Do not sudo everything

2024-09-03 20:06:20 +02:00 · 2020-12-18 23:19:12 +01:00 · 2020-12-18 23:19:12 +01:00 · 3620ecc064
commit 3620ecc064
parent a0be02d592
6 changed files with 46 additions and 40 deletions
--- a/README.md
+++ b/README.md
@ -60,6 +60,12 @@ sudo ln -s /snap/bin/lxc /usr/local/bin/lxc
 sudo ln -s /snap/bin/lxd /usr/local/bin/lxd
 ```

+NB. : you should **make sure that your user is in the `lxd` group** so that it's
+able to run `lxc` commands without sudo... You can check this with the command
+`groups` where you should see `lxd`. Otherwise, add your user to this group
+(don't forget that you may need to reload your entire graphical session for this
+to propagate (sigh))
+
 Then you shall initialize LXD which will ask you a bunch of question. Usually
 answering the default (just pressing enter) to all questions is fine.

--- a/build_base_lxc.sh
+++ b/build_base_lxc.sh
@ -8,14 +8,14 @@ function rebuild_base_lxc()
    check_lxd_setup

    set -x
-    sudo lxc info $LXC_BASE >/dev/null && sudo lxc delete $LXC_BASE --force
-    sudo lxc launch images:debian/$DIST/$ARCH $LXC_BASE
-    sudo lxc config set $LXC_BASE security.privileged true
-    sudo lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason
-    sudo lxc restart $LXC_BASE
+    lxc info $LXC_BASE >/dev/null && lxc delete $LXC_BASE --force
+    lxc launch images:debian/$DIST/$ARCH $LXC_BASE
+    lxc config set $LXC_BASE security.privileged true
+    lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason
+    lxc restart $LXC_BASE
    sleep 5
    
-    IN_LXC="sudo lxc exec $LXC_BASE --"
+    IN_LXC="lxc exec $LXC_BASE --"
    
    INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
    $IN_LXC apt install curl -y
@ -44,9 +44,9 @@ function rebuild_base_lxc()

    $IN_LXC yunohost --version

-    sudo lxc stop $LXC_BASE
-    sudo lxc image delete $LXC_BASE
-    sudo lxc publish $LXC_BASE --alias $LXC_BASE
+    lxc stop $LXC_BASE
+    lxc image delete $LXC_BASE
+    lxc publish $LXC_BASE --alias $LXC_BASE
    set +x
 }

--- a/lib/common.sh
+++ b/lib/common.sh
@ -219,7 +219,7 @@ function self_upgrade()
 # Clone in another directory
 git clone --quiet $git_repository "./upgrade"
 cp -a "./upgrade/." "./."
-sudo rm -r "./upgrade"
+rm -r "./upgrade"
 # Update the version file
 echo "$check_version" > "$version_file"
 rm "./pcheck.lock"
@ -265,7 +265,7 @@ function fetch_or_upgrade_package_linter()

            # And replace
            cp -a "./package_linter_tmp/." "./package_linter/."
-            sudo rm -r "./package_linter_tmp"
+            rm -r "./package_linter_tmp"
        fi
    else
        log_info "Installing Package linter"
--- a/lib/lxc.sh
+++ b/lib/lxc.sh
@ -5,17 +5,17 @@
 #=================================================

 LXC_CREATE () {
-    sudo lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" 
-    sudo lxc launch $LXC_BASE $LXC_NAME || clean_exit 1
-    sudo lxc config set "$LXC_NAME" security.nesting true
+    lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" 
+    lxc launch $LXC_BASE $LXC_NAME || clean_exit 1
+    lxc config set "$LXC_NAME" security.nesting true
    _LXC_START_AND_WAIT $LXC_NAME
    set_witness_files
-    sudo lxc snapshot $LXC_NAME snap0
+    lxc snapshot $LXC_NAME snap0
 }

 LXC_SNAPSHOT_EXISTS() {
    local snapname=$1
-    sudo lxc list --format json \
+    lxc list --format json \
        | jq -e --arg LXC_NAME $LXC_NAME --arg snapname $snapname \
        '.[] | select(.name==$LXC_NAME) | .snapshots[] | select(.name==$snapname)' \
            >/dev/null
@ -32,16 +32,16 @@ CREATE_LXC_SNAPSHOT () {
    check_witness_files >&2

    # Remove swap files to avoid killing the CI with huge snapshots.
-    sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done'
-    sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done'
+    lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done'
+    lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done'
    
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null

    # Check if the snapshot already exist
    if ! LXC_SNAPSHOT_EXISTS "$snapname"
    then
        log_debug "Creating snapshot $snapname ..."
-        sudo lxc snapshot $LXC_NAME $snapname
+        lxc snapshot $LXC_NAME $snapname
    fi

    _LXC_START_AND_WAIT $LXC_NAME
@ -52,9 +52,9 @@ CREATE_LXC_SNAPSHOT () {
 LOAD_LXC_SNAPSHOT () {
    local snapname=$1
    log_debug "Loading snapshot $snapname ..."
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
-    sudo lxc restore $LXC_NAME $snapname
-    sudo lxc start $LXC_NAME
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc restore $LXC_NAME $snapname
+    lxc start $LXC_NAME
    _LXC_START_AND_WAIT $LXC_NAME
 }

@ -82,12 +82,12 @@ LXC_START () {
 }

 LXC_STOP () {
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
 }

 LXC_RESET () {
-    sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null
-    sudo lxc delete $LXC_NAME 2>/dev/null
+    lxc stop --timeout 15 $LXC_NAME 2>/dev/null
+    lxc delete $LXC_NAME 2>/dev/null
 }


@ -95,8 +95,8 @@ _LXC_START_AND_WAIT() {

 	restart_container()
 	{
-		sudo lxc stop "$1" --timeout 15 &>/dev/null
-		sudo lxc start "$1"
+		lxc stop "$1" --timeout 15 &>/dev/null
+		lxc start "$1"
 	}

 	# Try to start the container 3 times.
@ -160,7 +160,7 @@ _LXC_START_AND_WAIT() {


 RUN_INSIDE_LXC() {
-    sudo lxc exec $LXC_NAME -- $@
+    lxc exec $LXC_NAME -- $@
 }


--- a/lib/tests.sh
+++ b/lib/tests.sh
@ -47,7 +47,7 @@ _INSTALL_APP () {
        sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script"
        sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script"
        # Copy the pre-install script into the container.
-        sudo lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh
+        lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh
        # Then execute the script to execute the pre-install commands.
        LXC_START "bash /preinstall.sh"
    fi
@ -237,7 +237,7 @@ _VALIDATE_THAT_APP_CAN_BE_ACCESSED () {
    If you see this page, you have failed the test for alias_traversal issue.</body></html>" \
    > $TEST_CONTEXT/alias_traversal.html

-    sudo lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html
+    lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html

    curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \
        | grep "title" | grep --quiet "alias_traversal test" \
@ -359,7 +359,7 @@ TEST_UPGRADE () {
    else
        # Make a backup of the directory
        # and Change to the specified commit
-        sudo cp -a "$package_path" "${package_path}_back"
+        cp -a "$package_path" "${package_path}_back"
        (cd "$package_path"; git checkout --force --quiet "$commit")

        LOAD_LXC_SNAPSHOT snap0
@ -369,8 +369,8 @@ TEST_UPGRADE () {
        local ret=$?

        # Then replace the backup
-        sudo rm -r "$package_path"
-        sudo mv "${package_path}_back" "$package_path"
+        rm -r "$package_path"
+        mv "${package_path}_back" "$package_path"
    fi

    # Check if the install worked
@ -401,10 +401,10 @@ TEST_PORT_ALREADY_USED () {
    echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n
    [Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service

-    sudo lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service
+    lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service

    # Then start this service to block this port.
-    LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat"
+    LXC_START "systemctl enable netcat & systemctl start netcat"

    # Install the application in a LXC container
   _INSTALL_APP "path=$check_path" "port=$check_port" \
@ -450,7 +450,7 @@ TEST_BACKUP_RESTORE () {
    [ $ret -eq 0 ] || main_result=1

    # Grab the backup archive into the LXC container, and keep a copy
-    sudo lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups
+    lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups

    # RESTORE
    # Try the restore process in 2 times, first after removing the app, second after a restore of the container.
@ -475,7 +475,7 @@ TEST_BACKUP_RESTORE () {
            RUN_INSIDE_LXC rm -rf /home/yunohost.backup/archives

            # Place the copy of the backup archive in the container.
-            sudo lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/
+            lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/

            log_small_title "Restore on a fresh YunoHost system..."
        fi
--- a/lib/tests_coordination.sh
+++ b/lib/tests_coordination.sh
@ -267,7 +267,7 @@ run_all_tests() {

    # Print the version of YunoHost from the LXC container
    log_small_title "YunoHost versions"
-    LXC_START "sudo yunohost --version"
+    LXC_START "yunohost --version"

    # Init the value for the current test
    current_test_number=1
@ -356,7 +356,7 @@ break_before_continue () {
    if [ $interactive -eq 1 ]
    then
        echo "To enter a shell on the lxc:"
-        echo "     sudo lxc exec $LXC_NAME bash"
+        echo "     lxc exec $LXC_NAME bash"
        read -p "Press a key to delete the application and continue...." < /dev/tty
    fi
 }