Broccoli/broccoli-cli
3
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

no need for full sudo access anymore

Browse Source
This commit is contained in:
Edward Arthur Bingham 2023-06-03 16:48:57 +00:00
parent 12d081b9fc
commit 245a054f82
4 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@ -180,11 +180,19 @@ ENV GROUP_ID "1000"
ENV MEMBERS "" ENV MEMBERS ""
ENV XAUTH_TOKEN "" ENV XAUTH_TOKEN ""
RUN echo "version: 1"
CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \ CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \
/usr/sbin/useradd -u $USER_ID -g $USER $USER; \ /usr/sbin/useradd -u $USER_ID -g $USER $USER; \
echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \ echo \"$MEMBERS\" | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \
cp -r /template /home/$USER; \ cp -r /template /home/$USER; \
xauth -f /home/$USER/.Xauthority add $XAUTH_TOKEN; \ xauth -f /home/$USER/.Xauthority add $XAUTH_TOKEN; \
chown -R $USER:$USER /home/$USER; \ chown -R $USER:$USER /home/$USER; \
/usr/sbin/usermod -p \$(openssl passwd -1 'bcli') $USER; \ echo \"$USER ALL=NOPASSWD: /usr/bin/apt-get install *\" > /etc/sudoers.d/apt-get; \
echo \"$USER ALL=NOPASSWD: /usr/bin/apt install *\" > /etc/sudoers.d/apt; \
trap : TERM INT; sleep infinity & wait" trap : TERM INT; sleep infinity & wait"
# In case we need to add a password for sudo.
# However, its possible for someone to break out of the docker container and
# have root access on the host if they are given sudo access in the container.
# So, we really shouldn't give them sudo access
# /usr/sbin/usermod -p \$(openssl passwd -1 'bcli') $USER; \

2
bcli-develop.sh
View File

@ -1,6 +1,6 @@
bcli() { bcli() {
if [ "$1" = "up" ]; then if [ "$1" = "up" ]; then
export MEMBERS="$(groups | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')" MEMBERS="$(groups | sed 's/adm \?\|cdrom \?\|sudo \?\|dip \?\|plugdev \?\|lxd \?\|docker \?//g' | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')"
docker run --rm -d --net=host -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g')" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null docker run --rm -d --net=host -v $HOME:/host -v "/opt/tech:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g')" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null
#docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null #docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null
echo "bcli-$USER started" echo "bcli-$USER started"

16
home/.bashrc
View File

@ -126,3 +126,19 @@ if ! shopt -oq posix; then
fi fi
fi fi
echo "Welcome to Broccoli's Command Line Interface"
echo ""
echo "The following tools are available:"
echo "go - architectural and behavioral simulation"
echo "haystack - formal synthesis of self-timed circuits"
echo "act - circuit design and digital simulation"
echo "prspice - configure digital/analog circuit co-simulation"
echo "Xyce - analog circuit simulation"
echo "gaw - analog waveform viewer"
echo "magic - circuit layout"
echo ""
echo "Semiconductor PDKs are in /opt/cad/conf"
echo "Packages may be installed with 'sudo apt install <package>'"
echo "Other usages of sudo are disabled"
echo ""
echo ""

0
home/.sudo_as_admin_successful Normal file
View File