]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
Only mount ephemeral build sources for package managers when running as root
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 22 Feb 2024 07:47:52 +0000 (08:47 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 22 Feb 2024 12:31:21 +0000 (13:31 +0100)
If we're not running as root, we won't have permissions to do the overlay
mount. Hopefully bubblewrap will eventually get overlayfs support which would
make this possible.

mkosi/installer/apt.py
mkosi/installer/dnf.py
mkosi/installer/pacman.py
mkosi/installer/zypper.py

index 0234cdd8a66cd3835e39734d862d4b8ef9fa7944..3e9ab6cafe152f719544a85bf53a98288811d46a 100644 (file)
@@ -1,4 +1,5 @@
 # SPDX-License-Identifier: LGPL-2.1+
+import os
 import textwrap
 from collections.abc import Iterable, Sequence
 from pathlib import Path
@@ -174,7 +175,10 @@ class Apt(PackageManager):
         mounts: Sequence[PathString] = (),
         stdout: _FILE = None,
     ) -> CompletedProcess:
-        with finalize_source_mounts(context.config, ephemeral=context.config.build_sources_ephemeral) as sources:
+        with finalize_source_mounts(
+            context.config,
+            ephemeral=os.getuid() == 0 and context.config.build_sources_ephemeral,
+        ) as sources:
             return run(
                 cls.cmd(context, "apt-get") + [operation, *arguments],
                 sandbox=(
index ca831c4a68ee736851727464b56e7bebeb5de746..3a745099038ca51b2892885ecf7a93116431ebfe 100644 (file)
@@ -1,4 +1,5 @@
 # SPDX-License-Identifier: LGPL-2.1+
+import os
 import textwrap
 from collections.abc import Iterable, Sequence
 from pathlib import Path
@@ -160,7 +161,10 @@ class Dnf(PackageManager):
         stdout: _FILE = None,
     ) -> CompletedProcess:
         try:
-            with finalize_source_mounts(context.config, ephemeral=context.config.build_sources_ephemeral) as sources:
+            with finalize_source_mounts(
+                context.config,
+                ephemeral=os.getuid() == 0 and context.config.build_sources_ephemeral,
+            ) as sources:
                 return run(
                     cls.cmd(context) + [operation,*arguments],
                     sandbox=(
index 2ecb988376e3476944e6a548a6c9f0dd4f792841..de240f5314dca038f51022492d43188d53546f9c 100644 (file)
@@ -1,4 +1,5 @@
 # SPDX-License-Identifier: LGPL-2.1+
+import os
 import shutil
 import textwrap
 from collections.abc import Iterable, Sequence
@@ -150,7 +151,10 @@ class Pacman(PackageManager):
         apivfs: bool = False,
         stdout: _FILE = None,
     ) -> CompletedProcess:
-        with finalize_source_mounts(context.config, ephemeral=context.config.build_sources_ephemeral) as sources:
+        with finalize_source_mounts(
+            context.config,
+            ephemeral=os.getuid() == 0 and context.config.build_sources_ephemeral,
+        ) as sources:
             return run(
                 cls.cmd(context) + [operation, *arguments],
                 sandbox=(
index 6e09c9b68ecb94d4c93c55dfed5684c20c083669..148aba5632f5de0560309bd3246a86d7bc3cba37 100644 (file)
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: LGPL-2.1+
 import hashlib
+import os
 import textwrap
 from collections.abc import Iterable, Sequence
 from pathlib import Path
@@ -120,7 +121,10 @@ class Zypper(PackageManager):
         apivfs: bool = False,
         stdout: _FILE = None,
     ) -> CompletedProcess:
-        with finalize_source_mounts(context.config, ephemeral=context.config.build_sources_ephemeral) as sources:
+        with finalize_source_mounts(
+            context.config,
+            ephemeral=os.getuid() == 0 and context.config.build_sources_ephemeral,
+        ) as sources:
             return run(
                 cls.cmd(context) + [operation, *arguments],
                 sandbox=(