Use sudo for docker commands so that we do not have to sudo make build_current.
What does this MR do?
This applies sudo directly to the docker commands in make build_current that require it. With this, make build_current need not be run with sudo.
Why was this MR needed?
Currently, following the instructions at https://docs.gitlab.com/runner/development/ , sudo is needed to make build_current . However, only the docker commands actually require sudo, so all the other commands run in the course of the make are running with more privileges than than they need.
Are there points in the code the reviewer needs to double check?
The most significant change is to the docker export command. Simply applying sudo with the normal -o flag would result in an output file owned by root, meaning the later xz command would also require sudo. Of course, applying sudo to xz as well works fine, and might be more elegant, but it would mean that another command would be running with more privileges than strictly necessary. This current version mangles the docker export command to write the output file as the regular user, so that the later xz will not require sudo. I'm not sure whether this is the best way.
EDIT: Hmm, more importantly, the build fails due to lack of sudo. I guess we can't assume availability of sudo? Is there an alternative we can use to restrict the privileges make is running with?
Does this MR meet the acceptance criteria?
-
Documentation created/updated -
Added tests for this feature/bug -
In case of conflicts with master- branch was rebased