how to avoid 'operation not permitted' with sudo command from hudson - macos

I am trying to run a bash script on a MacOSX Node (master is on windows) through hudson,
but get 'Operation not permitted' when script invokes sudo command (su as well).
I added the following line to
/etc/sudoers:
'user' ALL:(ALL) NOPASSWD: ALL
'user' is logged on the Mac Node, java agent started with the same user.
still getting this error...
any idea ?

Is it possible your syntax is wrong? On my OSX 10.6 I have:
username ALL=(ALL) NOPASSWD: ALL
Note the equals vs. colon. I have no problem running sudo tasks either with Hudson or from command-line.

Related

install4j "Request privileges" not working as expected on macOS

We ran into a problem when trying to install Homebrew on macOS using a Custom Action in our install4j installer. Before executing the Homebrew installation script, we request admin privileges as shown in the logs below (the user that runs the installer is an Administrator). However, the installation script does not seem to be executed as an admin, it fails with the error message Need sudo access on macOS (e.g. the user xxx needs to be an Administrator)!.
Our Custom Action has the elevation type "Elevate to maximum available privileges", shouldn't this lead to the action using admin privileges?
[INFO] com.install4j.runtime.beans.actions.misc.RequestPrivilegesAction [ID 22]: Execute action
Property linuxPrivilegeRequirement: None
Property allRequested: true
Property failIfNotObtainedLinux: false
Property failIfNotObtainedMac: true
Property failIfNotObtainedWin: true
Property failIfNotRootUnix: true
Property obtainIfAdminMac: true
Property obtainIfAdminWin: true
Property obtainIfNormalMac: true
Property obtainIfNormalWin: true
Property rollbackSupported: false
Property updateInstallationDirectory: true
args: ...
Execute action successful after 7597 ms
[INFO] com.example.HomebrewInstaller [ID 161]: Using communication backend com.install4j.runtime.installer.platform.unix.PipeCommunicationBackend
Execute action
Property context: null
Property rollbackSupported: false
Executing commands: [/bin/zsh, -c, NONINTERACTIVE=1 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"]
Output: ==> Running in non-interactive mode because `$NONINTERACTIVE` is set.==> Checking for `sudo` access (which may request your password)...Need sudo access on macOS (e.g. the user xxx needs to be an Administrator)!
Execute action successful after 312 ms
The elevated helper process in install4j runs as root. It looks like Homebrew does not want to run as root. You would have to wrap the sudo calls in the installer into a graphical sudo like described here:
https://stackoverflow.com/a/3034671/936832
and run the "Run executable action" without elevated privileges.
I tested this directly in Terminal.
As root, the Homebrew installer would be executed with root privileges, which is not allowed. As an admin user, you cannot run the Homebrew installer with sudo either - same effect as run as root.
As the Homebrew installer needs admin privileges and has to run some commands with sudo, sudo must be "active".
You can, directly before issuing the install.sh command, use a harmless command with sudo. Like
sudo echo Hello
sudo will then be active for a predefined while and will then be revoked again. Within this time, any sudo commands won't need another password entered.
If you run the Homebrew install.sh directly afterwards, no issues occur.
I tested this with NONINTERACTIVE=1 and it worked.
I am now searching for a way to pass the admin password safely to a script to make the install process completely non interactive...

Provide password to GitHub Actions macOS self-hosted runner

I have set up a CI build server using the GitHub Actions self-hosted runner instructions. Everything works fine until it reaches this instruction:
sudo xcode-select -switch /Applications/Xcode_11.5.app
it asks for my password inside the macOS Terminal. This defeats the purpose of a build server if I have to type in my password every single time this job runs. I've tried configuring the runner as a service but when I did that the job completely failed because it needs a terminal to ask for the password.
Is there a way to set the password so the runner stops asking me every single time?
You can try to remove the sudo command.
The following worked for me by editing the visudo file
do use this with caution as you are making sudo passwordless
Editing visudo
╰─ sudo EDITOR=vi visudo
Commenting the %admin line and adding the following line
╰─ sudo cat /etc/sudoers | grep admin
# %admin ALL = (ALL) ALL
%admin ALL=(ALL) NOPASSWD: ALL
In case you get locked out of sudo, the following will help.
Locked out of sudo ?

-bash: initdb: command not found

I have installed PostgreSQL using the EnterpriseDB installation.
I ran sudo ./postgresql-9.3.5-3-osx.app/Contents/MacOS/installbuilder.sh --mode unattended and then ran open /Applications/TextEdit.app .profile to edit my .profile file newly created in /Users/Dhruv to add the line source /Library/PostgreSQL/9.3/pg_env.sh.
Running createuser Dhruv --pwprompt --username=postgres I got
-bash: createuser: command not found
Then running unknown-88-1f-a1-1b-c2-ec:9.3 dhruv$ sudo -u postgres /bin/createuser and various other methods I was able to set up something using some sort of password prompt. I know this later because using sudo -u postgres /Library/PostgreSQL/9.3/bin/createuser I got
createuser: creation of new role failed: ERROR: role "postgres" already exists
Running then initdb -D /Library/PostgreSQL/9.3/data I get
-bash: initdb: command not found.
Similiarly, if I try the same thing but while connected to postgres, sudo su - postgres and then initdb -D /Library/PostgreSQL/9.3/data I get again
-bash: initdb: command not found.
At a loss at what to do. 1) how do I know details of this supposed role "postgres" I created magically and 2) why is initdb not working?
How I fixed this is run brew doctor, and you might see the postgresql un der the Warning: that indicates there's unlinked kegs in your Cellar.
Try to run brew link postgresql. It will show some symlinks got created. Then run init db ... again.
Hope this help!
Who are you logged in as?
When you do sudo or su -, it will run init scripts for root, such as .bashrc and .bash_profile.
These may set up difference executable search paths between root, postgres, and you.
Try something like sudo initdb, or su - postgres -c initdb ... whichever user has the paths constructed correctly, so that the path gets set up.
You could also duplicate the path/lib creation code in your own environment, but that will break if it is ever changed.
Same thing happened to me. I'm new to OS X coming from Linux, here's what I had to do. I installed postgres via homebrew and when I did so I noticed it put everything it download to: /usr/local/Cellar/postgresql/($postgres_version)/
When I cd'd into that folder I saw a directory named bin so I cd'd and saw initdb right there. So I had to then add this to my path so I could use the command:
$ export PATH=/usr/local/Cellar/postgresql/9.4.4/bin:$PATH
hope that helps you

Vagrant up fails with Laravel: 'The SSH command responded with a non-zero exit status'

New to Laravel and Vagrant, never put up a virtual machine any way other than via MAMP.
New to using Terminal in general.
Running on Mac OSX 10.9.
Vagrantfile (and hopefully soon Laravel) is placed in a folder in Documents.
Receiving error:
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.
Log since 'vagrant up'
Used vagrant files
UPDATE: When accessing the designated VM address through my browser, I am greeted by a 403 Forbidden
EDIT: Link to terminal log updated after fixing laravel installation issues regarding mcrypt.
UPDATE: Tried solution described here by adding the following to /etc/sudoers. Problem not fixed.
vagrant ALL=(ALL) NOPASSWD:ALL
Defaults:vagrant !requiretty
The artisan file isn't there.
php artisan migrate #fails
I can't tell exactly what should be in /var/www, but it seems to me like Laravel isn't getting set up properly. Try vagrant ssh to snoop around in /var/www (ls /var/www) and see what's there/what's missing.
run:
vagrant ssh
when you success login, run the command like below:
sudo rm -f /etc/udev/rules.d/70-persistent-net.rules
maybe 70 or 60 is the begining of rules filename.
than reload your virtualbox,try it maybe the right way to solve the matter.
If you have this error, after
vagrant up
you can use
vagrant ssh
It let you launch your server.

Running ios-sim with Jenkins

I'm trying to start my app from the command line using ios-sim but this is what I get:
Started by user User
Building in workspace /Users/Shared/Jenkins/Home/jobs/UI Testing/workspace
[workspace] $ /bin/sh -xe /var/folders/h4/ws64t3bx2nnds4pg3345xrr000009c/T/hudson6341279754557259451.sh
+ /Users/myUser/Desktop/ios-sim launch /Users/Shared/Jenkins/Home/jobs/Project_Monkey_Build/workspace/build/Debug-iphonesimulator/ProjectMonkey.app
[DEBUG] Could not start simulator session: Error Domain=DTiPhoneSimulatorErrorDomain Code=5
"Operation failed with underlying error 4294956486." UserInfo=0x1001b1760
{NSLocalizedDescription=Operation failed with underlying error 4294956486.,
NSUnderlyingError=0x1001a3390 "The operation couldn’t be completed. (OSStatus error -10810.)"}
It looks like a permission problem as I can run the same command from terminal and it works fine. I've also tried to give full 777 permission to ios-sim and the MonkeyTalk directory,but still nothing.
Any idea?
It might be related to the Jenkins process not having a "display". Try running Jenkins as a user logged in to the desktop, then run the ios-sim again.
Unload Jenkins from launchd:
sudo launchctl unload /Library/LaunchDaemons/org.jenkins-ci.plist
Then run Jenkins from a terminal:
sudo su jenkins -c "JENKINS_HOME=/Users/Shared/Jenkins/Home /Library/Application\ Support/Jenkins/jenkins-runner.sh"
If this works, you can make Jenkins always run as a logged in user by moving the launchd job config file from /Library/LaunchDaemons/org.jenkins-ci.plist to ~/Library/LaunchAgents/org.jenkins-ci.plist
I know this post was from a while ago, and not sure if anyone is checking it, but I also ran into this issue recently and it turned out that there was a duplicate app already in the iphone simulator creating an issue and not letting the new app run.
I reset the simulator and it then worked. I then added the applescript to reset the simulator each time before running ios-sim. this script can be found here...
How can I reset the iOS Simulator from the command line?
Scroll down the answer that has 13 up votes next to it, not the one that was checked marked.
Hope this helps someone in the future..
It looks like the only workaround it's to run the command as super user:
sudo /Users/myUser/Desktop/ios-sim launch /Users/Shared/Jenkins/Home/jobs/Project_Monkey_Build/workspace/build/Debug-iphonesimulator/ProjectMonkey.app
I was also facing the same problem and found that jenkins user is not correctly set up to run test case on simulator. Follow instruction given on below website:
http://pivotallabs.com/ios-ci-jenkins/
see the section "SETTING UP THE JENKINS USER".
hope it will work for you as well.

Resources