Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make use of sudo optional #176

Merged
merged 3 commits into from
Feb 18, 2024
Merged

make use of sudo optional #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2fd7d5e
enable the option for users to choose whether to utilize sudo.
khizunov Feb 13, 2024
35e724d
ignore boolean in env interpolation
khizunov Feb 13, 2024
3b52851
fix empty env
khizunov Feb 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,28 @@ export LANG="en_US.UTF-8"

## Note for Linux Users with Docker

If you run on Linux and use Docker without sudo, Skipper will create a dedicated user inside the build container with both root and docker groups. Commands are executed on behalf of this user.
## Running Skipper on Linux without sudo

To preserve the environment (e.g., PATH), Skipper uses the `su` command with the `-m` flag. However, on Debian distros, even with the `-m` flag specified, the PATH variable may be reset. As a workaround, Skipper attempts to use `sudo -sE` (if installed) as an alternative to maintain the environment.
If you are running Skipper on Linux without sudo, Skipper will create a dedicated user inside the build container with both root and docker groups. All commands will be executed on behalf of this user.

If you prefer to use sudo, please install it in the build container. Additionally, it is required to disable `env_reset` with `secure_path` in `/etc/sudoers` Deafults.
To preserve the environment, Skipper uses the `su` command with the `-m` flag. However, on Debian distros, the PATH variable may be reset even with the `-m` flag specified. To work around this issue, Skipper provides an alternative option using `sudo -sE`.

To use `sudo -sE` as an alternative:

1. Install `sudo` in the build container.
2. Disable `env_reset` with `secure_path` in the `/etc/sudoers` defaults.
3. Set the `SKIPPER_USE_SUDO` environment variable to `"true"`.

```shell
export SKIPPER_USE_SUDO="true"
```

```yaml
# skipper.yaml

env:
SKIPPER_USE_SUDO: "true"
```

**Note:** This information is crucial for a seamless experience when using Skipper with Docker on Linux.

Expand Down
2 changes: 2 additions & 0 deletions skipper/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ def _normalize_config(config, normalized_config):


def _interpolate_env_vars(key):
if not key or isinstance(key, bool):
return key
for match in findall(r'\$\(.+\)', key):
output = check_output("echo " + match, shell=True).strip().decode("utf-8")
if not output:
Expand Down
6 changes: 2 additions & 4 deletions skipper/data/skipper-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,8 @@ if ! [ -z "${SKIPPER_DOCKER_GID}" ];then
usermod -G root ${SKIPPER_USERNAME}
fi

if sudo -l -U ${SKIPPER_USERNAME} 2> /dev/null; then
# for debian distros (maybe for others too) -m flag resets the PATH variable
# so we need to use sudo -E to preserve the PATH
sudo -sE -u ${SKIPPER_USERNAME} $@
if [ "$SKIPPER_USE_SUDO" == "true" ]; then
sudo -sE -u ${SKIPPER_USERNAME} "$@"
else
su -m ${SKIPPER_USERNAME} -c "$@"
fi
Expand Down
Loading