[checkmk-commits] Build Windows agent as normal user within chroot

Module: check_mk Branch: master Commit: 5c28d0690345977fb0cafc1ba943120f4e80cd4c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5c28d069034597… Author: Jukka Aro &lt;ja(a)mathias-kettner.de&gt; Date: Thu Oct 19 11:46:25 2017 +0200 Build Windows agent as normal user within chroot Change-Id: I29983ac365eb565814ff633858d954ba34332abe --- agents/windows/Makefile.am | 11 ++++++----- agents/windows/chroot_version | 2 +- agents/windows/do-chroot | 11 +++++------ agents/windows/make-agent | 12 ++++-------- agents/windows/make-chroot | 7 +++++-- 5 files changed, 21 insertions(+), 22 deletions(-) diff --git a/agents/windows/Makefile.am b/agents/windows/Makefile.am index 74dce65..4afc13e 100644 --- a/agents/windows/Makefile.am +++ b/agents/windows/Makefile.am @@ -25,10 +25,11 @@ check_mk_agent.res: check_mk_agent.rc $(VPATH)/check_mk_agent.ico cp $(VPATH)/check_mk_agent.ico check_mk_agent.ico $(WINDRES) $< -O coff -o $@ -# Wine seems to depend on X Window authorization. Quiet "No protocol specified" -# warning by setting the DISPLAY variable accordingly. +# Wine depends on X Server and may produce a number of warnings at startup. +# Using Xvfb does not work properly, either. Simply send those stderr warnings +# to /dev/null as the test output will go to stdout (and/or xml file) anyway. unittest: WindowsAgentTest$(EXEEXT) - DISPLAY="$$DISPLAY xterm" wine WindowsAgentTest$(EXEEXT) + DISPLAY="$$DISPLAY xterm" wine WindowsAgentTest$(EXEEXT) 2>/dev/null check_mk_agent_SOURCES = \ Configurable.cc \ @@ -92,8 +93,8 @@ wmitest_SOURCES = wmitest.cc stringutil.cc WinApi.cc wmiHelper.cc CLEANFILES = \ *.ico *.res *.rc config.* stamp-* Makefile \ - sections/.dirstamp \ - $$(find .deps/ sections/.deps -type f) \ + sections/.dirstamp test/.dirstamp \ + $$(find .deps/ sections/.deps test/.deps -type f) \ $(addprefix $(bindir)/,$(bin_PROGRAMS)) \ $(patsubst %$(EXEEXT),%-64$(EXEEXT),$(addprefix $(bindir)/,$(bin_PROGRAMS))) \ $(patsubst %$(EXEEXT),%.msi,$(addprefix $(bindir)/,$(bin_PROGRAMS))) diff --git a/agents/windows/chroot_version b/agents/windows/chroot_version index 7ed6ff8..1e8b314 100644 --- a/agents/windows/chroot_version +++ b/agents/windows/chroot_version @@ -1 +1 @@ -5 +6 diff --git a/agents/windows/do-chroot b/agents/windows/do-chroot index a7b2043..fec56fa 100755 --- a/agents/windows/do-chroot +++ b/agents/windows/do-chroot @@ -2,13 +2,13 @@ # $1: cmd(s) to be executed within chroot jail # if non-existent, enter chroot jail with 'bash -l' -CMD="$1" +CMD="$1" export HOSTNAME=cmk-windows-agent-chroot unset LANG CHROOTNAME=WinAgent -BASE="$(dirname "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")")" +BASE="$(realpath ../..)" if [ -z $CHROOT_PATH ]; then echo "ERROR: CHROOT_PATH not set" @@ -41,11 +41,10 @@ if [ ! -e $CHROOT_PATH/$CHROOT_BUILD_DIR/Makefile ] ; then fi if [ -n "$CMD" ] ; then - chroot $CHROOT_PATH \ - /usr/bin/env CHROOTNAME=$CHROOTNAME HOME=/root NEW_VERSION=$NEW_VERSION \ - bash -c "$CMD" + chroot $CHROOT_PATH /usr/bin/env CHROOTNAME=$CHROOTNAME \ + NEW_VERSION=$NEW_VERSION bash -c "$CMD" else - chroot $CHROOT_PATH /usr/bin/env CHROOTNAME=$CHROOTNAME HOME=/root bash -l + chroot $CHROOT_PATH /usr/bin/env CHROOTNAME=$CHROOTNAME bash -l fi umount $CHROOT_PATH/$CHROOT_BUILD_DIR diff --git a/agents/windows/make-agent b/agents/windows/make-agent index 7603f03..3199353 100755 --- a/agents/windows/make-agent +++ b/agents/windows/make-agent @@ -16,7 +16,7 @@ parse-args "$@" chroot_dependencies=(debootstrap debian-archive-keyring) versionfile=chroot_version -base="$(dirname "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")")" +base="$(realpath ../..)" # May be set from external environment. Otherwise use chroot # directory in agents/windows @@ -49,15 +49,11 @@ else CHROOT_BUILD_DIR=$CHROOT_BUILD_DIR ./make-chroot fi -# Build the Windows agent within chroot by calling the 'build-agent' script. +# Build the Windows agent within chroot by calling the 'build-agent' script as +# $SUDO_USER. CHROOT_PATH=$CHROOT_PATH CHROOT_BUILD_DIR=$CHROOT_BUILD_DIR \ NEW_VERSION=$NEW_VERSION ./do-chroot \ - "$CHROOT_BUILD_DIR/agents/windows/build-agent -j${njobs} $targets" + "/bin/su - $SUDO_USER -m -c '$CHROOT_BUILD_DIR/agents/windows/build-agent -j${njobs} $targets'" EXIT_CODE=$? -# Some cleanup: chown build artifacts to the original user. -find . -maxdepth 1 -regextype egrep \ --regex '(.*\.(exe|msi|m4|cache|in))|.*\/.*build.*|.*plugins|.*Makefile.*|.*configure|.*comp.*|.*install.*|.*missing' \ --exec chown -R $USER:$USER {} \; - exit $EXIT_CODE diff --git a/agents/windows/make-chroot b/agents/windows/make-chroot index 96f0528..dd95603 100755 --- a/agents/windows/make-chroot +++ b/agents/windows/make-chroot @@ -10,7 +10,7 @@ MIRROR=http://de.archive.ubuntu.com/ubuntu export HOSTNAME=cmk-windows-agent-chroot export LC_ALL=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LANG=en_US.UTF-8 -BASE="$(dirname "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")")" +BASE="$(realpath ../..)" if [ -z $CHROOT_PATH ]; then echo "ERROR: CHROOT_PATH not set" @@ -78,7 +78,7 @@ package_names=( libio-socket-ssl-perl liblwp-mediatypes-perl liblwp-protocol-https-perl - libmailtools-perl + libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl @@ -144,6 +144,9 @@ if [ ! -h $CHROOT_PATH/usr/bin/python ] ; then ln -sf python2.7 $CHROOT_PATH/usr/bin/python fi +# Add user for building windows agent without root privileges +./do-chroot "useradd -lmo -u $(id -u $SUDO_USER) -s /bin/bash $SUDO_USER" + # "Disable" apt privilege dropping in chroot sed -ri 's/^_apt:x:[0-9]+:/_apt:x:0:/g' $CHROOT_PATH/etc/passwd