ref(builder): Remove use of root in gitreceive

Arne-Christian Blystad · Arne-Christian Blystad · commit cc78b2d86396 · 2015-01-26T15:46:19.000+01:00
This change removes the use of root in gitreceive. Before we had to run
a script as root to get Docker access, but this has since been fixed in
Docker.

The motivation between the change was because of bug #1843, caused by
running "git gc" as root. This changed the owner of git files and
directories to root:root, which was inaccessable from git:git.

This also fixes /buildpacks check which checked if /buildpacks was a
file (which it is not, it's a directory).
diff --git a/builder/image/Dockerfile b/builder/image/Dockerfile
@@ -38,9 +38,6 @@ RUN useradd -d $GITHOME $GITUSER
 RUN mkdir -p $GITHOME/.ssh && chown git:git $GITHOME/.ssh
 RUN chown -R $GITUSER:$GITUSER $GITHOME
 
-# let the git user run `sudo /home/git/builder` (not writeable)
-RUN echo "%git    ALL=(ALL:ALL) NOPASSWD:/home/git/builder" >> /etc/sudoers
-
 # HACK: import progrium/cedarish as a tarball
 # see https://github.com/deis/deis/issues/1027
 RUN curl -#SL -o /progrium_cedarish.tar.gz \
@@ -56,6 +53,11 @@ CMD ["/app/bin/boot"]
 EXPOSE 22
 RUN addgroup --quiet --gid 2000 slug && useradd slug --uid=2000 --gid=2000
 
+# $GITUSER is added to docker group to use docker without sudo and to slug
+# group in order to share resources with the slug user
+RUN usermod -a -G docker $GITUSER
+RUN usermod -a -G slug $GITUSER
+
 ADD templates/shim.dockerfile /home/git/
 ADD etc /etc
 ADD . /app
diff --git a/builder/image/templates/builder b/builder/image/templates/builder
@@ -102,8 +102,13 @@ if [ ! -f Dockerfile ]; then
     BUILD_OPTS+=' -v '
     BUILD_OPTS+=$(echo $CACHE_DIR)
     BUILD_OPTS+=':/tmp/cache:rw'
-    # give non-root slugbuilder user R/W perms for docker volumes
-    chown -R 2000:2000 $TMP_DIR $CACHE_DIR
+    # give slug group ownership of TMP_DIR and CACHE_DIR.
+    chown -R :2000 $TMP_DIR
+    chown :2000 $CACHE_DIR
+    # TMP_DIR is created using mktemp, which sets permissions to 700. Since
+    # we share this with the slug group, the slug group needs to be able to
+    # work with it.
+    chmod g+rwx $TMP_DIR
 
     BUILD_OPTS+=' deis/slugbuilder'
 
diff --git a/builder/image/templates/gitreceive b/builder/image/templates/gitreceive
@@ -57,8 +57,7 @@ EOF
         cd $GITHOME
         # if we're processing a receive-pack on an existing repo, run a build
         if [[ $SSH_ORIGINAL_COMMAND == git-receive-pack* ]]; then
-          # SECURITY: git user runs the builder as root (for docker access)
-          sudo $GITHOME/builder $RECEIVE_USER $RECEIVE_REPO $newrev 2>&1 | strip_remote_prefix
+          $GITHOME/builder $RECEIVE_USER $RECEIVE_REPO $newrev 2>&1 | strip_remote_prefix
         fi
 
         rm -f "$LOCKFILE"
