Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/build: add doas package on NetBSD systems #70708

Open
ianlancetaylor opened this issue Dec 6, 2024 · 10 comments
Open

x/build: add doas package on NetBSD systems #70708

ianlancetaylor opened this issue Dec 6, 2024 · 10 comments
Labels
Builders x/build issues (builders, bots, dashboards) NeedsFix The path to resolution is known, but the work has not been done. OS-NetBSD
Milestone

Comments

@ianlancetaylor
Copy link
Member

Go version

devel

Output of go env in your module/workspace:

N/A

What did you do?

#70702 reports that su asks for a password on some FreeBSD systems, causing the runtime test TestSUID to fail and leaving the terminal in a broken state. Using the doas command with the -n option avoids this problem. doas is available as a separate package on FreeBSD and perhaps also NetBSD. Let's add it to the builders, and switch the test to use it. It's OK to run the test on systems where there is no doas command; the test will be skipped.

What did you see happen?

/bin/sh: doas: not found

What did you expect to see?

A passing test.

CC @golang/release

@gopherbot gopherbot added the Builders x/build issues (builders, bots, dashboards) label Dec 6, 2024
@gopherbot gopherbot added this to the Unreleased milestone Dec 6, 2024
@dmitshur
Copy link
Contributor

dmitshur commented Dec 6, 2024

Now that #61095 is nearly done, at least for the freebsd-amd64 builder, I think this should be a matter of adding the right package to this line and rebuilding the image.

CC @mknyszek.

@mknyszek
Copy link
Contributor

mknyszek commented Dec 6, 2024

I don't mind doing this but I'd like to get the LUCI builder out the door first and in a stable state before updating the image yet again.

@mknyszek mknyszek self-assigned this Dec 6, 2024
@mknyszek mknyszek added the NeedsFix The path to resolution is known, but the work has not been done. label Dec 6, 2024
@mknyszek
Copy link
Contributor

mknyszek commented Dec 6, 2024

I rebuilt the image with doas installed and redeployed it.

@dmitshur dmitshur moved this to In Progress in Go Release Dec 6, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/634336 mentions this issue: env/freebsd-amd64: install doas

@github-project-automation github-project-automation bot moved this from In Progress to Done in Go Release Dec 6, 2024
@ianlancetaylor
Copy link
Member Author

Thanks!

@mknyszek
Copy link
Contributor

mknyszek commented Dec 7, 2024

Ah, perhaps I closed it prematurely. I didn't do anything for NetBSD, but it's also not ported to LUCI. Might be similarly easy to update. Updating the title, reopening, and leaving for the next release rotation person.

@mknyszek mknyszek reopened this Dec 7, 2024
@mknyszek mknyszek changed the title x/build: add doas package on FreeBSD and NetBSD systems x/build: add doas package on NetBSD systems Dec 7, 2024
@mknyszek mknyszek removed their assignment Dec 7, 2024
@mknyszek mknyszek removed the status in Go Release Dec 7, 2024
@gabyhelp
Copy link

gabyhelp commented Dec 7, 2024

Related Code Changes

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@dmitshur
Copy link
Contributor

dmitshur commented Dec 7, 2024

There are LUCI builders for netbsd/arm and netbsd/arm64 ports (#63698 and #63614). They're remote, so this change is something their builder owner can consider applying (CC @bsiegert).

@bsiegert
Copy link
Contributor

bsiegert commented Dec 8, 2024

The NetBSD LUCI builders (arm and arm64) now have doas installed. But at the moment, there is no config file, so it is disabled. I am hesitant to open full root access to the swarming user.

On the other hand, these systems also have sudo installed already, since the LUCI infrastructure uses it to run reboot after a failed test. So perhaps having NetBSD use the sudo branch that's already there for Darwin would be useful. What do you think?

bsiegert added a commit to bsiegert/gobuilder-netbsd that referenced this issue Dec 8, 2024
@ianlancetaylor
Copy link
Member Author

@bsiegert See the discussion on #70702, which suggests that doas is better because it can be told to not ask for a password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Builders x/build issues (builders, bots, dashboards) NeedsFix The path to resolution is known, but the work has not been done. OS-NetBSD
Projects
Status: No status
Development

No branches or pull requests

6 participants