diff --git a/integration-tests/test-repo/recipes/recipe-arm64.yml b/integration-tests/test-repo/recipes/recipe-arm64.yml index 7c43c89..cfeb159 100644 --- a/integration-tests/test-repo/recipes/recipe-arm64.yml +++ b/integration-tests/test-repo/recipes/recipe-arm64.yml @@ -27,7 +27,6 @@ modules: - starship remove: - firefox - - firefox-langpacks - type: signing diff --git a/process/drivers/podman_driver.rs b/process/drivers/podman_driver.rs index 5571f22..0bfa91f 100644 --- a/process/drivers/podman_driver.rs +++ b/process/drivers/podman_driver.rs @@ -36,6 +36,8 @@ use super::{ #[cfg(feature = "rechunk")] use super::{types::MountId, ContainerMountDriver, RechunkDriver}; +const SUDO_PROMPT: &str = "Password for %u required to run 'podman' as privileged"; + #[derive(Deserialize, Debug, Clone)] #[serde(rename_all = "PascalCase")] struct PodmanImageMetadata { @@ -144,7 +146,11 @@ impl BuildDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "build", if !matches!(opts.platform, Platform::Native) => [ @@ -186,7 +192,11 @@ impl BuildDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "tag", opts.src_image.to_string(), @@ -216,7 +226,11 @@ impl BuildDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "push", format!( @@ -383,7 +397,11 @@ impl ContainerMountDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "mount", opts.container_id, @@ -412,7 +430,11 @@ impl ContainerMountDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "unmount", opts.container_id @@ -439,7 +461,11 @@ impl ContainerMountDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "volume", "rm", @@ -510,7 +536,11 @@ impl RunDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "create", opts.image.to_string(), @@ -542,7 +572,11 @@ impl RunDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "rm", opts.container_id, @@ -571,7 +605,11 @@ impl RunDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "rmi", opts.image.to_string() @@ -606,7 +644,11 @@ impl RunDriver for PodmanDriver { } else { "podman" }, - if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", + if use_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + SUDO_PROMPT, + ], if use_sudo => "podman", "images", "--format", @@ -644,11 +686,12 @@ fn podman_run(opts: &RunOpts, cid_file: &Path) -> Command { } else { "podman" }, - if use_sudo => [ + if use_sudo && has_env_var(SUDO_ASKPASS) => [ "-A", - "--", - "podman", + "-p", + SUDO_PROMPT, ], + if use_sudo => "podman", "run", format!("--cidfile={}", cid_file.display()), if opts.privileged => [ diff --git a/process/signal_handler.rs b/process/signal_handler.rs index 45cb680..7cfcea9 100644 --- a/process/signal_handler.rs +++ b/process/signal_handler.rs @@ -6,6 +6,7 @@ use std::{ thread, }; +use blue_build_utils::{constants::SUDO_ASKPASS, has_env_var}; use comlexr::cmd; use log::{debug, error, trace, warn}; use nix::{ @@ -120,11 +121,22 @@ where let id = id.trim(); debug!("Killing container {id}"); - let status = if cid.requires_sudo { - cmd!("sudo", cid.container_runtime.to_string(), "stop", id).status() - } else { - cmd!(cid.container_runtime.to_string(), "stop", id).status() - }; + let status = cmd!( + if cid.requires_sudo { + "sudo".to_string() + } else { + cid.container_runtime.to_string() + }, + if cid.requires_sudo && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + format!("Password needed to kill container {id}"), + ], + if cid.requires_sudo => cid.container_runtime.to_string(), + "stop", + id + ) + .status(); if let Err(e) = status { error!("Failed to kill container {id}: Error {e}"); diff --git a/src/commands/switch.rs b/src/commands/switch.rs index a64d3aa..6818102 100644 --- a/src/commands/switch.rs +++ b/src/commands/switch.rs @@ -8,8 +8,9 @@ use blue_build_process_management::{ logging::CommandLogging, }; use blue_build_recipe::Recipe; -use blue_build_utils::constants::{ - ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE, +use blue_build_utils::{ + constants::{ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE, SUDO_ASKPASS}, + has_env_var, running_as_root, }; use bon::Builder; use clap::Args; @@ -164,11 +165,21 @@ impl SwitchCommand { progress.set_message(format!("Moving image archive to {}...", to.display())); let status = { - let c = if Uid::effective().is_root() { - cmd!("mv", from, to) - } else { - cmd!("sudo", "mv", from, to) - }; + let c = cmd!( + if running_as_root() { + "mv" + } else { + "sudo" + }, + if running_as_root() && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + format!("Password needed to move {from:?} to {to:?}"), + ], + if running_as_root() => "mv", + from, + to, + ); trace!("{c:?}"); c } @@ -198,11 +209,20 @@ impl SwitchCommand { trace!("sudo ls {LOCAL_BUILD}"); let mut command = { - let c = if Uid::effective().is_root() { - cmd!("ls", LOCAL_BUILD) - } else { - cmd!("sudo", "ls", LOCAL_BUILD) - }; + let c = cmd!( + if running_as_root() { + "ls" + } else { + "sudo" + }, + if running_as_root() && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + format!("Password required to list files in {LOCAL_BUILD}"), + ], + if running_as_root() => "ls", + LOCAL_BUILD + ); trace!("{c:?}"); c }; @@ -218,19 +238,26 @@ impl SwitchCommand { .collect::>(); if !files.is_empty() { - let files = files.join(" "); - let progress = ProgressBar::new_spinner(); progress.enable_steady_tick(Duration::from_millis(100)); progress.set_message("Removing old image archive files..."); - trace!("sudo rm -f {files}"); let status = { - let c = if Uid::effective().is_root() { - cmd!("rm", "-f", files) - } else { - cmd!("sudo", "rm", "-f", files) - }; + let c = cmd!( + if running_as_root() { + "rm" + } else { + "sudo" + }, + if running_as_root() && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + format!("Password required to remove files: {files:?}"), + ], + if running_as_root() => "rm", + "-f", + for files, + ); trace!("{c:?}"); c } @@ -250,11 +277,21 @@ impl SwitchCommand { ); let status = { - let c = if Uid::effective().is_root() { - cmd!("mkdir", "-p", LOCAL_BUILD) - } else { - cmd!("sudo", "mkdir", "-p", LOCAL_BUILD) - }; + let c = cmd!( + if running_as_root() { + "mkdir" + } else { + "sudo" + }, + if running_as_root() && has_env_var(SUDO_ASKPASS) => [ + "-A", + "-p", + format!("Password needed to create directory {local_build_path:?}"), + ], + if running_as_root() => "mkdir", + "-p", + local_build_path, + ); trace!("{c:?}"); c }