fix: sudo for apt-get in install commands, add golang/corepack/sudo to Dockerfile

echobt · echobt · commit 1aceb88bf5ab · 2026-02-28T09:39:09.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -11,13 +11,16 @@ RUN cargo build --release && strip target/release/term-executor
 # ── Runtime stage ──
 FROM debian:bookworm-slim
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates git curl libssl3 \
+    ca-certificates git curl libssl3 sudo \
     python3 python3-pip python3-venv \
     build-essential nodejs npm \
+    golang-go \
     && ln -sf /usr/bin/python3 /usr/bin/python \
+    && corepack enable 2>/dev/null || true \
     && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /build/target/release/term-executor /usr/local/bin/
 RUN groupadd --system executor && useradd --system --gid executor --create-home executor \
+    && echo "executor ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/executor \
     && mkdir -p /tmp/sessions && chown executor:executor /tmp/sessions
 USER executor
 ENV IMAGE_NAME=platformnetwork/term-executor
diff --git a/src/executor.rs b/src/executor.rs
@@ -331,9 +331,22 @@ async fn run_task_pipeline(
     result.status = TaskStatus::InstallingDeps;
     if let Some(ref install_cmds) = task.workspace.install {
         for cmd in install_cmds {
-            info!("[{}] Installing: {}", task.id, cmd);
+            // Prefix commands that need root (apt-get, dpkg, etc.) with sudo
+            let effective_cmd = if cmd.trim_start().starts_with("apt-get")
+                || cmd.trim_start().starts_with("dpkg")
+                || cmd.trim_start().starts_with("apt ")
+            {
+                format!("sudo {}", cmd)
+            } else if cmd.contains("apt-get") || cmd.contains("dpkg") {
+                // Command chain containing apt-get (e.g. "apt-get update && apt-get install ...")
+                cmd.replace("apt-get", "sudo apt-get")
+                    .replace("dpkg", "sudo dpkg")
+            } else {
+                cmd.clone()
+            };
+            info!("[{}] Installing: {}", task.id, effective_cmd);
             let (_, stderr, exit) = run_shell(
-                cmd,
+                &effective_cmd,
                 &repo_dir,
                 Duration::from_secs(config.clone_timeout_secs),
                 None,
