Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use current user's ID when building via Docker #1298

Merged
merged 2 commits into from
Jun 21, 2024
Merged

Use current user's ID when building via Docker #1298

merged 2 commits into from
Jun 21, 2024

Conversation

egibs
Copy link
Member

@egibs egibs commented Jun 17, 2024

Melange Pull Request Template

Relates to: #1255

This PR introduces parity between Bubblewrap and Docker, that is, builds will default to the current UID with Docker but can still be configured via cfg.RunAs.

Functional Changes

  • This change can build all of Wolfi without errors (describe results in notes)

Notes:

SCA Changes

  • Examining several representative APKs show no regression / the desired effect (details in notes)

Notes:

Linter

  • The new check is clean across Wolfi
  • The new check is opt-in or a warning

Notes:

Works as expected -- on my Mac this defaulted to a UID of 501 rather than an empty string (which translates to 0).

I tested this via these commands:

$ go run . convert python botocore --python-version 3.11
$ go run . build py3.11-botocore.yaml --runner docker --arch x86_64,aarch64 --repository-append https://packages.wolfi.dev/os --keyring-append https://packages.wolfi.dev/os/wolfi-signing.rsa.pub

and then used []string{"id", "-u"} for the container Cmd to check the UID.

Original code:

...
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO running step "Build a Python wheel" arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO running step "Strip binaries" arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
2024/06/17 12:20:38 INFO running step "Strip binaries" arch=x86_64
2024/06/17 12:20:38 INFO 0 arch=aarch64
2024/06/17 12:20:38 INFO retrieving workspace from builder: 14c8e43d658a2b292b62ef9a7683053a1b52796896ca187004ffc3f65dbb1701 arch=aarch64
2024/06/17 12:20:38 INFO 0 arch=x86_64
...

New code:

...
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO running step "Build a Python wheel" arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
2024/06/17 12:21:18 INFO running step "Build a Python wheel" arch=x86_64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO running step "Strip binaries" arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
2024/06/17 12:21:18 INFO 501 arch=aarch64
2024/06/17 12:21:18 INFO retrieving workspace from builder: 6420e9b2cdda3b7168c2db4d99d70ea94a3a3c7a552195c6c2ee4de8f1fcd39c arch=aarch64
2024/06/17 12:21:18 INFO 501 arch=x86_64
...

@egibs
Use current user's ID when building via Docker
7d637c5 
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
@joshrwolf
Copy link
Contributor

thanks for the contribution 🙏 ! would you mind resolving the conflicts and I'll kick off CI?

@egibs
Merge branch 'main' into docker-non-zero-uid
e4dcd39 
Signed-off-by: Evan Gibler <20933572+egibs@users.noreply.github.com>
@egibs
Copy link
Member Author

egibs commented Jun 20, 2024

thanks for the contribution 🙏 ! would you mind resolving the conflicts and I'll kick off CI?

Done!

@krishjainx
Copy link
Contributor

Kicked off CI! @egibs cc/ @joshrwolf

@jonjohnsonjr jonjohnsonjr merged commit 9210772 into chainguard-dev:main Jun 21, 2024
31 checks passed
smoser added a commit to smoser/wolfictl that referenced this pull request Jun 26, 2024
@smoser
Pick up several fixes from melange.
a8334c1 
Notable:

 * Use current user's ID when building via Docker
   chainguard-dev/melange#1298
 * Make running the git-checkout via melange not emit WARN messages.
 * feat - add flag to go/build to run go mod tidy
   chainguard-dev/melange#1303
 * enforce some more lint checks
 * Add git-cherry-pick pipeline
   chainguard-dev/melange#1278

Signed-off-by: Scott Moser <smoser@brickies.net>
@smoser smoser mentioned this pull request Jun 26, 2024
Merged
@BrewTestBot BrewTestBot mentioned this pull request Jun 26, 2024
Merged
@joshrwolf joshrwolf mentioned this pull request Jul 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonjohnsonjr jonjohnsonjr jonjohnsonjr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@egibs @joshrwolf @krishjainx @jonjohnsonjr