Open pki-bot opened 4 years ago
Comment from dmoluguw (@SilleBille) at 2020-04-08 15:07:26
While spawning, the removal happens as pkiuser
and not the current user. This is achieved by using sudo -u
in the script...
https://github.com/dogtagpki/pki/blob/master/base/server/python/pki/server/subsystem.py#L943
As ab pointed out in the IRC conversation, sudo -u
can be replaced by runuser -u
, which is part of util-linux
package
Comment from dmoluguw (@SilleBille) at 2020-04-08 15:07:28
Metadata Update from @SilleBille:
Comment from dmoluguw (@SilleBille) at 2020-07-23 14:18:21
The issue is fixed via PR: https://github.com/dogtagpki/pki/pull/494
The PR will be merged after 10.9 branching occurs (ie) it will be included in the PKI 10.10+. This issue should stay open until the PR gets merged.
The fix for this is merged into master
, so closing:
git log | grep -A 10 "commit 49585867207922479644a03078c29548de02cd03"
commit 49585867207922479644a03078c29548de02cd03
Author: Dinesh Prasanth M K <dmoluguw@redhat.com>
Date: Thu Jul 23 10:56:39 2020 -0400
Move from sudo to runuser
This patch migrates usage of sudo to runuser. In containers
sudo is not installed by default. Whereas, `runuser` is part of
'util-linux' pacakge, whcih is installed by default
Fixes: https://pagure.io/dogtagpki/issue/3171
This issue was migrated from Pagure Issue #3171. Originally filed by abbra (@abbra) on 2020-04-08 14:49:21:
Attempted FreeIPA installation on Debian unstable using a container which didn't have sudo package installed,
pkispawn
failed with the following message inpki-ca-spawn.<DATE>.log
:I think sudo is definitely shouldn't be needed for running as root in a container: