From 113c784ce4636ba3d442386b5ad455751a3d31d8 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <superm1@gmail.com>
Date: Fri, 3 Sep 2021 13:33:59 -0500
Subject: [PATCH] trivial: run Ubuntu CI target tests with "nobody" user
 account

This should ensure that self tests are never trying to access or
create things they shouldn't be.
---
 contrib/ci/dependencies.xml | 5 +++++
 contrib/ci/ubuntu.sh        | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/contrib/ci/dependencies.xml b/contrib/ci/dependencies.xml
index 76cd4b388..3281b57f8 100644
--- a/contrib/ci/dependencies.xml
+++ b/contrib/ci/dependencies.xml
@@ -1592,4 +1592,9 @@
       <package>protobuf</package>
     </distro>
   </dependency>
+  <dependency type="build" id="sudo">
+    <distro id="ubuntu">
+      <package variant="x86_64" />
+    </distro>
+  </dependency>
 </dependencies>
diff --git a/contrib/ci/ubuntu.sh b/contrib/ci/ubuntu.sh
index 4155a934d..2a7c01ec2 100755
--- a/contrib/ci/ubuntu.sh
+++ b/contrib/ci/ubuntu.sh
@@ -19,9 +19,11 @@ export LDFLAGS
 
 root=$(pwd)
 rm -rf ${root}/build
-meson build -Dman=false -Ddocs=docgen -Dgusb:tests=false -Dplugin_platform_integrity=true --prefix=${root}/dist
+mkdir -p ${root}/build
+chown nobody build ${root}/subprojects
+sudo -u nobody meson build -Dman=false -Ddocs=docgen -Dgusb:tests=false -Dplugin_platform_integrity=true --prefix=${root}/dist
 #build with clang
-ninja -C build test -v
+sudo -u nobody ninja -C ${root}/build test -v
 
 #make docs available outside of docker
-ninja -C build install -v
+ninja -C ${root}/build install -v