Travis sudo is disabled - travis-ci

I want to use apt to install some packages for the test, however, it fails due to that the sudo is disabled. I found the following in the test output:
Sudo, the FireFox addon, setuid and setgid have been disabled.
It seems that the output comes from this line in travic-ci, but setting paranoid_mode to false in .travis.yml does not work.
How to enable sudo access?
PS: I am using private repo.
EDIT: The following .travis.yml will fail due to sudo: must be setuid root when running sudo apt-get update -qq
language: python
python:
- "3.4"
before_install:
- sudo apt-get update -qq
script:
- nosetests
Setting sudo: true and/or paranoid_mode: false does not work.

Sudo access is turned off on our Docker based architecture, which will be used in two contexts:
repositories opt in using sudo: false in their .travis.yml file (it additionally needs to be turned on on our side)
on our educational program (see http://education.travis-ci.com)
Builds running on our Docker based architecture currently cannot be allowed sudo access due to certain security concerns in the LXC/Docker layer. We hope this will be fixed in the near future, but unfortunately the issue is out of our own hands.
We are also working on improving the Firefox addon, which currently uses sudo itself, but shouldn't. We'll post on our blog once this has happened.

To extend the existing answer, if you put in .travis.yml:
sudo: required
Travis should switch your build to use their "standard infrastructure" (rather than their "container based infrastructure") and then you can use sudo.
References:
https://docs.travis-ci.com/user/workers/standard-infrastructure
https://docs.travis-ci.com/user/workers/container-based-infrastructure/
Nov 2018 Update
It seems that container-based infrastructure is getting deprecated. From the docs:
Container-based infrastructure is currently being deprecated. Please
use the fully-virtualized infrastrstructure via sudo: required
instead.

As explained in "Combining The Linux Infrastructures"
Going forward, we will slowly transition the container-based environment out, in favor of a build environment that is entirely virtual machine-based.
Folks using container-based infrastructures will be the only ones affected, and this transition will roll out slowly, depending on whether you specify sudo: false in your .travis.yml.
This is illustrated in Git 2.20 (Q4 2018), with:
Travis CI will soon deprecate the container-based infrastructure enabled by sudo: false in ce59dff (Git 2.8.0, Jan. 2016).
See commit 0f0c511 (01 Nov 2018) by SZEDER Gábor (szeder).
(Merged by Junio C Hamano -- gitster -- in commit 57f06d5, 13 Nov 2018)
travis-ci: install packages in 'ci/install-dependencies.sh'
Ever since we started using Travis CI, we specified the list of packages to install in '.travis.yml' via the APT addon.
While running our builds on Travis CI's container-based infrastructure we didn't have another choice, because that environment didn't support 'sudo', and thus we didn't have permission to install packages ourselves.
With the switch to the VM-based infrastructure in the previous patch we do get a working 'sudo', so we can install packages by running 'sudo apt-get -y install ...' as well.
Let's make use of this and install necessary packages in 'ci/install-dependencies.sh', so all the dependencies (i.e. both packages and "non-packages" (P4 and Git-LFS)) are handled in the same file.
Install gcc-8 only in the 'linux-gcc' build job; so far it has been unnecessarily installed in the 'linux-clang' build job as well.
Print the versions of P4 and Git-LFS conditionally, i.e. only when they have been installed; with this change even the static analysis and documentation build jobs start using 'ci/install-dependencies.sh'
to install packages, and neither of these two build jobs depend on and
thus install those.
This change will presumably be beneficial for the upcoming Azure Pipelines integration preliminary versions of that patch series run a couple of 'apt-get' commands to install the necessary packages before running 'ci/install-dependencies.sh', but with this patch it will be sufficient to run only 'ci/install-dependencies.sh'.

Related

How to install VS Code extensions in a Dockerfile?

Is there a way to install VS Code extensions in a Dockerfile?
Apparently, while most browser-based VS Code forks (including openvscode-server) do not permit headless installation of VS Code extensions (as seen from my other answer), it is possible to do such automated installs using docker build in one of them: Code Server (code-server), like in this sample Dockerfile:
FROM ubuntu:22.04
RUN apt update && apt install -y curl
# install VS Code (code-server)
RUN curl -fsSL https://code-server.dev/install.sh | sh
# install VS Code extensions
RUN code-server --install-extension redhat.vscode-yaml \
--install-extension ms-python.python
Relevant fragment of the docker build log:
[..]
---> Running in 59eea050a2db
[2022-11-13T10:13:58.762Z] info Wrote default config file to ~/.config/code-server/config.yaml
Installing extensions...
Installing extension 'redhat.vscode-yaml'...
Installing extension 'ms-python.python'...
Extension 'redhat.vscode-yaml' v1.10.1 was successfully installed.
Extension 'ms-python.python' v2022.16.1 was successfully installed.
[..]
Per the VS Code Documentation, the extensions property is specific to VS Code and can only be configured using .devcontainer.
The best you can do is if the extension has a CLI, you can install that. For example,
RUN npm install prettier -D --save-exact
Then use npx:
npx prettier --check .
This is sadly disallowed by design, as confirmed by this error message you will see in your docker build log when you attempt to run code --install-extension or openvscode-server --install-extension:
Command is only available in WSL or inside a Visual Studio Code terminal.
This is also confirmed (and tagged) as being as designed by one of VS Code Remote devs in this GitHub issue:
This is correct the 'vs code server CLI' is only available from the integrated terminal.
So VS Code Remote or even openvscode-server make it impossible to automate installs of first- or third-party extensions for this popular Microsoft IDE, unless you run their custom terminal inside their closed-source IDE, which normally entails buying a license for their GUI-based closed-source operating system as well;)

Anyone else get this error "Error: invalid option: --with-passenger"

Can not get NGINX to install with passenger
Following the steps you are supposed to...
brew install passenger
Then you run the following command...
brew install nginx --with-passenger
But I get:
Error: invalid option: --with-passenger
Could not find any resources about this online, so asking here.
$ brew install nginx --with-passenger
Usage: brew install [options] formula
Install formula.
formula is usually the name of the formula to install, but it can be specified
in several different ways.
-d, --debug If brewing fails, open an interactive
debugging session with access to IRB or a
shell inside the temporary build directory
--env If std is passed, use the standard build
environment instead of superenv.If super
is passed, use superenv even if the formula
specifies the standard build environment.
--ignore-dependencies Skip installing any dependencies of any
kind. If they are not already present, the
formula will probably fail to install.
--only-dependencies Install the dependencies with specified
options but do not install the specified
formula.
--cc Attempt to compile using provided
compiler. compiler should be the name
of the compiler's executable, for instance
gcc-7 for GCC 7. In order to use LLVM's
clang, use llvm_clang. To specify the
Apple-provided clang, use clang. This
parameter will only accept compilers that
are provided by Homebrew or bundled with
macOS. Please do not file issues if you
encounter errors while using this flag.
-s, --build-from-source Compile the specified formula from source
even if a bottle is provided. Dependencies
will still be installed from bottles if
they are available.
--force-bottle Install from a bottle if it exists for the
current or newest version of macOS, even if
it would not normally be used for
installation.
--include-test Install testing dependencies required to
run brew test.
--devel If formula defines it, install the
development version.
--HEAD If formula defines it, install the HEAD
version, aka. master, trunk, unstable.
--fetch-HEAD Fetch the upstream repository to detect if
the HEAD installation of the formula is
outdated. Otherwise, the repository's HEAD
will be checked for updates when a new
stable or development version has been
released.
--keep-tmp Don't delete the temporary files created
during installation.
--build-bottle Prepare the formula for eventual bottling
during installation.
-f, --force Install without checking for previously
installed keg-only or non-migrated
versions.
-v, --verbose Print the verification and postinstall
steps.
--display-times Print install times for each formula at the
end of the run.
-i, --interactive Download and patch formula, then open a
shell. This allows the user to run
./configure --help and otherwise
determine how to turn the software package
into a Homebrew package.
-g, --git Create a Git repository, useful for
creating patches to the software.
-h, --help Show this message.
Error: invalid option: --with-passenger
This is supposed to work... so yeah.
A late answer. Obviously the documentation on the passenger site is outdated at time of this writing.
According to phusion's github site
https://github.com/phusion/passenger/issues/2187#issue-416881033
the config option --nginx-with-passenger is not valid anymore.
Instead do:
brew install nginx passenger
Addendum:
When using google search for results currently the old page comes up at the top of the list. Here's the currently maintained page with the accurate information:
https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/osx.html

Setup Docker Jenkins with default plugins

I want to create a Jenkins based image to have some plugins installed as well as npm. To do so I have the following Dockerfile:
FROM jenkins:2.60.3
RUN install-plugins.sh bitbucket
USER root
RUN apt-get update
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y nodejs
RUN npm --version
USER jenkins
That works fine however when I run the image I have two problems:
It seems that the plugins I tried to install manually didn't get persisted for some reason.
I get prompted the list of plugins I want to install but I don't want to install anything else.
Am I missing anything configuring the Dockerfile or is it that what I want to achieve is simply not possible?
Without seeing the contents of install-plugins.sh, I can't comment as to why the plugins aren't persisting. It is most likely caused by an incorrect installation destination; persistence shouldn't be an issue at this stage, since the plugin installation is built into the image itself.
As for the latter issue, you should be able to skip the installation wizard altogether by adding the line ENV JAVA_OPTS=-Djenkins.install.runSetupWizard=false
to your Dockerfile. Please note that this can be a security risk, if the Jenkins image is exposed to the world at large, since this option disables the need for authentication
EDIT: The default plugin directory for the Docker image is /var/jenkins_home/plugins
EDIT 2: According to the README on the Jenkins Docker repo, adding the line RUN echo 2.0 > /usr/share/jenkins/ref/jenkins.install.UpgradeWizard.stateshould accomplish the same thing
Things have changed since 2017, when the last answer was posted, and it no longer works. The current way is in following Dockerfile snippet:
# Prevent setup wizard from running.
# WARNING: Jenkins will start with security disabled, without any password.
ENV JENKINS_OPTS="-Djenkins.install.runSetupWizard=false"
# plugins.txt must contain the list of plugins to be installed
# (One plugin per line, e.g. sidebar-link:1.11.0)
COPY plugins.txt /tmp/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /tmp/plugins.txt

Install python3-gi for Travis-CI and Python >= 3.3

What is the correct way to install python3-gi on Travis-CI using the .travis.yml file?
The past recommendation was to use Python 3.2 (Travis-ci & Gobject introspection), but I would prefer testing against more recent versions.
I did try a few sensible combinations of commands, but my knowledge of the Travis-CI environment is very basic:
This for example fails with and without using system_site_packages: true:
before_install:
- sudo apt-get install -qq python3-gi
virtualenv:
- system_site_packages: true
Two examples of repositories that have this working (as far as I can tell):
https://github.com/ignatenkobrain/gnome-news (CircleCI)
https://github.com/devassistant/devassistant (Travis-CI)
In order to use a newer version you would either have to build it or use a container system like docker.
gnome-news has an example of a pygobject project using circleci (which is another free alternative to travis-ci). They are using fedora rawhide in docker which has the latest versions of the entire gnome stack.

Travis: Is there a way to use env vars to install package versions programmatically on container-based infrastructure?

In the .travis.yml for one of my projects, I determine what packages to install based on environment variables that I also set in the .travis.yml file. It looks like this:
env:
- CABALVER=1.18 GHCVER=7.8.1
- CABALVER=1.18 GHCVER=7.8.2
...
before_install:
...
- travis_retry sudo apt-get install cabal-install-$CABALVER ghc-$GHCVER
...
That's under the legacy infrastructure. I would like to switch to the container-based infrastructure, which would mean replacing the before_install line with something like:
addons:
apt:
packages:
- cabal-install-$CABALVER
- ghc-$GHCVER
...except that won't work, because env vars aren't set until after Travis attempts to install the requested apt packages. So, if I try to use the above, I get an error about how I'm trying to install packages called cabal-install- and ghc- (with the ending hyphens, but minus the version suffixes), which of course don't exist.
Is there a way to accomplish what I want on the container-based infrastructure? I could try to install all the versions at once and use the env vars later to determine which one to use on a given job, but (even if I could prevent all hell from breaking loose as a result of having multiple GHCs and Cabals installed at once) it would be really slow to install all of them for every build job, and that would negate the purpose of switching to container-based infrastructure.

Resources