diff options
author | James E. Blair <jim@acmegating.com> | 2022-04-13 14:03:02 -0700 |
---|---|---|
committer | James E. Blair <jim@acmegating.com> | 2022-04-13 14:17:04 -0700 |
commit | 5a07b18b7200df104a5407126cacd7f27b914a4c (patch) | |
tree | f6e9331d41dc370ed4f22b39ab7de897a2dadc37 | |
parent | c34cc252b06ccbc919dc85db2aade5205e43d217 (diff) | |
download | zuul-5a07b18b7200df104a5407126cacd7f27b914a4c.tar.gz |
Fix git error in stream jobs
New versions of git refuse to run on git repos owned by a user
other than the caller. This is due to a fix for
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
The stream jobs install Zuul as root while the repo is owned by
zuul. This causes pbr to run git which runs afoul of that issue.
To correct this, run a wheel build as the zuul user first and
install the wheel.
Change-Id: Id48245f715760c436ae46415f057358e1b687181
-rw-r--r-- | playbooks/zuul-stream/pre.yaml | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/playbooks/zuul-stream/pre.yaml b/playbooks/zuul-stream/pre.yaml index 63cad9d04..cafdc0133 100644 --- a/playbooks/zuul-stream/pre.yaml +++ b/playbooks/zuul-stream/pre.yaml @@ -9,10 +9,20 @@ post_tasks: - - name: Install software + - name: Install pip shell: |+ python3 -m pip install --upgrade pip setuptools wheel - python3 -m pip install src/opendev.org/zuul/zuul + become: yes + + - name: Build wheel + shell: + chdir: src/opendev.org/zuul/zuul + cmd: |+ + python3 setup.py bdist_wheel + + - name: Install software + shell: |+ + python3 -m pip install src/opendev.org/zuul/zuul/dist/*.whl become: yes - name: Install managed ansible versions |