kopia lustrzana https://github.com/jupyterhub/repo2docker
Kacper Kowalik (Xarthisius)
rodzic
fedd58aaf7
commit
caef6686d1
|
|
@ -16,6 +16,8 @@ API changes
|
||||||
|
|
||||||
Bug fixes
|
Bug fixes
|
||||||
---------
|
---------
|
||||||
|
- Prevent building the image as root if --user-id and --user-name are not specified
|
||||||
|
in :pr:`676` by :user:`Xarthisius`.
|
||||||
|
|
||||||
|
|
||||||
Version 0.9.0
|
Version 0.9.0
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ Usage:
|
||||||
python -m repo2docker https://github.com/you/your-repo
|
python -m repo2docker https://github.com/you/your-repo
|
||||||
"""
|
"""
|
||||||
import argparse
|
import argparse
|
||||||
|
import errno
|
||||||
import json
|
import json
|
||||||
import sys
|
import sys
|
||||||
import logging
|
import logging
|
||||||
|
|
@ -650,6 +651,19 @@ class Repo2Docker(Application):
|
||||||
extra=dict(phase='building'))
|
extra=dict(phase='building'))
|
||||||
|
|
||||||
if not self.dry_run:
|
if not self.dry_run:
|
||||||
|
if self.user_id == 0:
|
||||||
|
self.log.error(
|
||||||
|
'Root as the primary user in the image is not permitted.\n'
|
||||||
|
)
|
||||||
|
self.log.info(
|
||||||
|
"The uid and the username of the user invoking repo2docker "
|
||||||
|
"is used to create a mirror account in the image by default. "
|
||||||
|
"To override that behavior pass --user-id <numeric_id> and "
|
||||||
|
" --user-name <string> to repo2docker.\n"
|
||||||
|
"Please see repo2docker --help for more details.\n"
|
||||||
|
)
|
||||||
|
sys.exit(errno.EPERM)
|
||||||
|
|
||||||
build_args = {
|
build_args = {
|
||||||
'NB_USER': self.user_name,
|
'NB_USER': self.user_name,
|
||||||
'NB_UID': str(self.user_id),
|
'NB_UID': str(self.user_id),
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
import errno
|
||||||
|
import pytest
|
||||||
from tempfile import TemporaryDirectory
|
from tempfile import TemporaryDirectory
|
||||||
from unittest.mock import patch
|
from unittest.mock import patch
|
||||||
|
|
||||||
|
|
@ -102,3 +104,25 @@ def test_run_kwargs(repo_with_content):
|
||||||
args, kwargs = containers.run.call_args
|
args, kwargs = containers.run.call_args
|
||||||
assert 'somekey' in kwargs
|
assert 'somekey' in kwargs
|
||||||
assert kwargs['somekey'] == "somevalue"
|
assert kwargs['somekey'] == "somevalue"
|
||||||
|
|
||||||
|
|
||||||
|
def test_root_not_allowed():
|
||||||
|
with TemporaryDirectory() as src, patch('os.geteuid') as geteuid:
|
||||||
|
geteuid.return_value = 0
|
||||||
|
argv = [src]
|
||||||
|
app = make_r2d(argv)
|
||||||
|
with pytest.raises(SystemExit) as exc:
|
||||||
|
app.build()
|
||||||
|
assert exc.code == errno.EPERM
|
||||||
|
|
||||||
|
app = Repo2Docker(
|
||||||
|
repo=src,
|
||||||
|
user_id=1000,
|
||||||
|
user_name='jovyan',
|
||||||
|
run=False,
|
||||||
|
)
|
||||||
|
app.initialize()
|
||||||
|
with patch.object(docker.APIClient, 'build') as builds:
|
||||||
|
builds.return_value = []
|
||||||
|
app.build()
|
||||||
|
builds.assert_called_once()
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue