From 60d272156a01c5d2832e880206a58e025970a6f7 Mon Sep 17 00:00:00 2001 From: Mario Loriedo Date: Fri, 28 Jul 2017 12:33:02 +0200 Subject: [PATCH 1/3] Avoid using sudo in agent launchers when the user is not a sudoer Signed-off-by: Mario Loriedo --- .../agents-launchers-tests-arbitraryuser.bats | 62 ++++++++++++++++ .../resources/agents-launchers-tests.bats | 73 +++++++++++++++++++ .../test/resources/run_launcher_bats_tests.sh | 43 +++++++++++ .../resources/org.eclipse.che.exec.script.sh | 11 ++- .../org.eclipse.che.ls.csharp.script.sh | 10 ++- .../org.eclipse.che.ls.json.script.sh | 10 ++- .../org.eclipse.che.ls.php.script.sh | 10 ++- .../org.eclipse.che.ls.python.script.sh | 10 ++- .../org.eclipse.che.ls.typescript.script.sh | 10 ++- .../resources/org.eclipse.che.ssh.script.sh | 11 ++- .../org.eclipse.che.terminal.script.sh | 10 ++- .../org.eclipse.che.unison.script.sh | 10 ++- .../src/main/resources/stacks.json | 1 + .../org.eclipse.che.ws-agent.script.sh | 10 ++- 14 files changed, 271 insertions(+), 10 deletions(-) create mode 100644 agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats create mode 100644 agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats create mode 100755 agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh diff --git a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats new file mode 100644 index 00000000000..68b2a6f00c6 --- /dev/null +++ b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats @@ -0,0 +1,62 @@ +#!/usr/bin/env bats +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# +# Contributors: +# Mario +# +# How to run this script: +# cd +# export CHE_BASE_DIR=$(pwd) +# export LAUNCHER_SCRIPT_TO_TEST=wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh +# export BATS_TEST_SCRIPT=agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats +# export DOCKER_IMAGE=rhche/centos_jdk8 +# docker run -ti --rm -e CHE_BASE_DIR -e LAUNCHER_SCRIPT_TO_TEST -e DOCKER_IMAGE \ +# -v ${CHE_BASE_DIR}/${BATS_TEST_SCRIPT}:/scripts/launcher_tests.bats \ +# -v ${CHE_BASE_DIR}/dockerfiles:/dockerfiles \ +# -v /var/run/docker.sock:/var/run/docker.sock \ +# eclipse/che-bats bats /scripts/launcher_tests.bats +# + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +. /dockerfiles/cli/tests/test_base.sh + +CONTAINER_NAME="batssshscripttest" + +script_host_path=${CHE_BASE_DIR}/${LAUNCHER_SCRIPT_TO_TEST} + +root_msg="I am root" +not_root_msg="I am a not root" +sudoer_msg="I am a sudoer" +not_sudoer_msg="I am a not a sudoer" +test_snippet=". /launch.sh; is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" +user="100000" + +# Kill running che server instance if there is any to be able to run tests +setup() { + kill_running_named_container ${CONTAINER_NAME} + remove_named_container ${CONTAINER_NAME} + docker run --security-opt no-new-privileges --user=${user} --name=${CONTAINER_NAME} -d -v ${script_host_path}:/launch.sh "${DOCKER_IMAGE}" +} + +teardown() { + kill_running_named_container ${CONTAINER_NAME} + remove_named_container ${CONTAINER_NAME} +} + +@test "should deduce that's not a sudoer nor root when ${LAUNCHER_SCRIPT_TO_TEST} is run as an arbitrary user" { + #GIVEN + expected_msg="${not_root_msg} ${not_sudoer_msg}" + + #WHEN + run docker exec --user=${user} ${CONTAINER_NAME} bash -c "${test_snippet}" + + #THEN + assert_success + assert_output --partial ${expected_msg} +} + diff --git a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats new file mode 100644 index 00000000000..e17c6cdf3bc --- /dev/null +++ b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats @@ -0,0 +1,73 @@ +#!/usr/bin/env bats +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# +# Contributors: +# Mario +# +# How to run this script: +# cd +# export CHE_BASE_DIR=$(pwd) +# export LAUNCHER_SCRIPT_TO_TEST=wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh +# export BATS_TEST_SCRIPT=agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats +# export DOCKER_IMAGE=eclipse/centos_jdk8 +# docker run -ti --rm -e CHE_BASE_DIR -e LAUNCHER_SCRIPT_TO_TEST -e DOCKER_IMAGE \ +# -v ${CHE_BASE_DIR}/${BATS_TEST_SCRIPT}:/scripts/launcher_tests.bats \ +# -v ${CHE_BASE_DIR}/dockerfiles:/dockerfiles \ +# -v /var/run/docker.sock:/var/run/docker.sock \ +# eclipse/che-bats bats /scripts/launcher_tests.bats +# + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +. /dockerfiles/cli/tests/test_base.sh + +CONTAINER_NAME="batssshscripttest" + +script_host_path=${CHE_BASE_DIR}/${LAUNCHER_SCRIPT_TO_TEST} +root_msg="I am root" +not_root_msg="I am a not root" +sudoer_msg="I am a sudoer" +not_sudoer_msg="I am a not a sudoer" +test_snippet=". /launch.sh; is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" + +# Kill running che server instance if there is any to be able to run tests +setup() { + kill_running_named_container ${CONTAINER_NAME} + remove_named_container ${CONTAINER_NAME} + docker run --name=${CONTAINER_NAME} -d -v ${script_host_path}:/launch.sh "${DOCKER_IMAGE}" +} + +teardown() { + kill_running_named_container ${CONTAINER_NAME} + remove_named_container ${CONTAINER_NAME} +} + +@test "should deduce that's root and sudoer when ${LAUNCHER_SCRIPT_TO_TEST} is run as root" { + #GIVEN + user="root" + expected_msg="${root_msg} ${sudoer_msg}" + + #WHEN + run docker exec --user=${user} ${CONTAINER_NAME} bash -c "${test_snippet}" + + #THEN + assert_success + assert_output --partial ${expected_msg} +} + +@test "should deduce that's not root but sudoer when ${LAUNCHER_SCRIPT_TO_TEST} is run as user with UID 1000" { + #GIVEN + user="1000" + expected_msg="${not_root_msg} ${sudoer_msg}" + + #WHEN + run docker exec --user=${user} ${CONTAINER_NAME} bash -c "${test_snippet}" + + #THEN + assert_success + assert_output --partial ${expected_msg} +} diff --git a/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh b/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh new file mode 100755 index 00000000000..ebd3c7ec9a3 --- /dev/null +++ b/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# +# Contributors: +# Mario +# +# How to run this script: +# cd +# sh agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh +# + +images=(bitnami/che-codeigniter:3.1.3-r6 bitnami/che-express:4.15.3-r2 bitnami/che-java-play:1.3.12-r3 bitnami/che-laravel:5.4.23-r1 bitnami/che-rails:5.1.2-r0 bitnami/che-swift:3.1.1-r0 bitnami/che-symfony:3.3.2-r0 eclipse/centos_jdk8 eclipse/centos_jdk8 eclipse/cpp_gcc eclipse/debian_jdk8 eclipse/debian_jre eclipse/dotnet_core eclipse/hadoop-dev eclipse/kotlin eclipse/node eclipse/php eclipse/php:5.6 eclipse/php:gae eclipse/selenium eclipse/ubuntu_android eclipse/ubuntu_go eclipse/ubuntu_jdk8 eclipse/ubuntu_jre eclipse/ubuntu_python:2.7 eclipse/ubuntu_python:gae_python2.7 eclipse/ubuntu_python:latest eclipse/ubuntu_rails kaloyanraev/che-zendserver registry.centos.org/che-stacks/centos-go registry.centos.org/che-stacks/centos-nodejs registry.centos.org/che-stacks/spring-boot registry.centos.org/che-stacks/vertx registry.centos.org/che-stacks/wildfly-swarm tomitribe/ubuntu_tomee_173_jdk8 registry.centos.org/che-stacks/centos-git) +arbitrary_images=(rhche/centos_jdk8 rhche/vertx rhche/ubuntu_jdk8 rhche/centos-nodejs rhche/spring-boot rhche/wildfly-swarm) + +run_bats_test() { + export CHE_BASE_DIR=$(pwd) + export BATS_TEST_SCRIPT=${1} + export LAUNCHER_SCRIPT_TO_TEST=${2} + export DOCKER_IMAGE=${3} + docker run -ti --rm -e CHE_BASE_DIR -e LAUNCHER_SCRIPT_TO_TEST -e DOCKER_IMAGE \ + -v ${CHE_BASE_DIR}/${BATS_TEST_SCRIPT}:/scripts/launcher_tests.bats \ + -v ${CHE_BASE_DIR}/dockerfiles:/dockerfiles \ + -v /var/run/docker.sock:/var/run/docker.sock \ + eclipse/che-bats bats /scripts/launcher_tests.bats +} + +for image in "${images[@]}"; do + launcher_script_to_test="wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh" + bats_test_script="agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats" + echo "RUNNING LAUNCHER BATS TESTS FOR IMAGE ${image}" + run_bats_test "${bats_test_script}" "${launcher_script_to_test}" "${image}" +done + +for arbitrary_image in "${arbitrary_images[@]}"; do + launcher_script_to_test="wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh" + bats_test_script="agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats" + echo "RUNNING LAUNCHER BATS TESTS FOR IMAGE ${arbitrary_image}" + run_bats_test "${bats_test_script}" "${launcher_script_to_test}" "${arbitrary_image}" +done diff --git a/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh b/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh index 83ec5d85300..b324274708c 100644 --- a/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh +++ b/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh @@ -9,6 +9,15 @@ # Codenvy, S.A. - initial API and implementation # + +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } @@ -23,7 +32,7 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi CHE_DIR=$HOME/che LOCAL_AGENT_BINARIES_URI='/mnt/che/exec-agent/exec-agent-${PREFIX}.tar.gz' diff --git a/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh b/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh index 72749405e3c..0da5a747d44 100644 --- a/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh +++ b/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh @@ -9,11 +9,19 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.csharp.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh b/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh index cba2615117a..73ccac9f16b 100644 --- a/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh +++ b/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh @@ -9,11 +9,19 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.json.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh b/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh index 73ca1cb081c..c34050b6ade 100644 --- a/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh +++ b/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh @@ -9,11 +9,19 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.php.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh b/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh index ff9383b7be4..c52bac944f7 100644 --- a/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh +++ b/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh @@ -9,6 +9,14 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO unset PYTHON_DEPS @@ -17,7 +25,7 @@ command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } command -v python3.5 >/dev/null 2>&1 || { PYTHON_DEPS=${PYTHON_DEPS}" python3.5"; } command -v pip3 >/dev/null 2>&1 || { PYTHON_DEPS=${PYTHON_DEPS}" pip3"; } -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.python.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh b/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh index e9ae076dfdf..d64889886a5 100644 --- a/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh +++ b/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh @@ -9,11 +9,19 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.typescript.binaries CHE_DIR=$HOME/che diff --git a/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh b/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh index 2d344c109cb..83fa412f8c1 100644 --- a/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh +++ b/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh @@ -9,9 +9,18 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset SUDO unset PACKAGES -test "$(id -u)" = 0 || SUDO="sudo -E" + +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi if [ -f /etc/centos-release ]; then FILE="/etc/centos-release" diff --git a/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh b/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh index 70bc8310f09..b495c3ba82a 100644 --- a/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh +++ b/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh @@ -9,6 +9,14 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } @@ -23,7 +31,7 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi CHE_DIR=$HOME/che LOCAL_AGENT_BINARIES_URI='/mnt/che/terminal/websocket-terminal-${PREFIX}.tar.gz' diff --git a/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh b/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh index 13c0aeeebc0..39e286d6663 100644 --- a/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh +++ b/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh @@ -9,9 +9,17 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset SUDO unset PACKAGES -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi if [ -f /etc/centos-release ]; then FILE="/etc/centos-release" diff --git a/ide/che-core-ide-stacks/src/main/resources/stacks.json b/ide/che-core-ide-stacks/src/main/resources/stacks.json index da19f27892c..cb0bcdf0002 100644 --- a/ide/che-core-ide-stacks/src/main/resources/stacks.json +++ b/ide/che-core-ide-stacks/src/main/resources/stacks.json @@ -2422,6 +2422,7 @@ "machines": { "dev-machine": { "agents": [ + "org.eclipse.che.exec", "org.eclipse.che.terminal", "org.eclipse.che.ws-agent", "org.eclipse.che.ssh" diff --git a/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh b/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh index 0be662d365b..c89dd6cfdb7 100644 --- a/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh +++ b/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh @@ -9,6 +9,14 @@ # Codenvy, S.A. - initial API and implementation # +is_current_user_root() { + test "$(id -u)" = 0 && return 0 || return 1 +} + +is_current_user_sudoer() { + sudo -n true >& /dev/null && return 0 || return 1 +} + unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } @@ -23,7 +31,7 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -test "$(id -u)" = 0 || SUDO="sudo -E" +if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi LOCAL_AGENT_BINARIES_URI="/mnt/che/ws-agent.tar.gz" DOWNLOAD_AGENT_BINARIES_URI='${WORKSPACE_MASTER_URI}/agent-binaries/ws-agent.tar.gz' From 60145963295fa0805500baa4882a17cf2c8c2b06 Mon Sep 17 00:00:00 2001 From: Mario Loriedo Date: Mon, 31 Jul 2017 00:36:02 +0200 Subject: [PATCH 2/3] Fixup after Florent review Signed-off-by: Mario Loriedo --- .../agents-launchers-tests-arbitraryuser.bats | 10 +++++----- .../src/test/resources/agents-launchers-tests.bats | 10 +++++----- .../src/test/resources/run_launcher_bats_tests.sh | 2 +- .../src/main/resources/org.eclipse.che.exec.script.sh | 6 +++--- .../main/resources/org.eclipse.che.ls.csharp.script.sh | 6 +++--- .../main/resources/org.eclipse.che.ls.json.script.sh | 6 +++--- .../main/resources/org.eclipse.che.ls.php.script.sh | 6 +++--- .../main/resources/org.eclipse.che.ls.python.script.sh | 6 +++--- .../resources/org.eclipse.che.ls.typescript.script.sh | 6 +++--- .../src/main/resources/org.eclipse.che.ssh.script.sh | 6 +++--- .../main/resources/org.eclipse.che.terminal.script.sh | 6 +++--- .../main/resources/org.eclipse.che.unison.script.sh | 6 +++--- .../main/resources/org.eclipse.che.ws-agent.script.sh | 6 +++--- 13 files changed, 41 insertions(+), 41 deletions(-) diff --git a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats index 68b2a6f00c6..47358566f71 100644 --- a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats +++ b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats @@ -25,7 +25,7 @@ load '/bats-support/load.bash' load '/bats-assert/load.bash' . /dockerfiles/cli/tests/test_base.sh -CONTAINER_NAME="batssshscripttest" +CONTAINER_NAME="test" script_host_path=${CHE_BASE_DIR}/${LAUNCHER_SCRIPT_TO_TEST} @@ -33,18 +33,18 @@ root_msg="I am root" not_root_msg="I am a not root" sudoer_msg="I am a sudoer" not_sudoer_msg="I am a not a sudoer" -test_snippet=". /launch.sh; is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" +test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" user="100000" # Kill running che server instance if there is any to be able to run tests setup() { kill_running_named_container ${CONTAINER_NAME} remove_named_container ${CONTAINER_NAME} - docker run --security-opt no-new-privileges --user=${user} --name=${CONTAINER_NAME} -d -v ${script_host_path}:/launch.sh "${DOCKER_IMAGE}" + docker run --security-opt no-new-privileges --user=${user} --name="${CONTAINER_NAME}" -d -v ${script_host_path}:/launch.sh "${DOCKER_IMAGE}" } teardown() { - kill_running_named_container ${CONTAINER_NAME} + kill_running_named_container "${CONTAINER_NAME}" remove_named_container ${CONTAINER_NAME} } @@ -53,7 +53,7 @@ teardown() { expected_msg="${not_root_msg} ${not_sudoer_msg}" #WHEN - run docker exec --user=${user} ${CONTAINER_NAME} bash -c "${test_snippet}" + run docker exec --user=${user} "${CONTAINER_NAME}" bash -c "${test_snippet}" #THEN assert_success diff --git a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats index e17c6cdf3bc..d32dbde3f31 100644 --- a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats +++ b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats @@ -32,17 +32,17 @@ root_msg="I am root" not_root_msg="I am a not root" sudoer_msg="I am a sudoer" not_sudoer_msg="I am a not a sudoer" -test_snippet=". /launch.sh; is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" +test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" # Kill running che server instance if there is any to be able to run tests setup() { kill_running_named_container ${CONTAINER_NAME} remove_named_container ${CONTAINER_NAME} - docker run --name=${CONTAINER_NAME} -d -v ${script_host_path}:/launch.sh "${DOCKER_IMAGE}" + docker run --name="${CONTAINER_NAME}" -d -v ${script_host_path}:/launch.sh "${DOCKER_IMAGE}" } teardown() { - kill_running_named_container ${CONTAINER_NAME} + kill_running_named_container "${CONTAINER_NAME}" remove_named_container ${CONTAINER_NAME} } @@ -52,7 +52,7 @@ teardown() { expected_msg="${root_msg} ${sudoer_msg}" #WHEN - run docker exec --user=${user} ${CONTAINER_NAME} bash -c "${test_snippet}" + run docker exec --user=${user} "${CONTAINER_NAME}" bash -c "${test_snippet}" #THEN assert_success @@ -65,7 +65,7 @@ teardown() { expected_msg="${not_root_msg} ${sudoer_msg}" #WHEN - run docker exec --user=${user} ${CONTAINER_NAME} bash -c "${test_snippet}" + run docker exec --user=${user} "${CONTAINER_NAME}" bash -c "${test_snippet}" #THEN assert_success diff --git a/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh b/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh index ebd3c7ec9a3..ff7a7efde82 100755 --- a/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh +++ b/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh @@ -13,7 +13,7 @@ # sh agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh # -images=(bitnami/che-codeigniter:3.1.3-r6 bitnami/che-express:4.15.3-r2 bitnami/che-java-play:1.3.12-r3 bitnami/che-laravel:5.4.23-r1 bitnami/che-rails:5.1.2-r0 bitnami/che-swift:3.1.1-r0 bitnami/che-symfony:3.3.2-r0 eclipse/centos_jdk8 eclipse/centos_jdk8 eclipse/cpp_gcc eclipse/debian_jdk8 eclipse/debian_jre eclipse/dotnet_core eclipse/hadoop-dev eclipse/kotlin eclipse/node eclipse/php eclipse/php:5.6 eclipse/php:gae eclipse/selenium eclipse/ubuntu_android eclipse/ubuntu_go eclipse/ubuntu_jdk8 eclipse/ubuntu_jre eclipse/ubuntu_python:2.7 eclipse/ubuntu_python:gae_python2.7 eclipse/ubuntu_python:latest eclipse/ubuntu_rails kaloyanraev/che-zendserver registry.centos.org/che-stacks/centos-go registry.centos.org/che-stacks/centos-nodejs registry.centos.org/che-stacks/spring-boot registry.centos.org/che-stacks/vertx registry.centos.org/che-stacks/wildfly-swarm tomitribe/ubuntu_tomee_173_jdk8 registry.centos.org/che-stacks/centos-git) +images=(bitnami/che-codeigniter:3.1.3-r6 bitnami/che-express:4.15.3-r2 bitnami/che-java-play:1.3.12-r3 bitnami/che-laravel:5.4.23-r1 bitnami/che-rails:5.1.2-r0 bitnami/che-swift:3.1.1-r0 bitnami/che-symfony:3.3.2-r0 eclipse/centos_jdk8 eclipse/cpp_gcc eclipse/debian_jdk8 eclipse/debian_jre eclipse/dotnet_core eclipse/hadoop-dev eclipse/kotlin eclipse/node eclipse/php eclipse/php:5.6 eclipse/php:gae eclipse/selenium eclipse/ubuntu_android eclipse/ubuntu_go eclipse/ubuntu_jdk8 eclipse/ubuntu_jre eclipse/ubuntu_python:2.7 eclipse/ubuntu_python:gae_python2.7 eclipse/ubuntu_python:latest eclipse/ubuntu_rails kaloyanraev/che-zendserver registry.centos.org/che-stacks/centos-go registry.centos.org/che-stacks/centos-nodejs registry.centos.org/che-stacks/spring-boot registry.centos.org/che-stacks/vertx registry.centos.org/che-stacks/wildfly-swarm tomitribe/ubuntu_tomee_173_jdk8 registry.centos.org/che-stacks/centos-git) arbitrary_images=(rhche/centos_jdk8 rhche/vertx rhche/ubuntu_jdk8 rhche/centos-nodejs rhche/spring-boot rhche/wildfly-swarm) run_bats_test() { diff --git a/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh b/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh index b324274708c..c16059838a3 100644 --- a/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh +++ b/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh @@ -11,11 +11,11 @@ is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES @@ -32,7 +32,7 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" CHE_DIR=$HOME/che LOCAL_AGENT_BINARIES_URI='/mnt/che/exec-agent/exec-agent-${PREFIX}.tar.gz' diff --git a/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh b/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh index 0da5a747d44..10a492198be 100644 --- a/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh +++ b/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh @@ -10,18 +10,18 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.csharp.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh b/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh index 73ccac9f16b..ec0943c4f03 100644 --- a/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh +++ b/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh @@ -10,18 +10,18 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.json.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh b/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh index c34050b6ade..c748505e6c5 100644 --- a/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh +++ b/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh @@ -10,18 +10,18 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.php.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh b/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh index c52bac944f7..d3fe6792b67 100644 --- a/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh +++ b/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh @@ -10,11 +10,11 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES @@ -25,7 +25,7 @@ command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } command -v python3.5 >/dev/null 2>&1 || { PYTHON_DEPS=${PYTHON_DEPS}" python3.5"; } command -v pip3 >/dev/null 2>&1 || { PYTHON_DEPS=${PYTHON_DEPS}" pip3"; } -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.python.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh b/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh index d64889886a5..7758fc9f97e 100644 --- a/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh +++ b/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh @@ -10,18 +10,18 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.typescript.binaries CHE_DIR=$HOME/che diff --git a/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh b/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh index 83fa412f8c1..8c0ecd50e67 100644 --- a/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh +++ b/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh @@ -10,17 +10,17 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset SUDO unset PACKAGES -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" if [ -f /etc/centos-release ]; then FILE="/etc/centos-release" diff --git a/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh b/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh index b495c3ba82a..7bdce502dd3 100644 --- a/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh +++ b/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh @@ -10,11 +10,11 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES @@ -31,7 +31,7 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" CHE_DIR=$HOME/che LOCAL_AGENT_BINARIES_URI='/mnt/che/terminal/websocket-terminal-${PREFIX}.tar.gz' diff --git a/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh b/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh index 39e286d6663..b2cc52438f0 100644 --- a/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh +++ b/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh @@ -10,16 +10,16 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset SUDO unset PACKAGES -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" if [ -f /etc/centos-release ]; then FILE="/etc/centos-release" diff --git a/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh b/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh index c89dd6cfdb7..5ba6963e76a 100644 --- a/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh +++ b/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh @@ -10,11 +10,11 @@ # is_current_user_root() { - test "$(id -u)" = 0 && return 0 || return 1 + test "$(id -u)" = 0 } is_current_user_sudoer() { - sudo -n true >& /dev/null && return 0 || return 1 + sudo -n true > /dev/null 2>&1 } unset PACKAGES @@ -31,7 +31,7 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -if is_current_user_root && is_current_user_sudoer; then SUDO="sudo -E"; fi +is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" LOCAL_AGENT_BINARIES_URI="/mnt/che/ws-agent.tar.gz" DOWNLOAD_AGENT_BINARIES_URI='${WORKSPACE_MASTER_URI}/agent-binaries/ws-agent.tar.gz' From aa113578d8da8258f1d7bb6fe6d849f5f89a4e2e Mon Sep 17 00:00:00 2001 From: Mario Loriedo Date: Mon, 31 Jul 2017 19:33:33 +0200 Subject: [PATCH 3/3] Fixup after Alex review Signed-off-by: Mario Loriedo --- .../agents-launchers-tests-arbitraryuser.bats | 6 +++--- .../src/test/resources/agents-launchers-tests.bats | 13 ++++++++----- .../src/test/resources/run_launcher_bats_tests.sh | 6 ++++-- .../main/resources/org.eclipse.che.exec.script.sh | 7 ++++--- .../resources/org.eclipse.che.ls.csharp.script.sh | 6 ++++-- .../resources/org.eclipse.che.ls.json.script.sh | 6 ++++-- .../main/resources/org.eclipse.che.ls.php.script.sh | 6 ++++-- .../resources/org.eclipse.che.ls.python.script.sh | 7 ++++--- .../org.eclipse.che.ls.typescript.script.sh | 6 ++++-- .../main/resources/org.eclipse.che.ssh.script.sh | 7 ++++--- .../resources/org.eclipse.che.terminal.script.sh | 7 ++++--- .../main/resources/org.eclipse.che.unison.script.sh | 6 ++++-- .../resources/org.eclipse.che.ws-agent.script.sh | 7 ++++--- 13 files changed, 55 insertions(+), 35 deletions(-) diff --git a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats index 47358566f71..e30b1056681 100644 --- a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats +++ b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests-arbitraryuser.bats @@ -33,7 +33,7 @@ root_msg="I am root" not_root_msg="I am a not root" sudoer_msg="I am a sudoer" not_sudoer_msg="I am a not a sudoer" -test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" +test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)|set_sudo_command\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo -n '${not_sudoer_msg} '; set_sudo_command; echo SUDO=\${SUDO}" user="100000" # Kill running che server instance if there is any to be able to run tests @@ -50,13 +50,13 @@ teardown() { @test "should deduce that's not a sudoer nor root when ${LAUNCHER_SCRIPT_TO_TEST} is run as an arbitrary user" { #GIVEN - expected_msg="${not_root_msg} ${not_sudoer_msg}" + expected_msg="${not_root_msg} ${not_sudoer_msg} SUDO=" #WHEN run docker exec --user=${user} "${CONTAINER_NAME}" bash -c "${test_snippet}" #THEN assert_success - assert_output --partial ${expected_msg} + assert_output ${expected_msg} } diff --git a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats index d32dbde3f31..86c4bad246e 100644 --- a/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats +++ b/agents/che-core-api-agent/src/test/resources/agents-launchers-tests.bats @@ -32,7 +32,8 @@ root_msg="I am root" not_root_msg="I am a not root" sudoer_msg="I am a sudoer" not_sudoer_msg="I am a not a sudoer" -test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" +#test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo '${sudoer_msg}' || echo '${not_sudoer_msg}'" +test_snippet="source <(grep -iE -A3 'is_current_user_root\(\)|is_current_user_sudoer\(\)|set_sudo_command\(\)' /launch.sh | grep -v -- "^--$"); is_current_user_root && echo -n '${root_msg} ' || echo -n '${not_root_msg} '; is_current_user_sudoer && echo -n '${sudoer_msg} ' || echo '${not_sudoer_msg}'; set_sudo_command; echo SUDO=\${SUDO}" # Kill running che server instance if there is any to be able to run tests setup() { @@ -49,25 +50,27 @@ teardown() { @test "should deduce that's root and sudoer when ${LAUNCHER_SCRIPT_TO_TEST} is run as root" { #GIVEN user="root" - expected_msg="${root_msg} ${sudoer_msg}" + expected_msg="${root_msg} ${sudoer_msg} SUDO=" #WHEN run docker exec --user=${user} "${CONTAINER_NAME}" bash -c "${test_snippet}" #THEN assert_success - assert_output --partial ${expected_msg} +# assert_output --partial ${expected_msg} + assert_output ${expected_msg} } @test "should deduce that's not root but sudoer when ${LAUNCHER_SCRIPT_TO_TEST} is run as user with UID 1000" { #GIVEN user="1000" - expected_msg="${not_root_msg} ${sudoer_msg}" + expected_msg="${not_root_msg} ${sudoer_msg} SUDO=sudo -E" #WHEN run docker exec --user=${user} "${CONTAINER_NAME}" bash -c "${test_snippet}" #THEN assert_success - assert_output --partial ${expected_msg} +# assert_output --partial ${expected_msg} + assert_output ${expected_msg} } diff --git a/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh b/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh index ff7a7efde82..9c9455a4055 100755 --- a/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh +++ b/agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh @@ -13,8 +13,10 @@ # sh agents/che-core-api-agent/src/test/resources/run_launcher_bats_tests.sh # -images=(bitnami/che-codeigniter:3.1.3-r6 bitnami/che-express:4.15.3-r2 bitnami/che-java-play:1.3.12-r3 bitnami/che-laravel:5.4.23-r1 bitnami/che-rails:5.1.2-r0 bitnami/che-swift:3.1.1-r0 bitnami/che-symfony:3.3.2-r0 eclipse/centos_jdk8 eclipse/cpp_gcc eclipse/debian_jdk8 eclipse/debian_jre eclipse/dotnet_core eclipse/hadoop-dev eclipse/kotlin eclipse/node eclipse/php eclipse/php:5.6 eclipse/php:gae eclipse/selenium eclipse/ubuntu_android eclipse/ubuntu_go eclipse/ubuntu_jdk8 eclipse/ubuntu_jre eclipse/ubuntu_python:2.7 eclipse/ubuntu_python:gae_python2.7 eclipse/ubuntu_python:latest eclipse/ubuntu_rails kaloyanraev/che-zendserver registry.centos.org/che-stacks/centos-go registry.centos.org/che-stacks/centos-nodejs registry.centos.org/che-stacks/spring-boot registry.centos.org/che-stacks/vertx registry.centos.org/che-stacks/wildfly-swarm tomitribe/ubuntu_tomee_173_jdk8 registry.centos.org/che-stacks/centos-git) -arbitrary_images=(rhche/centos_jdk8 rhche/vertx rhche/ubuntu_jdk8 rhche/centos-nodejs rhche/spring-boot rhche/wildfly-swarm) +#images=(bitnami/che-codeigniter:3.1.3-r6 bitnami/che-express:4.15.3-r2 bitnami/che-java-play:1.3.12-r3 bitnami/che-laravel:5.4.23-r1 bitnami/che-rails:5.1.2-r0 bitnami/che-swift:3.1.1-r0 bitnami/che-symfony:3.3.2-r0 eclipse/centos_jdk8 eclipse/cpp_gcc eclipse/debian_jdk8 eclipse/debian_jre eclipse/dotnet_core eclipse/hadoop-dev eclipse/kotlin eclipse/node eclipse/php eclipse/php:5.6 eclipse/php:gae eclipse/selenium eclipse/ubuntu_android eclipse/ubuntu_go eclipse/ubuntu_jdk8 eclipse/ubuntu_jre eclipse/ubuntu_python:2.7 eclipse/ubuntu_python:gae_python2.7 eclipse/ubuntu_python:latest eclipse/ubuntu_rails kaloyanraev/che-zendserver registry.centos.org/che-stacks/centos-go registry.centos.org/che-stacks/centos-nodejs registry.centos.org/che-stacks/spring-boot registry.centos.org/che-stacks/vertx registry.centos.org/che-stacks/wildfly-swarm tomitribe/ubuntu_tomee_173_jdk8 registry.centos.org/che-stacks/centos-git) +#arbitrary_images=(rhche/centos_jdk8 rhche/vertx rhche/ubuntu_jdk8 rhche/centos-nodejs rhche/spring-boot rhche/wildfly-swarm) +images=(eclipse/centos_jdk8) +arbitrary_images=(rhche/centos_jdk8) run_bats_test() { export CHE_BASE_DIR=$(pwd) diff --git a/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh b/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh index c16059838a3..18445f8d832 100644 --- a/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh +++ b/agents/exec/src/main/resources/org.eclipse.che.exec.script.sh @@ -18,8 +18,11 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } CURL_INSTALLED=false WGET_INSTALLED=false @@ -32,8 +35,6 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" - CHE_DIR=$HOME/che LOCAL_AGENT_BINARIES_URI='/mnt/che/exec-agent/exec-agent-${PREFIX}.tar.gz' DOWNLOAD_AGENT_BINARIES_URI='${WORKSPACE_MASTER_URI}/agent-binaries/${PREFIX}/exec/exec-agent-${PREFIX}.tar.gz' diff --git a/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh b/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh index 10a492198be..17451e7fa5e 100644 --- a/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh +++ b/agents/ls-csharp/src/main/resources/org.eclipse.che.ls.csharp.script.sh @@ -17,11 +17,13 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.csharp.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh b/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh index ec0943c4f03..7ba3fc04a70 100644 --- a/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh +++ b/agents/ls-json/src/main/resources/org.eclipse.che.ls.json.script.sh @@ -17,11 +17,13 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.json.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh b/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh index c748505e6c5..6c4505ea346 100644 --- a/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh +++ b/agents/ls-php/src/main/resources/org.eclipse.che.ls.php.script.sh @@ -17,11 +17,13 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.php.binaries CHE_DIR=$HOME/che diff --git a/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh b/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh index d3fe6792b67..a3b70095a4d 100644 --- a/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh +++ b/agents/ls-python/src/main/resources/org.eclipse.che.ls.python.script.sh @@ -17,16 +17,17 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO unset PYTHON_DEPS command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } command -v python3.5 >/dev/null 2>&1 || { PYTHON_DEPS=${PYTHON_DEPS}" python3.5"; } command -v pip3 >/dev/null 2>&1 || { PYTHON_DEPS=${PYTHON_DEPS}" pip3"; } -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" - AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.python.binaries CHE_DIR=$HOME/che LS_DIR=${CHE_DIR}/ls-python diff --git a/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh b/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh index 7758fc9f97e..36c1fd43e5f 100644 --- a/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh +++ b/agents/ls-typescript/src/main/resources/org.eclipse.che.ls.typescript.script.sh @@ -17,11 +17,13 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } command -v curl >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" curl"; } -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" AGENT_BINARIES_URI=https://codenvy.com/update/repository/public/download/org.eclipse.che.ls.typescript.binaries CHE_DIR=$HOME/che diff --git a/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh b/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh index 8c0ecd50e67..bcc6b79ff90 100644 --- a/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh +++ b/agents/ssh/src/main/resources/org.eclipse.che.ssh.script.sh @@ -17,10 +17,11 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } -unset SUDO -unset PACKAGES +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" +unset PACKAGES if [ -f /etc/centos-release ]; then FILE="/etc/centos-release" diff --git a/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh b/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh index 7bdce502dd3..7cd0ab5790c 100644 --- a/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh +++ b/agents/terminal/src/main/resources/org.eclipse.che.terminal.script.sh @@ -17,8 +17,11 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } CURL_INSTALLED=false WGET_INSTALLED=false @@ -31,8 +34,6 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" - CHE_DIR=$HOME/che LOCAL_AGENT_BINARIES_URI='/mnt/che/terminal/websocket-terminal-${PREFIX}.tar.gz' DOWNLOAD_AGENT_BINARIES_URI='${WORKSPACE_MASTER_URI}/agent-binaries/${PREFIX}/terminal/websocket-terminal-${PREFIX}.tar.gz' diff --git a/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh b/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh index b2cc52438f0..bd4eaa67a9f 100644 --- a/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh +++ b/agents/unison/src/main/resources/org.eclipse.che.unison.script.sh @@ -17,9 +17,11 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } -unset SUDO +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" if [ -f /etc/centos-release ]; then FILE="/etc/centos-release" diff --git a/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh b/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh index 5ba6963e76a..4fa225b485f 100644 --- a/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh +++ b/wsagent/agent/src/main/resources/org.eclipse.che.ws-agent.script.sh @@ -17,8 +17,11 @@ is_current_user_sudoer() { sudo -n true > /dev/null 2>&1 } +set_sudo_command() { + if is_current_user_sudoer && ! is_current_user_root; then SUDO="sudo -E"; else unset SUDO; fi +} + unset PACKAGES -unset SUDO command -v tar >/dev/null 2>&1 || { PACKAGES=${PACKAGES}" tar"; } CURL_INSTALLED=false WGET_INSTALLED=false @@ -31,8 +34,6 @@ if [ ${CURL_INSTALLED} = false ] && [ ${WGET_INSTALLED} = false ]; then CURL_INSTALLED=true fi -is_current_user_root && is_current_user_sudoer || SUDO="sudo -E" - LOCAL_AGENT_BINARIES_URI="/mnt/che/ws-agent.tar.gz" DOWNLOAD_AGENT_BINARIES_URI='${WORKSPACE_MASTER_URI}/agent-binaries/ws-agent.tar.gz'