From bea3ddff64f2f00e465c7d3ad8c91007ec8259d1 Mon Sep 17 00:00:00 2001 From: Michal Rostecki Date: Sun, 27 Oct 2024 18:51:56 +0100 Subject: [PATCH] chore: Create a regular use inside containers Install the Rustup toolchain as that regular user. Avoiding usage of `root` makes it easier to avoid bind volume ownership problems. Having a regular user in combination with using `--userns keep-id` ensures that the build artifacts prodiced inside the container are owned by a regular user on the host. --- ...Dockerfile.cross-aarch64-unknown-linux-gnu | 13 +++++++++---- ...ockerfile.cross-aarch64-unknown-linux-musl | 19 ++++++++++++------- ...ckerfile.cross-riscv64gc-unknown-linux-gnu | 13 +++++++++---- ...Dockerfile.native-x86_64-unknown-linux-gnu | 13 +++++++++---- ...ockerfile.native-x86_64-unknown-linux-musl | 19 ++++++++++++------- 5 files changed, 51 insertions(+), 26 deletions(-) diff --git a/containers/Dockerfile.cross-aarch64-unknown-linux-gnu b/containers/Dockerfile.cross-aarch64-unknown-linux-gnu index f889fd5..0064835 100644 --- a/containers/Dockerfile.cross-aarch64-unknown-linux-gnu +++ b/containers/Dockerfile.cross-aarch64-unknown-linux-gnu @@ -1,6 +1,6 @@ FROM docker.io/debian:bookworm -ENV PATH="/root/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}" +ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}" # Even though we are using clang as a C compiler, we need the libgcc_s and # libstdc++. @@ -28,12 +28,17 @@ RUN dpkg --add-architecture arm64 \ && chmod +x llvm.sh \ && ./llvm.sh 18 \ && rm -f llvm.sh \ - && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ + && rm -rf /var/lib/apt/lists/* \ + && useradd -m -G users -s /bin/bash cross + +USER cross +WORKDIR /home/cross + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ && rustup toolchain install stable --component rust-src \ && rustup toolchain install beta --component rust-src \ && rustup toolchain install nightly --component rust-src \ && rustup target add aarch64-unknown-linux-gnu \ && rustup +beta target add aarch64-unknown-linux-gnu \ && rustup +nightly target add aarch64-unknown-linux-gnu \ - && cargo install btfdump \ - && rm -rf /var/lib/apt/lists/* + && cargo install btfdump diff --git a/containers/Dockerfile.cross-aarch64-unknown-linux-musl b/containers/Dockerfile.cross-aarch64-unknown-linux-musl index 7e61db6..bc773cd 100644 --- a/containers/Dockerfile.cross-aarch64-unknown-linux-musl +++ b/containers/Dockerfile.cross-aarch64-unknown-linux-musl @@ -1,6 +1,6 @@ FROM docker.io/gentoo/stage3:musl-llvm -ENV PATH="/root/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}" +ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}" # Install only aarch64 user-space wrapper when installing app-emulation/qemu. ENV QEMU_USER_TARGETS="aarch64" # Enable static libraries for installed packages (zstd, zlib etc.). @@ -64,15 +64,20 @@ RUN emerge --sync --quiet \ app-arch/zstd \ sys-libs/llvm-libgcc \ sys-libs/zlib \ - && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ + && rm -rf \ + /var/cache/binpkgs/* \ + /var/cache/distfiles/* \ + /var/tmp/portage/* \ + && useradd -m -G users -s /bin/bash cross + +USER cross +WORKDIR /home/cross + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ && rustup toolchain install stable --component rust-src \ && rustup toolchain install beta --component rust-src \ && rustup toolchain install nightly --component rust-src \ && rustup target add aarch64-unknown-linux-musl \ && rustup +beta target add aarch64-unknown-linux-musl \ && rustup +nightly target add aarch64-unknown-linux-musl \ - && cargo install btfdump \ - && rm -rf \ - /var/cache/binpkgs/* \ - /var/cache/distfiles/* \ - /var/tmp/portage/* + && cargo install btfdump diff --git a/containers/Dockerfile.cross-riscv64gc-unknown-linux-gnu b/containers/Dockerfile.cross-riscv64gc-unknown-linux-gnu index 913ac98..ff0efac 100644 --- a/containers/Dockerfile.cross-riscv64gc-unknown-linux-gnu +++ b/containers/Dockerfile.cross-riscv64gc-unknown-linux-gnu @@ -9,7 +9,7 @@ # [1] https://packages.debian.org/search?keywords=software-properties-common FROM docker.io/debian:sid -ENV PATH="/root/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}" +ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}" # Even though we are using clang as a C compiler, we need the libgcc_s and # libstdc++. @@ -37,12 +37,17 @@ RUN dpkg --add-architecture riscv64 \ && chmod +x llvm.sh \ && ./llvm.sh 18 \ && rm -f llvm.sh \ - && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ + && rm -rf /var/lib/apt/lists/* \ + && useradd -m -G users -s /bin/bash cross + +USER cross +WORKDIR /home/cross + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ && rustup toolchain install stable --component rust-src \ && rustup toolchain install beta --component rust-src \ && rustup toolchain install nightly --component rust-src \ && rustup target add riscv64gc-unknown-linux-gnu \ && rustup +beta target add riscv64gc-unknown-linux-gnu \ && rustup +nightly target add riscv64gc-unknown-linux-gnu \ - && cargo install btfdump \ - && rm -rf /var/lib/apt/lists/* + && cargo install btfdump diff --git a/containers/Dockerfile.native-x86_64-unknown-linux-gnu b/containers/Dockerfile.native-x86_64-unknown-linux-gnu index 39665c8..11f4c7b 100644 --- a/containers/Dockerfile.native-x86_64-unknown-linux-gnu +++ b/containers/Dockerfile.native-x86_64-unknown-linux-gnu @@ -1,6 +1,6 @@ FROM docker.io/debian:bookworm -ENV PATH="/root/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}" +ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm-18/bin:${PATH}" RUN apt update \ && apt install -y \ @@ -18,9 +18,14 @@ RUN apt update \ && chmod +x llvm.sh \ && ./llvm.sh 18 \ && rm -f llvm.sh \ - && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ + && rm -rf /var/lib/apt/lists/* \ + && useradd -m -G users -s /bin/bash cross + +USER cross +WORKDIR /home/cross + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ && rustup toolchain install stable --component rust-src \ && rustup toolchain install beta --component rust-src \ && rustup toolchain install nightly --component rust-src \ - && cargo install btfdump \ - && rm -rf /var/lib/apt/lists/* + && cargo install btfdump diff --git a/containers/Dockerfile.native-x86_64-unknown-linux-musl b/containers/Dockerfile.native-x86_64-unknown-linux-musl index aebeee2..3ddd92c 100644 --- a/containers/Dockerfile.native-x86_64-unknown-linux-musl +++ b/containers/Dockerfile.native-x86_64-unknown-linux-musl @@ -1,6 +1,6 @@ FROM docker.io/gentoo/stage3:musl-llvm -ENV PATH="/root/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}" +ENV PATH="/home/cross/.cargo/bin:/usr/lib/llvm/18/bin:${PATH}" # Enable static libraries for installed packages (zstd, zlib etc.). ENV USE="static-libs" @@ -18,12 +18,17 @@ RUN emerge --sync --quiet \ && eselect repository add vadorovsky git https://gitlab.com/vadorovsky/overlay \ && emerge --sync --quiet \ && emerge sys-libs/llvm-libgcc \ - && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ - && rustup toolchain install stable --component rust-src \ - && rustup toolchain install beta --component rust-src \ - && rustup toolchain install nightly --component rust-src \ - && cargo install btfdump \ && rm -rf \ /var/cache/binpkgs/* \ /var/cache/distfiles/* \ - /var/tmp/portage/* + /var/tmp/portage/* \ + && useradd -m -G users -s /bin/bash cross + +USER cross +WORKDIR /home/cross + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \ + && rustup toolchain install stable --component rust-src \ + && rustup toolchain install beta --component rust-src \ + && rustup toolchain install nightly --component rust-src \ + && cargo install btfdump