXC_SNAPSHOT () { LOAD_LXC_SNAPSHOT () {
local snapname=$1 local snapname=$1
log_debug "Loading snapshot $snapname ..." log_debug "Loading snapshot $snapname ..."
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null lxc stop --timeout 15 $LXC_NAME 2>/dev/null
sudo lxc restore $LXC_NAME $snapname lxc restore $LXC_NAME $snapname
sudo lxc start $LXC_NAME lxc start $LXC_NAME
_LXC_START_AND_WAIT $LXC_NAME _LXC_START_AND_WAIT $LXC_NAME
} }
@ -82,12 +82,12 @@ LXC_START () {
} }
LXC_STOP () { LXC_STOP () {
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null lxc stop --timeout 15 $LXC_NAME 2>/dev/null
} }
LXC_RESET () { LXC_RESET () {
sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null lxc stop --timeout 15 $LXC_NAME 2>/dev/null
sudo lxc delete $LXC_NAME 2>/dev/null lxc delete $LXC_NAME 2>/dev/null
} }
@ -95,8 +95,8 @@ _LXC_START_AND_WAIT() {
restart_container() restart_container()
{ {
sudo lxc stop "$1" --timeout 15 &>/dev/null lxc stop "$1" --timeout 15 &>/dev/null
sudo lxc start "$1" lxc start "$1"
} }
# Try to start the container 3 times. # Try to start the container 3 times.
@ -160,7 +160,7 @@ _LXC_START_AND_WAIT() {
RUN_INSIDE_LXC() { RUN_INSIDE_LXC() {
sudo lxc exec $LXC_NAME -- $@ lxc exec $LXC_NAME -- $@
} }

18
lib/tests.sh
View file

@ -47,7 +47,7 @@ _INSTALL_APP () {
sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script" sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script"
sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script" sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script"
# Copy the pre-install script into the container. # Copy the pre-install script into the container.
sudo lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh
# Then execute the script to execute the pre-install commands. # Then execute the script to execute the pre-install commands.
LXC_START "bash /preinstall.sh" LXC_START "bash /preinstall.sh"
fi fi
@ -237,7 +237,7 @@ _VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
If you see this page, you have failed the test for alias_traversal issue.</body></html>" \ If you see this page, you have failed the test for alias_traversal issue.</body></html>" \
> $TEST_CONTEXT/alias_traversal.html > $TEST_CONTEXT/alias_traversal.html
sudo lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html
curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \ curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \
| grep "title" | grep --quiet "alias_traversal test" \ | grep "title" | grep --quiet "alias_traversal test" \
@ -359,7 +359,7 @@ TEST_UPGRADE () {
else else
# Make a backup of the directory # Make a backup of the directory
# and Change to the specified commit # and Change to the specified commit
sudo cp -a "$package_path" "${package_path}_back" cp -a "$package_path" "${package_path}_back"
(cd "$package_path"; git checkout --force --quiet "$commit") (cd "$package_path"; git checkout --force --quiet "$commit")
LOAD_LXC_SNAPSHOT snap0 LOAD_LXC_SNAPSHOT snap0
@ -369,8 +369,8 @@ TEST_UPGRADE () {
local ret=$? local ret=$?
# Then replace the backup # Then replace the backup
sudo rm -r "$package_path" rm -r "$package_path"
sudo mv "${package_path}_back" "$package_path" mv "${package_path}_back" "$package_path"
fi fi
# Check if the install worked # Check if the install worked
@ -401,10 +401,10 @@ TEST_PORT_ALREADY_USED () {
echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n
[Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service [Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service
sudo lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service
# Then start this service to block this port. # Then start this service to block this port.
LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat" LXC_START "systemctl enable netcat & systemctl start netcat"
# Install the application in a LXC container # Install the application in a LXC container
_INSTALL_APP "path=$check_path" "port=$check_port" \ _INSTALL_APP "path=$check_path" "port=$check_port" \
@ -450,7 +450,7 @@ TEST_BACKUP_RESTORE () {
[ $ret -eq 0 ] || main_result=1 [ $ret -eq 0 ] || main_result=1
# Grab the backup archive into the LXC container, and keep a copy # Grab the backup archive into the LXC container, and keep a copy
sudo lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups
# RESTORE # RESTORE
# Try the restore process in 2 times, first after removing the app, second after a restore of the container. # Try the restore process in 2 times, first after removing the app, second after a restore of the container.
@ -475,7 +475,7 @@ TEST_BACKUP_RESTORE () {
RUN_INSIDE_LXC rm -rf /home/yunohost.backup/archives RUN_INSIDE_LXC rm -rf /home/yunohost.backup/archives
# Place the copy of the backup archive in the container. # Place the copy of the backup archive in the container.
sudo lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/ lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/
log_small_title "Restore on a fresh YunoHost system..." log_small_title "Restore on a fresh YunoHost system..."
fi fi

4
lib/tests_coordination.sh
View file

@ -267,7 +267,7 @@ run_all_tests() {
# Print the version of YunoHost from the LXC container # Print the version of YunoHost from the LXC container
log_small_title "YunoHost versions" log_small_title "YunoHost versions"
LXC_START "sudo yunohost --version" LXC_START "yunohost --version"
# Init the value for the current test # Init the value for the current test
current_test_number=1 current_test_number=1
@ -356,7 +356,7 @@ break_before_continue () {
if [ $interactive -eq 1 ] if [ $interactive -eq 1 ]
then then
echo "To enter a shell on the lxc:" echo "To enter a shell on the lxc:"
echo " sudo lxc exec $LXC_NAME bash" echo " lxc exec $LXC_NAME bash"
read -p "Press a key to delete the application and continue...." < /dev/tty read -p "Press a key to delete the application and continue...." < /dev/tty
fi fi
} }