mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
Bug 1426445
: Add sanity check that worker uid/gid is 1000 in run-task; r=dustin,gps
MozReview-Commit-ID: 7T7rQpLhJIN --HG-- extra : rebase_source : 950b111946ef3248aedb825d280754954b8f54ad
This commit is contained in:
parent
1438296c97
commit
13f8033d55
@ -5,8 +5,8 @@ MAINTAINER Mike Hommey <mhommey@mozilla.com>
|
||||
|
||||
### Add worker user and setup its workspace.
|
||||
RUN mkdir /builds && \
|
||||
groupadd -g 500 worker && \
|
||||
useradd -u 500 -g 500 -d /builds/worker -s /bin/bash -m worker && \
|
||||
groupadd -g 1000 worker && \
|
||||
useradd -u 1000 -g 1000 -d /builds/worker -s /bin/bash -m worker && \
|
||||
mkdir -p /builds/worker/workspace && \
|
||||
chown -R worker:worker /builds
|
||||
|
||||
|
@ -2,8 +2,8 @@ FROM ubuntu:16.04
|
||||
MAINTAINER Johan Lorenzo <jlorenzo+tc@mozilla.com>
|
||||
|
||||
RUN mkdir /builds
|
||||
RUN groupadd -g 500 worker
|
||||
RUN useradd -u 500 -g 500 -d /builds/worker -s /bin/bash -m worker
|
||||
RUN groupadd -g 1000 worker
|
||||
RUN useradd -u 1000 -g 1000 -d /builds/worker -s /bin/bash -m worker
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install --yes git python3-setuptools build-essential libssl-dev libffi-dev python3-dev
|
||||
|
@ -289,6 +289,13 @@ def main(args):
|
||||
args.group)
|
||||
return 1
|
||||
|
||||
if user.pw_name == 'worker' and user.pw_uid != 1000:
|
||||
print('user `worker` must have uid=1000.')
|
||||
return 1
|
||||
if group.gr_name == 'worker' and group.gr_gid != 1000:
|
||||
print('group `worker` must have gid=1000.')
|
||||
return 1
|
||||
|
||||
# Find all groups to which this user is a member.
|
||||
gids = [g.gr_gid for g in grp.getgrall() if args.group in g.gr_mem]
|
||||
|
||||
|
@ -10,8 +10,8 @@ RUN dpkg --add-architecture i386 && apt-get -q update \
|
||||
&& apt-get clean
|
||||
|
||||
RUN mkdir /builds
|
||||
RUN groupadd -g 500 worker
|
||||
RUN useradd -u 500 -g 500 -d /builds/worker -s /bin/bash -m worker
|
||||
RUN groupadd -g 1000 worker
|
||||
RUN useradd -u 1000 -g 1000 -d /builds/worker -s /bin/bash -m worker
|
||||
WORKDIR /builds/worker
|
||||
|
||||
VOLUME /builds/worker/.cache
|
||||
|
@ -875,7 +875,7 @@ def build_docker_worker_payload(config, task, task_def):
|
||||
# string literal in the variable below can be changed. This is
|
||||
# preferred to changing run-task because it doesn't require images
|
||||
# to be rebuilt.
|
||||
cache_version = 'v2'
|
||||
cache_version = 'v3'
|
||||
|
||||
if run_task:
|
||||
suffix = '-%s-%s' % (cache_version, _run_task_suffix())
|
||||
|
Loading…
Reference in New Issue
Block a user