using sudo?, Re: [PATCH v2 8/8] test/py: efi_secboot: add test for intermediate certificates

AKASHI Takahiro takahiro.akashi at
Thu Jul 9 07:33:49 CEST 2020


On Wed, Jul 08, 2020 at 11:15:26PM -0400, Tom Rini wrote:
> On Thu, Jul 09, 2020 at 09:58:03AM +0900, AKASHI Takahiro wrote:
> > Hi Tom,
> > 
> > I'd like to make sure of your policy about usage of "sudo" on CI.
> > Do you think that we should always avoid using "sudo" in testing?
> > 
> > I remember that you had allowed us to run sudo in (python)
> > test scripts on Travis CI when I requested this (for FAT filesystem?).
> So, the best practices at this time are to have the code try and use
> guestmount (or similar tools) when possible and fall back to sudo, as
> Ubuntu breaks guestmount (and similar tools) by default.

See the commands log (on my ubuntu 19.10) below:

<< try 1 >>
tmp$ mkdir tmpdir
tmp$ virt-make-fs -t vfat -s +1M --partition=gpt ./tmpdir tmp.img
libguestfs: error: /usr/bin/supermin exited with error status 1.
To see full error messages you may need to enable debugging.
and run the command again.  For further information, read:
You can also run 'libguestfs-test-tool' and post the *complete* output
into a bug report or message to the libguestfs mailing list.

<< try 2 >>
tmp$ LIBGUESTFS_DEBUG=1 virt-make-fs -t vfat -s +1M --partition=gpt ./tmpdir tmp.img
supermin: kernel: kernel_version 5.3.0-62-generic
supermin: kernel: modpath /lib/modules/5.3.0-62-generic
cp: cannot open '/boot/vmlinuz-5.3.0-62-generic' for reading: Permission denied
supermin: cp -p '/boot/vmlinuz-5.3.0-62-generic' '/var/tmp/.guestfs-1000/appliance.d.op62psoy/kernel': command failed, see earlier errors
libguestfs: error: /usr/bin/supermin exited with error status 1, see debug messages above

<< try 3 >>
tmp$ sudo chmod a+rw /boot/vmlinuz-5.3.0-62-generic 
tmp$ LIBGUESTFS_DEBUG=1 virt-make-fs -t vfat -s +1M --partition=gpt ./tmpdir tmp.img
tmp$ ls -l tmp.img
-rw-r--r-- 1 akashi akashi 1341440 Jul  9 13:50 tmp.img

As you can see, virt-make-fs will fail on *standard* ubuntu.
You have to change the permission of the current kernel's binary.

While I can't make sure, we will have the same issue with guestmount
as it will also create a minimum virtual machine before execution.

What does it mean?
You must change the permission every time when you re-install the OS
or re-bump the kernel version. Obviously, I can't do that from my own
test script (without sudo).
So if you don't have any way (or workaround) to deal with it,
libguestfs-tools or guestmount cannot be a solution here.

-Takahiro Akashi

> -- 
> Tom

More information about the U-Boot mailing list