Abort installation if user is not "pi" (#2076)

* check for user 'pi' and home '/home/pi' retrieve correct information even if called with sudo * use correct user in docker and test scripts. docker env USER added. var USER is not exported by default. test installation script now uses current user and home from env. removed duplicate test script for alternative user. * check and handle installation exitcode * harmonize workflow trigger. activated test2 for buster * fix cron schedule. Only run once at 5, not every minute
MiczFlor · Oct 10, 2023 · 7253971 · 7253971
1 parent a003088
commit 7253971
Show file tree

Hide file tree

Showing 19 changed files with 158 additions and 542 deletions.
diff --git a/.github/workflows/docker_bullseye.yml b/.github/workflows/docker_bullseye.yml
@@ -1,9 +1,12 @@
 name: Test Install Scripts for Bullseye on Docker
 
 on:
+  schedule:
+    # run at 5 every sunday
+    - cron: '0 5 * * 0'
   push:
     branches-ignore:
-        - 'future3/**'
+      - 'future3/**'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ develop ]
@@ -61,17 +64,3 @@ jobs:
         options: --platform linux/arm/v7
         args: |
           /code/scripts/installscripts/tests/run_installation_tests3.sh
-   
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/.github/workflows/docker_bullseye_altuser.yml b/.github/workflows/docker_bullseye_altuser.yml
@@ -3,7 +3,13 @@ name: Test Install Scripts for Bullseye (alternative user) on Docker
 on:
   schedule:
     # run at 5 every sunday
-    - cron: '* 5 * * 0'
+    - cron: '0 5 * * 0'
+  push:
+    branches-ignore:
+      - 'future3/**'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
 
 jobs:
 
@@ -20,7 +26,7 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/[email protected]
 
-    - name: Build altuser hans Bullseye ARMv7
+    - name: Build altuser Bullseye ARMv7
       uses: docker/build-push-action@v5
       with:
         context: .
@@ -29,37 +35,32 @@ jobs:
         file: ./ci/Dockerfile.bullseye.test_install_altuser.armv7
         platforms: linux/arm/v7
         tags: rpi-jukebox-rfid-bullseye-altuser:latest
-        cache-from: type=gha,scope=$GITHUB_REF_NAME-bullseye-hans
-        cache-to: type=gha,mode=max,scope=$GITHUB_REF_NAME-bullseye-hans
+        cache-from: type=gha,scope=$GITHUB_REF_NAME-bullseye-altuser
+        cache-to: type=gha,mode=max,scope=$GITHUB_REF_NAME-bullseye-altuser
 
-    - name: Run run_installation_tests_altuser.sh Bullseye ARMv7
+    - name: Run run_installation_tests.sh Bullseye ARMv7
       uses: tj-actions/docker-run@v2
       with:
         image: rpi-jukebox-rfid-bullseye-altuser:latest
         options: --platform linux/arm/v7
-        name: run_installation_tests_altuser.sh
+        name: run_installation_tests.sh
         args: |
-          /code/scripts/installscripts/tests/run_installation_tests_altuser.sh
+          /code/scripts/installscripts/tests/run_installation_tests.sh
 
-#    - name: Run run_installation_tests2_altuser.sh Bullseye ARMv7
-#      uses: tj-actions/docker-run@v2
-#      with:
-#        image: rpi-jukebox-rfid-bullseye-altuser:latest
-#        options: --platform linux/arm/v7
-#        name: run_installation_tests2_altuser.sh
-#        args: |
-#          /code/scripts/installscripts/tests/run_installation_tests2_altuser.sh
-
-    - name: Run run_installation_tests3_altuser.sh Bullseye ARMv7
+    - name: Run run_installation_tests2.sh Bullseye ARMv7
       uses: tj-actions/docker-run@v2
       with:
         image: rpi-jukebox-rfid-bullseye-altuser:latest
         options: --platform linux/arm/v7
-        name: run_installation_tests3_altuser.sh
+        name: run_installation_tests2.sh
         args: |
-          /code/scripts/installscripts/tests/run_installation_tests3_altuser.sh
-
+          /code/scripts/installscripts/tests/run_installation_tests2.sh
 
-          
-          
-          
+    - name: Run run_installation_tests3.sh Bullseye ARMv7
+      uses: tj-actions/docker-run@v2
+      with:
+        image: rpi-jukebox-rfid-bullseye-altuser:latest
+        options: --platform linux/arm/v7
+        name: run_installation_tests3.sh
+        args: |
+          /code/scripts/installscripts/tests/run_installation_tests3.sh
diff --git a/.github/workflows/docker_buster.yml b/.github/workflows/docker_buster.yml
@@ -1,9 +1,15 @@
 name: Test Install Scripts for Buster on Docker
 
 on:
-    schedule:
-      # run at 5 every sunday
-      - cron: '* 5 * * 0'
+  schedule:
+    # run at 5 every sunday
+    - cron: '0 5 * * 0'
+  push:
+    branches-ignore:
+      - 'future3/**'
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
 
 jobs:
 
@@ -41,14 +47,14 @@ jobs:
           args: |
             /code/scripts/installscripts/tests/run_installation_tests.sh
                 
-#      - name: Run run_installation_tests2.sh Buster ARMv7
-#        uses: tj-actions/docker-run@v2
-#        with:
-#          image: rpi-jukebox-rfid-buster:latest
-#          options: --platform linux/arm/v7
-#          name: run_installation_tests2.sh
-#          args: |
-#            /code/scripts/installscripts/tests/run_installation_tests2.sh
+      - name: Run run_installation_tests2.sh Buster ARMv7
+        uses: tj-actions/docker-run@v2
+        with:
+          image: rpi-jukebox-rfid-buster:latest
+          options: --platform linux/arm/v7
+          name: run_installation_tests2.sh
+          args: |
+            /code/scripts/installscripts/tests/run_installation_tests2.sh
                 
       - name: Run run_installation_tests3.sh Buster ARMv7
         uses: tj-actions/docker-run@v2
@@ -58,7 +64,3 @@ jobs:
           name: run_installation_tests3.sh
           args: |
                 /code/scripts/installscripts/tests/run_installation_tests3.sh
-
-
-
-
diff --git a/ci/Dockerfile.bullseye.test_install.amd64 b/ci/Dockerfile.bullseye.test_install.amd64
@@ -1,12 +1,13 @@
 FROM debian:bullseye
 ENV DOCKER_RUNNING=true
+ENV USER=pi
 
 COPY . /code
 WORKDIR /code
 
-RUN groupadd --gid 1000 pi ;\
-  useradd -u 1000 -g 1000 -G sudo -d /home/pi -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' pi ;\
-  chown -R 1000:1000 /code /home/pi ;\
+RUN groupadd --gid 1000 $USER ;\
+  useradd -u 1000 -g 1000 -G sudo -d /home/$USER -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' $USER ;\
+  chown -R 1000:1000 /code /home/$USER ;\
   chmod +x /code/scripts/installscripts/buster-install-default.sh ;\
   chmod +x /code/scripts/installscripts/tests/run_installation_tests.sh ;\
   chmod +x /code/scripts/installscripts/tests/run_installation_tests2.sh ;\
@@ -19,7 +20,7 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   echo 'deb http://archive.raspberrypi.org/debian/ bullseye main' >> /etc/apt/sources.list.d/raspi.list ;\
   curl http://raspbian.raspberrypi.org/raspbian.public.key | apt-key add - ;\
   curl http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - ;\
-  echo 'pi ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/pi ;\
+  echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER ;\
   apt-get clean ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
@@ -31,4 +32,4 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   touch /boot/cmdlinetxt ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
-USER pi
+USER $USER
diff --git a/ci/Dockerfile.bullseye.test_install.armv7 b/ci/Dockerfile.bullseye.test_install.armv7
@@ -1,12 +1,13 @@
 FROM --platform=linux/arm/v7 arm32v7/debian:bullseye-slim
 ENV DOCKER_RUNNING=true
+ENV USER=pi
 
 COPY . /code
 WORKDIR /code
 
-RUN groupadd --gid 1000 pi ;\
-  useradd -u 1000 -g 1000 -G sudo -d /home/pi -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' pi ;\
-  chown -R 1000:1000 /code /home/pi ;\
+RUN groupadd --gid 1000 $USER ;\
+  useradd -u 1000 -g 1000 -G sudo -d /home/$USER -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' $USER ;\
+  chown -R 1000:1000 /code /home/$USER ;\
   chmod +x /code/scripts/installscripts/buster-install-default.sh ;\
   chmod +x /code/scripts/installscripts/tests/run_installation_tests.sh ;\
   chmod +x /code/scripts/installscripts/tests/run_installation_tests2.sh ;\
@@ -19,7 +20,7 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   echo 'deb http://archive.raspberrypi.org/debian/ bullseye main' >> /etc/apt/sources.list.d/raspi.list ;\
   curl http://raspbian.raspberrypi.org/raspbian.public.key | apt-key add - ;\
   curl http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - ;\
-  echo 'pi ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/pi ;\
+  echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER ;\
   apt-get clean ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
@@ -33,7 +34,4 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   touch /boot/cmdlinetxt ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
-USER pi
-
-
-
+USER $USER
diff --git a/ci/Dockerfile.bullseye.test_install_altuser.armv7 b/ci/Dockerfile.bullseye.test_install_altuser.armv7
@@ -1,16 +1,17 @@
 FROM --platform=linux/arm/v7 arm32v7/debian:bullseye-slim
 ENV DOCKER_RUNNING=true
+ENV USER=hans
 
 COPY . /code
 WORKDIR /code
 
 RUN groupadd --gid 1000 wurst ;\
-  useradd -u 1000 -g 1000 -G sudo -d /home/hans -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' hans ;\
-  chown -R 1000:1000 /code /home/hans ;\
+  useradd -u 1000 -g 1000 -G sudo -d /home/$USER -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' $USER ;\
+  chown -R 1000:1000 /code /home/$USER ;\
   chmod +x /code/scripts/installscripts/buster-install-default.sh ;\
-  chmod +x /code/scripts/installscripts/tests/run_installation_tests_altuser.sh ;\
-  chmod +x /code/scripts/installscripts/tests/run_installation_tests2_altuser.sh ;\
-  chmod +x /code/scripts/installscripts/tests/run_installation_tests3_altuser.sh
+  chmod +x /code/scripts/installscripts/tests/run_installation_tests.sh ;\
+  chmod +x /code/scripts/installscripts/tests/run_installation_tests2.sh ;\
+  chmod +x /code/scripts/installscripts/tests/run_installation_tests3.sh
 
 RUN export DEBIAN_FRONTEND=noninteractive ;\
   apt-get update ;\
@@ -21,7 +22,7 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   echo 'deb http://archive.raspberrypi.org/debian/ bullseye main' >> /etc/apt/sources.list.d/raspi.list ;\
   curl http://raspbian.raspberrypi.org/raspbian.public.key | apt-key add - ;\
   curl http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - ;\
-  echo 'hans ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/hans ;\
+  echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER ;\
   apt-get clean ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
@@ -33,4 +34,4 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   touch /boot/cmdlinetxt ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
-USER hans
+USER $USER
diff --git a/ci/Dockerfile.buster.amd64 b/ci/Dockerfile.buster.amd64
@@ -1,12 +1,13 @@
 FROM debian:buster
 ENV DOCKER_RUNNING=true
+ENV USER=pi
 
 COPY . /code
 WORKDIR /code
 
-RUN groupadd --gid 1000 pi ;\
-  useradd -u 1000 -g 1000 -G sudo -d /home/pi -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' pi ;\
-  chown -R 1000:1000 /code /home/pi ;\
+RUN groupadd --gid 1000 $USER ;\
+  useradd -u 1000 -g 1000 -G sudo -d /home/$USER -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' $USER ;\
+  chown -R 1000:1000 /code /home/$USER ;\
   chmod +x /code/scripts/installscripts/buster-install-default.sh
 
 RUN export DEBIAN_FRONTEND=noninteractive ;\
@@ -16,7 +17,7 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   echo 'deb http://archive.raspberrypi.org/debian/ buster main' >> /etc/apt/sources.list.d/raspi.list ;\
   curl http://raspbian.raspberrypi.org/raspbian.public.key | apt-key add - ;\
   curl http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - ;\
-  echo 'pi ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/pi ;\
+  echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER ;\
   apt-get clean ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
@@ -28,4 +29,4 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   touch /boot/cmdline.txt /etc/sysctl.conf ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
-USER pi
+USER $USER
diff --git a/ci/Dockerfile.buster.armv7 b/ci/Dockerfile.buster.armv7
@@ -1,12 +1,13 @@
 FROM arm32v7/debian:buster-slim
 ENV DOCKER_RUNNING=true
+ENV USER=pi
 
 COPY . /code
 WORKDIR /code
 
-RUN groupadd --gid 1000 pi ;\
-  useradd -u 1000 -g 1000 -G sudo -d /home/pi -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' pi ;\
-  chown -R 1000:1000 /code /home/pi ;\
+RUN groupadd --gid 1000 $USER ;\
+  useradd -u 1000 -g 1000 -G sudo -d /home/$USER -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' $USER ;\
+  chown -R 1000:1000 /code /home/$USER ;\
   chmod +x /code/scripts/installscripts/buster-install-default.sh
 
 RUN export DEBIAN_FRONTEND=noninteractive ;\
@@ -16,7 +17,7 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   echo 'deb http://archive.raspberrypi.org/debian/ buster main' > /etc/apt/sources.list.d/raspi.list ;\
   curl http://raspbian.raspberrypi.org/raspbian.public.key | apt-key add - ;\
   curl http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - ;\
-  echo 'pi ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/pi ;\
+  echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER ;\
   apt-get clean ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
@@ -28,4 +29,4 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   touch /boot/cmdline.txt /etc/sysctl.conf ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
-USER pi
+USER $USER
diff --git a/ci/Dockerfile.buster.test_install.armv7 b/ci/Dockerfile.buster.test_install.armv7
@@ -1,12 +1,13 @@
 FROM --platform=linux/arm/v7 arm32v7/debian:buster-slim
 ENV DOCKER_RUNNING=true
+ENV USER=pi
 
 COPY . /code
 WORKDIR /code
 
 RUN groupadd --gid 1000 pi ;\
-  useradd -u 1000 -g 1000 -G sudo -d /home/pi -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' pi ;\
-  chown -R 1000:1000 /code /home/pi ;\
+  useradd -u 1000 -g 1000 -G sudo -d /home/$USER -m -s /bin/bash -p '$1$iV7TOwOe$6ojkJQXyEA9bHd/SqNLNj0' $USER ;\
+  chown -R 1000:1000 /code /home/$USER ;\
   chmod +x /code/scripts/installscripts/buster-install-default.sh ;\
   chmod +x /code/scripts/installscripts/tests/run_installation_tests.sh ;\
   chmod +x /code/scripts/installscripts/tests/run_installation_tests2.sh ;\
@@ -21,7 +22,7 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   echo 'deb http://archive.raspberrypi.org/debian/ buster main' >> /etc/apt/sources.list.d/raspi.list ;\
   curl http://raspbian.raspberrypi.org/raspbian.public.key | apt-key add - ;\
   curl http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | apt-key add - ;\
-  echo 'pi ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/pi ;\
+  echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER ;\
   apt-get clean ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
@@ -33,4 +34,4 @@ RUN export DEBIAN_FRONTEND=noninteractive ;\
   touch /boot/cmdlinetxt ;\
   rm -rf /var/cache/apt/* /var/lib/apt/lists/*
 
-USER pi
+USER $USER