diff options
Diffstat (limited to 'sudo.patch')
-rw-r--r-- | sudo.patch | 103 |
1 files changed, 72 insertions, 31 deletions
diff --git a/sudo.patch b/sudo.patch index 6b5777abae9e..1bde0d917225 100644 --- a/sudo.patch +++ b/sudo.patch @@ -1,21 +1,46 @@ +diff --git a/pipeline/backend/local/clone.go b/pipeline/backend/local/clone.go +index b659a090a..82ae5c5cc 100644 +--- a/pipeline/backend/local/clone.go ++++ b/pipeline/backend/local/clone.go +@@ -94,14 +94,13 @@ func (e *local) execClone(ctx context.Context, step *types.Step, state *workflow + } + cmd = exec.CommandContext(ctx, pwsh, "-Command", fmt.Sprintf("%s ; $code=$? ; %s ; if (!$code) {[Environment]::Exit(1)}", state.pluginGitBinary, rmCmd)) + } else { +- cmd = exec.CommandContext(ctx, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd)) ++ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, "/bin/sh", "-c", fmt.Sprintf("%s ; export code=$? ; %s ; exit $code", state.pluginGitBinary, rmCmd)) + } + } else { + // if we have NO netrc, we can just exec the clone directly +- cmd = exec.CommandContext(ctx, state.pluginGitBinary) ++ cmd = exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, state.pluginGitBinary) + } + cmd.Env = env +- cmd.Dir = state.workspaceDir + + // Get output and redirect Stderr to Stdout + e.output, _ = cmd.StdoutPipe() diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go -index 2405c19bb..50321b8e7 100644 +index 698a3f0f9..5bef80857 100644 --- a/pipeline/backend/local/local.go +++ b/pipeline/backend/local/local.go -@@ -44,7 +44,7 @@ var notAllowedEnvVarOverwrites = []string{ +@@ -36,7 +36,7 @@ import ( type workflowState struct { - stepCMDs map[string]*exec.Cmd -- baseDir string -+ user string - homeDir string - workspaceDir string + stepCMDs map[string]*exec.Cmd +- baseDir string ++ user string + homeDir string + workspaceDir string + pluginGitBinary string +@@ -80,26 +80,20 @@ func (e *local) Load(ctx context.Context) (*types.EngineInfo, error) { } -@@ -79,23 +79,17 @@ func (e *local) Load(context.Context) error { - func (e *local) SetupWorkflow(_ context.Context, conf *types.Config, taskUUID string) error { + + // SetupWorkflow the pipeline environment. +-func (e *local) SetupWorkflow(_ context.Context, _ *types.Config, taskUUID string) error { ++func (e *local) SetupWorkflow(ctx context.Context, conf *types.Config, taskUUID string) error { log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment") -- baseDir, err := os.MkdirTemp("", "woodpecker-local-*") +- baseDir, err := os.MkdirTemp(e.tempDir, "woodpecker-local-*") - if err != nil { - return err - } @@ -26,36 +51,48 @@ index 2405c19bb..50321b8e7 100644 - baseDir: baseDir, - workspaceDir: filepath.Join(baseDir, "workspace"), - homeDir: filepath.Join(baseDir, "home"), -- } -- -- if err := os.Mkdir(state.homeDir, 0o700); err != nil { -- return err + user: user, -+ workspaceDir: filepath.Join("/tmp", user, conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]), ++ workspaceDir: filepath.Join("/home", user, ".cache", "woodpecker", conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]), + homeDir: filepath.Join("/home", user), } +- if err := os.Mkdir(state.homeDir, 0o700); err != nil { +- return err +- } +- - if err := os.Mkdir(state.workspaceDir, 0o700); err != nil { -+ err := exec.Command("sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run() ++ err := exec.CommandContext(ctx, "sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run() + if err != nil { return err } -@@ -132,7 +126,8 @@ func (e *local) StartStep(ctx context.Context, step *types.Step, taskUUID string - // Set HOME - env = append(env, "HOME="+state.homeDir) +@@ -152,9 +146,8 @@ func (e *local) execCommands(ctx context.Context, step *types.Step, state *workf + } + + // Use "image name" as run command (indicate shell) +- cmd := exec.CommandContext(ctx, step.Image, args...) ++ cmd := exec.CommandContext(ctx, "sudo", append([]string{"-E", "-u", state.user, "-D", state.workspaceDir, step.Image}, args...)...) + cmd.Env = env +- cmd.Dir = state.workspaceDir + + // Get output and redirect Stderr to Stdout + e.output, _ = cmd.StdoutPipe() +@@ -178,9 +171,8 @@ func (e *local) execPlugin(ctx context.Context, step *types.Step, state *workflo + return fmt.Errorf("lookup plugin binary: %w", err) + } + +- cmd := exec.CommandContext(ctx, binary) ++ cmd := exec.CommandContext(ctx, "sudo", "-E", "-u", state.user, "-D", state.workspaceDir, binary) + cmd.Env = env +- cmd.Dir = state.workspaceDir -- var command []string -+ // Run command as commit author user -+ command := []string{"sudo", "-E", "-u", state.user} - if step.Image == constant.DefaultCloneImage { - // Default clone step - // TODO: use tmp HOME and insert netrc and delete it after clone -@@ -209,16 +204,6 @@ func (e *local) TailStep(_ context.Context, step *types.Step, taskUUID string) ( - func (e *local) DestroyWorkflow(_ context.Context, conf *types.Config, taskUUID string) error { + // Get output and redirect Stderr to Stdout + e.output, _ = cmd.StdoutPipe() +@@ -237,19 +229,9 @@ func (e *local) DestroyStep(_ context.Context, _ *types.Step, _ string) error { + func (e *local) DestroyWorkflow(_ context.Context, _ *types.Config, taskUUID string) error { log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment") -- state, err := e.getWorkflowStateFromConfig(conf) +- state, err := e.getState(taskUUID) - if err != nil { - return err - } @@ -65,6 +102,10 @@ index 2405c19bb..50321b8e7 100644 - return err - } - - workflowID, err := e.getWorkflowIDFromConfig(conf) - if err != nil { - return err + e.deleteState(taskUUID) + +- return err ++ return nil + } + + func (e *local) getState(taskUUID string) (*workflowState, error) { |