Browse Source

fix: non-root user could not launch compose

We want to propagate user's current ssh config, and have specially
crafted vars for each os/users.

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
lokavaluto/dev/master
Valentin Lab 5 years ago
parent
commit
e97351adb1
  1. 51
      bin/compose

51
bin/compose

@ -236,7 +236,7 @@ is_volume_used() {
clean_unused_sessions() { clean_unused_sessions() {
for f in "$COMPOSE_VAR/sessions/"*; do
for f in "$SESSION_DIR/"*; do
[ -e "$f" ] || continue [ -e "$f" ] || continue
is_volume_used "$f" && continue is_volume_used "$f" && continue
rm -f "$f" rm -f "$f"
@ -316,17 +316,28 @@ mk_docker_run_options() {
case "$(get_os)" in case "$(get_os)" in
linux) linux)
if [ "$UID" == 0 ]; then
COMPOSE_VAR=${COMPOSE_VAR:-/var/lib/compose} COMPOSE_VAR=${COMPOSE_VAR:-/var/lib/compose}
COMPOSE_CACHE=${COMPOSE_CACHE:-/var/cache/compose} COMPOSE_CACHE=${COMPOSE_CACHE:-/var/cache/compose}
DATASTORE=${DATASTORE:-/srv/datastore/data}
CONFIGSTORE=${CONFIGSTORE:-/srv/datastore/config}
if [ "$UID" == 0 ]; then
SESSION_DIR=${SESSION_DIR:-"$COMPOSE_VAR"/sessions}
CHARM_STORE=${CHARM_STORE:-/srv/charm-store}
TZ_PATH=${TZ_PATH:-"$COMPOSE_VAR"/timezones}
else else
COMPOSE_VAR=${COMPOSE_VAR:-"$COMPOSE_LOCAL_ROOT"/lib}
COMPOSE_CACHE=${COMPOSE_CACHE:-"$COMPOSE_LOCAL_ROOT"/cache}
SESSION_DIR=${SESSION_DIR:-"$COMPOSE_LOCAL_ROOT"/sessions}
CHARM_STORE=${CHARM_STORE:-"$HOME"/.charm-store}
TZ_PATH=${TZ_PATH:-"$COMPOSE_LOCAL_ROOT"/timezones}
fi fi
;; ;;
mac) mac)
COMPOSE_VAR=${COMPOSE_VAR:-"$COMPOSE_LOCAL_ROOT"/lib} COMPOSE_VAR=${COMPOSE_VAR:-"$COMPOSE_LOCAL_ROOT"/lib}
COMPOSE_CACHE=${COMPOSE_CACHE:-"$COMPOSE_LOCAL_ROOT"/cache} COMPOSE_CACHE=${COMPOSE_CACHE:-"$COMPOSE_LOCAL_ROOT"/cache}
SESSION_DIR=${SESSION_DIR:-"$COMPOSE_LOCAL_ROOT"/sessions}
DATASTORE=${DATASTORE:-"$COMPOSE_LOCAL_ROOT"/data}
CONFIGSTORE=${CONFIGSTORE:-"$COMPOSE_LOCAL_ROOT"/config}
CHARM_STORE=${CHARM_STORE:-"$HOME"/.charm-store}
TZ_PATH=${TZ_PATH:-"$COMPOSE_LOCAL_ROOT"/timezones}
;; ;;
*) *)
echo "System '$os' not supported yet." >&2 echo "System '$os' not supported yet." >&2
@ -337,8 +348,8 @@ mk_docker_run_options() {
## get TZ value and prepare TZ_PATH ## get TZ value and prepare TZ_PATH
TZ=$(get_tz) || exit 1 TZ=$(get_tz) || exit 1
mkdir -p "${COMPOSE_VAR}/timezones"
TZ_PATH="${COMPOSE_VAR}/timezones/$(e "$TZ" | sha256sum | cut -c 1-8)" || exit 1
mkdir -p "${TZ_PATH}"
TZ_PATH="${TZ_PATH}/$(e "$TZ" | sha256sum | cut -c 1-8)" || exit 1
[ -e "$TZ_PATH" ] || e "$TZ" > "$TZ_PATH" [ -e "$TZ_PATH" ] || e "$TZ" > "$TZ_PATH"
## CACHE/DATA DIRS ## CACHE/DATA DIRS
@ -352,16 +363,17 @@ mk_docker_run_options() {
## ##
## CHARM_STORE ## CHARM_STORE
CHARM_STORE=${CHARM_STORE:-/srv/charm-store}
[ -e "$CHARM_STORE" ] || mkdir -p "$CHARM_STORE" || exit 1
[ -L "$CHARM_STORE" ] && { [ -L "$CHARM_STORE" ] && {
CHARM_STORE=$(readlink -f "$CHARM_STORE") || exit 1 CHARM_STORE=$(readlink -f "$CHARM_STORE") || exit 1
} }
docker_run_opts+=( docker_run_opts+=(
"-v" "$CHARM_STORE:/srv/charm-store:ro" "-v" "$CHARM_STORE:/srv/charm-store:ro"
"-e" "CHARM_STORE=/srv/charm-store" "-e" "CHARM_STORE=/srv/charm-store"
"-e" "HOST_CHARM_STORE=$CHARM_STORE" "-e" "HOST_CHARM_STORE=$CHARM_STORE"
) )
relink_subdirs /srv/charm-store/*
relink_subdirs "$CHARM_STORE"/*
## DEFAULT_COMPOSE_FILE ## DEFAULT_COMPOSE_FILE
if [ "${DEFAULT_COMPOSE_FILE+x}" ]; then if [ "${DEFAULT_COMPOSE_FILE+x}" ]; then
@ -383,17 +395,13 @@ mk_docker_run_options() {
fi fi
fi fi
## DATASTORE
DATASTORE=${DATASTORE:-/srv/datastore/data}
## DATASTORE and CONFIGSTORE
docker_run_opts+=( docker_run_opts+=(
"-v" "$DATASTORE:/srv/datastore/data:rw" "-v" "$DATASTORE:/srv/datastore/data:rw"
"-e" "DATASTORE=/srv/datastore/data" "-e" "DATASTORE=/srv/datastore/data"
"-e" "HOST_DATASTORE=$DATASTORE" "-e" "HOST_DATASTORE=$DATASTORE"
)
## CONFIGSTORE
CONFIGSTORE=${CONFIGSTORE:-/srv/datastore/config}
docker_run_opts+=(
"-v" "$CONFIGSTORE:/srv/datastore/config:rw" "-v" "$CONFIGSTORE:/srv/datastore/config:rw"
"-e" "CONFIGSTORE=/srv/datastore/config" "-e" "CONFIGSTORE=/srv/datastore/config"
"-e" "HOST_CONFIGSTORE=$CONFIGSTORE" "-e" "HOST_CONFIGSTORE=$CONFIGSTORE"
@ -406,8 +414,8 @@ mk_docker_run_options() {
## SSH config ## SSH config
docker_run_opts+=( docker_run_opts+=(
"-v" "/root/.ssh:/root/.ssh:ro"
"-v" "/etc/ssh:/etc/ssh"
"-v" "$HOME/.ssh:/root/.ssh:ro"
"-v" "/etc/ssh:/etc/ssh:ro"
) )
COMPOSE_LAUNCHER_BIN=$(readlink -f "${BASH_SOURCE[0]}") COMPOSE_LAUNCHER_BIN=$(readlink -f "${BASH_SOURCE[0]}")
@ -431,15 +439,16 @@ mk_docker_run_options() {
} > "$filename" } > "$filename"
sha=$(sha256sum "$filename") sha=$(sha256sum "$filename")
sha=${sha:0:64} sha=${sha:0:64}
dest="$COMPOSE_VAR/sessions/$sha"
src="$SESSION_DIR/$UID-$sha"
dest="/var/lib/compose/sessions/$UID-$sha"
{ {
p0 "-v" "$dest:$dest"
p0 "-v" "$SESSION_DIR/$UID-$sha:$dest:ro"
p0 "-e" "COMPOSE_LAUNCHER_OPTS=$dest" p0 "-e" "COMPOSE_LAUNCHER_OPTS=$dest"
p0 "-e" "COMPOSE_LAUNCHER_BIN=$COMPOSE_LAUNCHER_BIN" p0 "-e" "COMPOSE_LAUNCHER_BIN=$COMPOSE_LAUNCHER_BIN"
} >> "$filename" } >> "$filename"
mkdir -p "$COMPOSE_VAR"/sessions
mv "$filename" "$dest"
echo "$dest"
mkdir -p "$SESSION_DIR" || return 1
mv -f "$filename" "$SESSION_DIR/$UID-$sha" || return 1
echo "$SESSION_DIR/$UID-$sha"
} }

Loading…
Cancel
Save