Ensure git cloning when self-building is done with the matrix user, not root

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749
2022-04-14 08:52:37 +03:00 · 2022-04-14 08:52:37 +03:00 · 2df993977a
parent aef2c4c32e
commit 2df993977a
39 changed files with 93 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,16 @@
+# 2022-04-14
+
+## (Compatibility Break) Changes to `docker-src` permissions necessitating manual action
+
+Users who build container images from source will need to manually correct file permissions of some directories on the server.
+
+When self-building, the playbook used to `git clone` repositories (into `/matrix/SERVICE/docker-src`) using the `root` user, but now uses `matrix` instead to work around [the following issue with git 2.35.2](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1749).
+
+If you're on a non-`amd64` architecture (that is, you're overriding `matrix_architecture` in your `vars.yml` file) or you have enabled self-building for some service (e.g. `matrix_*_self_build: true`), you're certainly building some container images from source and have `docker-src` directories with mixed permissions lying around in various `/matrix/SERVICE` directories.
+
+The playbook *could* correct these permissions automatically, but that requires additional Ansible tasks in some ~45 different places - something that takes considerable effort. So we ask users observing errors related to `docker-src` directories to correct the problem manually by **running this command on the Matrix server** (which deletes all `/matrix/*/docker-src` directories): `find /matrix -maxdepth 2 -name 'docker-src' | xargs rm -rf`
+
+
 # 2022-03-17

 ## (Compatibility Break) ma1sd identity server no longer installed by default
--- a/roles/matrix-backup-borg/tasks/setup_install.yml
+++ b/roles/matrix-backup-borg/tasks/setup_install.yml
@ -52,6 +52,8 @@
    repo: "{{ matrix_backup_borg_docker_repo }}"
    dest: "{{ matrix_backup_borg_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_backup_borg_git_pull_results
  when: "matrix_backup_borg_container_image_self_build|bool"

--- a/roles/matrix-bot-honoroit/tasks/setup_install.yml
+++ b/roles/matrix-bot-honoroit/tasks/setup_install.yml
@ -64,6 +64,8 @@
    repo: "{{ matrix_bot_honoroit_docker_repo }}"
    dest: "{{ matrix_bot_honoroit_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_bot_honoroit_git_pull_results
  when: "matrix_bot_honoroit_container_image_self_build|bool"

--- a/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
+++ b/roles/matrix-bot-matrix-reminder-bot/tasks/setup_install.yml
@ -57,6 +57,8 @@
    repo: "{{ matrix_bot_matrix_reminder_bot_docker_repo }}"
    dest: "{{ matrix_bot_matrix_reminder_bot_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_bot_matrix_reminder_bot_git_pull_results
  when: "matrix_bot_matrix_reminder_bot_container_image_self_build|bool"

--- a/roles/matrix-bot-mjolnir/tasks/setup_install.yml
+++ b/roles/matrix-bot-mjolnir/tasks/setup_install.yml
@ -35,6 +35,8 @@
    dest: "{{ matrix_bot_mjolnir_docker_src_files_path }}"
    version: "{{ matrix_bot_mjolnir_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_bot_mjolnir_git_pull_results
  when: "matrix_bot_mjolnir_container_image_self_build|bool"

--- a/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-irc/tasks/setup_install.yml
@ -74,6 +74,8 @@
    repo: "{{ matrix_appservice_irc_docker_repo }}"
    dest: "{{ matrix_appservice_irc_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_appservice_irc_git_pull_results
  when: "matrix_appservice_irc_enabled|bool and matrix_appservice_irc_container_image_self_build|bool"

--- a/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-slack/tasks/setup_install.yml
@ -48,6 +48,8 @@
    repo: "{{ matrix_appservice_slack_docker_repo }}"
    dest: "{{ matrix_appservice_slack_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_appservice_slack_git_pull_results
  when: "matrix_appservice_slack_container_image_self_build|bool"

--- a/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
+++ b/roles/matrix-bridge-appservice-webhooks/tasks/setup_install.yml
@ -33,6 +33,8 @@
        dest: "{{ matrix_appservice_webhooks_docker_src_files_path }}"
        version: "{{ matrix_appservice_webhooks_container_image_self_build_repo_version }}"
        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
      register: matrix_appservice_webhooks_git_pull_results

    - name: Ensure Appservice webhooks Docker image is built
--- a/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
+++ b/roles/matrix-bridge-beeper-linkedin/tasks/setup_install.yml
@ -41,6 +41,8 @@
        dest: "{{ matrix_beeper_linkedin_docker_src_files_path }}"
        version: "{{ matrix_beeper_linkedin_container_image_self_build_branch }}"
        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
      register: matrix_beeper_linkedin_git_pull_results

    # Building the container image (using the default Dockerfile) requires that a docker-requirements.txt file be generated.
--- a/roles/matrix-bridge-hookshot/tasks/setup_install.yml
+++ b/roles/matrix-bridge-hookshot/tasks/setup_install.yml
@ -32,6 +32,8 @@
    dest: "{{ matrix_hookshot_docker_src_files_path }}"
    version: "{{ matrix_hookshot_container_image_self_build_branch }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_hookshot_git_pull_results
  when: "matrix_hookshot_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-facebook/tasks/setup_install.yml
@ -66,6 +66,8 @@
    dest: "{{ matrix_mautrix_facebook_docker_src_files_path }}"
    version: "{{ matrix_mautrix_facebook_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_facebook_git_pull_results
  when: "matrix_mautrix_facebook_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-googlechat/tasks/setup_install.yml
@ -65,6 +65,8 @@
    repo: "{{ matrix_mautrix_googlechat_container_image_self_build_repo }}"
    dest: "{{ matrix_mautrix_googlechat_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_googlechat_git_pull_results
  when: "matrix_mautrix_googlechat_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-hangouts/tasks/setup_install.yml
@ -65,6 +65,8 @@
    repo: "{{ matrix_mautrix_hangouts_container_image_self_build_repo }}"
    dest: "{{ matrix_mautrix_hangouts_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_hangouts_git_pull_results
  when: "matrix_mautrix_hangouts_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-instagram/tasks/setup_install.yml
@ -38,6 +38,8 @@
    repo: "{{ matrix_mautrix_instagram_container_image_self_build_repo }}"
    dest: "{{ matrix_mautrix_instagram_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_instagram_git_pull_results
  when: "matrix_mautrix_instagram_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-signal/tasks/setup_install.yml
@ -26,6 +26,8 @@
    repo: "{{ matrix_mautrix_signal_docker_repo }}"
    dest: "{{ matrix_mautrix_signal_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_signal_git_pull_results
  when: "matrix_mautrix_signal_container_image_self_build|bool"

@ -56,6 +58,8 @@
    repo: "{{ matrix_mautrix_signal_daemon_docker_repo }}"
    dest: "{{ matrix_mautrix_signal_daemon_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_signal_daemon_git_pull_results
  when: "matrix_mautrix_signal_daemon_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-telegram/tasks/setup_install.yml
@ -65,6 +65,8 @@
    repo: "{{ matrix_telegram_lottieconverter_docker_repo }}"
    dest: "{{ matrix_telegram_lottieconverter_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_telegram_lottieconverter_git_pull_results
  when: "matrix_telegram_lottieconverter_container_image_self_build|bool and matrix_mautrix_telegram_container_image_self_build|bool"

@ -85,6 +87,8 @@
    repo: "{{ matrix_mautrix_telegram_docker_repo }}"
    dest: "{{ matrix_mautrix_telegram_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_telegram_git_pull_results
  when: "matrix_mautrix_telegram_container_image_self_build|bool"

--- a/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-twitter/tasks/setup_install.yml
@ -43,6 +43,8 @@
    dest: "{{ matrix_mautrix_twitter_docker_src_files_path }}"
    # version: "{{ matrix_coturn_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_twitter_git_pull_results
  when: "matrix_mautrix_twitter_enabled|bool and matrix_mautrix_twitter_container_image_self_build"

--- a/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mautrix-whatsapp/tasks/setup_install.yml
@ -68,6 +68,8 @@
    dest: "{{ matrix_mautrix_whatsapp_docker_src_files_path }}"
    version: "{{ matrix_mautrix_whatsapp_container_image_self_build_branch }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mautrix_whatsapp_git_pull_results
  when: "matrix_mautrix_whatsapp_container_image_self_build|bool"

--- a/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-discord/tasks/setup_install.yml
@ -83,6 +83,8 @@
    dest: "{{ matrix_mx_puppet_discord_docker_src_files_path }}"
    force: "yes"
    version: "{{ matrix_mx_puppet_discord_container_image_self_build_version }}"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_discord_git_pull_results
  when: "matrix_mx_puppet_discord_enabled|bool and matrix_mx_puppet_discord_container_image_self_build"

--- a/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-groupme/tasks/setup_install.yml
@ -83,6 +83,8 @@
    repo: "{{ matrix_mx_puppet_groupme_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_groupme_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_groupme_git_pull_results
  when: "matrix_mx_puppet_groupme_enabled|bool and matrix_mx_puppet_groupme_container_image_self_build"

--- a/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-instagram/tasks/setup_install.yml
@ -66,6 +66,8 @@
    repo: "{{ matrix_mx_puppet_instagram_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_instagram_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_instagram_git_pull_results
  when: "matrix_mx_puppet_instagram_enabled|bool and matrix_mx_puppet_instagram_container_image_self_build|bool"

--- a/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-skype/tasks/setup_install.yml
@ -83,6 +83,8 @@
    repo: "{{ matrix_mx_puppet_skype_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_skype_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_skype_git_pull_results
  when: "matrix_mx_puppet_skype_enabled|bool and matrix_mx_puppet_skype_container_image_self_build|bool"

--- a/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-slack/tasks/setup_install.yml
@ -80,6 +80,8 @@
    dest: "{{ matrix_mx_puppet_slack_docker_src_files_path }}"
    force: "yes"
    version: "{{ matrix_mx_puppet_slack_container_image_self_build_version }}"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_slack_git_pull_results
  when: "matrix_mx_puppet_slack_enabled|bool and matrix_mx_puppet_slack_container_image_self_build"

--- a/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-steam/tasks/setup_install.yml
@ -83,6 +83,8 @@
    repo: "{{ matrix_mx_puppet_steam_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_steam_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_steam_git_pull_results
  when: "matrix_mx_puppet_steam_enabled|bool and matrix_mx_puppet_steam_container_image_self_build"

--- a/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
+++ b/roles/matrix-bridge-mx-puppet-twitter/tasks/setup_install.yml
@ -83,6 +83,8 @@
    repo: "{{ matrix_mx_puppet_twitter_container_image_self_build_repo }}"
    dest: "{{ matrix_mx_puppet_twitter_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mx_puppet_twitter_git_pull_results
  when: "matrix_mx_puppet_twitter_enabled|bool and matrix_mx_puppet_twitter_container_image_self_build"

--- a/roles/matrix-client-cinny/tasks/setup_install.yml
+++ b/roles/matrix-client-cinny/tasks/setup_install.yml
@ -29,6 +29,8 @@
    dest: "{{ matrix_client_cinny_docker_src_files_path }}"
    version: "{{ matrix_client_cinny_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_client_cinny_git_pull_results
  when: "matrix_client_cinny_container_image_self_build|bool"

--- a/roles/matrix-client-element/tasks/setup_install.yml
+++ b/roles/matrix-client-element/tasks/setup_install.yml
@ -30,6 +30,8 @@
    dest: "{{ matrix_client_element_docker_src_files_path }}"
    version: "{{ matrix_client_element_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_client_element_git_pull_results
  when: "matrix_client_element_container_image_self_build|bool"

--- a/roles/matrix-client-hydrogen/tasks/setup_install.yml
+++ b/roles/matrix-client-hydrogen/tasks/setup_install.yml
@ -30,6 +30,8 @@
    dest: "{{ matrix_client_hydrogen_docker_src_files_path }}"
    version: "{{ matrix_client_hydrogen_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_client_hydrogen_git_pull_results
  when: "matrix_client_hydrogen_container_image_self_build|bool"

--- a/roles/matrix-corporal/tasks/setup_corporal.yml
+++ b/roles/matrix-corporal/tasks/setup_corporal.yml
@ -23,6 +23,8 @@
    dest: "{{ matrix_corporal_container_src_files_path }}"
    version: "{{ matrix_corporal_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_corporal_git_pull_results
  when: "matrix_corporal_enabled|bool and matrix_corporal_container_image_self_build|bool"

--- a/roles/matrix-coturn/tasks/setup_install.yml
+++ b/roles/matrix-coturn/tasks/setup_install.yml
@ -36,6 +36,8 @@
        dest: "{{ matrix_coturn_docker_src_files_path }}"
        version: "{{ matrix_coturn_container_image_self_build_repo_version }}"
        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
      register: matrix_coturn_git_pull_results

    - name: Ensure Coturn Docker image is built
--- a/roles/matrix-dimension/tasks/setup_install.yml
+++ b/roles/matrix-dimension/tasks/setup_install.yml
@ -102,6 +102,8 @@
    dest: "{{ matrix_dimension_docker_src_files_path }}"
    version: "{{ matrix_dimension_container_image_self_build_branch }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  when: "matrix_dimension_container_image_self_build|bool"
  register: matrix_dimension_git_pull_results

--- a/roles/matrix-dynamic-dns/tasks/install.yml
+++ b/roles/matrix-dynamic-dns/tasks/install.yml
@ -30,6 +30,8 @@
    repo: "{{ matrix_dynamic_dns_container_image_self_build_repo }}"
    dest: "{{ matrix_dynamic_dns_docker_src_files_path }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_dynamic_dns_git_pull_results
  when: "matrix_dynamic_dns_enabled|bool and matrix_dynamic_dns_container_image_self_build|bool"

--- a/roles/matrix-email2matrix/tasks/setup_install.yml
+++ b/roles/matrix-email2matrix/tasks/setup_install.yml
@ -39,6 +39,8 @@
    dest: "{{ matrix_email2matrix_docker_src_files_path }}"
    version: "{{ matrix_email2matrix_container_image_self_build_branch }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_email2matrix_git_pull_results
  when: "matrix_email2matrix_container_image_self_build|bool"

--- a/roles/matrix-ma1sd/tasks/setup_install.yml
+++ b/roles/matrix-ma1sd/tasks/setup_install.yml
@ -85,6 +85,8 @@
        dest: "{{ matrix_ma1sd_docker_src_files_path }}"
        version: "{{ matrix_ma1sd_container_image_self_build_branch }}"
        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
      register: matrix_ma1sd_git_pull_results

    - name: Ensure ma1sd Docker image is built
--- a/roles/matrix-mailer/tasks/setup_mailer.yml
+++ b/roles/matrix-mailer/tasks/setup_mailer.yml
@ -29,6 +29,8 @@
    dest: "{{ matrix_mailer_container_image_self_build_src_files_path }}"
    version: "{{ matrix_mailer_container_image_self_build_version }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_mailer_git_pull_results
  when: "matrix_mailer_enabled|bool and matrix_mailer_container_image_self_build|bool"

--- a/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml
+++ b/roles/matrix-postgres/tasks/util/migrate_db_to_postgres.yml
@ -38,6 +38,8 @@
        dest: "{{ matrix_postgres_pgloader_container_image_self_build_src_path }}"
        version: "{{ matrix_postgres_pgloader_container_image_self_build_repo_branch }}"
        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
      register: matrix_postgres_pgloader_git_pull_results

    # If `stable` is used, we hit an error when processing /opt/src/pgloader/build/quicklisp/dists/quicklisp/software/uax-15-20201220-git/data/CompositionExclusions.txt:
--- a/roles/matrix-registration/tasks/setup_install.yml
+++ b/roles/matrix-registration/tasks/setup_install.yml
@ -63,6 +63,8 @@
    dest: "{{ matrix_registration_docker_src_files_path }}"
    version: "{{ matrix_registration_container_image_self_build_branch }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_registration_git_pull_results
  when: "matrix_registration_container_image_self_build|bool"

--- a/roles/matrix-synapse-admin/tasks/setup.yml
+++ b/roles/matrix-synapse-admin/tasks/setup.yml
@ -22,6 +22,8 @@
    dest: "{{ matrix_synapse_admin_docker_src_files_path }}"
    version: "{{ matrix_synapse_admin_docker_image.split(':')[1] }}"
    force: "yes"
+  become: true
+  become_user: "{{ matrix_user_username }}"
  register: matrix_synapse_admin_git_pull_results
  when: "matrix_synapse_admin_enabled|bool and matrix_synapse_admin_container_image_self_build|bool"

--- a/roles/matrix-synapse/tasks/synapse/setup_install.yml
+++ b/roles/matrix-synapse/tasks/synapse/setup_install.yml
@ -25,6 +25,8 @@
        dest: "{{ matrix_synapse_docker_src_files_path }}"
        version: "{{ matrix_synapse_docker_image.split(':')[1] }}"
        force: "yes"
+      become: true
+      become_user: "{{ matrix_user_username }}"
      register: matrix_synapse_git_pull_results

    - name: Check if Synapse Docker image exists