github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-20 08:54:03 +00:00
Code Issues Projects Releases Wiki Activity

CCv0: Fix permissions of kata-containers repo

Browse Source 
- Solve `fatal: unsafe repository` ownership error by using `lib.sh`
code to check out the kata-containers repo
- Update `~/rustup` and repo directory ownership to `${USER}`
in order to allow subsequent build steps to work as a non-root
user

Fixes: #4241
Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman 2022-05-27 11:44:11 +01:00
parent b08ea1fd99
commit b772cc6b45
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/how-to/ccv0.sh
View File

@ -138,7 +138,8 @@ build_and_install_all() {
} }
rebuild_and_install_kata() { rebuild_and_install_kata() {
check_out_repos checkout_tests_repo
checkout_kata_containers_repo
build_and_install_kata_runtime build_and_install_kata_runtime
build_and_add_agent_to_rootfs build_and_add_agent_to_rootfs
build_and_install_rootfs build_and_install_rootfs
@ -158,12 +159,16 @@ initialize() {
. ${PROFILE} . ${PROFILE}
mkdir -p "${GOPATH}" mkdir -p "${GOPATH}"
check_out_repos checkout_tests_repo
pushd "${tests_repo_dir}" pushd "${tests_repo_dir}"
local ci_dir_name=".ci" local ci_dir_name=".ci"
sudo -E PATH=$PATH -s "${ci_dir_name}/install_go.sh" -p -f sudo -E PATH=$PATH -s "${ci_dir_name}/install_go.sh" -p -f
sudo -E PATH=$PATH -s "${ci_dir_name}/install_rust.sh" sudo -E PATH=$PATH -s "${ci_dir_name}/install_rust.sh"
# Need to change ownership of rustup so later process can create temp files there
sudo chown -R ${USER}:${USER} "${HOME}/.rustup"
checkout_kata_containers_repo
# Run setup, but don't install kata as we will build it ourselves in locations matching the developer guide # Run setup, but don't install kata as we will build it ourselves in locations matching the developer guide
export INSTALL_KATA="no" export INSTALL_KATA="no"
@ -173,7 +178,7 @@ initialize() {
popd popd
} }
check_out_repos() { checkout_tests_repo() {
echo "Creating repo: ${tests_repo} and branch ${tests_branch} into ${tests_repo_dir}..." echo "Creating repo: ${tests_repo} and branch ${tests_branch} into ${tests_repo_dir}..."
# Due to git https://github.blog/2022-04-12-git-security-vulnerability-announced/ the tests repo needs # Due to git https://github.blog/2022-04-12-git-security-vulnerability-announced/ the tests repo needs
# to be owned by root as it is re-checked out in rootfs.sh # to be owned by root as it is re-checked out in rootfs.sh
@ -186,22 +191,18 @@ check_out_repos() {
sudo -E git checkout ${tests_branch} sudo -E git checkout ${tests_branch}
fi fi
sudo -E git reset --hard origin/${tests_branch} sudo -E git reset --hard origin/${tests_branch}
popd
source "${BATS_TEST_DIRNAME}/lib.sh" source "${BATS_TEST_DIRNAME}/lib.sh"
source "${BATS_TEST_DIRNAME}/../../confidential/lib.sh" source "${BATS_TEST_DIRNAME}/../../confidential/lib.sh"
}
popd # Note: clone_katacontainers_repo using go, so that needs to be installed first
checkout_kata_containers_repo() {
echo "Creating repo: ${katacontainers_repo} and branch ${katacontainers_branch} into ${katacontainers_repo_dir}..." source "${tests_repo_dir}/.ci/lib.sh"
mkdir -p $(dirname "${katacontainers_repo_dir}") echo "Creating repo: ${katacontainers_repo} and branch ${kata_default_branch} into ${katacontainers_repo_dir}..."
[ -d "${katacontainers_repo_dir}" ] || git clone "https://${katacontainers_repo}.git" "${katacontainers_repo_dir}" clone_katacontainers_repo
pushd "${katacontainers_repo_dir}" sudo -E chown -R ${USER}:${USER} "${katacontainers_repo_dir}"
git fetch
if [ -n "${katacontainers_branch}" ]; then
git checkout ${katacontainers_branch}
fi
git reset --hard origin/${katacontainers_branch}
popd
} }
build_and_install_kata_runtime() { build_and_install_kata_runtime() {