Do not have bootstrap run sudo commands.

Your site user may not have access to sudo, and your admin user may
cause permission issues if used to do the git checkout, or the Perl
module installation. Document the separate script to install system
packages instead.

Co-authored-by: Sam Pearson <sam@mysociety.org>

10 files changed, 13 insertions, 21 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 28d37d847..2af6f052c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,7 @@
         - Improve compatibility with G Suite OpenID Connect authentication. #3032
         - Fix duplicate asset message after dismissing duplicate suggestions.
         - Improve moderation diff display in a few small ways. #3105
+        - Do not have bootstrap run sudo commands. #2930
     - Admin improvements:
         - Display user name/email for contributed as reports. #2990
         - Interface for enabling anonymous reports for certain categories. #2989
diff --git a/Vagrantfile b/Vagrantfile
index 17eebe4b5..a69b58b11 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -60,6 +60,9 @@ EOS
 # This just runs our update script, used on our offical box.
 $update = <<-EOS
     chown -R vagrant:vagrant /home/vagrant/.cpanm
+    # Ensure any new packages are installed
+    /home/vagrant/fixmystreet/bin/install_packages
+    # Run setup script
     su vagrant -c '/home/vagrant/fixmystreet/script/setup ; exit $?'
     if [ $? -eq 0 ]; then
       touch /tmp/success
diff --git a/bin/docker.preinit b/bin/docker.preinit
index 459e89de2..501878185 100644
--- a/bin/docker.preinit
+++ b/bin/docker.preinit
@@ -34,6 +34,7 @@ fi
 su $FMS_DB_USER -c "${FMS_ROOT}/bin/docker-cobrand"
 
 # Ensure things are up to date - schema, CSS, etc
+${FMS_ROOT}/bin/install_packages docker
 su $FMS_DB_USER -c "${FMS_ROOT}/script/update"
 
 # Update reports
diff --git a/bin/install_packages b/bin/install_packages
index 7b4bfd8e1..c7f1b9446 100755
--- a/bin/install_packages
+++ b/bin/install_packages
@@ -3,7 +3,7 @@ set -e
 
 cd "$(dirname "${BASH_SOURCE[0]}")/.."
 
-PACKAGE_FILE=conf/packages
+PACKAGE_FILE=conf/packages.generic
 
 [ -n "$1" ] && PACKAGE_FILE="conf/packages.${1}"
 
diff --git a/bin/site-specific-install.sh b/bin/site-specific-install.sh
index af52dbdbc..2b773fecb 100644
--- a/bin/site-specific-install.sh
+++ b/bin/site-specific-install.sh
@@ -54,8 +54,6 @@ fi
 
 install_website_packages
 
-su -l -c "touch '$DIRECTORY/admin-htpasswd'" "$UNIX_USER"
-
 if [ $INSTALL_DB = true ]; then
     add_postgresql_user
 fi
diff --git a/docker-compose.yml b/docker-compose.yml
index cc653c922..80f0b56f1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -30,7 +30,6 @@ services:
       FMS_ROOT: '/var/www/fixmystreet/fixmystreet'
       SUPERUSER_EMAIL: 'superuser@example.org'
       SUPERUSER_PASSWORD: '5up3r53cr3t'
-      SKIP_PACKAGES_INSTALL:
     networks:
       default:
         aliases:
diff --git a/docs/install/manual-install.md b/docs/install/manual-install.md
index 408b419cb..35c654cf5 100644
--- a/docs/install/manual-install.md
+++ b/docs/install/manual-install.md
@@ -40,7 +40,7 @@ dependencies are listed in `conf/packages.generic`. To install all of them you
 can run e.g.:
 
 {% highlight bash %}
-$ sudo xargs -a conf/packages.generic apt-get install
+$ sudo bin/install_packages
 {% endhighlight %}
 
 A similar list of packages should work for other Debian-based distributions.
diff --git a/docs/updating/ami.md b/docs/updating/ami.md
index ff83e3aec..9f2f612ed 100644
--- a/docs/updating/ami.md
+++ b/docs/updating/ami.md
@@ -41,10 +41,12 @@ make sure they are all committed to your local branch and fork first, see
 to try checking out your repository elsewhere and trying the merge there first,
 to see if it there are any problems.
 
-After updating the code, you should run the following command to update any
+After updating the code, you should run the following commands to update any
 needed dependencies and any schema changes to your database. It's a good idea
 to take a backup of your database first.
 
+    admin@ip-10-58-191-98:/var/www/fixmystreet/fixmystreet$ sudo bin/install_packages
+
     fms@ip-10-58-191-98:~/fixmystreet$ script/update
 
 If you have made changes to the schema yourself, this may not work,
diff --git a/docs/updating/index.md b/docs/updating/index.md
index 2ab8ed6f5..ea1ce72cd 100644
--- a/docs/updating/index.md
+++ b/docs/updating/index.md
@@ -53,12 +53,13 @@ you are too worried to merge in case it breaks something.
 
 ## Subsequent dependency updates
 
-After updating the code, you should run the following command to update any
+After updating the code, you should run the following commands to update any
 needed dependencies and any schema changes to your database. It's a good idea
 to take a backup of your database first.
 
 {% highlight bash %}
-script/update
+sudo bin/install_packages # (as your admin user)
+script/update # (as the fms user)
 {% endhighlight %}
 
 Of course, if you have made changes to the database schema yourself, this may
diff --git a/script/bootstrap b/script/bootstrap
index f40e97b18..dfebd7449 100755
--- a/script/bootstrap
+++ b/script/bootstrap
@@ -4,17 +4,4 @@ set -e
 cd "$(dirname "$0")/.."
 
 git submodule --quiet update --init --recursive --rebase
-
-if [ -z ${SKIP_PACKAGES_INSTALL:+x} ] ; then
-    # Let's see if we can't work out where we might be running.
-    if cut -d/ -f2 /proc/self/cgroup | sort -u | grep -q docker ; then
-        echo "==> Installing Docker packages..."
-        sudo bin/install_packages docker
-    else
-        # Fallback
-        echo "==> Installing generic packages..."
-        sudo bin/install_packages generic
-    fi
-fi
-
 bin/install_perl_modules