using sudo?, Re: [PATCH v2 8/8] test/py: efi_secboot: add test for intermediate certificates
AKASHI Takahiro
takahiro.akashi at linaro.org
Thu Jul 9 07:33:49 CEST 2020
Tom,
On Wed, Jul 08, 2020 at 11:15:26PM -0400, Tom Rini wrote:
> On Thu, Jul 09, 2020 at 09:58:03AM +0900, AKASHI Takahiro wrote:
>
> > Hi Tom,
> >
> > I'd like to make sure of your policy about usage of "sudo" on CI.
> > Do you think that we should always avoid using "sudo" in testing?
> >
> > I remember that you had allowed us to run sudo in (python)
> > test scripts on Travis CI when I requested this (for FAT filesystem?).
>
> So, the best practices at this time are to have the code try and use
> guestmount (or similar tools) when possible and fall back to sudo, as
> Ubuntu breaks guestmount (and similar tools) by default.
See the commands log (on my ubuntu 19.10) below:
===8<===
<< try 1 >>
tmp$ mkdir tmpdir
tmp$ virt-make-fs -t vfat -s +1M --partition=gpt ./tmpdir tmp.img
libguestfs: error: /usr/bin/supermin exited with error status 1.
To see full error messages you may need to enable debugging.
Do:
export LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1
and run the command again. For further information, read:
http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs
You can also run 'libguestfs-test-tool' and post the *complete* output
into a bug report or message to the libguestfs mailing list.
<< try 2 >>
tmp$ LIBGUESTFS_DEBUG=1 virt-make-fs -t vfat -s +1M --partition=gpt ./tmpdir tmp.img
...
supermin: kernel: kernel_version 5.3.0-62-generic
supermin: kernel: modpath /lib/modules/5.3.0-62-generic
cp: cannot open '/boot/vmlinuz-5.3.0-62-generic' for reading: Permission denied
supermin: cp -p '/boot/vmlinuz-5.3.0-62-generic' '/var/tmp/.guestfs-1000/appliance.d.op62psoy/kernel': command failed, see earlier errors
libguestfs: error: /usr/bin/supermin exited with error status 1, see debug messages above
...
<< try 3 >>
tmp$ sudo chmod a+rw /boot/vmlinuz-5.3.0-62-generic
tmp$ LIBGUESTFS_DEBUG=1 virt-make-fs -t vfat -s +1M --partition=gpt ./tmpdir tmp.img
...
tmp$ ls -l tmp.img
-rw-r--r-- 1 akashi akashi 1341440 Jul 9 13:50 tmp.img
===>8===
As you can see, virt-make-fs will fail on *standard* ubuntu.
You have to change the permission of the current kernel's binary.
While I can't make sure, we will have the same issue with guestmount
as it will also create a minimum virtual machine before execution.
What does it mean?
You must change the permission every time when you re-install the OS
or re-bump the kernel version. Obviously, I can't do that from my own
test script (without sudo).
So if you don't have any way (or workaround) to deal with it,
libguestfs-tools or guestmount cannot be a solution here.
-Takahiro Akashi
> --
> Tom
More information about the U-Boot
mailing list