Cirrus: Fix ownership of repos. to keep git happy

Newer versions of git are much more pedantic about who owns the
repository files.  When setting up to run rootless, prior to this
commit, the repo. ownership was changed from root.  This causes
all subsequent git-operations as root to fail:

    ```
    fatal: unsafe repository ('<$GOSRC>' is owned by someone else)
    ```

Fix this by re-ordering operations, such that the change in ownership is
done immediately before executing as a user.  Also disable the
git-ownership check on the source repository assuming the CI environment
is disposable.

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich 2022-04-26 14:38:43 -04:00
parent d4e30b33a1
commit 9c0c29f086
No known key found for this signature in database
GPG Key ID: 03EDC70FD578067F
3 changed files with 12 additions and 4 deletions

View File

@ -169,10 +169,6 @@ setup_rootless() {
groupadd -g $rootless_gid $ROOTLESS_USER
useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
# We also set up rootless user for image-scp tests (running as root)
if [[ $PRIV_NAME = "rootless" ]]; then
chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
fi
echo "$ROOTLESS_USER ALL=(root) NOPASSWD: ALL" > /etc/sudoers.d/ci-rootless
mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh"

View File

@ -449,6 +449,13 @@ if [[ "$PRIV_NAME" == "rootless" ]] && [[ "$UID" -eq 0 ]]; then
# https://github.com/containers/podman/issues/10857
rm -rf /var/lib/cni
# This must be done at the last second, otherwise `make` calls
# in setup_environment (as root) will balk about ownership.
msg "Recursively chowning \$GOPATH and \$GOSRC to $ROOTLESS_USER"
if [[ $PRIV_NAME = "rootless" ]]; then
chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
fi
req_env_vars ROOTLESS_USER
msg "Re-executing runner through ssh as user '$ROOTLESS_USER'"
msg "************************************************************"

View File

@ -42,6 +42,8 @@ cp hack/podman-registry /bin
_gc='git config --file /root/.gitconfig'
$_gc user.email "TMcTestFace@example.com"
$_gc user.name "Testy McTestface"
# Bypass git safety/security checks when operating in a throwaway environment
git config --system --add safe.directory $GOSRC
# Ensure that all lower-level contexts and child-processes have
# ready access to higher level orchestration (e.g Cirrus-CI)
@ -304,6 +306,9 @@ case "$TEST_FLAVOR" in
# Guarantee the docker daemon can't be started, even by accident
rm -vf $(type -P dockerd)
msg "Recursively chowning source to $ROOTLESS_USER"
chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
msg "Obtaining necessary gitlab-runner testing bits"
slug="gitlab.com/gitlab-org/gitlab-runner"
helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh"