Linter: untrusted repositories cannot mount host volumes


#1

linter: untrusted repositories cannot mount host volumes
I met the above error but I did not find where to set up it in the web console of in drone/drone:1.0.0-rc.3.
I use docker run to build a single drone server as below:

docker run
–volume=/var/run/docker.sock:/var/run/docker.sock
–volume=/var/lib/drone:/data
–env=DRONE_GITHUB_SERVER=https://github.com
–env=DRONE_GITHUB_CLIENT_ID=…
–env=DRONE_GITHUB_CLIENT_SECRET=…
–env=DRONE_RUNNER_CAPACITY=1
–env=DRONE_SERVER_HOST=drone.single.com
–env=DRONE_SERVER_PROTO=https
–env=DRONE_TLS_AUTOCERT=false
–env=DRONE_GIT_ALWAYS_AUTH=false
–env=DRONE_ADMIN=zhanwenzhuo-github
–publish=80:80
–publish=443:443
–restart=always
–detach=true
–name=drone
drone/drone:1.0.0-rc.3


#2

You have to set it up thourgh CLI:
drone repo update --trusted <your/repo>


#3

you can find the setting at a active drone repo settings


#4

maybe your admin is set wrong , that will make you can’t set any settings


#5

I have use CLI to update it but it seemed that no use.

root@awx-dev-02:~/my_python_shell# drone repo info zhanwenzhuo-github/game-of-life
Owner: zhanwenzhuo-github
Repo: game-of-life
Config: .drone.yml
Visibility: public
Private: false
Trusted: false
Protected: false
Remote: https://github.com/zhanwenzhuo-github/game-of-life.git
root@awx-dev-02:~/my_python_shell# drone repo update zhanwenzhuo-github/game-of-life --trusted=true
Successfully updated repository zhanwenzhuo-github/game-of-life
root@awx-dev-02:~/my_python_shell# drone repo info zhanwenzhuo-github/game-of-life
Owner: zhanwenzhuo-github
Repo: game-of-life
Config: .drone.yml
Visibility: public
Private: false
Trusted: false
Protected: false
Remote: https://github.com/zhanwenzhuo-github/game-of-life.git


#6

only a system administrator can Trusted mode. If you cannot set this field it is because you are not a Drone system administrator. To create an administrative user please follow the instructions here: https://docs.drone.io/administration/user/admins/


#7

Thanks a lot!

And I have updated the command below.

docker run
–volume=/var/run/docker.sock:/var/run/docker.sock
–volume=/var/lib/drone:/data
–env=DRONE_GITHUB_SERVER=https://github.com
–env=DRONE_GITHUB_CLIENT_ID=9cdfd9e8a13d3c004e0c
–env=DRONE_GITHUB_CLIENT_SECRET=322c2f1bc178aaa83aa753531f126c8f0048c0e3
–env=DRONE_RUNNER_CAPACITY=2
–env=DRONE_SERVER_HOST=drone-dev-02.awx.im
–env=DRONE_SERVER_PROTO=https
–env=DRONE_TLS_AUTOCERT=true
–env=DRONE_USER_CREATE=username:zhanwenzhuo-github,admin:true
–publish=80:80
–publish=443:443
–restart=always
–detach=true
–name=drone
drone/drone:1.0.0-rc.4


#8

I am having a similar problem in Drone Cloud for an open source project, however I don’t know how I can make my repository trusted.


#9

I am having a similar problem in Drone Cloud for an open source project, however I don’t know how I can make my repository trusted.

Trusted builds are essentially granted root access to the host machine. For security reasons, we would never grant a project on Drone Cloud trusted access to our servers. If you require host machine access to run your build, you will need to install and run Drone on your own servers.


#10

So for open source projects, there’s no way to issue a docker build/push from drone?


#11

use the official docker plugin. This is how we (the drone project) build and publish images at cloud.drone.io.


#12

Ah thank you! I will try it out today.

I was going through the docs and the “docker” example showed the volume mounts, so it might be helpful to mention this plugin in the docker examples. Thank you for the quick responses!