Travis sudo is disabled

Question

I want to use apt to install some packages for the test, however, it fails due to that the sudo is disabled. I found the following in the test output:

Sudo, the FireFox addon, setuid and setgid have been disabled.

It seems that the output comes from this line in travic-ci, but setting paranoid_mode to false in .travis.yml does not work.

How to enable sudo access?

PS: I am using private repo.

EDIT: The following .travis.yml will fail due to sudo: must be setuid root when running sudo apt-get update -qq

language: python
python:
  - "3.4"

before_install:
  - sudo apt-get update -qq

script:
  - nosetests

Setting sudo: true and/or paranoid_mode: false does not work.

Answer 1

Sudo access is turned off on our Docker based architecture, which will be used in two contexts:

• repositories opt in using sudo: false in their .travis.yml file (it additionally needs to be turned on on our side)
• on our educational program (see http://education.travis-ci.com)

Builds running on our Docker based architecture currently cannot be allowed sudo access due to certain security concerns in the LXC/Docker layer. We hope this will be fixed in the near future, but unfortunately the issue is out of our own hands.

We are also working on improving the Firefox addon, which currently uses sudo itself, but shouldn't. We'll post on our blog once this has happened.

Answer 2

To extend the existing answer, if you put in .travis.yml:

sudo: required

Travis should switch your build to use their "standard infrastructure" (rather than their "container based infrastructure") and then you can use sudo.

References:

• https://docs.travis-ci.com/user/workers/standard-infrastructure

• https://docs.travis-ci.com/user/workers/container-based-infrastructure/

Nov 2018 Update

It seems that container-based infrastructure is getting deprecated. From the docs:

Container-based infrastructure is currently being deprecated. Please use the fully-virtualized infrastrstructure via sudo: required instead.

Answer 3

As explained in "Combining The Linux Infrastructures"

Going forward, we will slowly transition the container-based environment out, in favor of a build environment that is entirely virtual machine-based.

Folks using container-based infrastructures will be the only ones affected, and this transition will roll out slowly, depending on whether you specify sudo: false in your .travis.yml.

This is illustrated in Git 2.20 (Q4 2018), with:

Travis CI will soon deprecate the container-based infrastructure enabled by sudo: false in ce59dff (Git 2.8.0, Jan. 2016).

See commit 0f0c511 (01 Nov 2018) by SZEDER Gábor (szeder).
^{(Merged by Junio C Hamano -- gitster -- in commit 57f06d5, 13 Nov 2018)}

travis-ci: install packages in 'ci/install-dependencies.sh'

Ever since we started using Travis CI, we specified the list of packages to install in '.travis.yml' via the APT addon.

While running our builds on Travis CI's container-based infrastructure we didn't have another choice, because that environment didn't support 'sudo', and thus we didn't have permission to install packages ourselves.

With the switch to the VM-based infrastructure in the previous patch we do get a working 'sudo', so we can install packages by running 'sudo apt-get -y install ...' as well.

Let's make use of this and install necessary packages in 'ci/install-dependencies.sh', so all the dependencies (i.e. both packages and "non-packages" (P4 and Git-LFS)) are handled in the same file.

Install gcc-8 only in the 'linux-gcc' build job; so far it has been unnecessarily installed in the 'linux-clang' build job as well.
Print the versions of P4 and Git-LFS conditionally, i.e. only when they have been installed; with this change even the static analysis and documentation build jobs start using 'ci/install-dependencies.sh' to install packages, and neither of these two build jobs depend on and thus install those.

This change will presumably be beneficial for the upcoming Azure Pipelines integration preliminary versions of that patch series run a couple of 'apt-get' commands to install the necessary packages before running 'ci/install-dependencies.sh', but with this patch it will be sufficient to run only 'ci/install-dependencies.sh'.