-
-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use podman with UID 1002, GID 1003 instead of 1000 for s390x #986
Conversation
Thank you for creating a pull request!Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work). Code Quality and Contributing GuidelinesIf you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before. TestsGithub actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation. In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post |
@@ -2046,7 +2046,7 @@ class Build { | |||
if (isPodman == 0) { | |||
// Note: --userns was introduced in podman 4.3.0 | |||
// Add uid and gid userns mapping required for podman | |||
dockerRunArg += " --userns keep-id:uid=1000,gid=1000" | |||
dockerRunArg += " --userns keep-id:uid=1002,gid=1003" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Has --userns=keep-id
been considered? When running podman
with the id:gid
of the desired user (i.e. 1002:1003
in this case), explicit uid
, gid
mappings wouldn't be needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Has --userns=keep-id been considered?
Short answer: No. This was intended as a tactical fix based on what Andrew had done previously to get something live until I had the time to look at other options, of which your suggestion sounds like a good one to look at.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks - I've added a note to my issue about the s390x devkit about this so it doesn't get forgotten about.
Fixes the issue described in adoptium/temurin-build#3700 (comment) - UID 1000 was used by @andrew-m-leonard for some internal testing and is no longer required. This will fix it so that it matches what is on the Adoptium Marist s390x machines and allow the use of podman for the build process as per other reasons described in that issue.
I may switch this back or come up with a more generic solution in the future.