You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by gn...@apache.org on 2022/05/02 18:26:28 UTC
[maven-mvnd] branch i627 created (now a5fe2e1)
This is an automated email from the ASF dual-hosted git repository.
gnodet pushed a change to branch i627
in repository https://gitbox.apache.org/repos/asf/maven-mvnd.git
at a5fe2e1 Use custom docker image to set uid/gid correctly
This branch includes the following new commits:
new a5fe2e1 Use custom docker image to set uid/gid correctly
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[maven-mvnd] 01/01: Use custom docker image to set uid/gid correctly
Posted by gn...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
gnodet pushed a commit to branch i627
in repository https://gitbox.apache.org/repos/asf/maven-mvnd.git
commit a5fe2e131dea6770ea1b76eb3c6991f648b2a1af
Author: Guillaume Nodet <gn...@gmail.com>
AuthorDate: Mon May 2 20:26:17 2022 +0200
Use custom docker image to set uid/gid correctly
---
native/Makefile | 36 ++++++++++++++++-----------------
native/docker/crossbuild/Dockerfile | 11 ++++++++++
native/docker/crossbuild/crossbuild-uid | 28 +++++++++++++++++++++++++
3 files changed, 57 insertions(+), 18 deletions(-)
diff --git a/native/Makefile b/native/Makefile
index cc9b135..0d6e718 100644
--- a/native/Makefile
+++ b/native/Makefile
@@ -56,6 +56,9 @@ native-all: linux-x86 linux-x86_64 linux-arm linux-armv6 linux-armv7 \
native: $(NATIVE_DLL)
+crossbuild-uid:
+ docker build docker/crossbuild -t maven-mvnd/crossbuild
+
$(NATIVE_DLL): $(MVNDNATIVE_OUT)/$(LIBNAME)
@mkdir -p $(@D)
cp $< $@
@@ -65,33 +68,33 @@ $(NATIVE_DLL): $(MVNDNATIVE_OUT)/$(LIBNAME)
linux-x86: download-includes
./docker/dockcross-linux-x86 bash -c 'make clean-native native OS_NAME=Linux OS_ARCH=x86'
-linux-x86_64: download-includes
+linux-x86_64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=x86_64-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=x86_64
+ -e CROSS_TRIPLE=x86_64-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=x86_64
-linux-arm: download-includes
+linux-arm: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=arm-linux-gnueabi multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm
+ -e CROSS_TRIPLE=arm-linux-gnueabi maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm
linux-armv6:
./docker/dockcross-linux-armv6 bash -c 'make clean-native native CROSS_PREFIX=armv6-unknown-linux-gnueabihf- OS_NAME=Linux OS_ARCH=armv6'
-linux-armv7: download-includes
+linux-armv7: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=arm-linux-gnueabihf multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=armv7
+ -e CROSS_TRIPLE=arm-linux-gnueabihf maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=armv7
-linux-arm64: download-includes
+linux-arm64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=aarch64-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm64
+ -e CROSS_TRIPLE=aarch64-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm64
-linux-ppc64: download-includes
+linux-ppc64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=powerpc64le-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=ppc64
+ -e CROSS_TRIPLE=powerpc64le-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=ppc64
win-x86: download-includes
./docker/dockcross-windows-static-x86 bash -c 'make clean-native native CROSS_PREFIX=i686-w64-mingw32.static- OS_NAME=Windows OS_ARCH=x86'
@@ -99,29 +102,26 @@ win-x86: download-includes
win-x86_64: download-includes
./docker/dockcross-windows-static-x64 bash -c 'make clean-native native CROSS_PREFIX=x86_64-w64-mingw32.static- OS_NAME=Windows OS_ARCH=x86_64'
-mac-x86: download-includes
+mac-x86: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=i386-apple-darwin multiarch/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86
+ -e CROSS_TRIPLE=i386-apple-darwin maven-mvnd/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86
-mac-x86_64: download-includes
+mac-x86_64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=x86_64-apple-darwin multiarch/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86_64
+ -e CROSS_TRIPLE=x86_64-apple-darwin maven-mvnd/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86_64
-mac-arm64: download-includes
+mac-arm64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/src \
- -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
-e TARGET=arm64-apple-darwin mcandre/snek:darwin sh -c "make clean-native native CROSS_PREFIX=arm64-apple-darwin20.4- OS_NAME=Mac OS_ARCH=arm64"
freebsd-x86: download-includes
docker run -it --rm -v $$PWD:/workdir \
- -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=i386-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86
freebsd-x86_64: download-includes
docker run -it --rm -v $$PWD:/workdir \
- -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=x86_64-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86_64
#sparcv9:
diff --git a/native/docker/crossbuild/Dockerfile b/native/docker/crossbuild/Dockerfile
new file mode 100644
index 0000000..ce18c9e
--- /dev/null
+++ b/native/docker/crossbuild/Dockerfile
@@ -0,0 +1,11 @@
+FROM multiarch/crossbuild
+RUN cd /tmp; \
+ git clone https://github.com/ncopa/su-exec.git; \
+ cd /tmp/su-exec; \
+ make; \
+ cp su-exec /usr/bin; \
+ rm -Rf /tmp/su-exec
+ENTRYPOINT [ "/usr/bin/crossbuild-uid", "/usr/bin/crossbuild" ]
+CMD ["/bin/bash"]
+WORKDIR /workdir
+COPY crossbuild-uid /usr/bin/crossbuild-uid
diff --git a/native/docker/crossbuild/crossbuild-uid b/native/docker/crossbuild/crossbuild-uid
new file mode 100755
index 0000000..705e888
--- /dev/null
+++ b/native/docker/crossbuild/crossbuild-uid
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# This is the entrypoint script for the dockerfile. Executed in the
+# container at runtime.
+
+# If we are running docker natively, we want to create a user in the container
+# with the same UID and GID as the user on the host machine, so that any files
+# created are owned by that user. Without this they are all owned by root.
+# The dockcross script sets the BUILDER_UID and BUILDER_GID vars.
+if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
+
+ groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
+ useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
+ export HOME=/home/${BUILDER_USER}
+ shopt -s dotglob
+ cp -r /root/* $HOME/
+ chown -R $BUILDER_UID:$BUILDER_GID $HOME
+
+ # Enable passwordless sudo capabilities for the user
+ chown root:$BUILDER_GID $(which su-exec)
+ chmod +s $(which su-exec); sync
+
+ # Run the command as the specified user/group.
+ exec su-exec $BUILDER_UID:$BUILDER_GID "$@"
+else
+ # Just run the command as root.
+ exec "$@"
+fi