From: Daan De Meyer Date: Tue, 21 Jan 2025 22:33:37 +0000 (+0100) Subject: tests: Remove privilege dropping for image builds X-Git-Tag: v25~12^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df2b1fe6b96a0e3d74e351ffe6ec345bc98e63b2;p=thirdparty%2Fmkosi.git tests: Remove privilege dropping for image builds This just does not work reliably at all. We change uid/gid but keep all the environment variables which is just a recipe for issues. Let's enforce running everything as root if one wants to run the tests that require root privileges. --- diff --git a/tests/__init__.py b/tests/__init__.py index 07438c3b4..622d3b438 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -31,9 +31,6 @@ class ImageConfig: class Image: def __init__(self, config: ImageConfig) -> None: self.config = config - st = Path.cwd().stat() - self.uid = st.st_uid - self.gid = st.st_gid def __enter__(self) -> "Image": self.output_dir = Path(os.getenv("TMPDIR", "/var/tmp")) / uuid.uuid4().hex[:16] @@ -108,15 +105,13 @@ class Image: *options, ] # fmt: skip - self.mkosi("summary", opt, user=self.uid, group=self.uid, env=env) + self.mkosi("summary", opt, env=env) return self.mkosi( "build", opt, args, stdin=sys.stdin if sys.stdin.isatty() else None, - user=self.uid, - group=self.gid, env=env, ) @@ -152,8 +147,6 @@ class Image: ], args, stdin=sys.stdin if sys.stdin.isatty() else None, - user=self.uid, - group=self.gid, check=False, ) @@ -163,7 +156,7 @@ class Image: return result def genkey(self) -> CompletedProcess: - return self.mkosi("genkey", ["--force"], user=self.uid, group=self.gid) + return self.mkosi("genkey", ["--force"]) @pytest.fixture(scope="session", autouse=True) diff --git a/tests/test_signing.py b/tests/test_signing.py index 9b3dbf823..4bcb2050e 100644 --- a/tests/test_signing.py +++ b/tests/test_signing.py @@ -1,7 +1,6 @@ # SPDX-License-Identifier: LGPL-2.1-or-later -import os import tempfile from pathlib import Path @@ -23,7 +22,6 @@ def test_signing_checksums_with_sop(config: ImageConfig) -> None: with tempfile.TemporaryDirectory() as path, Image(config) as image: tmp_path = Path(path) - os.chown(tmp_path, image.uid, image.gid) signing_key = tmp_path / "signing-key.pgp" signing_cert = tmp_path / "signing-cert.pgp" @@ -50,27 +48,17 @@ def test_signing_checksums_with_sop(config: ImageConfig) -> None: def test_signing_checksums_with_gpg(config: ImageConfig) -> None: with tempfile.TemporaryDirectory() as path, Image(config) as image: tmp_path = Path(path) - os.chown(tmp_path, image.uid, image.gid) signing_key = "mkosi-test@example.org" signing_cert = tmp_path / "signing-cert.pgp" gnupghome = tmp_path / ".gnupg" - - env = dict(GNUPGHOME=str(gnupghome)) - - # Creating GNUPGHOME directory and appending an *empty* common.conf - # file stops GnuPG from spawning keyboxd which causes issues when switching - # users. See https://stackoverflow.com/a/72278246 for details gnupghome.mkdir() - os.chown(gnupghome, image.uid, image.gid) - (gnupghome / "common.conf").touch() + env = dict(GNUPGHOME=str(gnupghome)) # create a brand new signing key run( cmdline=["gpg", "--quick-gen-key", "--batch", "--passphrase", "", signing_key], env=env, - user=image.uid, - group=image.gid, ) # export public key (certificate) @@ -79,8 +67,6 @@ def test_signing_checksums_with_gpg(config: ImageConfig) -> None: cmdline=["gpg", "--export", signing_key], env=env, stdout=o, - user=image.uid, - group=image.gid, ) image.build(options=["--checksum=true", "--sign=true", f"--key={signing_key}"], env=env)