From 5f6751ba3006b4aca57a302809e224742ad8cc6b Mon Sep 17 00:00:00 2001
From: Lars Lehtonen <lars.lehtonen@gmail.com>
Date: Thu, 7 Sep 2017 20:32:01 -0700
Subject: [PATCH] Prevent Docker build environments from creating root-owned
 artifacts

---
 Makefile                                 | 6 ++++--
 images/dns-controller-builder/onbuild.sh | 2 ++
 images/protokube-builder/onbuild.sh      | 2 ++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index eca2e10281356..f1948b554425b 100644
--- a/Makefile
+++ b/Makefile
@@ -24,6 +24,8 @@ UNIQUE:=$(shell date +%s)
 GOVERSION=1.8.3
 BINDATA_TARGETS=upup/models/bindata.go federation/model/bindata.go
 BUILD=${GOPATH_1ST}/src/k8s.io/kops/.build
+UID:=$(shell id -u)
+GID:=$(shell id -g)
 
 # See http://stackoverflow.com/questions/18136918/how-to-get-current-relative-directory-of-your-makefile
 MAKEDIR:=$(strip $(shell dirname "$(realpath $(lastword $(MAKEFILE_LIST)))"))
@@ -312,7 +314,7 @@ protokube-builder-image:
 
 .PHONY: protokube-build-in-docker
 protokube-build-in-docker: protokube-builder-image
-	docker run -t -e VERSION=${VERSION} -v `pwd`:/src protokube-builder /onbuild.sh
+	docker run -t -e VERSION=${VERSION} -e HOST_UID=${UID} -e HOST_GID=${GID} -v `pwd`:/src protokube-builder /onbuild.sh
 
 .PHONY: protokube-image
 protokube-image: protokube-build-in-docker
@@ -357,7 +359,7 @@ dns-controller-builder-image:
 
 .PHONY: dns-controller-build-in-docker
 dns-controller-build-in-docker: dns-controller-builder-image
-	docker run -t -v `pwd`:/src dns-controller-builder /onbuild.sh
+	docker run -t -e HOST_UID=${UID} -e HOST_GID=${GID} -v `pwd`:/src dns-controller-builder /onbuild.sh
 
 .PHONY: dns-controller-image
 dns-controller-image: dns-controller-build-in-docker
diff --git a/images/dns-controller-builder/onbuild.sh b/images/dns-controller-builder/onbuild.sh
index 2869e6f886ccf..0446980164432 100755
--- a/images/dns-controller-builder/onbuild.sh
+++ b/images/dns-controller-builder/onbuild.sh
@@ -26,3 +26,5 @@ make dns-controller-gocode
 
 mkdir -p /src/.build/artifacts/
 cp /go/bin/dns-controller /src/.build/artifacts/
+
+chown -R $HOST_UID:$HOST_GID /src/.build/artifacts
diff --git a/images/protokube-builder/onbuild.sh b/images/protokube-builder/onbuild.sh
index 4f925a093a55a..3907c4b621ef0 100755
--- a/images/protokube-builder/onbuild.sh
+++ b/images/protokube-builder/onbuild.sh
@@ -36,3 +36,5 @@ cp /go/bin/channels /src/.build/artifacts/
 cd /src/.build/artifacts/
 curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.6.6/bin/linux/amd64/kubectl
 chmod +x kubectl
+
+chown -R $HOST_UID:$HOST_GID /src/.build/artifacts