Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make sudo work #46

Open
rossburton opened this issue Jul 8, 2020 · 2 comments
Open

Make sudo work #46

rossburton opened this issue Jul 8, 2020 · 2 comments

Comments

@rossburton
Copy link

I wanted to use Concourse CI with a crops/poky image. The first problem was that concourse ignores ENTRYPOINT and just drops into the image using the last user defined, which is usersetup. Annoying but worked around by using crops/yocto instead.

Then I discover that basically to do a build with concourse I need to sudo as root to fix ownership of some files. Can you make password-less sudo work for the build user?

@rewitt1
Copy link
Contributor

rewitt1 commented Jul 8, 2020

I'm not familiar with Concourse CI so I would need to do some research. I don't understand why it would ignore the entrypoint.

Then I discover that basically to do a build with concourse I need to sudo as root to fix ownership of some files.

The ability to run sudo seems like another odd assumption to make. What files?

Can you make password-less sudo work for the build user?

I would much rather figure out another way around this problem. Even if I did do this I would make want to make it an argument to the entrypoint rather than be default, but if it is ignored that wouldn't be possible.

If you need it NOW most immediate solution would be to build the image locally with /etc/sudoers set up as desired.

@rossburton
Copy link
Author

I'm not familiar with Concourse CI so I would need to do some research. I don't understand why it would ignore the entrypoint.

Explicit design decision, I believe.

Then I discover that basically to do a build with concourse I need to sudo as root to fix ownership of some files.

The ability to run sudo seems like another odd assumption to make. What files?

So the 'fetch sources' task runs as root, so if you're in the container as a non-root user you can't write to those files, or even the directory you're meant to write files to. Workaround is to sudo chown everything.

concourse/concourse#403

Can you make password-less sudo work for the build user?

I would much rather figure out another way around this problem. Even if I did do this I would make want to make it an argument to the entrypoint rather than be default, but if it is ignored that wouldn't be possible.

If you need it NOW most immediate solution would be to build the image locally with /etc/sudoers set up as desired.

I suspected that would be the most effective way of progressing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants