Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: docker scripts to work even if host user id != 1000 #8267

Merged
merged 3 commits into from
Mar 21, 2023
Merged

build: docker scripts to work even if host user id != 1000 #8267

merged 3 commits into from
Mar 21, 2023

Conversation

SomberNight
Copy link
Member

closes #8261

See commit messages for individual commits.

In short, we distinguish "local dev builds" and "reproducible builds":

  • local dev builds use the host userid inside the container, directly operate on the project dir
    • do not need sudo
  • repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
    • if the host userid is 1000, do not need sudo
    • otherwise, need sudo

accumulator and others added 2 commits March 20, 2023 02:06
@accumulator @SomberNight
build: use uid of user building the build containers
ab07382
@SomberNight
build: follow-up prev: only use host userid for local dev builds
6e472ef 
reproducibility probably needs a hardcoded userid

Also, move the UID arg later in the dockerfiles, for better caching.
(if local dev build and repro build set different UIDs, the build caches
will diverge at that step)
@SomberNight SomberNight mentioned this pull request Mar 20, 2023
Closed
@SomberNight
build: fix repro builds where host userid != 1000
c9b6a6c 
- repro builds to use fixed uid=1000 inside the container
  - in case the file permissions leak into the binaries, they are still reproducible
  - chown 1000:1000 fresh_clone
- repro builds to create fresh_clone dir outside git clone
  - otherwise the local dev build would still interact with the fresh_clone dir
    - due to e.g. recursive "find -exec touch",
    - and even the "docker build" cmd itself would try to stat/read it
      - see docker/for-linux#380
  - and "rm -rf fresh_clone" needs sudo if the host uid is not 1000
  - this way the local dev build does not need sudo

to recap:
- local dev builds use the host userid inside the container, directly operate on the project dir
  - does not need sudo
- repro builds create a fresh git clone, chown it to 1000, and use userid=1000 inside the container
  - if the host userid is 1000, does not need sudo
  - otherwise, needs sudo

closes spesmilo#8261
@SomberNight SomberNight marked this pull request as ready for review March 21, 2023 00:37
@SomberNight SomberNight merged commit 27bc0bb into spesmilo:master Mar 21, 2023
@SomberNight SomberNight added this to the 4.4.0 milestone Mar 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
build/packaging 📦
Projects
None yet
Milestone
4.4.0
Development

Successfully merging this pull request may close these issues.

docker build scripts assume user id to be 1000 (uid)
2 participants
@SomberNight @accumulator