Improve user mapping in `makecontainerpkg`
* Use `--userns` to become `builduser` right away instead of using `sudo` to become `builduser` * Add `builduser` to `sudoers` so it can become root to synchronize packages * Ensure this way that files created within the container have the user/group of the user starting the container so build artifacts have the right ownership
This commit is contained in:
parent
f697ed8e63
commit
b7fb618581
|
@ -3,7 +3,8 @@ MAINTAINER Martchus <martchus@gmx.net>
|
|||
|
||||
RUN mkdir -p /startdir /build && \
|
||||
useradd -m -d /build -u 1000 -U -s /bin/bash builduser && \
|
||||
chown -R builduser:builduser /build && \
|
||||
chown -R builduser:builduser /startdir /build && \
|
||||
echo 'builduser ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
|
||||
pacman-key --init && \
|
||||
pacman-key --recv-keys B9E36A7275FC61B464B67907E06FE8F53CDC6A4C && \
|
||||
pacman-key --finger B9E36A7275FC61B464B67907E06FE8F53CDC6A4C && \
|
||||
|
|
|
@ -2,5 +2,4 @@
|
|||
set -e
|
||||
export LOGDEST=$PWD SRCPKGDEST=$PWD SRCDEST=$PWD PKGDEST=$PWD BUILDDIR=/build
|
||||
export BUILDTOOL=makecontainerbuild BUILDTOOLVER="0.0.1"
|
||||
chown builduser:builduser "$PWD"
|
||||
sudo --preserve-env=LOGDEST,SRCPKGDEST,SRCDEST,PKGDEST,BUILDDIR,BUILDTOOL,BUILDTOOLVER --user builduser
|
||||
exec
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
for config_file in {/cfg/,}{makepkg,pacman}.conf; do
|
||||
[[ -f $config_file ]] && cp --target-directory=/etc "$config_file"
|
||||
[[ -f $config_file ]] && sudo cp --target-directory=/etc "$config_file"
|
||||
done
|
||||
[[ -f PKGBUILD ]] && source PKGBUILD
|
||||
pacman -Syu --noconfirm --needed "${depends[@]}" "${makedepends[@]}" "${checkdepends[@]}"
|
||||
sudo pacman -Syu --noconfirm --needed "${depends[@]}" "${makedepends[@]}" "${checkdepends[@]}"
|
||||
|
|
|
@ -19,7 +19,7 @@ else
|
|||
uuid=$(cat /proc/sys/kernel/random/uuid)
|
||||
name=$tool-$pkgname-$uuid
|
||||
fi
|
||||
cre_args=(--name "$name" --workdir "/startdir" -v "$PWD":/startdir -it)
|
||||
cre_args=(--name "$name" --workdir "/startdir" -v "$PWD":/startdir -it --userns=keep-id:uid=1000,gid=1000)
|
||||
|
||||
# parse arguments
|
||||
script_args= read_script_args=
|
||||
|
|
Loading…
Reference in New Issue