[
https://issues.apache.org/jira/browse/CALCITE-6803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hugh Pearse updated CALCITE-6803:
---------------------------------
Description:
PR #4162 (CALCITE-6794 Site Gemfile contains vulnerable ruby libraries)
broke our automated site publishing due to permissions issues:
[https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311]
In the original docker build it runs as root
[https://github.com/apache/calcite/blob/main/site/docker-compose.yml#L26C1-L28C26]
foo@host$ sudo docker run -t -i --entrypoint /bin/bash jekyll/jekyll:4
bash-5.1# whoami
root
bash-5.1# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
In the new docker build, it also runs as root, same as before.
foo@host$ sudo docker run -t -i --entrypoint /bin/bash ruby:3.3.7-slim-bullseye
root@154758938c85:/# whoami
root
root@154758938c85:/# id
uid=0(root) gid=0(root) groups=0(root)
I think the jekyll userid and groupid is determined by the host, not the docker
guest
Probably the fix is to default the docker-compose file to use uid 0 and gid 0
when not specified. This way it will be consistent across both docker images
for local build and image for git workflow action.
see following build error
https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311
was:
PR #4162 ([CALCITE-6794] Site Gemfile contains vulnerable ruby libraries)
broke our automated site publishing due to permissions issues:
[https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311]
In the original docker build it runs as root
https://github.com/apache/calcite/blob/main/site/docker-compose.yml#L26C1-L28C26
foo@host$ sudo docker run -t -i --entrypoint /bin/bash jekyll/jekyll:4
bash-5.1# whoami
root
bash-5.1# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
In the new docker build, it also runs as root, same as before.
foo@host$ sudo docker run -t -i --entrypoint /bin/bash ruby:3.3.7-slim-bullseye
root@154758938c85:/# whoami
root
root@154758938c85:/# id
uid=0(root) gid=0(root) groups=0(root)
I think the jekyll userid and groupid is determined by the host, not the docker
guest
Probably the fix is to default the docker-compose file to use uid 0 and gid 0
when not specified. This way it will be consistent across both docker images
for local build and image for git workflow action.
> Publish website: error while trying to write to /home/jekyll/Gemfile.lock
> -------------------------------------------------------------------------
>
> Key: CALCITE-6803
> URL: https://issues.apache.org/jira/browse/CALCITE-6803
> Project: Calcite
> Issue Type: Task
> Reporter: Hugh Pearse
> Priority: Minor
>
> PR #4162 (CALCITE-6794 Site Gemfile contains vulnerable ruby libraries)
> broke our automated site publishing due to permissions issues:
> [https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311]
>
> In the original docker build it runs as root
> [https://github.com/apache/calcite/blob/main/site/docker-compose.yml#L26C1-L28C26]
> foo@host$ sudo docker run -t -i --entrypoint /bin/bash jekyll/jekyll:4
> bash-5.1# whoami
> root
> bash-5.1# id
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
> In the new docker build, it also runs as root, same as before.
> foo@host$ sudo docker run -t -i --entrypoint /bin/bash
> ruby:3.3.7-slim-bullseye
> root@154758938c85:/# whoami
> root
> root@154758938c85:/# id
> uid=0(root) gid=0(root) groups=0(root)
> I think the jekyll userid and groupid is determined by the host, not the
> docker guest
>
> Probably the fix is to default the docker-compose file to use uid 0 and gid 0
> when not specified. This way it will be consistent across both docker images
> for local build and image for git workflow action.
>
> see following build error
> https://github.com/apache/calcite/actions/runs/12972791903/job/36180649311
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
