Revert "Revert "Relax assumptions in supervisor (#18782)" (#18857)"

This reverts commit 40c39f5.

Author: Furisto

components/content-service/pkg/executor/executor.go

@@ -44,7 +44,7 @@ func Prepare(req *csapi.WorkspaceInitializer, urls map[string]string) ([]byte, e
 
 // Execute runs an initializer to place content in destination based on the configuration read
 // from the cfgin stream.
-func Execute(ctx context.Context, destination string, cfgin io.Reader, forceGitUser bool, opts ...initializer.InitializeOpt) (src csapi.WorkspaceInitSource, err error) {
+func Execute(ctx context.Context, destination string, cfgin io.Reader, runAs *initializer.User, opts ...initializer.InitializeOpt) (src csapi.WorkspaceInitSource, err error) {
 	var cfg config
 	err = json.NewDecoder(cfgin).Decode(&cfg)
 	if err != nil {
@@ -64,7 +64,7 @@ func Execute(ctx context.Context, destination string, cfgin io.Reader, forceGitU
 
 		rs = &storage.NamedURLDownloader{URLs: cfg.URLs}
 		ilr, err = initializer.NewFromRequest(ctx, destination, rs, &req, initializer.NewFromRequestOpts{
-			ForceGitpodUserForGit: forceGitUser,
+			RunAs: runAs,
 		})
 		if err != nil {
 			return "", err

components/content-service/pkg/git/git.go

@@ -13,6 +13,7 @@ import (
 	"os/exec"
 	"path/filepath"
 	"strings"
+	"syscall"
 
 	"github.com/opentracing/opentracing-go"
 	"golang.org/x/xerrors"
@@ -93,8 +94,12 @@ type Client struct {
 	// UpstreamCloneURI is the fork upstream of a repository
 	UpstreamRemoteURI string
 
-	// if true will run git command as gitpod user (should be executed as root that has access to sudo in this case)
-	RunAsGitpodUser bool
+	// RunAs runs the Git commands as a particular user - if not nil
+	RunAs *User
+}
+
+type User struct {
+	UID, GID uint32
 }
 
 // Status describes the status of a Git repo/working copy akin to "git status"
@@ -178,8 +183,6 @@ func (c *Client) GitWithOutput(ctx context.Context, ignoreErr *string, subcomman
 		env = append(env, fmt.Sprintf("GIT_AUTH_PASSWORD=%s", pwd))
 	}
 
-	env = append(env, "HOME=/home/gitpod")
-
 	fullArgs = append(fullArgs, subcommand)
 	fullArgs = append(fullArgs, args...)
 
@@ -201,13 +204,19 @@ func (c *Client) GitWithOutput(ctx context.Context, ignoreErr *string, subcomman
 	span.LogKV("args", fullArgs)
 
 	cmdName := "git"
-	if c.RunAsGitpodUser {
-		cmdName = "sudo"
-		fullArgs = append([]string{"-u", "gitpod", "git"}, fullArgs...)
-	}
 	cmd := exec.Command(cmdName, fullArgs...)
 	cmd.Dir = c.Location
 	cmd.Env = env
+	if c.RunAs != nil {
+		if cmd.SysProcAttr == nil {
+			cmd.SysProcAttr = &syscall.SysProcAttr{}
+		}
+		if cmd.SysProcAttr.Credential == nil {
+			cmd.SysProcAttr.Credential = &syscall.Credential{}
+		}
+		cmd.SysProcAttr.Credential.Uid = c.RunAs.UID
+		cmd.SysProcAttr.Credential.Gid = c.RunAs.UID
+	}
 
 	res, err := cmd.CombinedOutput()
 	if err != nil {

components/content-service/pkg/initializer/git.go

@@ -95,8 +95,8 @@ func (ws *GitInitializer) Run(ctx context.Context, mappings []archive.IDMapping)
 
 		// make sure that folder itself is owned by gitpod user prior to doing git clone
 		// this is needed as otherwise git clone will fail if the folder is owned by root
-		if ws.RunAsGitpodUser {
-			args := []string{"gitpod", ws.Location}
+		if ws.RunAs != nil {
+			args := []string{fmt.Sprintf("%d:%d", ws.RunAs.UID, ws.RunAs.GID), ws.Location}
 			cmd := exec.Command("chown", args...)
 			res, cerr := cmd.CombinedOutput()
 			if cerr != nil && !process.IsNotChildProcess(cerr) {

components/content-service/pkg/initializer/initializer.go

@@ -99,11 +99,13 @@ func (e CompositeInitializer) Run(ctx context.Context, mappings []archive.IDMapp
 
 // NewFromRequestOpts configures the initializer produced from a content init request
 type NewFromRequestOpts struct {
-	// ForceGitpodUserForGit forces gitpod:gitpod ownership on all files produced by the Git initializer.
-	// For FWB workspaces the content init is run from supervisor which runs as UID 0. Using this flag, the
-	// Git content is forced to the Gitpod user. All other content (backup, prebuild, snapshot) will already
-	// have the correct user.
-	ForceGitpodUserForGit bool
+	// RunAs - if not nil - decides the user with which the initiallisation will be executed
+	RunAs *User
+}
+
+type User struct {
+	UID uint32
+	GID uint32
 }
 
 // NewFromRequest picks the initializer from the request but does not execute it.
@@ -132,7 +134,7 @@ func NewFromRequest(ctx context.Context, loc string, rs storage.DirectDownloader
 			return nil, status.Error(codes.InvalidArgument, "missing Git initializer spec")
 		}
 
-		initializer, err = newGitInitializer(ctx, loc, ir.Git, opts.ForceGitpodUserForGit)
+		initializer, err = newGitInitializer(ctx, loc, ir.Git, opts.RunAs)
 	} else if ir, ok := spec.(*csapi.WorkspaceInitializer_Prebuild); ok {
 		if ir.Prebuild == nil {
 			return nil, status.Error(codes.InvalidArgument, "missing prebuild initializer spec")
@@ -146,7 +148,7 @@ func NewFromRequest(ctx context.Context, loc string, rs storage.DirectDownloader
 		}
 		var gits []*GitInitializer
 		for _, gi := range ir.Prebuild.Git {
-			gitinit, err := newGitInitializer(ctx, loc, gi, opts.ForceGitpodUserForGit)
+			gitinit, err := newGitInitializer(ctx, loc, gi, opts.RunAs)
 			if err != nil {
 				return nil, err
 			}
@@ -249,7 +251,7 @@ func (bi *fromBackupInitializer) Run(ctx context.Context, mappings []archive.IDM
 
 // newGitInitializer creates a Git initializer based on the request.
 // Returns gRPC errors.
-func newGitInitializer(ctx context.Context, loc string, req *csapi.GitInitializer, forceGitpodUser bool) (*GitInitializer, error) {
+func newGitInitializer(ctx context.Context, loc string, req *csapi.GitInitializer, runAs *User) (*GitInitializer, error) {
 	if req.Config == nil {
 		return nil, status.Error(codes.InvalidArgument, "Git initializer misses config")
 	}
@@ -294,6 +296,11 @@ func newGitInitializer(ctx context.Context, loc string, req *csapi.GitInitialize
 		return
 	})
 
+	var user *git.User
+	if runAs != nil {
+		user = &git.User{UID: runAs.UID, GID: runAs.GID}
+	}
+
 	log.WithField("location", loc).Debug("using Git initializer")
 	return &GitInitializer{
 		Client: git.Client{
@@ -303,7 +310,7 @@ func newGitInitializer(ctx context.Context, loc string, req *csapi.GitInitialize
 			Config:            req.Config.CustomConfig,
 			AuthMethod:        authMethod,
 			AuthProvider:      authProvider,
-			RunAsGitpodUser:   forceGitpodUser,
+			RunAs:             user,
 		},
 		TargetMode:  targetMode,
 		CloneTarget: req.CloneTaget,

components/supervisor/cmd/dump-initializer.go

@@ -0,0 +1,38 @@
+// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License.AGPL.txt in the project root for license information.
+
+package cmd
+
+import (
+	"fmt"
+
+	csapi "github.com/gitpod-io/gitpod/content-service/api"
+	"github.com/gitpod-io/gitpod/content-service/pkg/executor"
+	"github.com/spf13/cobra"
+)
+
+var dumpInitializer = &cobra.Command{
+	Use:    "dump-init",
+	Hidden: true, // this is not official user-facing functionality, but just for debugging
+	Run: func(cmd *cobra.Command, args []string) {
+		fc, _ := executor.Prepare(&csapi.WorkspaceInitializer{
+			Spec: &csapi.WorkspaceInitializer_Git{
+				Git: &csapi.GitInitializer{
+					RemoteUri:        "https://github.com/gitpod-io/gitpod",
+					CheckoutLocation: "gitpod",
+					TargetMode:       csapi.CloneTargetMode_REMOTE_BRANCH,
+					CloneTaget:       "main",
+					Config: &csapi.GitConfig{
+						Authentication: csapi.GitAuthMethod_NO_AUTH,
+					},
+				},
+			},
+		}, nil)
+		fmt.Println(string(fc))
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(dumpInitializer)
+}

components/supervisor/pkg/supervisor/config.go

@@ -8,7 +8,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"math"
 	"net/http"
 	"net/url"
@@ -329,6 +328,35 @@ type WorkspaceConfig struct {
 
 	// ConfigcatEnabled controls whether configcat is enabled
 	ConfigcatEnabled bool `env:"GITPOD_CONFIGCAT_ENABLED"`
+
+	WorkspaceLinuxUID uint32 `env:"GITPOD_WORKSPACE_LINUX_UID,default=33333"`
+	WorkspaceLinuxGID uint32 `env:"GITPOD_WORKSPACE_LINUX_GID,default=33333"`
+
+	// ContentInitializer - if set - will run the content initializer instead of waiting for the ready file
+	ContentInitializer string `env:"SUPERVISOR_CONTENT_INITIALIZER"`
+
+	// WorkspaceRuntime configures the runtime supervisor is running in
+	WorkspaceRuntime WorkspaceRuntime `env:"SUPERVISOR_WORKSPACE_RUNTIME,default=container"`
+}
+
+type WorkspaceRuntime string
+
+const (
+	WorkspaceRuntimeContainer WorkspaceRuntime = "container"
+	WorkspaceRuntimeNextgen   WorkspaceRuntime = "nextgen"
+	WorkspaceRuntimeRunGP     WorkspaceRuntime = "rungp"
+)
+
+func (rt *WorkspaceRuntime) UnmarshalEnvironmentValue(data string) error {
+	switch WorkspaceRuntime(data) {
+	case WorkspaceRuntimeContainer, WorkspaceRuntimeNextgen, WorkspaceRuntimeRunGP:
+		// everything's fine
+	default:
+		return fmt.Errorf("unknown workspace runtime: %s", data)
+	}
+
+	*rt = WorkspaceRuntime(data)
+	return nil
 }
 
 // WorkspaceGitpodToken is a list of tokens that should be added to supervisor's token service.
@@ -587,7 +615,7 @@ func loadDesktopIDEs(static *StaticConfig) ([]*IDEConfig, error) {
 		uniqueDesktopIDEs[desktopIDE.Name] = struct{}{}
 	}
 
-	files, err := ioutil.ReadDir(static.DesktopIDERoot)
+	files, err := os.ReadDir(static.DesktopIDERoot)
 	if err != nil {
 		return nil, err
 	}

components/supervisor/pkg/supervisor/docker.go

@@ -57,7 +57,7 @@ func socketActivationForDocker(parentCtx context.Context, wg *sync.WaitGroup, te
 		return
 	}
 
-	logFile, err := openDockerUpLogFile()
+	logFile, err := openDockerUpLogFile(int(cfg.WorkspaceLinuxUID), int(cfg.WorkspaceLinuxGID))
 	if err != nil {
 		log.WithError(err).Error("docker-up: cannot open log file")
 	} else {
@@ -164,7 +164,7 @@ func listenToDockerSocket(parentCtx context.Context, term *terminal.Mux, cfg *Co
 		l.Close()
 	}()
 
-	_ = os.Chown(fn, gitpodUID, gitpodGID)
+	_ = os.Chown(fn, int(cfg.WorkspaceLinuxUID), int(cfg.WorkspaceLinuxGID))
 
 	var lastExitErrorTime time.Time
 	burstAttempts := 0
@@ -267,19 +267,19 @@ func listenToDockerSocket(parentCtx context.Context, term *terminal.Mux, cfg *Co
 	return ctx.Err()
 }
 
-func openDockerUpLogFile() (*os.File, error) {
+func openDockerUpLogFile(uid, gid int) (*os.File, error) {
 	if err := os.MkdirAll(logsDir, 0755); err != nil {
 		return nil, xerrors.Errorf("cannot create logs dir: %w", err)
 	}
-	if err := os.Chown(logsDir, gitpodUID, gitpodGID); err != nil {
+	if err := os.Chown(logsDir, uid, gid); err != nil {
 		return nil, xerrors.Errorf("cannot chown logs dir: %w", err)
 	}
 	logFile, err := os.OpenFile(dockerUpLogFilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
 		return nil, xerrors.Errorf("cannot open docker-up log file: %w", err)
 	}
 
-	if err := os.Chown(dockerUpLogFilePath, gitpodUID, gitpodGID); err != nil {
+	if err := os.Chown(dockerUpLogFilePath, uid, gid); err != nil {
 		_ = logFile.Close()
 		return nil, xerrors.Errorf("cannot chown docker-up log file: %w", err)
 	}

components/supervisor/pkg/supervisor/git.go

@@ -92,7 +92,7 @@ func (p *GitTokenProvider) openAccessControl() error {
 		return err
 	}
 	gpCmd := exec.Command(gpPath, "preview", "--external", p.workspaceConfig.GitpodHost+"/access-control")
-	runAsGitpodUser(gpCmd)
+	runAsUser(gpCmd, p.workspaceConfig.WorkspaceLinuxUID, p.workspaceConfig.WorkspaceLinuxGID)
 	if b, err := gpCmd.CombinedOutput(); err != nil {
 		log.WithField("Stdout", string(b)).WithError(err).Error("failed to exec gp preview to open access control")
 		return err

components/supervisor/pkg/supervisor/services.go

@@ -741,7 +741,7 @@ func (is *InfoService) WorkspaceInfo(ctx context.Context, req *api.WorkspaceInfo
 		}
 	}
 
-	resp.UserHome = "/home/gitpod"
+	resp.UserHome = os.Getenv("HOME")
 
 	endpoint, host, err := is.cfg.GitpodAPIEndpoint()
 	if err != nil {
@@ -763,6 +763,8 @@ type ControlService struct {
 	publicKey  string
 	hostKey    *api.SSHPublicKey
 
+	uid, gid int
+
 	api.UnimplementedControlServiceServer
 }
 
@@ -812,7 +814,7 @@ func (ss *ControlService) CreateSSHKeyPair(ctx context.Context, req *api.CreateS
 		if err != nil {
 			return nil, xerrors.Errorf("cannot create tmpfile: %w", err)
 		}
-		err = prepareSSHKey(ctx, filepath.Join(dir, "ssh"))
+		err = prepareSSHKey(ctx, filepath.Join(dir, "ssh"), ss.uid, ss.gid)
 		if err != nil {
 			return nil, xerrors.Errorf("cannot create ssh key pair: %w", err)
 		}
@@ -836,7 +838,7 @@ func (ss *ControlService) CreateSSHKeyPair(ctx context.Context, req *api.CreateS
 		if err != nil {
 			return nil, xerrors.Errorf("cannot write file ~.ssh/authorized_keys: %w", err)
 		}
-		err = os.Chown(filepath.Join(home, ".ssh/authorized_keys"), gitpodUID, gitpodGID)
+		err = os.Chown(filepath.Join(home, ".ssh/authorized_keys"), ss.uid, ss.gid)
 		if err != nil {
 			return nil, xerrors.Errorf("cannot chown SSH authorized_keys file: %w", err)
 		}

components/supervisor/pkg/supervisor/ssh.go

@@ -30,7 +30,7 @@ func newSSHServer(ctx context.Context, cfg *Config, envvars []string) (*sshServe
 
 	sshkey := filepath.Join(filepath.Dir(bin), "ssh", "sshkey")
 	if _, err := os.Stat(sshkey); err != nil {
-		err := prepareSSHKey(ctx, sshkey)
+		err := prepareSSHKey(ctx, sshkey, int(cfg.WorkspaceLinuxUID), int(cfg.WorkspaceLinuxGID))
 		if err != nil {
 			return nil, xerrors.Errorf("unexpected error creating SSH key: %w", err)
 		}
@@ -145,7 +145,7 @@ func (s *sshServer) handleConn(ctx context.Context, conn net.Conn) {
 
 	log.WithField("args", args).Debug("sshd flags")
 	cmd := exec.CommandContext(ctx, openssh, args...)
-	cmd = runAsGitpodUser(cmd)
+	cmd = runAsUser(cmd, s.cfg.WorkspaceLinuxUID, s.cfg.WorkspaceLinuxGID)
 	cmd.Env = s.envvars
 	cmd.ExtraFiles = []*os.File{socketFD}
 	cmd.Stderr = os.Stderr
@@ -183,7 +183,7 @@ func (s *sshServer) handleConn(ctx context.Context, conn net.Conn) {
 	}
 }
 
-func prepareSSHKey(ctx context.Context, sshkey string) error {
+func prepareSSHKey(ctx context.Context, sshkey string, uid, gid int) error {
 	bin, err := os.Executable()
 	if err != nil {
 		return xerrors.Errorf("cannot find executable path: %w", err)
@@ -219,7 +219,7 @@ func prepareSSHKey(ctx context.Context, sshkey string) error {
 		return xerrors.Errorf("cannot create SSH hostkey file: %w", err)
 	}
 
-	err = os.Chown(sshkey, gitpodUID, gitpodGID)
+	err = os.Chown(sshkey, uid, gid)
 	if err != nil {
 		return xerrors.Errorf("cannot chown SSH hostkey file: %w", err)
 	}
@@ -235,7 +235,7 @@ func ensureSSHDir(cfg *Config) error {
 	if err != nil {
 		return xerrors.Errorf("cannot create $HOME/.ssh: %w", err)
 	}
-	_ = exec.Command("chown", "-R", fmt.Sprintf("%d:%d", gitpodUID, gitpodGID), d).Run()
+	_ = exec.Command("chown", "-R", fmt.Sprintf("%d:%d", cfg.WorkspaceLinuxUID, cfg.WorkspaceLinuxGID), d).Run()
 
 	return nil
 }