views:

361

answers:

3

I'm trying to better integrate Eclipse with my build.xml. My build file calls GNU Make for the native portion of the program, and the Makefile uses sudo to movethe compiled libs into system path. Unfortunately that requires entering a password, and Eclipse's terminal doesn't accept user input. So the result from running the build in eclipse is:

 [exec] sudo: no tty present and no askpass program specified
 [exec] make: *** [install] Error 1

Any way around this problem? Can the ant build be elevated to root some other way?

+2  A: 

You could set up your /etc/sudoers file so that it specifies NOPASSWD: for the user under which Eclipse is running, and for the command you're using to move the libs. Using the visudo command, you could add this to the end of /etc/sudoers:

eclipseuser ALL = NOPASSWD: /bin/cp

Be aware that this does present a security risk as the eclipseuser would then have the power to overwrite any file on the system.

Brian Showalter
Thanks for the suggestion. At home I'd be fine with this but at work anyone could use this computer so it seems unwise.
Yuvi Masory
+1 for Brian's comment. Other sudo options *requires* a tty for password input and since eclipse terminal is not tty, looks like we are out of luck. @disown also has some good suggestion.
ring bearer
Are you saying that anyone could log into your account on that work computer? I have a few more ideas but need to know a bit more about how your system is set up and used.
Brian Showalter
I'm saying I don't always lock out of my computer when I go to get lunch/coffee. I don't want anyone who sits at my computer and opens a terminal to have sudo. Thanks again Brian.
Yuvi Masory
A: 

Perhaps a stupid 'solution', but why not make the deploy a separate step? Have the build make an packaging artifact: DEP, RPM or something.

disown
That's what I have now. The deploy step packages the libraries into an .app/.exe installer/.deb depending on the platform. The ant task that moves libraries to system path is strictly for development, so I can run the Java code normally through Eclipse (or through java -jar) and get better feedback than a Java jar packaged inside an app/exe can provide. (For example, terminal output is routed normally not requiring a special log viewer).
Yuvi Masory
+1  A: 

Set up a separate account, e.g. deployer. Modify /etc/sudoers to include aliases that allow deployer to execute a single command, e.g. deploy, as root. Make deployer NOEXEC:. Store the deployer password in an invisible file, e.g. .deployconf having user-only access: e.g. 400 or 600. Load the password in ant, and use as required:

<loadfile srcfile="${user.home}/.deployconf" property="deployconf"/>

This works well with <signjar/>, but I've not tried it with <exec/>. Some effort may be required to keep linefeeds out of .deployconf.

trashgod
I'm choosing this one because it's the safest, but it doesn't seem like there's really a fantastic way to do what I was hoping.
Yuvi Masory
I share your wariness. This is akin to hiding a spare key in the house. You might also use group permissions to limit the scope of _deployer_ actions.
trashgod