trivial: run Ubuntu CI target tests with "nobody" user account

This should ensure that self tests are never trying to access or create things they shouldn't be.
2025-08-06 09:00:55 +00:00 · 2021-09-03 13:33:59 -05:00 · 2021-09-03 13:33:59 -05:00 · 113c784ce4
commit 113c784ce4
parent 41c00ff404
2 changed files with 10 additions and 3 deletions
--- a/contrib/ci/dependencies.xml
+++ b/contrib/ci/dependencies.xml
@ -1592,4 +1592,9 @@
      <package>protobuf</package>
    </distro>
  </dependency>
+  <dependency type="build" id="sudo">
+    <distro id="ubuntu">
+      <package variant="x86_64" />
+    </distro>
+  </dependency>
 </dependencies>
--- a/contrib/ci/ubuntu.sh
+++ b/contrib/ci/ubuntu.sh
@ -19,9 +19,11 @@ export LDFLAGS

 root=$(pwd)
 rm -rf ${root}/build
-meson build -Dman=false -Ddocs=docgen -Dgusb:tests=false -Dplugin_platform_integrity=true --prefix=${root}/dist
+mkdir -p ${root}/build
+chown nobody build ${root}/subprojects
+sudo -u nobody meson build -Dman=false -Ddocs=docgen -Dgusb:tests=false -Dplugin_platform_integrity=true --prefix=${root}/dist
 #build with clang
-ninja -C build test -v
+sudo -u nobody ninja -C ${root}/build test -v

 #make docs available outside of docker
-ninja -C build install -v
+ninja -C ${root}/build install -v