You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tvm.apache.org by ar...@apache.org on 2022/09/09 16:54:06 UTC
[tvm] 02/02: Respect Dockerfile ENV PATH modifications in docker/bash.sh lookups.
This is an automated email from the ASF dual-hosted git repository.
areusch pushed a commit to branch ci-docker-staging
in repository https://gitbox.apache.org/repos/asf/tvm.git
commit e888708c8681e69edc5138d408c38c3167b835a1
Author: Andrew Reusch <ar...@gmail.com>
AuthorDate: Thu Sep 1 16:45:38 2022 -0700
Respect Dockerfile ENV PATH modifications in docker/bash.sh lookups.
---
docker/with_the_same_user | 20 +++++++++++++-------
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/docker/with_the_same_user b/docker/with_the_same_user
index 561b30f55d..397b885ee1 100644
--- a/docker/with_the_same_user
+++ b/docker/with_the_same_user
@@ -25,7 +25,13 @@
set -e
-COMMAND=("$@")
+# NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum.
+# The --preserve-env option below passes those variables through to the invoked process; however,
+# this appears not to affect the environment used with execve, so we resolve the binary to run
+# in this file using the $PATH specified in the Dockerfile.
+COMMAND=( "$(which "$1")" )
+shift
+COMMAND=( "${COMMAND[@]}" "$@" )
if ! touch /this_is_writable_file_system; then
echo "You can't write to your filesystem!"
@@ -50,14 +56,14 @@ getent passwd "${CI_BUILD_UID}" || adduser --force-badname --gid "${CI_BUILD_GID
usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}"
# Add user to video group for ROCm
-if [[ ! -z $ROCM_ENABLED ]]; then
+if [[ ! -z "${ROCM_ENABLED-}" ]]; then
usermod -a -G video "${CI_BUILD_USER}"
fi
# This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts.
echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo
-if [[ ! -z $CUDA_VISIBLE_DEVICES ]]; then
+if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then
CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}"
else
CUDA_ENV=""
@@ -67,8 +73,8 @@ sudo -u "#${CI_BUILD_UID}" --preserve-env \
${CUDA_ENV} \
PATH=${PATH} \
JAVA_HOME=${JAVA_HOME} \
-LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
-PYTHONPATH=${PYTHONPATH} \
-CI_IMAGE_NAME=${CI_IMAGE_NAME} \
-HOME=${CI_BUILD_HOME} \
+LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \
+PYTHONPATH="${PYTHONPATH-}" \
+CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \
+HOME="${CI_BUILD_HOME-}" \
"${COMMAND[@]}"