From 7d376f1ddefdbb51aca79aa9bf572820c2e311da Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 25 Sep 2023 11:02:13 +0200 Subject: [PATCH] mkosi: Run meson and ninja as the user invoking mkosi Latest mkosi sets $MKOSI_UID and $MKOSI_GID to the uid/gid of the user running mkosi. Let's make use of this to run meson setup and ninja as the user running mkosi, so that if we execute git as a subprocess during meson setup, it doesn't complain about unsafe directories. This also makes sure all the build artifacts are owned on the host by the user running mkosi. --- mkosi.presets/base/mkosi.build | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mkosi.presets/base/mkosi.build b/mkosi.presets/base/mkosi.build index c5f31c5be64..95402f6463f 100755 --- a/mkosi.presets/base/mkosi.build +++ b/mkosi.presets/base/mkosi.build @@ -9,6 +9,9 @@ if [ "${container:-}" != "mkosi" ]; then exec mkosi-chroot "$SCRIPT" "$@" fi +# Run commands as the user invoking mkosi. +SU="setpriv --reuid=${MKOSI_UID:-0} --regid=${MKOSI_GID:-0} --clear-groups" + # We don't want to install our build of systemd in the base image, but use it as an extra tree for the # initrd and system images, so override DESTDIR to store it in the output directory so we can reference it as # an extra tree in the initrd and system image builds. @@ -203,10 +206,10 @@ if [ ! -f "$BUILDDIR"/build.ninja ]; then ) fi - ( set -x; meson setup "$BUILDDIR" "${CONFIGURE_OPTS[@]}" ) + ( set -x; $SU meson setup "$BUILDDIR" "$SRCDIR" "${CONFIGURE_OPTS[@]}" ) fi -( set -x; ninja -C "$BUILDDIR" "$@" ) +( set -x; $SU ninja -C "$BUILDDIR" "$@" ) if [ "$WITH_TESTS" = 1 ]; then if [ -n "$SANITIZERS" ]; then export ASAN_OPTIONS="$MKOSI_ASAN_OPTIONS"