Linter: untrusted repositories cannot mount host volumes

Drone Support
1

linter: untrusted repositories cannot mount host volumes
I met the above error but I did not find where to set up it in the web console of in drone/drone:1.0.0-rc.3.
I use docker run to build a single drone server as below:

docker run
–volume=/var/run/docker.sock:/var/run/docker.sock
–volume=/var/lib/drone:/data
–env=DRONE_GITHUB_SERVER=https://github.com
–env=DRONE_GITHUB_CLIENT_ID=…
–env=DRONE_GITHUB_CLIENT_SECRET=…
–env=DRONE_RUNNER_CAPACITY=1
–env=DRONE_SERVER_HOST=drone.single.com
–env=DRONE_SERVER_PROTO=https
–env=DRONE_TLS_AUTOCERT=false
–env=DRONE_GIT_ALWAYS_AUTH=false
–env=DRONE_ADMIN=zhanwenzhuo-github
–publish=80:80
–publish=443:443
–restart=always
–detach=true
–name=drone
drone/drone:1.0.0-rc.3

2

You have to set it up thourgh CLI:
drone repo update --trusted <your/repo>

3

you can find the setting at a active drone repo settings

image
image1044×626 14.7 KB

1 Like
4

maybe your admin is set wrong , that will make you can’t set any settings

5

I have use CLI to update it but it seemed that no use.

root@awx-dev-02:~/my_python_shell# drone repo info zhanwenzhuo-github/game-of-life
Owner: zhanwenzhuo-github
Repo: game-of-life
Config: .drone.yml
Visibility: public
Private: false
Trusted: false
Protected: false
Remote: https://github.com/zhanwenzhuo-github/game-of-life.git
root@awx-dev-02:~/my_python_shell# drone repo update zhanwenzhuo-github/game-of-life --trusted=true
Successfully updated repository zhanwenzhuo-github/game-of-life
root@awx-dev-02:~/my_python_shell# drone repo info zhanwenzhuo-github/game-of-life
Owner: zhanwenzhuo-github
Repo: game-of-life
Config: .drone.yml
Visibility: public
Private: false
Trusted: false
Protected: false
Remote: https://github.com/zhanwenzhuo-github/game-of-life.git

6

only a system administrator can Trusted mode. If you cannot set this field it is because you are not a Drone system administrator. To create an administrative user please follow the instructions here: https://docs.drone.io/administration/user/admins/

1 Like
7

Thanks a lot!

And I have updated the command below.

docker run
–volume=/var/run/docker.sock:/var/run/docker.sock
–volume=/var/lib/drone:/data
–env=DRONE_GITHUB_SERVER=https://github.com
–env=DRONE_GITHUB_CLIENT_ID=9cdfd9e8a13d3c004e0c
–env=DRONE_GITHUB_CLIENT_SECRET=322c2f1bc178aaa83aa753531f126c8f0048c0e3
–env=DRONE_RUNNER_CAPACITY=2
–env=DRONE_SERVER_HOST=drone-dev-02.awx.im
–env=DRONE_SERVER_PROTO=https
–env=DRONE_TLS_AUTOCERT=true
–env=DRONE_USER_CREATE=username:zhanwenzhuo-github,admin:true
–publish=80:80
–publish=443:443
–restart=always
–detach=true
–name=drone
drone/drone:1.0.0-rc.4

8

I am having a similar problem in Drone Cloud for an open source project, however I don’t know how I can make my repository trusted.

9

I am having a similar problem in Drone Cloud for an open source project, however I don’t know how I can make my repository trusted.

Trusted builds are essentially granted root access to the host machine. For security reasons, we would never grant a project on Drone Cloud trusted access to our servers. If you require host machine access to run your build, you will need to install and run Drone on your own servers.

10

So for open source projects, there’s no way to issue a docker build/push from drone?

11

use the official docker plugin. This is how we (the drone project) build and publish images at cloud.drone.io.

12

Ah thank you! I will try it out today.

I was going through the docs and the “docker” example showed the volume mounts, so it might be helpful to mention this plugin in the docker examples. Thank you for the quick responses!

13

even with a trusted repo (verified with drone info …), i am still getting this error as well

Owner: [redacted]
Repo: [redacted]
Config: .drone.yml
Visibility: private
Private: true
Trusted: true
Protected: false
Remote: [redacted]

14

it doesnt seem like this matter. all that matter is that you pass in the ‘–trusted’ flag, which seems redundant?

15

drone exec is completely standalone and does not communicate with Drone server in any way. So the fact you have configured a repository as trusted within Drone server has no bearing on how drone exec works. It is meant to be a completely independent utility.

16

I am not following, aren’t we talking about drone lint and drone info?

17

drone lint is also standalone and does not communicate with the drone server. So the results of drone info do not have any bearing on the drone lint command.