You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by gn...@apache.org on 2022/05/02 18:26:29 UTC
[maven-mvnd] 01/01: Use custom docker image to set uid/gid correctly
This is an automated email from the ASF dual-hosted git repository.
gnodet pushed a commit to branch i627
in repository https://gitbox.apache.org/repos/asf/maven-mvnd.git
commit a5fe2e131dea6770ea1b76eb3c6991f648b2a1af
Author: Guillaume Nodet <gn...@gmail.com>
AuthorDate: Mon May 2 20:26:17 2022 +0200
Use custom docker image to set uid/gid correctly
---
native/Makefile | 36 ++++++++++++++++-----------------
native/docker/crossbuild/Dockerfile | 11 ++++++++++
native/docker/crossbuild/crossbuild-uid | 28 +++++++++++++++++++++++++
3 files changed, 57 insertions(+), 18 deletions(-)
diff --git a/native/Makefile b/native/Makefile
index cc9b135..0d6e718 100644
--- a/native/Makefile
+++ b/native/Makefile
@@ -56,6 +56,9 @@ native-all: linux-x86 linux-x86_64 linux-arm linux-armv6 linux-armv7 \
native: $(NATIVE_DLL)
+crossbuild-uid:
+ docker build docker/crossbuild -t maven-mvnd/crossbuild
+
$(NATIVE_DLL): $(MVNDNATIVE_OUT)/$(LIBNAME)
@mkdir -p $(@D)
cp $< $@
@@ -65,33 +68,33 @@ $(NATIVE_DLL): $(MVNDNATIVE_OUT)/$(LIBNAME)
linux-x86: download-includes
./docker/dockcross-linux-x86 bash -c 'make clean-native native OS_NAME=Linux OS_ARCH=x86'
-linux-x86_64: download-includes
+linux-x86_64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=x86_64-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=x86_64
+ -e CROSS_TRIPLE=x86_64-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=x86_64
-linux-arm: download-includes
+linux-arm: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=arm-linux-gnueabi multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm
+ -e CROSS_TRIPLE=arm-linux-gnueabi maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm
linux-armv6:
./docker/dockcross-linux-armv6 bash -c 'make clean-native native CROSS_PREFIX=armv6-unknown-linux-gnueabihf- OS_NAME=Linux OS_ARCH=armv6'
-linux-armv7: download-includes
+linux-armv7: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=arm-linux-gnueabihf multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=armv7
+ -e CROSS_TRIPLE=arm-linux-gnueabihf maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=armv7
-linux-arm64: download-includes
+linux-arm64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=aarch64-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm64
+ -e CROSS_TRIPLE=aarch64-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm64
-linux-ppc64: download-includes
+linux-ppc64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=powerpc64le-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=ppc64
+ -e CROSS_TRIPLE=powerpc64le-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=ppc64
win-x86: download-includes
./docker/dockcross-windows-static-x86 bash -c 'make clean-native native CROSS_PREFIX=i686-w64-mingw32.static- OS_NAME=Windows OS_ARCH=x86'
@@ -99,29 +102,26 @@ win-x86: download-includes
win-x86_64: download-includes
./docker/dockcross-windows-static-x64 bash -c 'make clean-native native CROSS_PREFIX=x86_64-w64-mingw32.static- OS_NAME=Windows OS_ARCH=x86_64'
-mac-x86: download-includes
+mac-x86: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=i386-apple-darwin multiarch/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86
+ -e CROSS_TRIPLE=i386-apple-darwin maven-mvnd/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86
-mac-x86_64: download-includes
+mac-x86_64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/workdir \
-e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
- -e CROSS_TRIPLE=x86_64-apple-darwin multiarch/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86_64
+ -e CROSS_TRIPLE=x86_64-apple-darwin maven-mvnd/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86_64
-mac-arm64: download-includes
+mac-arm64: download-includes crossbuild-uid
docker run -it --rm -v $$PWD:/src \
- -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
-e TARGET=arm64-apple-darwin mcandre/snek:darwin sh -c "make clean-native native CROSS_PREFIX=arm64-apple-darwin20.4- OS_NAME=Mac OS_ARCH=arm64"
freebsd-x86: download-includes
docker run -it --rm -v $$PWD:/workdir \
- -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=i386-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86
freebsd-x86_64: download-includes
docker run -it --rm -v $$PWD:/workdir \
- -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \
empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=x86_64-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86_64
#sparcv9:
diff --git a/native/docker/crossbuild/Dockerfile b/native/docker/crossbuild/Dockerfile
new file mode 100644
index 0000000..ce18c9e
--- /dev/null
+++ b/native/docker/crossbuild/Dockerfile
@@ -0,0 +1,11 @@
+FROM multiarch/crossbuild
+RUN cd /tmp; \
+ git clone https://github.com/ncopa/su-exec.git; \
+ cd /tmp/su-exec; \
+ make; \
+ cp su-exec /usr/bin; \
+ rm -Rf /tmp/su-exec
+ENTRYPOINT [ "/usr/bin/crossbuild-uid", "/usr/bin/crossbuild" ]
+CMD ["/bin/bash"]
+WORKDIR /workdir
+COPY crossbuild-uid /usr/bin/crossbuild-uid
diff --git a/native/docker/crossbuild/crossbuild-uid b/native/docker/crossbuild/crossbuild-uid
new file mode 100755
index 0000000..705e888
--- /dev/null
+++ b/native/docker/crossbuild/crossbuild-uid
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# This is the entrypoint script for the dockerfile. Executed in the
+# container at runtime.
+
+# If we are running docker natively, we want to create a user in the container
+# with the same UID and GID as the user on the host machine, so that any files
+# created are owned by that user. Without this they are all owned by root.
+# The dockcross script sets the BUILDER_UID and BUILDER_GID vars.
+if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
+
+ groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
+ useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
+ export HOME=/home/${BUILDER_USER}
+ shopt -s dotglob
+ cp -r /root/* $HOME/
+ chown -R $BUILDER_UID:$BUILDER_GID $HOME
+
+ # Enable passwordless sudo capabilities for the user
+ chown root:$BUILDER_GID $(which su-exec)
+ chmod +s $(which su-exec); sync
+
+ # Run the command as the specified user/group.
+ exec su-exec $BUILDER_UID:$BUILDER_GID "$@"
+else
+ # Just run the command as root.
+ exec "$@"
+fi