You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tvm.apache.org by ar...@apache.org on 2022/09/09 16:54:06 UTC

[tvm] 02/02: Respect Dockerfile ENV PATH modifications in docker/bash.sh lookups.

This is an automated email from the ASF dual-hosted git repository.

areusch pushed a commit to branch ci-docker-staging
in repository https://gitbox.apache.org/repos/asf/tvm.git

commit e888708c8681e69edc5138d408c38c3167b835a1
Author: Andrew Reusch <ar...@gmail.com>
AuthorDate: Thu Sep 1 16:45:38 2022 -0700

    Respect Dockerfile ENV PATH modifications in docker/bash.sh lookups.
---
 docker/with_the_same_user | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/docker/with_the_same_user b/docker/with_the_same_user
index 561b30f55d..397b885ee1 100644
--- a/docker/with_the_same_user
+++ b/docker/with_the_same_user
@@ -25,7 +25,13 @@
 
 set -e
 
-COMMAND=("$@")
+# NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum.
+# The --preserve-env option below passes those variables through to the invoked process; however,
+# this appears not to affect the environment used with execve, so we resolve the binary to run
+# in this file using the $PATH specified in the Dockerfile.
+COMMAND=( "$(which "$1")" )
+shift
+COMMAND=( "${COMMAND[@]}" "$@" )
 
 if ! touch /this_is_writable_file_system; then
   echo "You can't write to your filesystem!"
@@ -50,14 +56,14 @@ getent passwd "${CI_BUILD_UID}" || adduser --force-badname --gid "${CI_BUILD_GID
 usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}"
 
 # Add user to video group for ROCm
-if [[ ! -z $ROCM_ENABLED ]]; then
+if [[ ! -z "${ROCM_ENABLED-}" ]]; then
   usermod -a -G video "${CI_BUILD_USER}"
 fi
 
 # This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts.
 echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo
 
-if [[ ! -z $CUDA_VISIBLE_DEVICES ]]; then
+if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then
     CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}"
 else
     CUDA_ENV=""
@@ -67,8 +73,8 @@ sudo -u "#${CI_BUILD_UID}" --preserve-env \
 ${CUDA_ENV} \
 PATH=${PATH} \
 JAVA_HOME=${JAVA_HOME} \
-LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
-PYTHONPATH=${PYTHONPATH} \
-CI_IMAGE_NAME=${CI_IMAGE_NAME} \
-HOME=${CI_BUILD_HOME} \
+LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \
+PYTHONPATH="${PYTHONPATH-}" \
+CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \
+HOME="${CI_BUILD_HOME-}" \
 "${COMMAND[@]}"