Comments (4)
Hi @hwittenborn, thanks for filing this issue! I believe you have shed light on a legitimate bug that cannot be resolved by explicitly setting the user, as I will describe below.
As for why Toast uses su
: it's because Toast runs your commands using the user's preferred shell, and the widely available su
program implements the logic to determine and invoke a user's preferred shell. Toast doesn't make any assumptions about what shells are installed in your image. You are correct that an alternative design would be to assume some default shell (such as Bash), but allow the user to override it in the toastfile. However, that would mean some popular images such as Alpine (which does not have Bash) would not work without explicitly setting the shell, which I think is not a great user experience. Since all major Linux distributions include su
, I think it is better for Toast to assume that su
exists than to assume that bash
exists (even if that assumption could be overridden).
As for why Toast doesn't pass --user
to docker container create
, it's because we're already using su
for the reasoning described above.
However, this GitHub issue has made me realize that I think we should actually pass --user root
to Docker (regardless of what user is specified in the toastfile) so that su
has permission to then "become" the user configured in the toastfile without a password. I will investigate this and create a PR if necessary.
Thanks again for bringing this to my attention. I'll leave this bug open until I confirm that the issue exists as I understand it and any necessary fix has landed.
from toast.
I think we should actually pass --user root to Docker (regardless of what user is specified in the toastfile) so that su has permission to then "become" the user configured in the toastfile without a password.
Note that Toast defaults to running commands as root regardless of what user is specified in your Docker image, so for your use case you may want to explicitly set the user in your toastfile
That's more than acceptable for me. I'll get my system updated shortly and let you know if everything works after :)
from toast.
Can confirm everthing works now, thanks a ton!
from toast.
I confirmed my understanding of the bug with a simple test case. The bug has now been fixed by #421, and the fix has landed in v0.45.4. Package managers like Homebrew and MacPorts typically lag behind a few days, but the new version can be downloaded immediately from the releases page or installed via the installer script or Cargo. Also, the GitHub Action always uses the latest version of Toast, so the fix should be available there too.
Note that Toast defaults to running commands as root
regardless of what user is specified in your Docker image, so for your use case you may want to explicitly set the user
in your toastfile (either globally or for specific tasks) if you don't want to use root
. For example:
image: proget.hunterwittenborn.com/docker/makedeb/makedeb-alpha:ubuntu-focal
user: makedeb
command_prefix: set -e
tasks:
install-dependencies:
command: |
echo test
Thanks again for discovering and filing this bug! Since the fix has landed, I will close this issue now. Feel free to re-open it if you find that your issue is not resolved after upgrading to v0.45.4.
from toast.
Related Issues (20)
- Hidden Tasks HOT 10
- Print Task Schedule HOT 1
- toast 0.45.0 cannot print tasks HOT 2
- Support for Container Linking & Services HOT 4
- Add man page HOT 3
- Add Keywords To Project HOT 1
- Automatically disable cache when needed HOT 1
- Adding a PowerShell installation script HOT 5
- --shell causes "Unable to canonicalize the source directory. Reason: No such file or directory (os error 2)" HOT 2
- Remote execution via DOCKER_HOST incurs 50x ping latency. HOT 7
- When using remote DOCKER_HOST, cannot mount paths HOT 1
- License isn't recognized as MIT HOT 1
- Parallel task execution HOT 2
- Shared container/host download cache HOT 3
- 'toast'-bin collides with 'gsm' HOT 1
- PATH is overridden when using su HOT 3
- Adding an optional `net` or `network` corresponding to the `--network` flag in docker cli HOT 1
- Mount_paths on Windows not working properly HOT 4
- mount_paths can delete a directory in the container HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from toast.