Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker build scripts assume user id to be 1000 (uid) #8261

Closed
SomberNight opened this issue Mar 18, 2023 · 4 comments · Fixed by #8267
Closed

docker build scripts assume user id to be 1000 (uid) #8261

SomberNight opened this issue Mar 18, 2023 · 4 comments · Fixed by #8267
Labels
bug 🐞 build/packaging 📦

Comments

@SomberNight
Copy link
Member

I recently realised that most of our build scripts only work when run with uid==1000.
I guess this just happens to be the case for everyone who cares to run them. :P

The issue is that we mount the local git clone with docker run -v and work on that directly:

electrum/contrib/build-wine/build.sh

Lines 47 to 49 in d8abab3

docker run -it \
--name electrum-wine-builder-cont \
-v "$PROJECT_ROOT_OR_FRESHCLONE_ROOT":/opt/wine64/drive_c/electrum \

Inside the container, the local git clone will have numerically the same uid/gid owner.
The unix user inside the container is created via useradd, and this starts numbering uids from 1000.

electrum/contrib/build-wine/Dockerfile

Line 66 in d8abab3

RUN useradd --create-home --shell /bin/bash ${USER}

So due to the -v mount, the unix user inside the container needs matching user id with the host unix user, and due to the useradd, the container's unix user will have uid==1000, hence the host unix user also needs to have uid==1000.

I guess this is likely a regression from #7697.
Not clear how to fix cleanly.

related:
moby/moby#7198
https://stackoverflow.com/q/39397548
https://stackoverflow.com/a/45640469
coder/code-server#439
SomberNight added a commit to SomberNight/electrum that referenced this issue Mar 18, 2023
@SomberNight
build: workaround for fresh_clone builds for uid!=1000
2119155 
see spesmilo#8261
@accumulator
Copy link
Member

alternative solution: use uid from user building the containers as the build container's uid

https://github.com/accumulator/electrum/tree/build_uid_from

@accumulator
Copy link
Member

Note: Might be problematic w.r.t reproducibility

SomberNight added a commit to SomberNight/electrum that referenced this issue Mar 20, 2023
@SomberNight
build: fix repro builds where host userid != 1000
5e61c59 
- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see docker/for-linux#380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes spesmilo#8261
SomberNight added a commit to SomberNight/electrum that referenced this issue Mar 20, 2023
@SomberNight
build: fix repro builds where host userid != 1000
b49a37b 
- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see docker/for-linux#380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes spesmilo#8261
@SomberNight SomberNight mentioned this issue Mar 20, 2023
Merged
@SomberNight
Copy link
Member Author

use uid from user building the containers as the build container's uid

Great idea!

Might be problematic w.r.t reproducibility

Indeed. I was also thinking about that...

We can differentiate local dev builds and reproducible builds, and only use your idea in the former case though.
I cherry-picked your change and added some more changes, see #8267

@SomberNight
Copy link
Member Author

Btw, just as context, I bumped into this bug and want to fix it now as I have set up a server I would like to build on but am already using userid=1000 for other things.

SomberNight added a commit to SomberNight/electrum that referenced this issue Mar 20, 2023
@SomberNight
build: fix repro builds where host userid != 1000
c9b6a6c 
- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see docker/for-linux#380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes spesmilo#8261
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐞 build/packaging 📦
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build: docker scripts to work even if host user id != 1000 SomberNight/electrum
2 participants
@accumulator @SomberNight