From 69c67badfbaa4f3e1e41ce434db324effd8af972 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20P=C3=B6hn?= <michael@poehn.at>
Date: Tue, 14 Oct 2025 13:24:42 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=AA=86=20--as-root=20to=20run=20command?=
 =?UTF-8?q?=20inside=20of=20container/VM=20as=20root?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 fdroidserver/common.py | 15 ++++++++-------
 fdroidserver/exec.py   |  8 ++++++++
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/fdroidserver/common.py b/fdroidserver/common.py
index 97bbaedc..745eec1c 100644
--- a/fdroidserver/common.py
+++ b/fdroidserver/common.py
@@ -5135,28 +5135,29 @@ def get_podman_container(appid, vercode):
     return ret
 
 
-def inside_exec(appid, vercode, command, virt_container_type):
+def inside_exec(appid, vercode, command, virt_container_type, as_root=False):
     """Execute the command inside of the VM for the build."""
     if virt_container_type == 'vagrant':
-        return vagrant_exec(appid, vercode, command)
+        return vagrant_exec(appid, vercode, command, as_root)
     elif virt_container_type == 'podman':
-        return podman_exec(appid, vercode, command)
+        return podman_exec(appid, vercode, command, as_root)
     else:
         raise Exception(
             f"'{virt_container_type}' not supported, currently supported: vagrant, podman"
         )
 
 
-def podman_exec(appid, vercode, command):
+def podman_exec(appid, vercode, command, as_root=False):
     """Execute the command inside of a podman container for the build."""
     container_name = get_container_name(appid, vercode)
     to_stdin = shlex.join(command)
+    user = 'root' if as_root else BUILD_USER
     p = subprocess.run(
         [
             'podman',
             'exec',
             '--interactive',
-            '--user=vagrant',
+            f'--user={user}',
             f'--workdir={BUILD_HOME}',
             container_name,
         ]
@@ -5181,7 +5182,7 @@ def get_vagrantfile_path(appid, vercode):
     return Path('tmp/buildserver', get_container_name(appid, vercode), 'Vagrantfile')
 
 
-def vagrant_exec(appid, vercode, command):
+def vagrant_exec(appid, vercode, command, as_root=False):
     """Execute a command in the Vagrant VM via ssh."""
     vagrantfile = get_vagrantfile_path(appid, vercode)
     to_stdin = shlex.join(command)
@@ -5190,7 +5191,7 @@ def vagrant_exec(appid, vercode, command):
             'vagrant',
             'ssh',
             '-c',
-            'bash',
+            'sudo bash' if as_root else 'bash',
         ],
         input=to_stdin,
         text=True,
diff --git a/fdroidserver/exec.py b/fdroidserver/exec.py
index 2a11e5b7..bbe1bf97 100644
--- a/fdroidserver/exec.py
+++ b/fdroidserver/exec.py
@@ -2,6 +2,7 @@
 #
 # exec.py - part of the FDroid server tools
 # Copyright (C) 2024-2025, Hans-Christoph Steiner <hans@eds.org>
+# Copyright (C) 2024-2025, Michael Pöhn <michael@poehn.at>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -34,6 +35,12 @@ def main():
     parser = ArgumentParser(
         description="Run a subcommand in the buildserver container/box."
     )
+    parser.add_argument(
+        '--as-root',
+        default=False,
+        action='store_true',
+        help="run command inside of container/VM as root user",
+    )
     common.setup_global_opts(parser)
     common.setup_virt_container_type_opts(parser)
     parser.add_argument(
@@ -53,6 +60,7 @@ def main():
             vercode,
             options.COMMAND,
             common.get_virt_container_type(options),
+            options.as_root,
         )
     except Exception as e:
         if options.verbose: