[openssh-commits] [openssh] 02/02: Restore nopasswd sudo rule on Mac OS X.
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Oct 30 16:15:27 AEDT 2023
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 917ba181c2cbdb250a443589ec732aa36fd51ffa
Author: Darren Tucker <dtucker at dtucker.net>
Date: Mon Oct 30 13:32:03 2023 +1100
Restore nopasswd sudo rule on Mac OS X.
This seems to be missing from some (but not all) github runners, so
restore it if it seems to be missing.
---
.github/setup_ci.sh | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index de10857d..d0ba7b47 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -29,18 +29,30 @@ TARGETS=$@
INSTALL_FIDO_PPA="no"
export DEBIAN_FRONTEND=noninteractive
-set -ex
+set -e
if [ -x "`which lsb_release 2>&1`" ]; then
lsb_release -a
fi
-# Ubuntu 22.04 defaults to private home dirs which prevent the
-# agent-getpeerid test from running ssh-add as nobody. See
-# https://github.com/actions/runner-images/issues/6106
-if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then
- echo ~ is not executable by nobody, adding perms.
- chmod go+x ~
+if [ ! -z "$SUDO" ]; then
+ # Ubuntu 22.04 defaults to private home dirs which prevent the
+ # agent-getpeerid test from running ssh-add as nobody. See
+ # https://github.com/actions/runner-images/issues/6106
+ if ! "$SUDO" -u nobody test -x ~; then
+ echo ~ is not executable by nobody, adding perms.
+ chmod go+x ~
+ fi
+ # Some of the Mac OS X runners don't have a nopasswd sudo rule. Regular
+ # sudo still works, but sudo -u doesn't. Restore the sudo rule.
+ if ! "$SUDO" grep -E 'runner.*NOPASSWD' /etc/passwd >/dev/null; then
+ echo "Restoring runner nopasswd rule to sudoers."
+ echo 'runner ALL=(ALL) NOPASSWD: ALL' |$SUDO tee -a /etc/sudoers
+ fi
+ if ! "$SUDO" -u nobody -S test -x ~ </dev/null; then
+ echo "Still can't sudo to nobody."
+ exit 1
+ fi
fi
if [ "${TARGETS}" = "kitchensink" ]; then
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list