|
| 1 | +import os |
1 | 2 | import uuid |
2 | 3 | from pathlib import Path |
3 | 4 | from typing import Self, Sequence |
|
16 | 17 |
|
17 | 18 | BUILD_DIR_IN_CONTAINER = Path("/debmagic") |
18 | 19 |
|
| 20 | +DOCKER_USER = "user" |
| 21 | + |
19 | 22 | DOCKERFILE_TEMPLATE = f""" |
20 | 23 | FROM {{base_image}} |
21 | 24 |
|
22 | | -RUN apt-get update && apt-get -y install dpkg-dev python3 |
| 25 | +ARG USERNAME={DOCKER_USER} |
| 26 | +ARG USER_UID=1000 |
| 27 | +ARG USER_GID=$USER_UID |
| 28 | +
|
| 29 | +RUN apt-get update && apt-get install -y sudo dpkg-dev python3 |
| 30 | +
|
| 31 | +RUN groupadd --gid $USER_GID $USERNAME \ |
| 32 | + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \ |
| 33 | + && echo $USERNAME ALL=\\(root\\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ |
| 34 | + && chmod 0440 /etc/sudoers.d/$USERNAME |
23 | 35 |
|
24 | 36 | RUN mkdir -p {BUILD_DIR_IN_CONTAINER} |
| 37 | +RUN chown $USERNAME:$USERNAME {BUILD_DIR_IN_CONTAINER} |
| 38 | +USER $USERNAME |
25 | 39 | ENTRYPOINT ["sleep", "infinity"] |
26 | 40 | """ |
27 | 41 |
|
@@ -61,10 +75,18 @@ def create(cls, config: BuildConfig, driver_config: DockerDriverConfig) -> Self: |
61 | 75 | dockerfile_path.write_text(formatted_dockerfile) |
62 | 76 |
|
63 | 77 | docker_image_name = f"debmagic-{config.build_identifier}" |
| 78 | + |
| 79 | + additional_args = [] |
| 80 | + if not os.getuid() == 0: |
| 81 | + # to reduce potential permission problems with missing user remappings on some systems |
| 82 | + # we simply create the build user inside the docker container with the same uid / gid as our host user |
| 83 | + additional_args.extend(["--build-arg", f"USER_UID={os.getuid()}", "--build-arg", f"USER_GID={os.getgid()}"]) |
| 84 | + |
64 | 85 | ret = run_cmd( |
65 | 86 | [ |
66 | 87 | "docker", |
67 | 88 | "build", |
| 89 | + *additional_args, |
68 | 90 | "--tag", |
69 | 91 | docker_image_name, |
70 | 92 | "-f", |
@@ -109,15 +131,16 @@ def get_build_metadata(self) -> DriverSpecificBuildMetadata: |
109 | 131 | return meta.model_dump() |
110 | 132 |
|
111 | 133 | def run_command(self, cmd: Sequence[str | Path], cwd: Path | None = None, requires_root: bool = False): |
112 | | - del requires_root # we assume to always be root in the container |
| 134 | + conditional_args: list[str | Path] = [] |
113 | 135 |
|
114 | 136 | if cwd: |
115 | 137 | cwd = self._translate_path_in_container(cwd) |
116 | | - cwd_args: list[str | Path] = ["--workdir", cwd] |
117 | | - else: |
118 | | - cwd_args = [] |
| 138 | + conditional_args.extend(["--workdir", cwd]) |
| 139 | + |
| 140 | + if requires_root: |
| 141 | + conditional_args.extend(["--user", "root"]) |
119 | 142 |
|
120 | | - ret = run_cmd(["docker", "exec", *cwd_args, self._container_name, *cmd], dry_run=self._dry_run) |
| 143 | + ret = run_cmd(["docker", "exec", *conditional_args, self._container_name, *cmd], dry_run=self._dry_run) |
121 | 144 | if ret.returncode != 0: |
122 | 145 | raise BuildError("Error building package") |
123 | 146 |
|
|
0 commit comments