Improve user mapping in `makecontainerpkg`

* Use `--userns` to become `builduser` right away instead of using `sudo` to become `builduser` * Add `builduser` to `sudoers` so it can become root to synchronize packages * Ensure this way that files created within the container have the user/group of the user starting the container so build artifacts have the right ownership
2023-11-08 17:24:26 +01:00 · 2023-11-08 17:24:26 +01:00 · b7fb618581
parent f697ed8e63
commit b7fb618581
4 changed files with 6 additions and 6 deletions
--- a/devel/container/base-devel/Dockerfile
+++ b/devel/container/base-devel/Dockerfile
@ -3,7 +3,8 @@ MAINTAINER Martchus <martchus@gmx.net>

 RUN mkdir -p /startdir /build && \
    useradd -m -d /build -u 1000 -U -s /bin/bash builduser && \
-    chown -R builduser:builduser /build && \
+    chown -R builduser:builduser /startdir /build && \
+    echo 'builduser ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
    pacman-key --init && \
    pacman-key --recv-keys B9E36A7275FC61B464B67907E06FE8F53CDC6A4C && \
    pacman-key --finger    B9E36A7275FC61B464B67907E06FE8F53CDC6A4C && \
--- a/devel/container/containerbuild
+++ b/devel/container/containerbuild
@ -2,5 +2,4 @@
 set -e
 export LOGDEST=$PWD SRCPKGDEST=$PWD SRCDEST=$PWD PKGDEST=$PWD BUILDDIR=/build
 export BUILDTOOL=makecontainerbuild BUILDTOOLVER="0.0.1"
-chown builduser:builduser "$PWD"
-sudo --preserve-env=LOGDEST,SRCPKGDEST,SRCDEST,PKGDEST,BUILDDIR,BUILDTOOL,BUILDTOOLVER --user builduser
+exec
--- a/devel/container/containersync
+++ b/devel/container/containersync
@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 for config_file in {/cfg/,}{makepkg,pacman}.conf; do
-    [[ -f $config_file ]] && cp --target-directory=/etc "$config_file"
+    [[ -f $config_file ]] && sudo cp --target-directory=/etc "$config_file"
 done
 [[ -f PKGBUILD ]] && source PKGBUILD
-pacman -Syu --noconfirm --needed "${depends[@]}" "${makedepends[@]}" "${checkdepends[@]}"
+sudo pacman -Syu --noconfirm --needed "${depends[@]}" "${makedepends[@]}" "${checkdepends[@]}"
--- a/devel/container/makecontainerpkg
+++ b/devel/container/makecontainerpkg
@ -19,7 +19,7 @@ else
    uuid=$(cat /proc/sys/kernel/random/uuid)
    name=$tool-$pkgname-$uuid
 fi
-cre_args=(--name "$name" --workdir "/startdir" -v "$PWD":/startdir -it)
+cre_args=(--name "$name" --workdir "/startdir" -v "$PWD":/startdir -it --userns=keep-id:uid=1000,gid=1000)

 # parse arguments
 script_args= read_script_args=