diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aad28a2d8..14300f3bf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables: &global_variables
POSTGRES_PASSWORD: postgres
DB_HOST: postgres
MIX_ENV: test
+ USER: root
cache: &global_cache_policy
key: ${CI_COMMIT_REF_SLUG}
diff --git a/config/config.exs b/config/config.exs
index 838508c1b..d1440b7bf 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -681,6 +681,10 @@ config :pleroma, :restrict_unauthenticated,
config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false
+config :pleroma, :exexec,
+ root_mode: false,
+ options: %{}
+
# Import environment specific config. This must remain at the bottom
# of this file so it overrides the configuration defined above.
import_config "#{Mix.env()}.exs"
diff --git a/lib/pleroma/exec.ex b/lib/pleroma/exec.ex
new file mode 100644
index 000000000..1b088d322
--- /dev/null
+++ b/lib/pleroma/exec.ex
@@ -0,0 +1,38 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Exec do
+ @moduledoc "Pleroma wrapper around Exexec commands."
+
+ alias Pleroma.Config
+
+ def ensure_started(options_overrides \\ %{}) do
+ options =
+ if Config.get([:exexec, :root_mode]) || System.get_env("USER") == "root" do
+ # Note: running as `root` is discouraged (yet Gitlab CI does that by default)
+ %{root: true, user: "root", limit_users: ["root"]}
+ else
+ %{}
+ end
+
+ options =
+ options
+ |> Map.merge(Config.get([:exexec, :options], %{}))
+ |> Map.merge(options_overrides)
+
+ with {:error, {:already_started, pid}} <- Exexec.start(options) do
+ {:ok, pid}
+ end
+ end
+
+ def run(cmd, options \\ %{}) do
+ ensure_started()
+ Exexec.run(cmd, options)
+ end
+
+ def cmd(cmd, options \\ %{}) do
+ options = Map.merge(%{sync: true, stdout: true}, options)
+ run(cmd, options)
+ end
+end
diff --git a/lib/pleroma/helpers/media_helper.ex b/lib/pleroma/helpers/media_helper.ex
index ee6b76c41..ecd234558 100644
--- a/lib/pleroma/helpers/media_helper.ex
+++ b/lib/pleroma/helpers/media_helper.ex
@@ -7,8 +7,6 @@ defmodule Pleroma.Helpers.MediaHelper do
Handles common media-related operations.
"""
- @ffmpeg_opts [{:sync, true}, {:stdout, true}]
-
def ffmpeg_resize_remote(uri, %{max_width: max_width, max_height: max_height}) do
cmd = ~s"""
curl -L "#{uri}" |
@@ -20,7 +18,7 @@ defmodule Pleroma.Helpers.MediaHelper do
cat
"""
- with {:ok, [stdout: stdout_list]} <- Exexec.run(cmd, @ffmpeg_opts) do
+ with {:ok, [stdout: stdout_list]} <- Pleroma.Exec.cmd(cmd) do
{:ok, Enum.join(stdout_list)}
end
end
diff --git a/mix.exs b/mix.exs
index 4c9bbc0ab..3215086ca 100644
--- a/mix.exs
+++ b/mix.exs
@@ -197,7 +197,8 @@ defmodule Pleroma.Mixfile do
ref: "e0f16822d578866e186a0974d65ad58cddc1e2ab"},
{:mox, "~> 0.5", only: :test},
{:restarter, path: "./restarter"},
- {:exexec, "~> 0.2"},
+ # Note: `runtime: true` for :exexec makes CI fail due to `root` user (see Pleroma.Exec)
+ {:exexec, "~> 0.2", runtime: false},
{:open_api_spex,
git: "https://git.pleroma.social/pleroma/elixir-libraries/open_api_spex.git",
ref: "f296ac0924ba3cf79c7a588c4c252889df4c2edd"}
diff --git a/test/exec_test.exs b/test/exec_test.exs
new file mode 100644
index 000000000..45d3f778f
--- /dev/null
+++ b/test/exec_test.exs
@@ -0,0 +1,13 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.ExecTest do
+ alias Pleroma.Exec
+
+ use Pleroma.DataCase
+
+ test "it starts" do
+ assert {:ok, _} = Exec.ensure_started()
+ end
+end