Make sure the wheelhouse is usable by nobody

2024-12-19 04:57:54 +00:00 · 2019-04-06 09:14:59 -04:00 · 2019-04-06 09:14:59 -04:00 · 292668bf49
commit 292668bf49
parent 988c3c6c16
1 changed files with 9 additions and 1 deletions
--- a/.circleci/prepare-image.sh
+++ b/.circleci/prepare-image.sh
@ -18,12 +18,20 @@ shift
 PROJECT_ROOT="$1"
 shift

+# Most stuff is going to run as nobody.  Here's a helper to make sure nobody
+# can access necessary files.
+CHOWN_NOBODY="chown --recursive nobody:$(id --group nobody)"
+
 # Avoid the /nonexistent home directory in nobody's /etc/passwd entry.
 usermod --home /tmp/nobody nobody

 # Grant read access to nobody, the user which will eventually try to test this
 # checkout.
-chown --recursive nobody:$(id --group nobody) "${PROJECT_ROOT}"
+${CHOWN_NOBODY} "${PROJECT_ROOT}"
+
+# Create a place for some wheels to live.
+mkdir "${WHEELHOUSE_PATH}"
+${CHOWN_NOBODY} "${WHEELHOUSE_PATH}"

 sudo --set-home -u nobody "${PROJECT_ROOT}"/.circleci/create-virtualenv.sh "${WHEELHOUSE_PATH}" "${BOOTSTRAP_VENV}"
 sudo --set-home -u nobody "${PROJECT_ROOT}"/.circleci/populate-wheelhouse.sh "${WHEELHOUSE_PATH}" "${BOOTSTRAP_VENV}" "${PROJECT_ROOT}"