Hackish fix for /tmp permissions issue

We'll just need to come up with a fix on Narwhal, most probably Also adds more error checks Tries to fix other permission issues when the container run creates artifacts, by running inside the container as the current user
yourbase · Jul 16, 2020 · a6ceec3 · a6ceec3
1 parent 48eb6f2
commit a6ceec3
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 8 deletions.
diff --git a/runtime/containers.go b/runtime/containers.go
@@ -170,6 +170,7 @@ func (t *ContainerTarget) DownloadFile(ctx context.Context, url string) (string,
 	if err == nil {
 		// Downloaded locally, inject
 		log.Infof("Injecting locally cached file %s as %s", localFile, outputFilename)
+		// NOTE something in Narwhall is setting the wrong permissions in /tmp, it should be 1777
 		err = narwhal.UploadFile(ctx, narwhal.DockerClient(), t.Container.Id, outputFilename, localFile)
 	}
 

diff --git a/runtime/runtime.go b/runtime/runtime.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"os/user"
 	"strings"
 
 	"github.com/yourbase/yb/plumbing/log"
@@ -235,3 +236,11 @@ func HostOS() Os {
 		return Unknown
 	}
 }
+
+func RunningUserGroup() (string, string, error) {
+	u, err := user.Current()
+	if err != nil {
+		return "", "", err
+	}
+	return u.Uid, u.Gid, nil
+}
diff --git a/workspace/build_target.go b/workspace/build_target.go
@@ -83,9 +83,12 @@ func (bt BuildTarget) Build(ctx context.Context, runtimeCtx *runtime.Runtime, ou
 
 		buildContainer := bt.Container
 		buildContainer.Command = "/usr/bin/tail -f /dev/null"
-		buildContainer.Label = "build"
+		if buildContainer.Label == "" {
+			buildContainer.Label = "build"
+		}
 
 		// Append build environment variables
+		// TODO this actually removes anything defined in the YML!
 		buildContainer.Environment = []string{}
 
 		// Add package to mounts @ /workspace
@@ -126,10 +129,22 @@ func (bt BuildTarget) Build(ctx context.Context, runtimeCtx *runtime.Runtime, ou
 
 		// Inject a .ssh/config to skip host key checking
 		sshConfig := "Host github.com\n\tStrictHostKeyChecking no\n"
-		builder.Run(ctx, runtime.Process{Output: output, Command: "mkdir -p /root/.ssh"})
-		builder.WriteFileContents(ctx, sshConfig, "/root/.ssh/config")
-		builder.Run(ctx, runtime.Process{Output: output, Command: "chmod 0600 /root/.ssh/config"})
-		builder.Run(ctx, runtime.Process{Output: output, Command: "chown root:root /root/.ssh/config"})
+		err = builder.Run(ctx, runtime.Process{Output: output, Command: "mkdir -p /root/.ssh"})
+		if err != nil {
+			return stepTimes, err
+		}
+		err = builder.WriteFileContents(ctx, sshConfig, "/root/.ssh/config")
+		if err != nil {
+			return stepTimes, err
+		}
+		err = builder.Run(ctx, runtime.Process{Output: output, Command: "chmod 0600 /root/.ssh/config"})
+		if err != nil {
+			return stepTimes, err
+		}
+		err = builder.Run(ctx, runtime.Process{Output: output, Command: "chown root:root /root/.ssh/config"})
+		if err != nil {
+			return stepTimes, err
+		}
 
 		// Inject a useful gitconfig
 		configlines := []string{
@@ -156,10 +171,21 @@ func (bt BuildTarget) Build(ctx context.Context, runtimeCtx *runtime.Runtime, ou
 
 			builder.SetEnv("SSH_AUTH_SOCK", "/ssh_agent")
 			forwardPath, err := builder.DownloadFile(ctx, "https://yourbase-artifacts.s3-us-west-2.amazonaws.com/sockforward")
-			builder.Run(ctx, runtime.Process{Output: output, Command: fmt.Sprintf("chmod a+x %s", forwardPath)})
+			// Manual fix for the time being, still searching why this is happening, suspicious of how narwhal.archiveFile processes tar headers :think:
+			err = builder.Run(ctx, runtime.Process{Output: output, Command: "chmod 1777 /tmp"})
+			if err != nil {
+				return stepTimes, err
+			}
+			err = builder.Run(ctx, runtime.Process{Output: output, Command: fmt.Sprintf("chmod ugo+x %s", forwardPath)})
+			if err != nil {
+				return stepTimes, err
+			}
 			forwardCmd := fmt.Sprintf("%s /ssh_agent %s", forwardPath, hostAddr)
 			go func() {
-				builder.Run(ctx, runtime.Process{Output: output, Command: forwardCmd})
+				if err := builder.Run(ctx, runtime.Process{Output: output, Command: forwardCmd}); err != nil {
+					log.Errorf("starting ssh_agent: %v", err)
+					return
+				}
 			}()
 		}
 

diff --git a/workspace/package.go b/workspace/package.go
@@ -170,7 +170,18 @@ func (p Package) createExecutionTarget(ctx context.Context, runtimeCtx *runtime.
 			return nil, fmt.Errorf("set host container mount dir: %v", err)
 		}
 
-		_, err := runtimeCtx.AddContainer(ctx, cd)
+		// Uses local user name and group in the ContainerDefinition
+		uid := "1000"
+		gid := "1000"
+
+		uid, gid, err := runtime.RunningUserGroup()
+		if err != nil {
+			log.Warnf("Unable to get uid and gid for the current user: %v", err)
+		}
+		cd.ExecUserId = uid
+		cd.ExecGroupId = gid
+
+		_, err = runtimeCtx.AddContainer(ctx, cd)
 		if err != nil {
 			return nil, fmt.Errorf("starting container dependency: %v", err)
 		}