1
0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-14 10:13:05 +02:00

Build pgBackRest as an unprivileged user.

pgBackRest was being built by root in the documentation which is definitely not best practice.

Instead build as the unprivileged default container user.  Sudo privileges are still required to install.

Suggested by Laurenz Albe.
This commit is contained in:
David Steele 2019-08-20 09:46:29 -04:00
parent 6b5366a663
commit 286a106ae4
2 changed files with 31 additions and 11 deletions

View File

@ -42,6 +42,18 @@
</release-item> </release-item>
</release-improvement-list> </release-improvement-list>
</release-core-list> </release-core-list>
<release-doc-list>
<release-improvement-list>
<release-item>
<release-item-contributor-list>
<release-item-ideator id="laurenz.albe"/>
</release-item-contributor-list>
<p>Build <backrest/> as an unprivileged user.</p>
</release-item>
</release-improvement-list>
</release-doc-list>
</release> </release>
<release date="2019-08-05" version="2.16" title="C Migrations and Bug Fixes"> <release date="2019-08-05" version="2.16" title="C Migrations and Bug Fixes">
@ -7453,6 +7465,11 @@
<contributor-id type="github">LaetitiaLoxo</contributor-id> <contributor-id type="github">LaetitiaLoxo</contributor-id>
</contributor> </contributor>
<contributor id="laurenz.albe">
<contributor-name-display>Laurenz Albe</contributor-name-display>
<contributor-id type="github">laurenz</contributor-id>
</contributor>
<contributor id="leo.khomenko"> <contributor id="leo.khomenko">
<contributor-name-display>Leo Khomenko</contributor-name-display> <contributor-name-display>Leo Khomenko</contributor-name-display>
<contributor-id type="github">lkhomenk</contributor-id> <contributor-id type="github">lkhomenk</contributor-id>

View File

@ -163,7 +163,7 @@
<variable key="host-build-id">build</variable> <variable key="host-build-id">build</variable>
<variable key="host-build">build</variable> <variable key="host-build">build</variable>
<variable key="host-build-user">root</variable> <variable key="host-build-user">{[host-user]}</variable>
<variable key="host-build-image">{[host-image]}</variable> <variable key="host-build-image">{[host-image]}</variable>
<variable key="host-build-mount">{[host-mount]}</variable> <variable key="host-build-mount">{[host-mount]}</variable>
@ -448,7 +448,7 @@
<title>Copy <backrest/> binary from build host</title> <title>Copy <backrest/> binary from build host</title>
<execute user="root"> <execute user="root">
<exe-cmd>scp {[host-build]}:/root/pgbackrest-release-{[version]}/src/pgbackrest /usr/bin</exe-cmd> <exe-cmd>scp {[host-build]}:/build/pgbackrest-release-{[version]}/src/pgbackrest /usr/bin</exe-cmd>
<exe-cmd-extra>2>&amp;1</exe-cmd-extra> <exe-cmd-extra>2>&amp;1</exe-cmd-extra>
</execute> </execute>
@ -729,24 +729,27 @@
<p>When building from source it is best to use a build host rather than building on production. Many of the tools required for the build should generally not be installed in production. <backrest/> consists of a single executable so it is easy to copy to a new host once it is built.</p> <p>When building from source it is best to use a build host rather than building on production. Many of the tools required for the build should generally not be installed in production. <backrest/> consists of a single executable so it is easy to copy to a new host once it is built.</p>
<execute-list host="{[host-build]}"> <execute-list host="{[host-build]}">
<title>Download version <id>{[version]}</id> of <backrest/></title> <title>Download version <id>{[version]}</id> of <backrest/> to pre-created <path>/build</path> path</title>
<!-- This is shown to the user but never actually run for the very good reason that the release is not available before the documentation is built --> <!-- This is shown to the user but never actually run for the very good reason that the release is not available before the documentation is built -->
<execute user="root" skip="y"> <execute user="root" skip="y">
<exe-cmd>wget -q -O - <exe-cmd>wget -q -O -
{[github-url-release]}/{[version]}.tar.gz | {[github-url-release]}/{[version]}.tar.gz |
sudo tar zx -C /root</exe-cmd> tar zx -C /build</exe-cmd>
</execute> </execute>
<!-- These commands simulate what the command above would do if it could be run --> <!-- These commands simulate what the command above would do if it could be run -->
<execute user="root" show="n"> <execute user="root" show="n">
<exe-cmd>mkdir /root/pgbackrest-release-{[version]}</exe-cmd> <exe-cmd>mkdir -p /build/pgbackrest-release-{[version]}</exe-cmd>
</execute> </execute>
<execute user="root" show="n"> <execute user="root" show="n">
<exe-cmd>cp -r {[pgbackrest-repo-path]}/libc /root/pgbackrest-release-{[version]}</exe-cmd> <exe-cmd>cp -r {[pgbackrest-repo-path]}/libc /build/pgbackrest-release-{[version]}</exe-cmd>
</execute> </execute>
<execute user="root" show="n"> <execute user="root" show="n">
<exe-cmd>cp -r {[pgbackrest-repo-path]}/src /root/pgbackrest-release-{[version]}</exe-cmd> <exe-cmd>cp -r {[pgbackrest-repo-path]}/src /build/pgbackrest-release-{[version]}</exe-cmd>
</execute>
<execute user="root" show="n">
<exe-cmd>chown -R {[host-build-user]} /build/pgbackrest-release-{[version]}</exe-cmd>
</execute> </execute>
</execute-list> </execute-list>
@ -796,12 +799,12 @@
<execute-list host="{[host-build]}"> <execute-list host="{[host-build]}">
<title>Build <backrest/> package</title> <title>Build <backrest/> package</title>
<execute user="root" user-force="y"> <execute>
<exe-cmd>(cd /root/pgbackrest-release-{[version]}/src &amp;&amp; ./configure)</exe-cmd> <exe-cmd>cd /build/pgbackrest-release-{[version]}/src &amp;&amp; ./configure</exe-cmd>
</execute> </execute>
<execute user="root"> <execute>
<exe-cmd>make -s -C /root/pgbackrest-release-{[version]}/src</exe-cmd> <exe-cmd>make -s -C /build/pgbackrest-release-{[version]}/src</exe-cmd>
</execute> </execute>
</execute-list> </execute-list>
</section> </section>