robojerk/libostree-dev
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 8 Wiki Activity Actions

Fix Podman container to run as non-root user
Some checks failed
Build libostree Backport / Build libostree Backport (push) Successful in 11m37s
Details
Build ostree Backports / Build ostree Backport for noble (push) Failing after 3m25s
Details

Browse source 
- Add sudo package installation in containers
- Create backport-user account in containers
- Set proper ownership of workspace directory
- Configure sudo access for backport-user
- Run ostree-backport.sh as non-root user
- This fixes the 'should not be run as root' safety check
- Maintains all safety features while allowing proper execution
This commit is contained in:
robojerk 2025-08-05 10:30:21 -07:00
parent fc05ffcbb9
commit c6b363974e
3 changed files with 12 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backport-noble.sh
View file

@ -69,14 +69,18 @@ run_in_podman() {
bash -c " bash -c "
echo '=== Setting up container environment ===' echo '=== Setting up container environment ==='
apt update -y apt update -y
apt install -y git curl wget apt install -y git curl wget sudo
git clone https://git.raines.xyz/robojerk/libostree-dev.git /tmp/libostree-dev git clone https://git.raines.xyz/robojerk/libostree-dev.git /tmp/libostree-dev
cp -r /tmp/libostree-dev/* /workspace/ cp -r /tmp/libostree-dev/* /workspace/
cp -r /tmp/libostree-dev/.* /workspace/ 2>/dev/null || true cp -r /tmp/libostree-dev/.* /workspace/ 2>/dev/null || true
chmod +x /workspace/*.sh chmod +x /workspace/*.sh
echo '=== Container ready, running backport ===' echo '=== Container ready, running backport ==='
cd /workspace cd /workspace
./ostree-backport.sh noble # Create a non-root user for running the script
useradd -m -s /bin/bash backport-user
chown -R backport-user:backport-user /workspace
echo 'backport-user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
su - backport-user -c 'cd /workspace && ./ostree-backport.sh noble'
" "
} }

8
backport-trixie.sh
View file

@ -69,14 +69,18 @@ run_in_podman() {
bash -c " bash -c "
echo '=== Setting up container environment ===' echo '=== Setting up container environment ==='
apt update -y apt update -y
apt install -y git curl wget apt install -y git curl wget sudo
git clone https://git.raines.xyz/robojerk/libostree-dev.git /tmp/libostree-dev git clone https://git.raines.xyz/robojerk/libostree-dev.git /tmp/libostree-dev
cp -r /tmp/libostree-dev/* /workspace/ cp -r /tmp/libostree-dev/* /workspace/
cp -r /tmp/libostree-dev/.* /workspace/ 2>/dev/null || true cp -r /tmp/libostree-dev/.* /workspace/ 2>/dev/null || true
chmod +x /workspace/*.sh chmod +x /workspace/*.sh
echo '=== Container ready, running backport ===' echo '=== Container ready, running backport ==='
cd /workspace cd /workspace
./ostree-backport.sh trixie # Create a non-root user for running the script
useradd -m -s /bin/bash backport-user
chown -R backport-user:backport-user /workspace
echo 'backport-user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
su - backport-user -c 'cd /workspace && ./ostree-backport.sh trixie'
" "
} }

0
libostree-dev_noble_backport.sh Normal file → Executable file
View file