all: use entrypoint id remapping instead

Switch everything to use entrypoint remapping. Use dumb-init to clean up
any potential forks and gosu to switch user and execute command. Gosu is
preferred over standard su because it ignores command line arguments and
handles shell commands as well as binary paths.

Signed-off-by: Randolph Sapp <res.sapp@gmail.com>

Dockerfile

@@ -22,10 +22,12 @@ RUN apt-get update \
 		ca-certificates \
 		ccache \
 		diffstat \
+		dumb-init \
 		flex \
 		gcc \
 		gettext \
 		gnupg2 \
+		gosu \
 		libcurl4-gnutls-dev \
 		libelf-dev \
 		libexpat1-dev \
@@ -105,6 +107,18 @@ RUN test "$INSTALL_GCC" -eq "1" \
 
 COPY other-configs/ /
 
+RUN echo "**** create abc user and make our folders ****" \
+	&& useradd -u 1000 -U -d /config -s /bin/false abc \
+	&& usermod -G users abc \
+	&& mkdir /workdir && chown abc:abc /workdir \
+	&& mkdir /config && chown abc:abc /config
+
+ENTRYPOINT ["/init"]
+
+CMD ["/usr/bin/bash"]
+
+VOLUME /workdir
+
 COPY kernel_patch_verify /usr/bin/kernel_patch_verify
 
 WORKDIR /workdir

kp_common

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-export USER_ID GROUP_ID PATH DOCKER_MOUNT_DIRS IMAGE_ID
+export DOCKER_MOUNT_DIRS IMG_NAME
 
 # Check if Docker image exists
 
@@ -38,9 +38,6 @@ else
 	fi
 fi
 
-USER_ID=$(id -u)
-GROUP_ID=$(id -g)
-
 DOCKER_MOUNT_DIRS=()
 DOCKER_MOUNT_DIRS+=(-v /tmp:/tmp)
 DOCKER_MOUNT_DIRS+=(-v /opt:/opt)
@@ -56,12 +53,3 @@ fi
 if [ "$GIT_WORKTREE_COMMONDIR" != ".git" ]; then
 	DOCKER_MOUNT_DIRS+=(-v "$GIT_WORKTREE_COMMONDIR":"$GIT_WORKTREE_COMMONDIR")
 fi
-
-# Run our image to add our swuser
-docker run "$IMG_NAME" /bin/bash -c "groupadd -r swuser -g $GROUP_ID && useradd -u $USER_ID -r -g swuser -d /workdir -s /sbin/nologin -c \"Docker kernel patch user\" swuser"
-# Get the container ID of the last run container (above)
-CONTAINER_ID=$(docker ps -lq)
-# Commit the container state (returns an image_id with sha256: prefix cut off)
-IMAGE_ID=$(docker commit "$CONTAINER_ID" | cut -c8-)
-
-PATH=/workdir/scripts/dtc:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/opt/cross-gcc-linux-13/bin:/opt/cross-gcc-linux-12/bin:/opt/cross-gcc-linux-11/bin:/opt/cross-gcc-linux-10/bin:/opt/cross-gcc-linux-9/bin:/usr/local/cross-gcc-linux-9/bin:/usr/local/cross-gcc-linux-10/bin

kps

@@ -4,11 +4,7 @@ source "$(dirname "$(readlink -f "$0")")/kp_common"
 
 # If we wanted to get to bash shell:
 docker run --rm -ti \
-	--user "$USER_ID":"$GROUP_ID" \
 	-e CROSS_COMPILE -e ARCH \
 	"${DOCKER_MOUNT_DIRS[@]}" \
-	"$IMAGE_ID" \
+	"$IMG_NAME" \
 	bash --init-file /etc/profile
-
-# TODO: we can reuse this image for future runs, for now just clean up after ourselves
-docker rmi "$IMAGE_ID"

kpv

@@ -3,11 +3,7 @@
 source "$(dirname "$(readlink -f "$0")")/kp_common"
 
 docker run --rm -ti \
-	--user "$USER_ID":"$GROUP_ID" \
 	-e CROSS_COMPILE -e ARCH \
 	"${DOCKER_MOUNT_DIRS[@]}" \
-	"$IMAGE_ID" \
+	"$IMG_NAME" \
 	kernel_patch_verify -S /usr/local/smatch/bin/k_sm_check_script "$@"
-
-# TODO: we can reuse this image for future runs, for now just clean up after ourselves
-docker rmi "$IMAGE_ID"

other-configs/init

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+get_attribs() {
+	local file_stats file_to_test useful_attribs
+	if file_to_test=$(realpath "$1") && [[ $2 =~ ^[0-9]+$ ]] ; then
+		useful_attribs=$(stat "$file_to_test" -t)
+		read -r -a file_stats <<< "${useful_attribs#"$file_to_test"}"
+		echo "${file_stats["$2"]}"
+	else
+		return 1
+	fi
+}
+
+get_build_uid() {
+	get_attribs /workdir 3
+}
+
+get_build_gid() {
+	get_attribs /workdir 4
+}
+
+if NEW_GID=$(get_build_gid) && NEW_UID=$(get_build_uid); then
+	# bypass everything if podman is remapping the id to root
+	if [ "${NEW_UID}" == "0" ]; then
+		if [ "$(id -u)" == "0" ]; then
+			exec dumb-init -- "$@"
+		else
+			echo "Unable to resolve ns mapping!"
+		fi
+	fi
+
+	# change the uid and gid of abc otherwise
+	[ "$NEW_GID" != "$(id -g abc)" ] && groupmod -g "${NEW_GID}" abc
+	[ "$NEW_UID" != "$(id -u abc)" ] && usermod -u "${NEW_UID}" abc
+else
+	echo "Not able to detect UID/GID for remapping!"
+fi
+
+if [ "$(id -u)" == "$(id -u abc)" ]; then
+	exec dumb-init -- "$@"
+else
+	exec dumb-init -- gosu abc "$@"
+fi