From 33687cf41bf613a73ddb490a0a1696b992f80336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20P=C3=B6hn?= Date: Wed, 5 Jun 2024 17:18:20 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A6=B9=20add=20build=5Flocal=5Fsudo=20sub?= =?UTF-8?q?command?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This subcommand takes following actions: * executes sudo commands form metadata * removes sudo from your system * locks root account Only run in a vm/container!!! --- fdroidserver/__main__.py | 1 + fdroidserver/build_local_sudo.py | 104 +++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 fdroidserver/build_local_sudo.py diff --git a/fdroidserver/__main__.py b/fdroidserver/__main__.py index 073437f8..b45d2938 100755 --- a/fdroidserver/__main__.py +++ b/fdroidserver/__main__.py @@ -61,6 +61,7 @@ COMMANDS = OrderedDict([ COMMANDS_INTERNAL = [ "build_local_prepare", "build_local_run", + "build_local_sudo", ] diff --git a/fdroidserver/build_local_sudo.py b/fdroidserver/build_local_sudo.py new file mode 100644 index 00000000..e878edae --- /dev/null +++ b/fdroidserver/build_local_sudo.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python3 +# +# build.py - part of the FDroid server tools +# Copyright (C) 2024, Michael Pöhn +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + + +import os +import logging +import argparse + +from fdroidserver import _ +import fdroidserver.common + + +def sudo_run(app, build): + # before doing anything, run the sudo commands to setup the VM + if build.sudo: + logging.info("Running 'sudo' commands in %s" % os.getcwd()) + + p = fdroidserver.common.FDroidPopen( + [ + 'sudo', + 'DEBIAN_FRONTEND=noninteractive', + 'bash', + '-e', + '-u', + '-o', + 'pipefail', + '-x', + '-c', + '; '.join(build.sudo), + ] + ) + if p.returncode != 0: + raise fdroidserver.exception.BuildException( + "Error running sudo command for %s:%s" % (app.id, build.versionName), + p.output, + ) + + +def sudo_lock_root(app, build): + p = fdroidserver.common.FDroidPopen(['sudo', 'passwd', '--lock', 'root']) + if p.returncode != 0: + raise fdroidserver.exception.BuildException( + "Error locking root account for %s:%s" % (app.id, build.versionName), + p.output, + ) + + +def sudo_uninstall(app, build): + p = fdroidserver.common.FDroidPopen( + ['sudo', 'SUDO_FORCE_REMOVE=yes', 'dpkg', '--purge', 'sudo'] + ) + if p.returncode != 0: + raise fdroidserver.exception.BuildException( + "Error removing sudo for %s:%s" % (app.id, build.versionName), p.output + ) + + +def main(): + parser = argparse.ArgumentParser( + description=_( + """Run sudo commands """ + ), + ) + parser.add_argument( + "APP_VERSION", + help=_("app id and version code tuple 'APPID:VERCODE'"), + ) + + # fdroid args/opts boilerplate + fdroidserver.common.setup_global_opts(parser) + options = fdroidserver.common.parse_args(parser) + config = fdroidserver.common.get_config() + config # silcense pyflakes + + package_name, version_code = fdroidserver.common.split_pkg_arg(options.APP_VERSION) + app, build = fdroidserver.metadata.read_build_metadata(package_name, version_code) + + + # intialize FDroidPopen + # TODO: remove once FDroidPopen is replaced with vm/container exec + fdroidserver.common.set_FDroidPopen_env(build) + + # run sudo stuff + sudo_run(app, build) + sudo_lock_root(app, build) + sudo_uninstall(app, build) + +if __name__ == "__main__": + main()