From 3379f7623442d51bc1c425c1e8250418e791655e Mon Sep 17 00:00:00 2001 From: Madelen Andersson Date: Wed, 6 Mar 2024 10:55:05 +0100 Subject: [PATCH] Remove last root requirements NB! Signing will not pass until manifest schema is valid and SDK updated. The --disable-manifest-validation flag should be removed from Dockerfile before merging to release branch --- Dockerfile | 3 ++- app/manifest.json | 13 ++++++----- app/postinstallscript.sh | 37 ------------------------------ app/preuninstallscript.sh | 19 --------------- binaries/systemd-user-runtime-dir | Bin 18440 -> 0 bytes 5 files changed, 9 insertions(+), 63 deletions(-) delete mode 100644 app/preuninstallscript.sh delete mode 100755 binaries/systemd-user-runtime-dir diff --git a/Dockerfile b/Dockerfile index 9a5d6d1..fbd541d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -150,7 +150,8 @@ RUN <> /etc/subuid -for sub_group_id in $_all_gids ; do - if [ "$sub_group_id" -ne "$_gid" ]; then - echo "$_uid:$sub_group_id:1" >> /etc/subgid - fi -done -echo "$_uid:100000:65536" >> /etc/subgid - -# Update the app service file to work for our special case -cat >> /etc/systemd/system/sdkdockerdwrapperwithcompose.service << EOF -[Unit] -BindsTo=containerd.service -After=network-online.target containerd.service var-spool-storage-SD_DISK.mount -Wants=network-online.target -After=user@$_uid.service -Requires=user@$_uid.service -EOF - -# reload daemon for service file changes to take effect -systemctl daemon-reload - # *** non-root user should be able to do this **** # Move the daemon.json file into localdata folder diff --git a/app/preuninstallscript.sh b/app/preuninstallscript.sh deleted file mode 100644 index a189c83..0000000 --- a/app/preuninstallscript.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -e - -if [ "$(id -un)" != "root" ]; then - logger -p user.warn "$0: Must be run as 'root' instead of user '$(id -un)'." - exit 77 # EX_NOPERM -fi - -# *** root user required **** -# TODO Add a check of who the user is and log warning if not root - -# Get name and uid of acap user -_appname=dockerdwrapperwithcompose -_appdirectory=/usr/local/packages/$_appname -_uname="$(stat -c '%U' "$_appdirectory")" -_uid="$(id "$_uname" -u)" - -# Remove the subuid/subgid mappings -sed -i "/$_uid/d" /etc/subuid -sed -i "/$_uid/d" /etc/subgid diff --git a/binaries/systemd-user-runtime-dir b/binaries/systemd-user-runtime-dir deleted file mode 100755 index 0d15523ae2b982fa69ddb3f6d547ec41c3a44207..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18440 zcmeHPdw5gFl^;olm}kJ|9Uj*<5MF+e5FBV7BpG7Z03o(W(`H*)k84Xs52Gs)2uZmC z+Re7KMS%vAe54N9cCk0v^|oXS-EQN+e!J}UYfDL!kUsJWn^!~9r2!J_D@6M{_s+;8 zVYS`u?tdOW`OGLt!4>Wb73*3+W<-K5O2?i+&mLdct~&v*D(;-yTGIh$i|pB$&s(@ zlO~=I6>JHgxYp@KFlit(4Re7TEUE*~!E`~s2< zDoy9&{{M}=bzE-cJX23TTy2t>fWqDbkTc@R+y5Bg!@wH3z5MuRabbW%G49m~Emj>0 zdaFbJ%1|(p*j(xH#C(Cpi>kC})j~7YWP@^}VeNWyr<+tzo>8ItIQ$5w_Q#7~>u|iV zuI!obJU(r~!RQxq!e z3-I4tfd3`%mz!P5`TKDJe-0L)KUKhPMFIXw@DCKvT?PEK70~l&0sd13`2V&5|AYek zOA65crGTEs0&#e(06kJb|9=$V|C<8zPZjXzxdQahVS!N4mS2t)(Eo)3{6B(%f#%(m z0(yQ?fZkXj4zx}w`Az~qT!0_s0r?jcpl>SR4|BU)!_kOai+f^mx0|_Fxz@P-YD{en zYH>B@T2mj2MpT!_8&b`-0b9ZzpIcLnb=)0{1mmpD6Vp_8BIsuxZG*ebqiK&sV}7@% zRgJ{mzED(CndWzU6PjC%#iB8HOH5T+$m3N*?v~(YcS|A^f{s=-#+lm!TeP6h6LN>u za5T2Xt)Z?m!z})6a3`P;*4#nOy~z`TS!j<$V+=)m`_4oqDDDk+qgc4f7jGoclVn&M(5;O<30P_XHQH)B&@Ad_vk3`&_ zxM2=nN0{l&CN<{8Xqh9Tc{ZtFkG1+(wz`RtbBI5NDyI6iY;ZMCiz*^a>4j191vVH% zfZ$;Okb0Z6NLviuZJ{QX2qRfQ#kK(HWF%zR6O4dPfw==MzReyA3P$)*jJ_JyR3lQp za2pztNs*{K6!m%H!DxheywO-3!1c7?LHQ> zf%ha0t5-Se-FH+itYxBl=OWg$+}*U&(YRtc%Wi47dgeE+Bk!6%-Q-%a2AnR3YgN5_ z`HCi2MJu0BzX8$T-!BZpBVX&~u?FW%5|SYcco;rpBjyJD;vSvYk(g%+J~^koM!UdBz_C~0Ba8Eqq1n>W7v*anS<*S z`$HRT(oohZ24KZ}UoPlkk?US&wrA<%O`O^D=o~N3qdzp;C()-!bjI_6#{D*lUM$h4O7t-jeVRm{B+;i!bVZ`i zkmz$Hx+2kQBzl=dzgwc0OLV(LuaM{~CHhQ>zD}aglIRafbiM=_t<4hsc8NbA(dSC^ zHi7H#uafAyB|5FIqU@LG@_cWX=ywWcz-1M-H*Rcwwd013 zB|l?hdv9!g?a-^Bb=%x;5}SLb?TyQ5#~e60c3wkzjB`m+vCepNhGKhzeg?e?bgxM_ z@H>ESm+-~F4@&q_;KwBV9^gF^?gVaKYS=OK-3z>2!v6xeQ^MB*_eyvp@a+=*An=0{ z{u$uMB>Z#0dnDWo-1>=r`z^rBCH(Wioe~}a?v?Nu@a+=53HU(?e-!vJ3I77{9tqzL z-1^CW`(FZHF5zDW?v(Ja0ryJyQ^2=N_|w1-O8B$Dk4gCRz9|qPl2@9n9an5@-Zm@SXlM3xY9C88rl0yT zV=e{wRhy-=8QU7h>`QbDy9?LKE*R*-eO6c5^;?rZHaE$dCnkHQ=#AGNwsm~uE9ywk zXX#I7GW)=Dvg~3*n&^-@$$r(4#+*Eg>p;34?X~!A8_hPB6*Cw7y6jX~@`<7F!DdY^ zA7}44JF&RKS!_>Ri&=UmcvGX;VY^jtybJYp_+5kF-9!6o_dv$*r+IQRWh?DGfVTF@ zY>`2;R~WSYM02pa^x^jOmE)G=8Stf+vGkWgXQh3$y_)^#)#KJA{OC&A#&tUN$;lV2 z`l;DiD^g{!3%(hX*v8O!=1LuRE}8KIw$W3LI(RKiZ~RNNQyjZT_0$5A>Vs!$|&uB#`t z-!`PvA7}Pm$IlJg$AEh*>@Z?_a_B@7Y9BoQ)Hdt5OUE#V%|q=Snv*3Jw(L!! z?Z{+Y#<(B{+P^TPsdt|}U5;_~G3zBO#{G$E=DM-f(Q&28*>UaR`VQnwQmm8M_jKX1 z+4Zf|#N^J@93xgvO+c8ORY=*Dn;TQGsS~^qv%5c5p$C=E;%kY!>SDDTr zW~KA8y7Wl{>gt6q8`twHaE=_srx@c6-+69b@#y6nuRbGRTdIC%A0o2Ls5qSLDbZztxoeC1kz` z*`p+jzAY$au4@>xS01&L5WK4|v-oRhH*&4lk{kkiMToHtKZ^BpkfS&$?`0Mr;yOls zoN>K6nk{Tcp1s=17U~n2i~8`b_6f=J%k1ehw(;|53@A@2_B-|4leP(F+`q^5C9Y-` zx4~{s|C`YV@Cvz#i8N+rKRO_HANaq7xzV!+b7O}knR+qT-}ALB9p(CI&YeMjQpYXH zV-~iT`k=p?sqOXIk6!VKIaHdRLt;&6vSKccWrxGmSDH&BFn@f`C4H?89W#xTm?t}nv(GW*md;@OCJHXf`)3`XiD+qsW+W8Rf^ zBF@y$Q)56+jqR&lOL}1YrCXWnBj554nt$o}_Virzzk%8?j_?1@9D~#_a}03f(?15a z1B^lYoaFHma||Bj_Sav`EWQ;wZ(1)g2CRE>vIk=(;_|y2nSD3$Ay=_OO*)Zlg6{(O zX#8`=wR=`hZraA0ek|gCj6a)M{Qk$8i5G0E=ca7z=y|MrMn36N5IZT4(1-eQ{W&oc z^3TA3D~}1D6X)bM#g5|k#xKk{{&Uzc^fr%AJ_tEcKP>9qy& zi(K}M)=%xlJi%e&VOk5UcbmDojdbFAa25S4I`Y6$hPD6OL_-d~gq*u(8<$;6#2QFG z(K<-6e*}Kr6cg&Rep~Vw`us3-4cLynI*9frw2Rz&i1YfIXC%+T|1&mQXAgWGidg(B z<`1ovKLrnsMZ2YM@nfjJIuz>@&5^}yp&gL?-gOJj*V4|@hHf)Q*1%8FMSZ8aO7nCx z+Ns~E-pt}4>N7@S-R{k}XpGL-#z}cmo-Y%=zejynR6<5sh=+*=Zy6d*E(a&vEDv`eU6CPzN}6;k8^d_k1%zv120{>Xzdwk zV=l@M$_+UmD!ASD4>OBrqE7LA8P_+{Z^=e?S&rX3Mw&KiA@c&CS2?+ES917|!zUWg z`QU$teB$>we+bh3(KO`2bo|cQ7{&hyYATY8u&3*C!Nnw2G+wEw-a^@qm&-<1(8O?#>4?e-;h>}lak z7dzXK)**-bN$hpgKR_Se!ahTxeBI8LTp3}7+*qLgUPWdd!%(kH&8I2wN2iWW`#(uHdp8jx$1@mx1 z=LPIxuwL!nX&;;X(rC&(TL+$>?Zz{Z-PVed-deW_72+DU1@S)-{|bf*h;ed#*L7r`TgDy=F+Y9^o#}e57_n9 zud^ck*>)>S_aKe|&a(j5nI}f-r|cH})Hcv`wEqO{)F(IbU{0(a%3N1$rT1yrXAx{- zeYM}k{*YpJ3cS6&mZVk3nuRrt*7PNi>oIb+bRPBPv%rzJv>wqqvzy}atyD>Jr(*1B zchkP=c#*lzc)|Ot0d&sH)46gWo%V4#I(G~)b*=&L51}*1z8!lx$$mZTH^X-)c&YFI z4t^SY8teCepV?>T^Gh9*bd*AT_=04@ljjcb=&av-i`)NM6k)PSz zYn)gq@u=d9Mk1;&PF3@OLBa9aQe{>c>B`K*2QB8S_N(4RYc)TDs9xx%!;MArTZ3`O zde{A{*4EGWt2I8a$ESL0D`Pd)B!W|^U<9WZYOFGbgO*@et;F$6m5=l`nuO)S7;NL@ zt%*)vP@=KcDmt|DtJ;Qmw5`g}v9M~5Cqk!o@COXl5`$@EVF5YD`upkeZA`$L!d+3| zifLNWV0(cQY>h;5X4HzVYd8D1DiVcDYdo9DNtB!QMiODK8dIVzO3>g{TB5O=jpf@} zi>N1j0fnNZl+V)2P4#U3s^tc%1U2Y0&K?!$3wSie6UkEO7)xo5MH6jYO!6xfjc!m9 zZT*^!F#h$Syi`Q|?h}l-aYDvY@7h+u~d1fVk=5n$Oa6N>>05;JmRl z<_Rlt&jwXf;*UfXa3tuAQ4`M^?+wPZc$Tb$6TrNxq6Xsu>X>orR!%)YHQH7##Bd&o z^I_Pj#;_QvQavj{ec7y;2Y5?G2ywm{4?O(YtY&YpRZ%0+L~DT9*{6b`kYb$YVfYlB zIjVleyG5CmSZeAMXQ3Xi77Zoh>KvX1hFWw~KIEMPg!)dURXY5g14PiX{+eu3+;Ljz ziK|MM!JJBP3W4;5(CFWyc(|+PnJlTmd8t}gQ(IHB0LJTPB^JOI0m{v~S)s&&NDL?7 zl!Js(hMJ{6PSG|xp41A2s6Su1f3wUv9uK#*kh1=EGl)1}t~7GeV2~yYm-`>^R}FV) zS|W_8MQcqQDXYfNE5D*{R(%O_I%iUt>rTIZ96v`|RbxnFS|Hel{P!b#evn#>DPjb; zpC9M^ig5rh+6U0ikatmI&KP+U!{PrX)tLAFdN}dsf$WBvZH%pGY+QSP-K-!_6J{Kwo2uM$>Wg-N)NLMz zbArKdyw8x!&R5Ya5v!sMM%6fQN6m7Z?Gvj3>Fn;vyP3>xT+sTi zW-@-@E3aiTw7zZz+(qqx?SRD}W-=!LCjq7apX>ua0kb^X$ci>kx7;>zhC#y~ zkL`lqMbz%NWjgWEIm!vpYKVqHG&_E0K@+cg&IInlZwzd&17wa$$7tn1(epOv9_!k7 ze*OArP(U7s-(&dQ4L<6NC^{;8@v8y74Vzg*ULRI}V7KM@uUnjZzGm6`Rg3c*yDU$C z#nQO{uPyt&Y+3Qlla|KQZ#mz7;MecG@#gD4Cku|z`Y@B%WCa_T!D#BKeBiCqZ{L?C zejeBwQ<(!ib6|E7;xqN5Oy(l$hQ4m=fjQ6LzGBbpy|dbeqaUW35r@&d9K6bJGMTA( zkZSODS?dqXe7?fDr+jZ&)9|Nfd_!^UpSEwhMc-A7`Nfz(*i+7Gi`?ZfVQPNby z?ctotC^eixylcLWx6`8!DhD_&-pQxuNL0p~Ap4iIF}rwAnzvl$4fK47ig@WBX(#IUXo9oYTT=;#N<3HgYO>t6C$8D)Bv=MDiwr_*x1d+?iYs=c>xMr=f3dy`D6Ruy9n1Is0mxGfg}hk*1x#^+%k?%iO z%N|FCx+vtu^+!N){So%_`~O#5-pLh;>zRO;`FN5%eSefMPcJ)BOoaaI$ItvaAjS_Y zM#&%lU7*VH`Rir3=opu$Gak9nOE|K8_QKBB$0PjuEM)AW!r=ixSzhc{1QdB9#Pa=r zk;@A=Pga^_g79Cc5KY)u>}HFA`TTkAu&ZFtr;!FBuMi@Y X{P8DQVOwHjcDsqu{}UmXJe2)6fjV<~