ci: Run $(CI_PREPARE_SCRIPT) as root

In order for the prepare script to be really useful, it needs
to be able to perform privileged operations such as installing
additional packages or setting up custom mount points.

In order to achieve that, we now run the container as root,
run the prepare script with full privilege, and only then
switch to the unprivileged account with sudo.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

ci/Makefile

@@ -178,7 +178,6 @@ CI_GIT_ARGS = \
 #   --tty     Ensure we have ability to Ctrl-C the build
 CI_ENGINE_ARGS = \
 	--rm \
-	--user $(CI_UID):$(CI_GID) \
 	--interactive \
 	--tty \
 	$(CI_PODMAN_ARGS) \
@@ -219,13 +218,17 @@ ci-run-command@%: ci-prepare-tree
 	$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
 		/bin/bash -c ' \
 		$(CI_USER_HOME)/prepare || exit 1; \
-		export CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)"; \
-		export CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)"; \
-		export CI_SMP="$(CI_SMP)"; \
-		export CI_CONFIGURE="$(CI_CONFIGURE)"; \
-		export CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)"; \
-		export CI_MAKE_ARGS="$(CI_MAKE_ARGS)"; \
-		$(CI_COMMAND) || exit 1'
+		sudo \
+		  --login \
+		  --user="#$(CI_UID)" \
+		  --group="#$(CI_GID)" \
+		  CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
+		  CI_CONT_BUILDDIR="$(CI_CONT_BUILDDIR)" \
+		  CI_SMP="$(CI_SMP)" \
+		  CI_CONFIGURE="$(CI_CONFIGURE)" \
+		  CI_CONFIGURE_ARGS="$(CI_CONFIGURE_ARGS)" \
+		  CI_MAKE_ARGS="$(CI_MAKE_ARGS)" \
+		  $(CI_COMMAND) || exit 1'
 	@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
 
 ci-shell@%:

ci/prepare.sh

@@ -7,3 +7,7 @@
 #  CI_PREPARE_SCRIPT=/path/to/your/prepare/script
 #
 # to make.
+#
+# Note that this script will have root privileges inside the
+# container, so it can be used for things like installing additional
+# packages.