litbuild 1.0.2 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4cc983f70c85f96dd03544d804f4c5971a55d401799209fbbfccdab244de6c28
-  data.tar.gz: 0e0dd20d35dd4565daff7ced67a1cf5e17a0394739a313042350c61e52ee4250
+  metadata.gz: 79441e2b11890ec0e9a3271224f80ed9ca7c40f548fc3ee59bf774a55d3ff54f
+  data.tar.gz: 77ab5c060afb201d5a0014e92bd8e2ad1352efc8dbc0d37d864992d159a53be9
 SHA512:
-  metadata.gz: 16a83a065cd551c5a0e5adb179305097a663bdf09c5c436245206232897a4f754c922faf42df656f81e2a083a5c9c8182689602644d6c69a8999bfc7d7791909
-  data.tar.gz: 2b5f178c9c2343bd5a05e9874ca8e4076a21ec3a0acd7964f85e3cab5419c37b8c4f9306b8aafe7b2658e9170097afd6a113fe4ea80eae6928b1b223e63c92c6
+  metadata.gz: 5f0a0bb98c15066ad8f945a1717ccbfdaa59bb7ac60caa8975459cf62a2601367dab0d68e3e7722999726de22f3d1acbac92a957972574184b430a8ee1d8dbef
+  data.tar.gz: a366a4a6c91629107a7f9d3868273b8bce8baf26670dc22b4d1edb53d5c31dcbd8fc1e9c2835561f96d576c6cc5a113d6cd261663a12edff7e285085b8d07d0e

data/README

@@ -112,6 +112,16 @@ comprehensible, or when all the parts of a build need to share a common
 configuration or environment -- which is the case for most complicated
 processes.
 
+If any commands in the generated scripts appear to be run under `sudo`,
+litbuild has a feature that can help to run those scripts
+non-interactively: it will produce sudoers entries (which can be
+included in `/etc/sudoers` or in a file in `/etc/sudoers.d`) that permit
+exactly those commands to be run under sudo without a password. For this
+feature to work, all programs run under `sudo` must either be specified
+with a full absolute path, or must exist in a specific set of default
+directories: /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, and
+/usr/local/sbin.
+
 Debugging Blueprints
 ====================
 

data/lib/litbuild/bash_script_visitor.rb

@@ -128,7 +128,7 @@ module Litbuild
       FileUtils.chmod('ugo+x', script_path)
       envcmds = environment_commands(blueprint).reject { |c| c =~ /^mkdir/ }
       unless envcmds.empty?
-        envscript = File.join(location, "#{blueprint.file_name}_env.sh")
+        envscript = File.join(location, "env_#{blueprint.file_name}.sh")
         File.open(envscript, 'w') do |f|
           envcmds.each { |cmd| f.puts(cmd) }
         end
@@ -186,22 +186,40 @@ module Litbuild
       end
     end
 
-    def sudoers_entries
+    def running_as_root
       uid = `id -u`.strip
-      return [] if uid == '0'
+      uid == '0'
+    end
+
+    SUDOPATH = %w[/bin /sbin
+                  /usr/bin /usr/sbin
+                  /usr/local/bin /usr/local/sbin].freeze
+
+    def convert_to_absolute(command)
+      return command if command.start_with?('/')
+
+      cmd_tokens = command.split
+      program = cmd_tokens.shift
+      possible_paths = SUDOPATH.map { |dir| File.join(dir, program) }
+      fullpath = possible_paths.detect { |path| File.exist?(path) }
+      unless fullpath
+        msg = "Program #{program}, run via sudo, cannot be found in " \
+              'any of the standard directories.'
+        raise(SudoProgramNotFound, msg)
+      end
+      ([fullpath] + cmd_tokens).join(' ')
+    end
+
+    def sudoers_entries
+      return [] if running_as_root
 
       raw_sudo_cmds = @all_commands.select do |c|
         c =~ /sudo / && c.lines.size < 2
       end.uniq
       sudo_cmds = raw_sudo_cmds.map do |c|
-        command = c.sub(/.*sudo /, '')
-        unless command.start_with?('/')
-          base_command = command.sub(/ .*$/, '')
-          raise(RelativeSudo,
-                "Need absolute path for \"#{base_command}\" in \"#{c}\"")
-        end
         sudoed_cmd = c.sub(/^.*sudo (.*)$/, '\\1')
         sudoed_cmd = sudoed_cmd.sub(/;.*$/, '') if sudoed_cmd.match?(/;/)
+        sudoed_cmd = convert_to_absolute(sudoed_cmd)
         sudoed_cmd.gsub(/([,:=\\])/, '\\\\\1')
       end
       username = `id -un`.strip
@@ -408,12 +426,13 @@ module Litbuild
     end
 
     def render_command(script, command, log)
-      @all_commands << command
-      if command.match?(/>/)
+      unfolded_command = command.gsub(/ ?\\\n */, ' ')
+      @all_commands << unfolded_command
+      if unfolded_command.match?(/>/)
         # redirecting output of command, can't put stdout in log.
-        script.puts(command)
+        script.puts(unfolded_command)
       else
-        script.puts("#{command} >> #{log} 2>&1")
+        script.puts("#{unfolded_command} >> #{log} 2>&1")
       end
     end
 

data/lib/litbuild/errors.rb

@@ -30,10 +30,11 @@ module Litbuild
   # More than one blueprint exists with some name.
   class DuplicateBlueprint < Error; end
 
-  # A command executed through sudo does not have an absolute path.
-  class RelativeSudo < Error; end
-
   # A blueprints directive specifies a blueprint that has already been
   # included elsewhere.
   class UnrenderedComponent < Error; end
+
+  # A command run under `sudo` without specified path cannot be found in
+  # any of the standard directories.
+  class SudoProgramNotFound < Error; end
 end

data/lib/litbuild/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Litbuild
-  VERSION = '1.0.2'
+  VERSION = '1.0.3'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: litbuild
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors:
 - Brett Neumeier
@@ -34,7 +34,7 @@ cert_chain:
   PvrrfEkjwo+u4dPBTaO5ZBa4qsFE5bK/1l6d4AVV5Yi5NohUwmpp1bFFCGPqvzVA
   bhee2x0YS1uGTnADpv2GLkmNMIA=
   -----END CERTIFICATE-----
-date: 2019-09-05 00:00:00.000000000 Z
+date: 2019-09-14 00:00:00.000000000 Z
 dependencies: []
 description: A build system based on Knuth's idea of literate programming.
 email: