[Piuparts-devel] [Git][debian/piuparts][helmutg/feature-nonroot] 3 commits: Add autopkgtest for unshared piuparts

Nicolas Dandrimont (@olasd) gitlab at salsa.debian.org
Thu Nov 14 10:01:00 GMT 2024



Nicolas Dandrimont pushed to branch helmutg/feature-nonroot at Debian / piuparts


Commits:
bd35c1ca by Nicolas Dandrimont at 2024-11-14T10:48:36+01:00
Add autopkgtest for unshared piuparts

- - - - -
451b6cc2 by Helmut Grohne at 2024-11-14T10:48:36+01:00
attempt to fix unshared piuparts on gitlab runners

We get "Permission denied" while debootstrap tries to mount its proc
filesystem. I guess that we somehow fail the mnt_already_visible test in
fs/namespace.c. If that holds true, mounting an initial proc should
help.

- - - - -
2e8af6a8 by Nicolas Dandrimont at 2024-11-14T10:48:36+01:00
skip unshare autopkgtest if --mount-proc is unavailable

The salsaci runners are running on docker, which shadows enough parts of
/proc that unshare is unable to remount it in the new namespace. Skip
the test if that's the case.

- - - - -


3 changed files:

- debian/tests/control
- + debian/tests/unshare
- piuparts.py


Changes:

=====================================
debian/tests/control
=====================================
@@ -5,3 +5,7 @@ Restrictions: needs-root
 Tests: all-python-versions
 Depends: piuparts, python3-all, debootstrap
 Restrictions: needs-root
+
+Tests: unshare
+Depends: piuparts, uidmap, debootstrap
+Restrictions: needs-root, skippable


=====================================
debian/tests/unshare
=====================================
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -eu
+
+if [ -z "$AUTOPKGTEST_NORMAL_USER" ]; then
+    echo "No normal user available, test cannot be run"
+    exit 77
+fi
+
+AUTOPKGTEST_NORMAL_UID="$(id -u "$AUTOPKGTEST_NORMAL_USER")"
+AUTOPKGTEST_NORMAL_GID="$(id -g "$AUTOPKGTEST_NORMAL_USER")"
+
+if ! grep -qx "$AUTOPKGTEST_NORMAL_UID:.*" /etc/subuid; then
+    echo "Adding a subuid allocation for $AUTOPKGTEST_NORMAL_USER"
+    echo "$AUTOPKGTEST_NORMAL_UID:1000000:65536" >> /etc/subuid
+fi
+
+if ! grep -qx "$AUTOPKGTEST_NORMAL_GID:.*" /etc/subgid; then
+    echo "Adding a subgid allocation for $AUTOPKGTEST_NORMAL_USER's group"
+    echo "$AUTOPKGTEST_NORMAL_GID:1000000:65536" >> /etc/subgid
+fi
+
+if ! unshare --user --map-auto --setuid 0 --setgid 0 --mount --pid --fork --mount-proc true; then
+    echo "Unshare failed, bailing"
+    exit 77
+fi
+
+. "$(dirname "$0")/common.sh"
+
+echo running "$0"
+
+test_this piuparts --version
+
+cd "$AUTOPKGTEST_TMP"
+
+create_packages
+
+chown "$AUTOPKGTEST_NORMAL_USER:" t.deb f.deb
+
+test_this runuser -u "$AUTOPKGTEST_NORMAL_USER" -- piuparts t.deb


=====================================
piuparts.py
=====================================
@@ -3651,6 +3651,7 @@ def main():
                 "--mount",
                 "--pid",
                 "--fork",
+                "--mount-proc",
                 *sys.argv,
             ],
         )



View it on GitLab: https://salsa.debian.org/debian/piuparts/-/compare/07602b82fda617980051e9ca89c7bfc88bd963d7...2e8af6a885c43f71fb11a3fd182608e750588f3f

-- 
View it on GitLab: https://salsa.debian.org/debian/piuparts/-/compare/07602b82fda617980051e9ca89c7bfc88bd963d7...2e8af6a885c43f71fb11a3fd182608e750588f3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/piuparts-devel/attachments/20241114/f8c7e3cf/attachment-0001.htm>


More information about the Piuparts-devel mailing list