Skip to content

Commit

Permalink
try to shed root privileges
Browse files Browse the repository at this point in the history
We have root on CircleCI in the docker container.  We can't currently shed
them before we get inside the flake app because we can't run `nix build` as
non-root inside the nix container. :/

nix-community/docker-nixpkgs#62
  • Loading branch information
exarkun committed Jul 20, 2023
1 parent 08e364b commit 90e0831
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,14 @@
writeScript "unit-tests"
''
export TAHOE_LAFS_HYPOTHESIS_PROFILE=ci
${makeTestEnv pyVersion}/bin/python -m twisted.trial "$@"
if [ $(id -u) = "0" ]; then
# The test suite assumes non-root permissions. Get rid
# of the root permissions we seem to have.
SUDO="sudo -u nobody"
else
SUDO=""
fi
$SUDO ${makeTestEnv pyVersion}/bin/python -m twisted.trial "$@"
'';
};
};
Expand Down

0 comments on commit 90e0831

Please sign in to comment.