various updates

Smjert · Jul 5, 2024 · 05f3735 · 05f3735
1 parent 3b37151
commit 05f3735
Showing 1 changed file with 10 additions and 41 deletions.
diff --git a/.github/workflows/hosted_runners.yml b/.github/workflows/hosted_runners.yml
@@ -40,8 +40,8 @@ concurrency:
 
 # Please remember to update values for both x86 and aarch64 workflows.
 env:
-  PACKAGING_REPO: https://github.com/osquery/osquery-packaging
-  PACKAGING_COMMIT: 4caa2c54f0d893c1efa47932571046bbce156c52
+  PACKAGING_REPO: https://github.com/Smjert/osquery-packaging
+  PACKAGING_COMMIT: 16bf5387af89f4b19488a195e7d60e11275dae27
   SUBMODULE_CACHE_VERSION: 2
 
 # If the initial code sanity checks are passing, then one job
@@ -55,8 +55,8 @@ jobs:
     runs-on: ubuntu-20.04
 
     container:
-      image: smjert/builder20.04:78bfb1f9a
-      options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock --user 1001:1001
+      image: smjert/builder20.04:f5a6778f5
+      options: --user 1001:1001
 
     steps:
     - name: Clone the osquery repository
@@ -125,10 +125,6 @@ jobs:
     needs: [check_code_style, check_libraries_manifest]
     runs-on: ubuntu-20.04
 
-    container:
-      image: osquery/builder20.04:5b6916940
-      options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock
-
     steps:
     - name: Clone the osquery repository
       uses: actions/checkout@v1
@@ -144,8 +140,8 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     container:
-      image: osquery/builder20.04:5b6916940
-      options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock
+      image: smjert/builder20.04:f5a6778f5
+      options: --user 1001:1001
 
     strategy:
       matrix:
@@ -259,8 +255,8 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     container:
-      image: osquery/builder20.04:5b6916940
-      options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock --pid=host
+      image: smjert/builder20.04:f5a6778f5
+      options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock --pid=host --user 1001:1001
 
     strategy:
       matrix:
@@ -274,7 +270,7 @@ jobs:
         run_on_host="nsenter -t 1 -m -u -n -i"
         packages_to_remove=$($run_on_host dpkg-query -f '${Package}\n' -W | grep "^clang-.*\|^llvm-.*\|^php.*\|^mono-.*\|^mongodb-.*\
         \|^libmono-.*\|^temurin-8-jdk\|^temurin-11-jdk\|^temurin-17-jdk\|^dotnet-.*\|^google-chrome-stable\|^microsoft-edge-stable\|^google-cloud-sdk\|^firefox\|^hhvm\|^snapd")
-        $run_on_host apt purge $packages_to_remove
+        $run_on_host sudo apt purge $packages_to_remove
 
     - name: Clone the osquery repository
       uses: actions/checkout@v1
@@ -316,15 +312,6 @@ jobs:
           echo "VALUE=OFF" >> $GITHUB_OUTPUT
         fi
 
-    # When we spawn in the container, we are root; create an unprivileged
-    # user now so that we can later use it to launch the normal user tests
-    - name: Create a non-root user
-      if: matrix.build_type != 'RelWithDebInfo'
-      id: unprivileged_user
-      run: |
-        useradd -m -s /bin/bash unprivileged_user
-        echo "NAME=unprivileged_user" >> $GITHUB_OUTPUT
-
     # Due to how the RPM packaging tools work, we have to adhere to some
     # character count requirements in the build path vs source path.
     #
@@ -346,8 +333,6 @@ jobs:
                  ${rel_package_data_path} \
                  ${rel_package_build_path}
 
-        chown -R ${{ steps.unprivileged_user.outputs.NAME }}:${{ steps.unprivileged_user.outputs.NAME }} .
-
         mv .git "${rel_src_path}"
         ( cd "${rel_src_path}" && git reset --hard )
 
@@ -366,14 +351,6 @@ jobs:
         cd ${{ steps.build_paths.outputs.PACKAGING }}
         git checkout ${{ env.PACKAGING_COMMIT }}
 
-    # One of the tests in the test suit will spawn a Docker container
-    # using this socket. Allow the unprivileged user we created
-    # to access it.
-    - name: Update the Docker socket permissions
-      if: matrix.build_type != 'RelWithDebInfo'
-      run: |
-        chmod 666 /var/run/docker.sock
-
     - name: Update the cache (ccache)
       uses: actions/cache@v3
       with:
@@ -437,7 +414,7 @@ jobs:
       working-directory: ${{ steps.build_paths.outputs.BINARY }}
       if: matrix.build_type != 'RelWithDebInfo'
       run: |
-        sudo -u ${{ steps.unprivileged_user.outputs.NAME }} ctest --build-nocmake -LE "root-required" -V
+        ctest --build-nocmake -LE "root-required" -V
 
     - name: Run the tests as root user
       working-directory: ${{ steps.build_paths.outputs.BINARY }}
@@ -459,14 +436,6 @@ jobs:
           --target install \
           -j ${{ steps.build_job_count.outputs.VALUE }}
 
-    # Since we need to run CMake to create the packages with osquery-packaging, the
-    # configuration will fail unless the C and C++ compilers are found
-    - name: Install packaging dependencies
-      if: matrix.build_type == 'RelWithDebInfo'
-      run: |
-        sudo apt update
-        sudo apt install build-essential gcc g++ -y
-
     - name: Create the packages
       if: matrix.build_type == 'RelWithDebInfo'
       working-directory: ${{ steps.build_paths.outputs.PACKAGE_BUILD }}