From efe325665a5162144bbbbcd75c7c25451c3cbac4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Tue, 22 May 2018 11:44:29 +0200
Subject: Create user buildkite-agent for generic BuildKite installs

---
 alpine.sh                                      |  1 +
 archlinux.sh                                   |  1 +
 ci.d/buildkite                                 | 19 +++++++++----------
 ci.d/openssl                                   | 10 +++++-----
 priv/buildkite-environment-hook-openssl-fix-10 |  2 +-
 5 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/alpine.sh b/alpine.sh
index e159b50..e31649a 100755
--- a/alpine.sh
+++ b/alpine.sh
@@ -21,4 +21,5 @@ apk_upgrade
 apk_install $PACKAGES
 buildkite_install $DIST $BUILDKITE_TOKEN
 ssh_copy_host_key
+ssh_copy_host_key buildkite-agent /home/buildkite-agent
 lxc_restart
diff --git a/archlinux.sh b/archlinux.sh
index 2699964..a5f9c42 100755
--- a/archlinux.sh
+++ b/archlinux.sh
@@ -24,4 +24,5 @@ archlinux_enable_cron
 buildkite_install $DIST $BUILDKITE_TOKEN
 openssl_fix_10_buildkite
 ssh_copy_host_key
+ssh_copy_host_key buildkite-agent /home/buildkite-agent
 lxc_restart
diff --git a/ci.d/buildkite b/ci.d/buildkite
index 21988f8..670fa0c 100644
--- a/ci.d/buildkite
+++ b/ci.d/buildkite
@@ -1,12 +1,10 @@
 #!/usr/bin/env sh
 
 _buildkite_config() {
-	BUILDKITE_PATH=/root/.buildkite-agent
-	BUILDKITE_USER=root
+	BUILDKITE_PATH=/home/buildkite-agent/.buildkite-agent
 	if [ "$1" = 'ubuntu' -o "$1" = 'debian' -o "$1" = 'centos' ]
 	then
 		BUILDKITE_PATH=/etc/buildkite-agent
-		BUILDKITE_USER=buildkite-agent
 	fi
 	# Update the configuration.
 	lxc_do bash -c "echo name=\"$1-%n\" >> $BUILDKITE_PATH/buildkite-agent.cfg"
@@ -19,7 +17,7 @@ _buildkite_config() {
 	<$( cd "$( dirname "$0" )" && pwd )/priv/buildkite-pre-artifact-hook \
 		lxc_do bash -c "cat > $BUILDKITE_PATH/hooks/pre-artifact"
 	lxc_do chmod +x $BUILDKITE_PATH/hooks/pre-artifact
-	lxc_do chown $BUILDKITE_USER:$BUILDKITE_USER $BUILDKITE_PATH/hooks/pre-artifact
+	lxc_do chown buildkite-agent:buildkite-agent $BUILDKITE_PATH/hooks/pre-artifact
 }
 
 _buildkite_install_centos() {
@@ -30,12 +28,13 @@ _buildkite_install_centos() {
 }
 
 _buildkite_install_generic() {
-	lxc_do curl -sLO https://raw.githubusercontent.com/buildkite/agent/master/install.sh
-	lxc_do bash -c "TOKEN=\"$2\" bash install.sh"
-	lxc_do rm install.sh
-	lxc_do bash -c 'echo "@reboot /root/.buildkite-agent/bin/buildkite-agent start &" >> tmpcron'
-	lxc_do crontab tmpcron
-	lxc_do rm tmpcron
+	lxc_do useradd -m -s /bin/bash buildkite-agent
+	lxc_do su - buildkite-agent -c 'curl -sLO https://raw.githubusercontent.com/buildkite/agent/master/install.sh'
+	lxc_do su - buildkite-agent -c "TOKEN=\"$2\" bash install.sh"
+	lxc_do su - buildkite-agent -c 'rm install.sh'
+	lxc_do su - buildkite-agent -c 'echo "@reboot /home/buildkite-agent/.buildkite-agent/bin/buildkite-agent start &" >> tmpcron'
+	lxc_do su - buildkite-agent -c 'crontab tmpcron'
+	lxc_do su - buildkite-agent -c 'rm tmpcron'
 }
 
 _buildkite_install_ubuntu() {
diff --git a/ci.d/openssl b/ci.d/openssl
index 139c595..2d61491 100644
--- a/ci.d/openssl
+++ b/ci.d/openssl
@@ -4,10 +4,10 @@
 #
 # Setup OpenSSL 1.0 for older Erlang versions.
 openssl_fix_10() {
-	lxc_do mkdir /root/openssl-1.0
-	lxc_do ln -s /usr/include/openssl-1.0 /root/openssl-1.0/include
-	lxc_do ln -s /usr/lib/openssl-1.0 /root/openssl-1.0/lib
-	echo "lxc.environment = KERL_CONFIGURE_OPTIONS=--with-ssl=/root/openssl-1.0" \
+	lxc_do mkdir /home/buildkite-agent/openssl-1.0
+	lxc_do ln -s /usr/include/openssl-1.0 /home/buildkite-agent/openssl-1.0/include
+	lxc_do ln -s /usr/lib/openssl-1.0 /home/buildkite-agent/openssl-1.0/lib
+	echo "lxc.environment = KERL_CONFIGURE_OPTIONS=--with-ssl=/home/buildkite-agent/openssl-1.0" \
 		>> /home/lxc/$NAME/config
 }
 
@@ -15,7 +15,7 @@ openssl_fix_10() {
 #
 # Setup OpenSSL 1.0 also in Buildkite.
 openssl_fix_10_buildkite() {
-	BUILDKITE_PATH=/root/.buildkite-agent
+	BUILDKITE_PATH=/home/buildkite-agent/.buildkite-agent
 	<$( cd "$( dirname "$0" )" && pwd )/priv/buildkite-environment-hook-openssl-fix-10 \
 		lxc_do bash -c "cat > $BUILDKITE_PATH/hooks/environment"
 	lxc_do chmod +x $BUILDKITE_PATH/hooks/environment
diff --git a/priv/buildkite-environment-hook-openssl-fix-10 b/priv/buildkite-environment-hook-openssl-fix-10
index 412984b..1a68e24 100644
--- a/priv/buildkite-environment-hook-openssl-fix-10
+++ b/priv/buildkite-environment-hook-openssl-fix-10
@@ -2,4 +2,4 @@
 
 set -e
 
-export KERL_CONFIGURE_OPTIONS=--with-ssl=/root/openssl-1.0
+export KERL_CONFIGURE_OPTIONS=--with-ssl=/home/buildkite-agent/openssl-1.0
-- 
cgit v1.2.3