tests: Remove privilege dropping for image builds

This just does not work reliably at all. We change uid/gid but keep
all the environment variables which is just a recipe for issues. Let's
enforce running everything as root if one wants to run the tests that
require root privileges.

diff --git a/tests/__init__.py b/tests/__init__.py
index 07438c3b4839ee5de491e2693e8da0c692bd2aa9..622d3b43814215e304383a2df256721edcbf77ba 100644 (file)
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -31,9 +31,6 @@ class ImageConfig:
 class Image:
     def __init__(self, config: ImageConfig) -> None:
         self.config = config
-        st = Path.cwd().stat()
-        self.uid = st.st_uid
-        self.gid = st.st_gid
 
     def __enter__(self) -> "Image":
         self.output_dir = Path(os.getenv("TMPDIR", "/var/tmp")) / uuid.uuid4().hex[:16]
@@ -108,15 +105,13 @@ class Image:
             *options,
         ]  # fmt: skip
 
-        self.mkosi("summary", opt, user=self.uid, group=self.uid, env=env)
+        self.mkosi("summary", opt, env=env)
 
         return self.mkosi(
             "build",
             opt,
             args,
             stdin=sys.stdin if sys.stdin.isatty() else None,
-            user=self.uid,
-            group=self.gid,
             env=env,
         )
 
@@ -152,8 +147,6 @@ class Image:
             ],
             args,
             stdin=sys.stdin if sys.stdin.isatty() else None,
-            user=self.uid,
-            group=self.gid,
             check=False,
         )
 
@@ -163,7 +156,7 @@ class Image:
         return result
 
     def genkey(self) -> CompletedProcess:
-        return self.mkosi("genkey", ["--force"], user=self.uid, group=self.gid)
+        return self.mkosi("genkey", ["--force"])
 
 
 @pytest.fixture(scope="session", autouse=True)

diff --git a/tests/test_signing.py b/tests/test_signing.py
index 9b3dbf823ef1d3e7bea91c0a923093ce4c567ea2..4bcb2050e5be4c8baaa28edbe873db84a975e656 100644 (file)
--- a/tests/test_signing.py
+++ b/tests/test_signing.py
@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 
-import os
 import tempfile
 from pathlib import Path
 
@@ -23,7 +22,6 @@ def test_signing_checksums_with_sop(config: ImageConfig) -> None:
 
     with tempfile.TemporaryDirectory() as path, Image(config) as image:
         tmp_path = Path(path)
-        os.chown(tmp_path, image.uid, image.gid)
 
         signing_key = tmp_path / "signing-key.pgp"
         signing_cert = tmp_path / "signing-cert.pgp"
@@ -50,27 +48,17 @@ def test_signing_checksums_with_sop(config: ImageConfig) -> None:
 def test_signing_checksums_with_gpg(config: ImageConfig) -> None:
     with tempfile.TemporaryDirectory() as path, Image(config) as image:
         tmp_path = Path(path)
-        os.chown(tmp_path, image.uid, image.gid)
 
         signing_key = "mkosi-test@example.org"
         signing_cert = tmp_path / "signing-cert.pgp"
         gnupghome = tmp_path / ".gnupg"
-
-        env = dict(GNUPGHOME=str(gnupghome))
-
-        # Creating GNUPGHOME directory and appending an *empty* common.conf
-        # file stops GnuPG from spawning keyboxd which causes issues when switching
-        # users. See https://stackoverflow.com/a/72278246 for details
         gnupghome.mkdir()
-        os.chown(gnupghome, image.uid, image.gid)
-        (gnupghome / "common.conf").touch()
+        env = dict(GNUPGHOME=str(gnupghome))
 
         # create a brand new signing key
         run(
             cmdline=["gpg", "--quick-gen-key", "--batch", "--passphrase", "", signing_key],
             env=env,
-            user=image.uid,
-            group=image.gid,
         )
 
         # export public key (certificate)
@@ -79,8 +67,6 @@ def test_signing_checksums_with_gpg(config: ImageConfig) -> None:
                 cmdline=["gpg", "--export", signing_key],
                 env=env,
                 stdout=o,
-                user=image.uid,
-                group=image.gid,
             )
 
         image.build(options=["--checksum=true", "--sign=true", f"--key={signing_key}"], env=env)