particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add prompt for sudo

Browse source
This commit is contained in:
Gerald Pinder 2025-03-21 11:48:28 -04:00
parent 5ba3061faf
commit db9bf78c94
4 changed files with 135 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

1
integration-tests/test-repo/recipes/recipe-arm64.yml
View file

@ -27,7 +27,6 @@ modules:
- starship
remove:
- firefox
- firefox-langpacks
- type: signing

69
process/drivers/podman_driver.rs
View file

@ -36,6 +36,8 @@ use super::{
#[cfg(feature = "rechunk")]
use super::{types::MountId, ContainerMountDriver, RechunkDriver};
const SUDO_PROMPT: &str = "Password for %u required to run 'podman' as privileged";
#[derive(Deserialize, Debug, Clone)]
#[serde(rename_all = "PascalCase")]
struct PodmanImageMetadata {
@ -144,7 +146,11 @@ impl BuildDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"build",
if !matches!(opts.platform, Platform::Native) => [
@ -186,7 +192,11 @@ impl BuildDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"tag",
opts.src_image.to_string(),
@ -216,7 +226,11 @@ impl BuildDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"push",
format!(
@ -383,7 +397,11 @@ impl ContainerMountDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"mount",
opts.container_id,
@ -412,7 +430,11 @@ impl ContainerMountDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"unmount",
opts.container_id
@ -439,7 +461,11 @@ impl ContainerMountDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"volume",
"rm",
@ -510,7 +536,11 @@ impl RunDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"create",
opts.image.to_string(),
@ -542,7 +572,11 @@ impl RunDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"rm",
opts.container_id,
@ -571,7 +605,11 @@ impl RunDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"rmi",
opts.image.to_string()
@ -606,7 +644,11 @@ impl RunDriver for PodmanDriver {
} else {
"podman"
},
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A",
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"images",
"--format",
@ -644,11 +686,12 @@ fn podman_run(opts: &RunOpts, cid_file: &Path) -> Command {
} else {
"podman"
},
if use_sudo => [
if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"--",
"podman",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman",
"run",
format!("--cidfile={}", cid_file.display()),
if opts.privileged => [

22
process/signal_handler.rs
View file

@ -6,6 +6,7 @@ use std::{
thread,
};
use blue_build_utils::{constants::SUDO_ASKPASS, has_env_var};
use comlexr::cmd;
use log::{debug, error, trace, warn};
use nix::{
@ -120,11 +121,22 @@ where
let id = id.trim();
debug!("Killing container {id}");
let status = if cid.requires_sudo {
cmd!("sudo", cid.container_runtime.to_string(), "stop", id).status()
} else {
cmd!(cid.container_runtime.to_string(), "stop", id).status()
};
let status = cmd!(
if cid.requires_sudo {
"sudo".to_string()
} else {
cid.container_runtime.to_string()
},
if cid.requires_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password needed to kill container {id}"),
],
if cid.requires_sudo => cid.container_runtime.to_string(),
"stop",
id
)
.status();
if let Err(e) = status {
error!("Failed to kill container {id}: Error {e}");

87
src/commands/switch.rs
View file

@ -8,8 +8,9 @@ use blue_build_process_management::{
logging::CommandLogging,
};
use blue_build_recipe::Recipe;
use blue_build_utils::constants::{
ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE,
use blue_build_utils::{
constants::{ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE, SUDO_ASKPASS},
has_env_var, running_as_root,
};
use bon::Builder;
use clap::Args;
@ -164,11 +165,21 @@ impl SwitchCommand {
progress.set_message(format!("Moving image archive to {}...", to.display()));
let status = {
let c = if Uid::effective().is_root() {
cmd!("mv", from, to)
} else {
cmd!("sudo", "mv", from, to)
};
let c = cmd!(
if running_as_root() {
"mv"
} else {
"sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password needed to move {from:?} to {to:?}"),
],
if running_as_root() => "mv",
from,
to,
);
trace!("{c:?}");
c
}
@ -198,11 +209,20 @@ impl SwitchCommand {
trace!("sudo ls {LOCAL_BUILD}");
let mut command = {
let c = if Uid::effective().is_root() {
cmd!("ls", LOCAL_BUILD)
} else {
cmd!("sudo", "ls", LOCAL_BUILD)
};
let c = cmd!(
if running_as_root() {
"ls"
} else {
"sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password required to list files in {LOCAL_BUILD}"),
],
if running_as_root() => "ls",
LOCAL_BUILD
);
trace!("{c:?}");
c
};
@ -218,19 +238,26 @@ impl SwitchCommand {
.collect::<Vec<_>>();
if !files.is_empty() {
let files = files.join(" ");
let progress = ProgressBar::new_spinner();
progress.enable_steady_tick(Duration::from_millis(100));
progress.set_message("Removing old image archive files...");
trace!("sudo rm -f {files}");
let status = {
let c = if Uid::effective().is_root() {
cmd!("rm", "-f", files)
} else {
cmd!("sudo", "rm", "-f", files)
};
let c = cmd!(
if running_as_root() {
"rm"
} else {
"sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password required to remove files: {files:?}"),
],
if running_as_root() => "rm",
"-f",
for files,
);
trace!("{c:?}");
c
}
@ -250,11 +277,21 @@ impl SwitchCommand {
);
let status = {
let c = if Uid::effective().is_root() {
cmd!("mkdir", "-p", LOCAL_BUILD)
} else {
cmd!("sudo", "mkdir", "-p", LOCAL_BUILD)
};
let c = cmd!(
if running_as_root() {
"mkdir"
} else {
"sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password needed to create directory {local_build_path:?}"),
],
if running_as_root() => "mkdir",
"-p",
local_build_path,
);
trace!("{c:?}");
c
}