From bc9682373d55db8f56c7b3d4fcf4de5c4ba68afe Mon Sep 17 00:00:00 2001 From: Evgenii Alekseev Date: Thu, 28 Sep 2023 15:17:20 +0300 Subject: [PATCH] fix: processes in docker images and pass full environment to subprocesses Since 1.0.4 release devtools require systemd to be run in order to create slice for unit --- .github/workflows/setup.sh | 2 ++ .github/workflows/setup.yml | 4 ++-- .github/workflows/tests.yml | 2 +- Dockerfile | 3 +++ docker/systemd-nspawn.sh | 15 +++++++++++++++ src/ahriman/core/util.py | 5 ++++- 6 files changed, 27 insertions(+), 4 deletions(-) create mode 100755 docker/systemd-nspawn.sh diff --git a/.github/workflows/setup.sh b/.github/workflows/setup.sh index c15e1f13..0efece74 100755 --- a/.github/workflows/setup.sh +++ b/.github/workflows/setup.sh @@ -22,6 +22,8 @@ if [[ -z $MINIMAL_INSTALL ]]; then # additional features pacman --noconfirm -Sy gnupg python-boto3 rsync fi +# FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container +cp "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn" # create fresh tarball make VERSION=1.0.0 archlinux # well, it does not really matter which version we will put here diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index 9f03bb8e..462e8256 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest container: - image: archlinux:latest + image: archlinux:base volumes: - ${{ github.workspace }}:/build options: --privileged -w /build @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest container: - image: archlinux:latest + image: archlinux:base volumes: - ${{ github.workspace }}:/build options: --privileged -w /build diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7a43434e..7965bf52 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest container: - image: archlinux:latest + image: archlinux:base volumes: - ${{ github.workspace }}:/build options: -w /build diff --git a/Dockerfile b/Dockerfile index 0cf00b26..42ee2299 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,9 @@ RUN pacman -Sy --noconfirm --asdeps devtools git pyalpm python-cerberus python-i runuser -u build -- install-aur-package python-aioauth-client python-aiohttp-apispec-git python-aiohttp-jinja2 \ python-aiohttp-debugtoolbar python-aiohttp-session python-aiohttp-security +## FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container +COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn" + # install ahriman ## copy tree COPY --chown=build . "/home/build/ahriman" diff --git a/docker/systemd-nspawn.sh b/docker/systemd-nspawn.sh new file mode 100755 index 00000000..92902604 --- /dev/null +++ b/docker/systemd-nspawn.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# Since https://gitlab.archlinux.org/archlinux/devtools/-/commit/5f4fd52e3836ddddb25a0f9e15d0acfed06f693d +# it is impossible to start devtools inside docker container, because it requires slice registering +# which is impossible because there is no init in container + +is_slice() { + [[ $1 =~ ^--slice* ]] +} + +allowed=() +for arg in "$@"; do + is_slice "$arg" && allowed+=("--keep-unit") || allowed+=("$arg") +done + +exec /usr/bin/systemd-nspawn "${allowed[@]}" diff --git a/src/ahriman/core/util.py b/src/ahriman/core/util.py index 57ba8c64..40054a29 100644 --- a/src/ahriman/core/util.py +++ b/src/ahriman/core/util.py @@ -125,11 +125,14 @@ def check_output(*args: str, exception: Exception | Callable[[int, list[str], st yield key.data, line + # build system environment based on args and current environment environment = environment or {} if user is not None: environment["HOME"] = getpwuid(user).pw_dir + full_environment = os.environ | environment + with subprocess.Popen(args, cwd=cwd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, - user=user, env=environment, text=True, encoding="utf8", bufsize=1) as process: + user=user, env=full_environment, text=True, encoding="utf8", bufsize=1) as process: if input_data is not None: input_channel = get_io(process, "stdin") input_channel.write(input_data)