search

crops / yocto-dockerfiles

This repository is for -base and -builder containers for building derivative containers (such as poky-container) for containerized Yocto Project builds.
GNU General Public License v2.0
145 stars 58 forks source link

Make sudo work #46

Open rossburton opened 4 years ago

rossburton commented 4 years ago

I wanted to use Concourse CI with a crops/poky image. The first problem was that concourse ignores ENTRYPOINT and just drops into the image using the last user defined, which is usersetup. Annoying but worked around by using crops/yocto instead.

Then I discover that basically to do a build with concourse I need to sudo as root to fix ownership of some files. Can you make password-less sudo work for the build user?

rewitt1 commented 4 years ago

I'm not familiar with Concourse CI so I would need to do some research. I don't understand why it would ignore the entrypoint.

Then I discover that basically to do a build with concourse I need to sudo as root to fix ownership of some files.

The ability to run sudo seems like another odd assumption to make. What files?

Can you make password-less sudo work for the build user?

I would much rather figure out another way around this problem. Even if I did do this I would make want to make it an argument to the entrypoint rather than be default, but if it is ignored that wouldn't be possible.

If you need it NOW most immediate solution would be to build the image locally with /etc/sudoers set up as desired.

rossburton commented 4 years ago

I'm not familiar with Concourse CI so I would need to do some research. I don't understand why it would ignore the entrypoint.

Explicit design decision, I believe.

Then I discover that basically to do a build with concourse I need to sudo as root to fix ownership of some files.

The ability to run sudo seems like another odd assumption to make. What files?

So the 'fetch sources' task runs as root, so if you're in the container as a non-root user you can't write to those files, or even the directory you're meant to write files to. Workaround is to sudo chown everything.

https://github.com/concourse/concourse/issues/403

Can you make password-less sudo work for the build user?

I would much rather figure out another way around this problem. Even if I did do this I would make want to make it an argument to the entrypoint rather than be default, but if it is ignored that wouldn't be possible.

If you need it NOW most immediate solution would be to build the image locally with /etc/sudoers set up as desired.

I suspected that would be the most effective way of progressing.