Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Travis sudo is disabled

Tags:

travis-ci

I want to use apt to install some packages for the test, however, it fails due to that the sudo is disabled. I found the following in the test output: 

Sudo, the FireFox addon, setuid and setgid have been disabled.

It seems that the output comes from this line in travic-ci, but setting paranoid_mode to false in .travis.yml does not work.

How to enable sudo access?

PS: I am using private repo.

EDIT: The following .travis.yml will fail due to sudo: must be setuid root when running sudo apt-get update -qq

language: python
python:
  - "3.4"

before_install:
  - sudo apt-get update -qq

script:
  - nosetests

Setting sudo: true and/or paranoid_mode: false does not work.

like image 377
Chunliang Lyu Avatar asked Oct 10 '14 12:10

Chunliang Lyu

People also ask

What is Travis Yaml?

travis. yml , which is a YAML format text file, to the root directory of the repository. This file specifies the programming language used, the desired building and testing environment (including dependencies which must be installed before the software can be built and tested), and various other parameters.

3 Answers

Sudo access is turned off on our Docker based architecture, which will be used in two contexts:

  • repositories opt in using sudo: false in their .travis.yml file (it additionally needs to be turned on on our side)
  • on our educational program (see http://education.travis-ci.com)

Builds running on our Docker based architecture currently cannot be allowed sudo access due to certain security concerns in the LXC/Docker layer. We hope this will be fixed in the near future, but unfortunately the issue is out of our own hands.

We are also working on improving the Firefox addon, which currently uses sudo itself, but shouldn't. We'll post on our blog once this has happened.

like image 180
Sven Fuchs Avatar answered Oct 05 '22 10:10

Sven Fuchs

To extend the existing answer, if you put in .travis.yml:

sudo: required

Travis should switch your build to use their "standard infrastructure" (rather than their "container based infrastructure") and then you can use sudo.

References:

  • https://docs.travis-ci.com/user/workers/standard-infrastructure

  • https://docs.travis-ci.com/user/workers/container-based-infrastructure/

Nov 2018 Update

It seems that container-based infrastructure is getting deprecated. From the docs:

Container-based infrastructure is currently being deprecated. Please use the fully-virtualized infrastrstructure via sudo: required instead.

like image 34
Rob Bygrave Avatar answered Oct 05 '22 11:10

Rob Bygrave

As explained in "Combining The Linux Infrastructures"

Going forward, we will slowly transition the container-based environment out, in favor of a build environment that is entirely virtual machine-based.

Folks using container-based infrastructures will be the only ones affected, and this transition will roll out slowly, depending on whether you specify sudo: false in your .travis.yml.

This is illustrated in Git 2.20 (Q4 2018), with:

Travis CI will soon deprecate the container-based infrastructure enabled by sudo: false in ce59dff (Git 2.8.0, Jan. 2016).

See commit 0f0c511 (01 Nov 2018) by SZEDER Gábor (szeder).
(Merged by Junio C Hamano -- gitster -- in commit 57f06d5, 13 Nov 2018)

travis-ci: install packages in 'ci/install-dependencies.sh'

Ever since we started using Travis CI, we specified the list of packages to install in '.travis.yml' via the APT addon.

While running our builds on Travis CI's container-based infrastructure we didn't have another choice, because that environment didn't support 'sudo', and thus we didn't have permission to install packages ourselves.

With the switch to the VM-based infrastructure in the previous patch we do get a working 'sudo', so we can install packages by running 'sudo apt-get -y install ...' as well.

Let's make use of this and install necessary packages in 'ci/install-dependencies.sh', so all the dependencies (i.e. both packages and "non-packages" (P4 and Git-LFS)) are handled in the same file.

Install gcc-8 only in the 'linux-gcc' build job; so far it has been unnecessarily installed in the 'linux-clang' build job as well.
Print the versions of P4 and Git-LFS conditionally, i.e. only when they have been installed; with this change even the static analysis and documentation build jobs start using 'ci/install-dependencies.sh' to install packages, and neither of these two build jobs depend on and thus install those.

This change will presumably be beneficial for the upcoming Azure Pipelines integration preliminary versions of that patch series run a couple of 'apt-get' commands to install the necessary packages before running 'ci/install-dependencies.sh', but with this patch it will be sufficient to run only 'ci/install-dependencies.sh'.

like image 38
VonC Avatar answered Oct 05 '22 10:10

VonC
Sign in to Comment

Related questions

Travis CI kick off build on new tag
Travis CI No Binary for 2.1.0 Found
Issue using Encrypted bintray key in travis.yml
What is a good way to deploy a distributed application using CodeDeploy and a CI tool?
How to autoload Composer packages in CakePHP 2 Travis integration
Cucumber test suite too slow for Travis
How to build Rust examples without running
Travis CI suddenly fails: conda command not found
Install package on Travis-ci with sudo:false [closed]
Building with Buck on Travis servers
Why does Travis CI edit my files?
Travis CI build terminated 10 minutes after Mocha v4 tests pass
Add SonarQube coverage via shields.io badge
Chromedriver on Travis-CI
Building with more than one version of a compiler

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!