1
0
mirror of https://gitlab.com/fdroid/fdroidserver.git synced 2024-11-20 13:50:12 +01:00

build: apt-get purge sudo after using it for sudo= build field

Once `sudo` has been used to execute the commands in sudo=, then it should
be removed from the build VM.  That prevents any other part of the build
from using sudo.  That means that all commands run with `sudo` must be
committed to fdroiddata.git, making them very visible.

closes #424
This commit is contained in:
Hans-Christoph Steiner 2017-12-07 22:26:13 +01:00
parent 4af8f196e3
commit bb758d3f00

View File

@ -414,6 +414,11 @@ def build_local(app, build, vcs, build_dir, output_dir, log_dir, srclib_dir, ext
raise BuildException("Error running sudo command for %s:%s" % raise BuildException("Error running sudo command for %s:%s" %
(app.id, build.versionName), p.output) (app.id, build.versionName), p.output)
p = FDroidPopen(['sudo', 'apt-get', '-y', 'purge', 'sudo'])
if p.returncode != 0:
raise BuildException("Error removing sudo for %s:%s" %
(app.id, build.versionName), p.output)
log_path = os.path.join(log_dir, log_path = os.path.join(log_dir,
common.get_toolsversion_logname(app, build)) common.get_toolsversion_logname(app, build))
with open(log_path, 'w') as f: with open(log_path, 'w') as f: