Executing the render-template script with root privileges with now fail. For example, as part of the TinyPilot installation:
$ apt-get install -y ./tinypilot_20240128105411_armhf.deb
...
Preparing to unpack .../tinypilot_20240128105411_armhf.deb ...
Unpacking tinypilot (20240128105411) over (20240128094116) ...
Setting up tinypilot (20240128105411) ...
Warning: The home dir /home/tinypilot you specified already exists.
The system user `tinypilot' already exists. Exiting.
/opt/tinypilot /
This script doesn't require root privileges.
Please re-run as tinypilot:
runuser tinypilot --command './scripts/render-template'
dpkg: error processing package tinypilot (--configure):
installed tinypilot package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
tinypilot
E: Sub-process /usr/bin/dpkg returned an error code (1)
+ clean_up
+ umount --lazy /mnt/tinypilot-installer
+ rm -rf /opt/tinypilot-updater /mnt/tinypilot-installer
Notes
We had to expand the previously used render-template command into multiple independent commands because the exit code was being ignored/swallowed.
To execute render-template as the tinypilot user, we use the runuser command instead of su. Based on the runuser manual, runuser can only be used by root users which is currently the only way we use render-template:
The difference between the commands runuser and su is that runuser does not ask
for a password (because it may be executed by the root user only)
and it uses a different PAM configuration.
Resolves https://github.com/tiny-pilot/tinypilot-pro/issues/1190
Please refer to https://github.com/tiny-pilot/tinypilot-pro/issues/1190#issue-2094765706 for PR rationale.
Executing the
render-template
script with root privileges with now fail. For example, as part of the TinyPilot installation:Notes
render-template
command into multiple independent commands because the exit code was being ignored/swallowed.To execute
render-template
as thetinypilot
user, we use therunuser
command instead ofsu
. Based on therunuser
manual,runuser
can only be used by root users which is currently the only way we userender-template
: