microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Image Customizer: Validate HOME and USER env vars. (#9900) 

The gpg command, and by extension, the tdnf command expects the USER and HOME environment variables to be valid for the OS they are running under (including under chroot). Since, the image customizer tool is typically run under `sudo` and since root is always a valid user, this generally isn't a problem. But this isn't true if `sudo -E` is used. And this can result in strange difficult to diganose errors in tdnf. So, this change verifies that `sudo -E` isn't being used.
This commit is contained in:
Chris Gunn 2024-07-23 12:01:25 -07:00 коммит произвёл GitHub
Родитель 643ca821ed
Коммит 8eb68c37b4
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
1 изменённых файлов: 31 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

31
toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
Просмотреть файл

@ -230,6 +230,11 @@ func CustomizeImage(buildDir string, baseConfigPath string, config *imagecustomi
}
}()
err = checkEnvironmentVars()
if err != nil {
return err
}
// ensure build and output folders are created up front
err = os.MkdirAll(imageCustomizerParameters.buildDirAbs, os.ModePerm)
if err != nil {
@ -897,3 +902,29 @@ func humanReadableUnitSizeAndName(size int64) (int64, string) {
return 1, "B"
}
}
func checkEnvironmentVars() error {
// Some commands, like tdnf (and gpg), require the USER and HOME environment variables to make sense in the OS they
// are running under. Since the image customization tool is pretty much always run under root/sudo, this will
// generally always be the case since root is always a valid user. However, this might not be true if the user
// decides to use `sudo -E` instead of just `sudo`. So, check for this to avoid the user running into confusing
// tdnf errors.
//
// In an ideal world, the USER, HOME, and PATH environment variables should be overridden whenever an external
// command is called under chroot. But such a change would be quite involved.
const (
rootHome = "/root"
rootUser = "root"
)
envHome := os.Getenv("HOME")
envUser := os.Getenv("USER")
if envHome != rootHome || envUser != rootUser {
return fmt.Errorf("tool should be run as root (e.g. by using sudo):\n"+
"HOME must be set to '%s' and USER must be set to '%s'",
rootHome, rootUser)
}
return nil
}