chore: Create a regular use inside containers

Install the Rustup toolchain as that regular user. Avoiding usage of `root` makes it easier to avoid bind volume ownership problems. Having a regular user in combination with using `--userns keep-id` ensures that the build artifacts prodiced inside the container are owned by a regular user on the host.
exein-io · Oct 27, 2024 · bea3ddf · bea3ddf
1 parent f504476
commit bea3ddf
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 26 deletions.
diff --git a/containers/Dockerfile.cross-aarch64-unknown-linux-gnu b/containers/Dockerfile.cross-aarch64-unknown-linux-gnu
@@ -1,6 +1,6 @@
 FROM docker.io/debian:bookworm
 
-ENV PATH="/root/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}"
+ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}"
 
 # Even though we are using clang as a C compiler, we need the libgcc_s and
 # libstdc++.
@@ -28,12 +28,17 @@ RUN dpkg --add-architecture arm64 \
     && chmod +x llvm.sh \
     && ./llvm.sh 18 \
     && rm -f llvm.sh \
-    && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd -m -G users -s /bin/bash cross
+
+USER cross
+WORKDIR /home/cross
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && rustup toolchain install stable --component rust-src \
     && rustup toolchain install beta --component rust-src \
     && rustup toolchain install nightly --component rust-src \
     && rustup target add aarch64-unknown-linux-gnu \
     && rustup +beta target add aarch64-unknown-linux-gnu \
     && rustup +nightly target add aarch64-unknown-linux-gnu \
-    && cargo install btfdump \
-    && rm -rf /var/lib/apt/lists/*
+    && cargo install btfdump
diff --git a/containers/Dockerfile.cross-aarch64-unknown-linux-musl b/containers/Dockerfile.cross-aarch64-unknown-linux-musl
@@ -1,6 +1,6 @@
 FROM docker.io/gentoo/stage3:musl-llvm
 
-ENV PATH="/root/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}"
+ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}"
 # Install only aarch64 user-space wrapper when installing app-emulation/qemu.
 ENV QEMU_USER_TARGETS="aarch64"
 # Enable static libraries for installed packages (zstd, zlib etc.).
@@ -64,15 +64,20 @@ RUN emerge --sync --quiet \
         app-arch/zstd \
         sys-libs/llvm-libgcc \
         sys-libs/zlib \
-    && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rm -rf \
+        /var/cache/binpkgs/* \
+        /var/cache/distfiles/* \
+        /var/tmp/portage/* \
+    && useradd -m -G users -s /bin/bash cross
+
+USER cross
+WORKDIR /home/cross
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && rustup toolchain install stable --component rust-src \
     && rustup toolchain install beta --component rust-src \
     && rustup toolchain install nightly --component rust-src \
     && rustup target add aarch64-unknown-linux-musl \
     && rustup +beta target add aarch64-unknown-linux-musl \
     && rustup +nightly target add aarch64-unknown-linux-musl \
-    && cargo install btfdump \
-    && rm -rf \
-        /var/cache/binpkgs/* \
-        /var/cache/distfiles/* \
-        /var/tmp/portage/*
+    && cargo install btfdump
diff --git a/containers/Dockerfile.cross-riscv64gc-unknown-linux-gnu b/containers/Dockerfile.cross-riscv64gc-unknown-linux-gnu
@@ -9,7 +9,7 @@
 # [1] https://packages.debian.org/search?keywords=software-properties-common
 FROM docker.io/debian:sid
 
-ENV PATH="/root/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}"
+ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}"
 
 # Even though we are using clang as a C compiler, we need the libgcc_s and
 # libstdc++.
@@ -37,12 +37,17 @@ RUN dpkg --add-architecture riscv64 \
     && chmod +x llvm.sh \
     && ./llvm.sh 18 \
     && rm -f llvm.sh \
-    && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd -m -G users -s /bin/bash cross
+
+USER cross
+WORKDIR /home/cross
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && rustup toolchain install stable --component rust-src \
     && rustup toolchain install beta --component rust-src \
     && rustup toolchain install nightly --component rust-src \
     && rustup target add riscv64gc-unknown-linux-gnu \
     && rustup +beta target add riscv64gc-unknown-linux-gnu \
     && rustup +nightly target add riscv64gc-unknown-linux-gnu \
-    && cargo install btfdump \
-    && rm -rf /var/lib/apt/lists/*
+    && cargo install btfdump
diff --git a/containers/Dockerfile.native-x86_64-unknown-linux-gnu b/containers/Dockerfile.native-x86_64-unknown-linux-gnu
@@ -1,6 +1,6 @@
 FROM docker.io/debian:bookworm
 
-ENV PATH="/root/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}"
+ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}"
 
 RUN apt update \
     && apt install -y \
@@ -18,9 +18,14 @@ RUN apt update \
     && chmod +x llvm.sh \
     && ./llvm.sh 18 \
     && rm -f llvm.sh \
-    && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd -m -G users -s /bin/bash cross
+
+USER cross
+WORKDIR /home/cross
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
     && rustup toolchain install stable --component rust-src \
     && rustup toolchain install beta --component rust-src \
     && rustup toolchain install nightly --component rust-src \
-    && cargo install btfdump \
-    && rm -rf /var/lib/apt/lists/*
+    && cargo install btfdump
diff --git a/containers/Dockerfile.native-x86_64-unknown-linux-musl b/containers/Dockerfile.native-x86_64-unknown-linux-musl
@@ -1,6 +1,6 @@
 FROM docker.io/gentoo/stage3:musl-llvm
 
-ENV PATH="/root/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}"
+ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}"
 # Enable static libraries for installed packages (zstd, zlib etc.).
 ENV USE="static-libs"
 
@@ -18,12 +18,17 @@ RUN emerge --sync --quiet \
     && eselect repository add vadorovsky git https://gitlab.com/vadorovsky/overlay \
     && emerge --sync --quiet \
     && emerge sys-libs/llvm-libgcc \
-    && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
-    && rustup toolchain install stable --component rust-src \
-    && rustup toolchain install beta --component rust-src \
-    && rustup toolchain install nightly --component rust-src \
-    && cargo install btfdump \
     && rm -rf \
         /var/cache/binpkgs/* \
         /var/cache/distfiles/* \
-        /var/tmp/portage/*
+        /var/tmp/portage/* \
+    && useradd -m -G users -s /bin/bash cross
+
+USER cross
+WORKDIR /home/cross
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rustup toolchain install stable --component rust-src \
+    && rustup toolchain install beta --component rust-src \
+    && rustup toolchain install nightly --component rust-src \
+    && cargo install btfdump