From 185a34f86b926df5e728cf9eb31815ced2e64301 Mon Sep 17 00:00:00 2001 From: Gerald Pinder Date: Wed, 26 Mar 2025 13:56:16 -0400 Subject: [PATCH] fix: Use sudo for login when using rechunk --- process/drivers.rs | 4 ++-- process/drivers/buildah_driver.rs | 2 +- process/drivers/docker_driver.rs | 2 +- process/drivers/podman_driver.rs | 15 +++++++++++++-- process/drivers/traits.rs | 2 +- src/commands/build.rs | 2 +- src/commands/login.rs | 2 +- 7 files changed, 20 insertions(+), 9 deletions(-) diff --git a/process/drivers.rs b/process/drivers.rs index baed928..138d9e2 100644 --- a/process/drivers.rs +++ b/process/drivers.rs @@ -327,8 +327,8 @@ impl BuildDriver for Driver { impl_build_driver!(push(opts)) } - fn login() -> Result<()> { - impl_build_driver!(login()) + fn login(privileged: bool) -> Result<()> { + impl_build_driver!(login(privileged)) } #[cfg(feature = "prune")] diff --git a/process/drivers/buildah_driver.rs b/process/drivers/buildah_driver.rs index 124704e..c140671 100644 --- a/process/drivers/buildah_driver.rs +++ b/process/drivers/buildah_driver.rs @@ -133,7 +133,7 @@ impl BuildDriver for BuildahDriver { Ok(()) } - fn login() -> Result<()> { + fn login(_privileged: bool) -> Result<()> { trace!("BuildahDriver::login()"); if let Some(Credentials { diff --git a/process/drivers/docker_driver.rs b/process/drivers/docker_driver.rs index 6aa11f3..379a185 100644 --- a/process/drivers/docker_driver.rs +++ b/process/drivers/docker_driver.rs @@ -221,7 +221,7 @@ impl BuildDriver for DockerDriver { Ok(()) } - fn login() -> Result<()> { + fn login(_privileged: bool) -> Result<()> { trace!("DockerDriver::login()"); if let Some(Credentials { diff --git a/process/drivers/podman_driver.rs b/process/drivers/podman_driver.rs index 0bfa91f..9d2f3de 100644 --- a/process/drivers/podman_driver.rs +++ b/process/drivers/podman_driver.rs @@ -253,7 +253,7 @@ impl BuildDriver for PodmanDriver { Ok(()) } - fn login() -> Result<()> { + fn login(privileged: bool) -> Result<()> { trace!("PodmanDriver::login()"); if let Some(Credentials { @@ -262,11 +262,22 @@ impl BuildDriver for PodmanDriver { password, }) = Credentials::get() { + let use_sudo = privileged && !running_as_root(); let output = pipe!( stdin = password; { let c = cmd!( - "podman", + if use_sudo { + "sudo" + } else { + "podman" + }, + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], + if use_sudo => "podman", "login", "-u", username, diff --git a/process/drivers/traits.rs b/process/drivers/traits.rs index 01d1876..9fbdb55 100644 --- a/process/drivers/traits.rs +++ b/process/drivers/traits.rs @@ -106,7 +106,7 @@ pub trait BuildDriver: PrivateDriver { /// /// # Errors /// Will error if login fails. - fn login() -> Result<()>; + fn login(privileged: bool) -> Result<()>; /// Runs prune commands for the driver. /// diff --git a/src/commands/build.rs b/src/commands/build.rs index 6efe40b..da8e25b 100644 --- a/src/commands/build.rs +++ b/src/commands/build.rs @@ -161,7 +161,7 @@ impl BlueBuildCommand for BuildCommand { if self.push { blue_build_utils::check_command_exists("cosign")?; Driver::check_signing_files(&CheckKeyPairOpts::builder().dir(Path::new(".")).build())?; - Driver::login()?; + Driver::login(self.rechunk)?; Driver::signing_login()?; } diff --git a/src/commands/login.rs b/src/commands/login.rs index e034b21..638d39c 100644 --- a/src/commands/login.rs +++ b/src/commands/login.rs @@ -45,7 +45,7 @@ impl BlueBuildCommand for LoginCommand { .build(), ); - Driver::login()?; + Driver::login(false)?; Driver::signing_login()?; Ok(())