Fix the generation of the shell completions
While the test environment for the merge request set up by Zuul has
subordinate ID ranges set up [1], the CentOS Stream builders used by
'centpkg build' don't [2].
[1] https://gitlab.com/redhat/centos-stream/rpms/toolbox/-/merge_requests/59
[2] https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=2102196
Fallout from 6d8f4e2a69
Resolves: #2164984, #2165742
This commit is contained in:
parent
d00efc241e
commit
823a1ead07
149
toolbox-Don-t-validate-subordinate-IDs-when-generat.patch
Normal file
149
toolbox-Don-t-validate-subordinate-IDs-when-generat.patch
Normal file
@ -0,0 +1,149 @@
|
||||
From 52de8d4a933ab6a4b1b6ef1c02c7e9f1f834c4a5 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Wed, 1 Mar 2023 19:41:56 +0100
|
||||
Subject: [PATCH 1/3] cmd/root: Sprinkle a debug log
|
||||
|
||||
https://github.com/containers/toolbox/pull/1251
|
||||
---
|
||||
src/cmd/root.go | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||||
index 304b03dcd889..82fbfd651c33 100644
|
||||
--- a/src/cmd/root.go
|
||||
+++ b/src/cmd/root.go
|
||||
@@ -215,6 +215,7 @@ func migrate() error {
|
||||
logrus.Debug("Migrating to newer Podman")
|
||||
|
||||
if utils.IsInsideContainer() {
|
||||
+ logrus.Debug("Migration not needed: running inside a container")
|
||||
return nil
|
||||
}
|
||||
|
||||
--
|
||||
2.39.2
|
||||
|
||||
|
||||
From 0beab62c935cd1166d6b03f58c519bbc7b040221 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <rishi@fedoraproject.org>
|
||||
Date: Wed, 1 Mar 2023 19:46:11 +0100
|
||||
Subject: [PATCH 2/3] cmd/root: Shuffle some code around and sprinkle some
|
||||
debug logs
|
||||
|
||||
Having a separate convenience function reduces the indentation levels by
|
||||
at least one, and sometimes two, and makes it easy to have more detailed
|
||||
debug logs.
|
||||
|
||||
This will make the subsequent commit easier to read.
|
||||
|
||||
https://github.com/containers/toolbox/issues/1246
|
||||
---
|
||||
src/cmd/root.go | 32 ++++++++++++++++++++++++--------
|
||||
1 file changed, 24 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||||
index 82fbfd651c33..4c740ec60d38 100644
|
||||
--- a/src/cmd/root.go
|
||||
+++ b/src/cmd/root.go
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright © 2019 – 2022 Red Hat Inc.
|
||||
+ * Copyright © 2019 – 2023 Red Hat Inc.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error {
|
||||
if !utils.IsInsideContainer() {
|
||||
logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion)
|
||||
|
||||
- if currentUser.Uid != "0" {
|
||||
- logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username)
|
||||
-
|
||||
- if _, err := utils.ValidateSubIDRanges(currentUser); err != nil {
|
||||
- logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
||||
- return newSubIDError()
|
||||
- }
|
||||
+ if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil {
|
||||
+ return err
|
||||
}
|
||||
}
|
||||
|
||||
@@ -387,3 +382,24 @@ func setUpLoggers() error {
|
||||
|
||||
return nil
|
||||
}
|
||||
+
|
||||
+func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) {
|
||||
+ logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username)
|
||||
+
|
||||
+ if user.Uid == "0" {
|
||||
+ logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username)
|
||||
+ return true, nil
|
||||
+ }
|
||||
+
|
||||
+ if utils.IsInsideContainer() {
|
||||
+ logrus.Debug("Look-up not needed: running inside a container")
|
||||
+ return true, nil
|
||||
+ }
|
||||
+
|
||||
+ if _, err := utils.ValidateSubIDRanges(user); err != nil {
|
||||
+ logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
||||
+ return false, newSubIDError()
|
||||
+ }
|
||||
+
|
||||
+ return true, nil
|
||||
+}
|
||||
--
|
||||
2.39.2
|
||||
|
||||
|
||||
From d09c9cd1de41b6e85a6953902c9982778a423f3c Mon Sep 17 00:00:00 2001
|
||||
From: Jan Zerebecki <jan.suse@zerebecki.de>
|
||||
Date: Wed, 1 Mar 2023 19:52:28 +0100
|
||||
Subject: [PATCH 3/3] cmd/root: Don't validate subordinate IDs when generating
|
||||
the completions
|
||||
|
||||
Ever since commit bafbbe81c9220cb3, the shell completions are generated
|
||||
while building Toolbx using the 'completion' command. This involves
|
||||
running toolbox(1) itself, and hence validating the subordinate user and
|
||||
group ID ranges.
|
||||
|
||||
Unfortunately, some build environments, like openSUSE's, don't have
|
||||
subordinate ID ranges set up. Therefore, it's better to not validate
|
||||
the subordinate ID ranges when generating the shell completions, since
|
||||
they are generated by Cobra itself and subordinate ID ranges are not
|
||||
involved at all.
|
||||
|
||||
Note that subordinate ID ranges may be needed when the generated shell
|
||||
completions are actually used in interactive command line environments.
|
||||
The shell completions invoke the hidden '__complete' command to get the
|
||||
results that are presented to the user, and, if needed, the subordinate
|
||||
ID ranges will continue to be used by podman(1) as part of that.
|
||||
|
||||
Some changes by Debarshi Ray.
|
||||
|
||||
https://github.com/containers/toolbox/issues/1246
|
||||
https://github.com/containers/toolbox/pull/1249
|
||||
---
|
||||
src/cmd/root.go | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
||||
index 4c740ec60d38..efee8ce9990b 100644
|
||||
--- a/src/cmd/root.go
|
||||
+++ b/src/cmd/root.go
|
||||
@@ -396,6 +396,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo
|
||||
return true, nil
|
||||
}
|
||||
|
||||
+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
|
||||
+ logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName)
|
||||
+ return true, nil
|
||||
+ }
|
||||
+
|
||||
if _, err := utils.ValidateSubIDRanges(user); err != nil {
|
||||
logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
||||
return false, newSubIDError()
|
||||
--
|
||||
2.39.2
|
||||
|
@ -23,6 +23,7 @@ Source1: %{name}.conf
|
||||
|
||||
# Upstream
|
||||
Patch0: toolbox-Don-t-use-podman-1-when-generating-the-comp.patch
|
||||
Patch1: toolbox-Don-t-validate-subordinate-IDs-when-generat.patch
|
||||
|
||||
# RHEL specific
|
||||
Patch100: toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch
|
||||
@ -90,6 +91,7 @@ The %{name}-tests package contains system tests for %{name}.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%ifnarch ppc64
|
||||
%patch100 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user