particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add prompt for sudo

Browse source
This commit is contained in:
Gerald Pinder 2025-03-21 11:48:28 -04:00
parent 5ba3061faf
commit db9bf78c94
4 changed files with 135 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

1
integration-tests/test-repo/recipes/recipe-arm64.yml
View file

@ -27,7 +27,6 @@ modules:
- starship - starship
remove: remove:
- firefox - firefox
- firefox-langpacks
- type: signing - type: signing

69
process/drivers/podman_driver.rs
View file

@ -36,6 +36,8 @@ use super::{
#[cfg(feature = "rechunk")] #[cfg(feature = "rechunk")]
use super::{types::MountId, ContainerMountDriver, RechunkDriver}; use super::{types::MountId, ContainerMountDriver, RechunkDriver};
const SUDO_PROMPT: &str = "Password for %u required to run 'podman' as privileged";
#[derive(Deserialize, Debug, Clone)] #[derive(Deserialize, Debug, Clone)]
#[serde(rename_all = "PascalCase")] #[serde(rename_all = "PascalCase")]
struct PodmanImageMetadata { struct PodmanImageMetadata {
@ -144,7 +146,11 @@ impl BuildDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"build", "build",
if !matches!(opts.platform, Platform::Native) => [ if !matches!(opts.platform, Platform::Native) => [
@ -186,7 +192,11 @@ impl BuildDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"tag", "tag",
opts.src_image.to_string(), opts.src_image.to_string(),
@ -216,7 +226,11 @@ impl BuildDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"push", "push",
format!( format!(
@ -383,7 +397,11 @@ impl ContainerMountDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"mount", "mount",
opts.container_id, opts.container_id,
@ -412,7 +430,11 @@ impl ContainerMountDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"unmount", "unmount",
opts.container_id opts.container_id
@ -439,7 +461,11 @@ impl ContainerMountDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"volume", "volume",
"rm", "rm",
@ -510,7 +536,11 @@ impl RunDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"create", "create",
opts.image.to_string(), opts.image.to_string(),
@ -542,7 +572,11 @@ impl RunDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"rm", "rm",
opts.container_id, opts.container_id,
@ -571,7 +605,11 @@ impl RunDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"rmi", "rmi",
opts.image.to_string() opts.image.to_string()
@ -606,7 +644,11 @@ impl RunDriver for PodmanDriver {
} else { } else {
"podman" "podman"
}, },
if use_sudo && has_env_var(SUDO_ASKPASS) => "-A", if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
SUDO_PROMPT,
],
if use_sudo => "podman", if use_sudo => "podman",
"images", "images",
"--format", "--format",
@ -644,11 +686,12 @@ fn podman_run(opts: &RunOpts, cid_file: &Path) -> Command {
} else { } else {
"podman" "podman"
}, },
if use_sudo => [ if use_sudo && has_env_var(SUDO_ASKPASS) => [
"-A", "-A",
"--", "-p",
"podman", SUDO_PROMPT,
], ],
if use_sudo => "podman",
"run", "run",
format!("--cidfile={}", cid_file.display()), format!("--cidfile={}", cid_file.display()),
if opts.privileged => [ if opts.privileged => [

22
process/signal_handler.rs
View file

@ -6,6 +6,7 @@ use std::{
thread, thread,
}; };
use blue_build_utils::{constants::SUDO_ASKPASS, has_env_var};
use comlexr::cmd; use comlexr::cmd;
use log::{debug, error, trace, warn}; use log::{debug, error, trace, warn};
use nix::{ use nix::{
@ -120,11 +121,22 @@ where
let id = id.trim(); let id = id.trim();
debug!("Killing container {id}"); debug!("Killing container {id}");
let status = if cid.requires_sudo { let status = cmd!(
cmd!("sudo", cid.container_runtime.to_string(), "stop", id).status() if cid.requires_sudo {
} else { "sudo".to_string()
cmd!(cid.container_runtime.to_string(), "stop", id).status() } else {
}; cid.container_runtime.to_string()
},
if cid.requires_sudo && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password needed to kill container {id}"),
],
if cid.requires_sudo => cid.container_runtime.to_string(),
"stop",
id
)
.status();
if let Err(e) = status { if let Err(e) = status {
error!("Failed to kill container {id}: Error {e}"); error!("Failed to kill container {id}: Error {e}");

87
src/commands/switch.rs
View file

@ -8,8 +8,9 @@ use blue_build_process_management::{
logging::CommandLogging, logging::CommandLogging,
}; };
use blue_build_recipe::Recipe; use blue_build_recipe::Recipe;
use blue_build_utils::constants::{ use blue_build_utils::{
ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE, constants::{ARCHIVE_SUFFIX, LOCAL_BUILD, OCI_ARCHIVE, OSTREE_UNVERIFIED_IMAGE, SUDO_ASKPASS},
has_env_var, running_as_root,
}; };
use bon::Builder; use bon::Builder;
use clap::Args; use clap::Args;
@ -164,11 +165,21 @@ impl SwitchCommand {
progress.set_message(format!("Moving image archive to {}...", to.display())); progress.set_message(format!("Moving image archive to {}...", to.display()));
let status = { let status = {
let c = if Uid::effective().is_root() { let c = cmd!(
cmd!("mv", from, to) if running_as_root() {
} else { "mv"
cmd!("sudo", "mv", from, to) } else {
}; "sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password needed to move {from:?} to {to:?}"),
],
if running_as_root() => "mv",
from,
to,
);
trace!("{c:?}"); trace!("{c:?}");
c c
} }
@ -198,11 +209,20 @@ impl SwitchCommand {
trace!("sudo ls {LOCAL_BUILD}"); trace!("sudo ls {LOCAL_BUILD}");
let mut command = { let mut command = {
let c = if Uid::effective().is_root() { let c = cmd!(
cmd!("ls", LOCAL_BUILD) if running_as_root() {
} else { "ls"
cmd!("sudo", "ls", LOCAL_BUILD) } else {
}; "sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password required to list files in {LOCAL_BUILD}"),
],
if running_as_root() => "ls",
LOCAL_BUILD
);
trace!("{c:?}"); trace!("{c:?}");
c c
}; };
@ -218,19 +238,26 @@ impl SwitchCommand {
.collect::<Vec<_>>(); .collect::<Vec<_>>();
if !files.is_empty() { if !files.is_empty() {
let files = files.join(" ");
let progress = ProgressBar::new_spinner(); let progress = ProgressBar::new_spinner();
progress.enable_steady_tick(Duration::from_millis(100)); progress.enable_steady_tick(Duration::from_millis(100));
progress.set_message("Removing old image archive files..."); progress.set_message("Removing old image archive files...");
trace!("sudo rm -f {files}");
let status = { let status = {
let c = if Uid::effective().is_root() { let c = cmd!(
cmd!("rm", "-f", files) if running_as_root() {
} else { "rm"
cmd!("sudo", "rm", "-f", files) } else {
}; "sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password required to remove files: {files:?}"),
],
if running_as_root() => "rm",
"-f",
for files,
);
trace!("{c:?}"); trace!("{c:?}");
c c
} }
@ -250,11 +277,21 @@ impl SwitchCommand {
); );
let status = { let status = {
let c = if Uid::effective().is_root() { let c = cmd!(
cmd!("mkdir", "-p", LOCAL_BUILD) if running_as_root() {
} else { "mkdir"
cmd!("sudo", "mkdir", "-p", LOCAL_BUILD) } else {
}; "sudo"
},
if running_as_root() && has_env_var(SUDO_ASKPASS) => [
"-A",
"-p",
format!("Password needed to create directory {local_build_path:?}"),
],
if running_as_root() => "mkdir",
"-p",
local_build_path,
);
trace!("{c:?}"); trace!("{c:?}");
c c
} }