qwerty287
commented
1 month ago Shouldn't it only possible to use this when the repo is trusted? Where is this checked?
Closed anbraten closed 1 month ago
qwerty287
commented
1 month ago Shouldn't it only possible to use this when the repo is trusted? Where is this checked?
xoxys
commented
1 month ago Yep, it looks like it ignores the entire discussion from the linked PR.
anbraten
commented
1 month ago Step privileged is only set in case its a plugin and in the list of privileged plugins:
Or if the privileged: true option is set.
In case a user tries to set that option without having a trusted repo he will get a linter error from:
qwerty287
commented
1 month ago Yes, but there's no linter for securityContext option. You can set that on any step and make the step privileged.
anbraten
commented
1 month ago Setting the security-context / user / group to 0 (root) or fs-group etc is checked here and will only work for privileged steps which can only be allowed by trusted plugins or by setting privileged: true which can only be done if the repo is trusted:
anbraten
commented
1 month ago Yep, it looks like it ignores the entire discussion from the linked PR.
It solves the issue that the woodpeckerci/plugin-docker-buildx plugin can only be used if a securityContext is explicitly configured. For already privileged steps (trusted plugins) this wont be necessary anymore now.
qwerty287
commented
1 month ago And this is the only option that could be dangerous?
anbraten
commented
1 month ago At least those are the options we have and the checks we do:
anbraten
commented
1 month ago My goal was to simply fix the actual issue #3537 first 🤷🏾 . Changing the logic to require a trusted repo for the buildx plugin is somehow a different change IMO (at least that's how the docker backend works and the docs explain it to the users) .
Requiring a trusted repo to manually set the securityContext could be done separately.
qwerty287
commented
1 month ago Thanks, yes, in general it should work like docker. However, users should not be allowed to set dangerous options without the repo being trusted. Maybe we can merge this as a hotfix so we can finally release 2.5.0 and revisit this whole topic again? I'm not really in the discussion of this issue so I can't really tell you whether this solution was discussed already and rejected or whatever. Maybe @xoxys you can tell us more about k8s and this discussion I think?
xoxys
commented
1 month ago I would suggest to involve the people that have created, contributed and tested the original PR. This entire discussion should have been done in the existing PR instead of just starting a new one...
qwerty287
commented
1 month ago What about this now? Would it be fine to get it merged as hotfix and then rework the whole thing again? I really would like to get 2.5.0 out.
HannesDampft
commented
1 month ago I would like to briefly share my perspective as a user of the Kubernetes backend. Recently, I had to downgrade to version 2.3 because it is not feasible to ask every user to adapt to a bug in Woodpecker that will eventually be reverted.
If this PR is skipped in the release, most Kubernetes users would likely have to skip this release, which would be unfortunate.
I sincerely appreciate the inclusion of this PR in the next release, as I expect most of us users would.
anbraten
commented
1 month ago Thanks for approving.
Please use a new discussion to revert these changes and make it how it should work ideally, but the bug should be fixed asap.
We can just move on with #3538 as this is part of it.
closes #3537