diff options
author | Darren Tucker <dtucker@dtucker.net> | 2023-10-30 13:32:03 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2023-10-30 16:13:04 +1100 |
commit | 917ba181c2cbdb250a443589ec732aa36fd51ffa (patch) | |
tree | aad3ea019d1a5cc9e4ae389c41fab6053759db84 | |
parent | c5698abad6d4ec98ca20bcaaabaeacd5e1ec3f4f (diff) | |
download | openssh-917ba181c2cbdb250a443589ec732aa36fd51ffa.tar.gz |
Restore nopasswd sudo rule on Mac OS X.
This seems to be missing from some (but not all) github runners, so
restore it if it seems to be missing.
-rwxr-xr-x | .github/setup_ci.sh | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh index de10857d8..d0ba7b472 100755 --- a/.github/setup_ci.sh +++ b/.github/setup_ci.sh @@ -29,18 +29,30 @@ TARGETS=$@ INSTALL_FIDO_PPA="no" export DEBIAN_FRONTEND=noninteractive -set -ex +set -e if [ -x "`which lsb_release 2>&1`" ]; then lsb_release -a fi -# Ubuntu 22.04 defaults to private home dirs which prevent the -# agent-getpeerid test from running ssh-add as nobody. See -# https://github.com/actions/runner-images/issues/6106 -if [ ! -z "$SUDO" ] && ! "$SUDO" -u nobody test -x ~; then - echo ~ is not executable by nobody, adding perms. - chmod go+x ~ +if [ ! -z "$SUDO" ]; then + # Ubuntu 22.04 defaults to private home dirs which prevent the + # agent-getpeerid test from running ssh-add as nobody. See + # https://github.com/actions/runner-images/issues/6106 + if ! "$SUDO" -u nobody test -x ~; then + echo ~ is not executable by nobody, adding perms. + chmod go+x ~ + fi + # Some of the Mac OS X runners don't have a nopasswd sudo rule. Regular + # sudo still works, but sudo -u doesn't. Restore the sudo rule. + if ! "$SUDO" grep -E 'runner.*NOPASSWD' /etc/passwd >/dev/null; then + echo "Restoring runner nopasswd rule to sudoers." + echo 'runner ALL=(ALL) NOPASSWD: ALL' |$SUDO tee -a /etc/sudoers + fi + if ! "$SUDO" -u nobody -S test -x ~ </dev/null; then + echo "Still can't sudo to nobody." + exit 1 + fi fi if [ "${TARGETS}" = "kitchensink" ]; then |