Re: [Qemu-discuss] manipulating raw disk image as non-root user

[Tony Su]

 Apparently there is a Docker plugin for Jenkins.
Makes a lot of sense.
Although this blog is very thin on detail, I came across this today
https://zapier.com/engineering/continuous-integration-jenkins-docker-github/

HTH,
Tony

On Sat, Aug 2, 2014 at 11:40 PM, Tony Su <address@hidden> wrote:
>  Without knowing exactly what your app is, and what are its
> requirements it's hard to propose something specific.
>
> A small FYI -
> I've been looking at several things recently that in general terms
> might be considered to solve your problem, but without more detail I'd
> be shooting in the dark.
>
> Possible Solution 1
> I've been looking at Docker recently, very recent new features allow a
> person to do some really powerful things, and many are in combination
> with other virtual technologies like QEMU. Docker has become a way to
> create a PAAS using LXC (Linux Containers). it's now much easier to
> create both "full OS" image-based containers and also "App specific"
> containers. The latter is similar in concept with Terminal Service
> Application Mode if you're familiar with that... It's the idea that
> within a given OS you can deploy an App in an isolated "virtual"
> instance on demand and without a normal installation. From a Dev point
> of view, this allows you to deploy an app (eg based on a Jenkins
> build) as its own fully contained instance with dependencies and when
> you "stop" the app, the app and its dependencies disappear, leaving
> the OS "clean."
>
> Possible Solution 2
> As I described in my earlier post, rights and permissions to
> accomplish tasks are generally managed by Security Groups. You just
> need to make your User account a member of the appropriate Security
> Group (which may or may not be root). If you do this, to minimize
> security issues as much as possible you should probably create a
> special User account that isn't ordinarily used to Login. In the
> Windows world, this would be called a Service account. The idea here
> is that unlike Kris' suggestion, you don't need two separate processes
> to accomplish tasks requiring different permissions... Use one account
> and grant it all the permissions that are needed.
>
> Possible Solution 3
> I've been intrigued by a recent article I read about using nodemon in
> nodejs. Basically, an app is launched configured with the contents of
> a particular folder. When the contents of the folder changes, nodemon
> automatically re-builds and re-launches the app based on the changed
> folder contents.
>
> All of the above are different solutions in different technologies
> with a common thread... Deploying an app as dynamically as possible
> for staging or production with minimal effort and if possible remove
> all vestiges when the app is stopped.. Maybe one or more might be
> relevant to finding a solution to your app. If your app is using a
> technology different than the above, maybe you can find an equivalent
> for the code you're working with.
>
> I also doubt that you should need to do all the functions you list. I
> myself create a base image to use as a deployment target and clone it
> as many times as I need to test each version of code. I would not want
> to build something from scratch every time unless that is the actual
> code being tested.
>
> HTH,
> Tony
>
> On Sat, Aug 2, 2014 at 9:55 PM, Kris <address@hidden> wrote:
>> I have a solution, but it seems a little complex: you can run a program
>> (service A), and it provide some restful API. Then when Jenkins call your
>> script, and your script call service API. Last, service A do what you want
>> as root user.
>>
>>
>> Best regards,
>> Kris
>>
>> 在 2014年8月3日，下午12:42，Dallas Clement <address@hidden> 写道：
>>
>>
>> On Sat, Aug 2, 2014 at 11:30 PM, Kris <address@hidden> wrote:
>>>
>>> How about to use sudo to run it.
>>>
>>> Best regards,
>>> Kris
>>>
>>> 在 2014年8月3日，上午10:05，Dallas Clement <address@hidden> 写道：
>>>
>>> On Sat, Aug 2, 2014 at 8:46 PM, Dale R. Worley <address@hidden>
>>> wrote:
>>>>
>>>> > From: Dallas Clement <address@hidden>
>>>> >
>>>> > I would like to be able to create, partition, format, mount, and
>>>> > populate a
>>>> > raw disk image file as a non-root user.  I am able to create the image
>>>> > file
>>>> > with dd and partition it with parted as a non-root user.  I have not
>>>> > figured out a way to format, mount, and populate it as a non-root user.
>>>> >  Tools such as losetup and kpartx seem perfect for the task, but
>>>> > unfortunately require root.
>>>> >
>>>> > Is it possible to do what I want with qemu?
>>>>
>>>> Since you can run Qemu as a non-root user, and you can present an
>>>> arbitrary file to it as a disk, it seems that you should be able to
>>>> use the standard disk tools within a Qemu guest to do what you want.
>>>>
>>>> Dale
>>>
>>>
>>> Thanks Dale.  I was hoping I could do something like this.  I'll explore
>>> that further.
>>>
>>> > Why do you wish to avoid root?
>>>
>>> Tony, I am wanting to run as non-root because it is my Jenkins
>>> build-server that will be doing all of this which needs to run as non-root
>>> for security sake.  I want the last stage of my build to produce a uSD card
>>> image.
>>>
>>> How about to use sudo to run it.
>>
>> Can't do that unfortunately.  It's still elevated privileges.  Jenkins won't
>> allow it.