Re: [Qemu-devel] [RFC PATCH] tests/docker: add basic user mapping support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Fam Zheng <famz@redhat.com>
To: "Alex Bennée" <alex.bennee@linaro.org>
Cc: bobby.prani@gmail.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [RFC PATCH] tests/docker: add basic user mapping support
Date: Tue, 17 Jan 2017 17:49:53 +0800	[thread overview]
Message-ID: <20170117094953.GA6199@lemon> (raw)
In-Reply-To: <20161213132205.9114-1-alex.bennee@linaro.org>

On Tue, 12/13 13:22, Alex Bennée wrote:
> Currently all docker builds are done by exporting a tarball to the
> docker container and running the build as the containers root user.
> Other use cases are possible however and it is possible to map a part
> of users file-system to the container. This is useful for example for
> doing cross-builds of arbitrary source trees. For this to work
> smoothly the container needs to have a user created that maps cleanly
> to the host system.
> 
> This adds a -u option to the docker script so that:
> 
>   DEB_ARCH=armhf DEB_TYPE=stable ./tests/docker/docker.py build \
>     -u --include-executable=arm-linux-user/qemu-arm \
>     debian:armhf ./tests/docker/dockerfiles/debian-bootstrap.docker
> 
> Will build a container that can then be run like:
> 
>   docker run --rm -it -v /home/alex/lsrc/qemu/risu.git/:/src \
>     --user=alex:alex -w /src/ debian:armhf \
>     sh -c "make clean && ./configure -s && make"

Sorry for the late reply!

> 
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
>  tests/docker/docker.py                           | 19 +++++++++++++++++++
>  tests/docker/dockerfiles/debian-bootstrap.docker |  3 +++
>  2 files changed, 22 insertions(+)
> 
> diff --git a/tests/docker/docker.py b/tests/docker/docker.py
> index 37d83199e7..59baac6bae 100755
> --- a/tests/docker/docker.py
> +++ b/tests/docker/docker.py
> @@ -12,6 +12,7 @@
>  # the top-level directory.
>  
>  import os
> +import stat
>  import sys
>  import subprocess
>  import json
> @@ -25,6 +26,7 @@ import signal
>  from tarfile import TarFile, TarInfo
>  from StringIO import StringIO
>  from shutil import copy, rmtree
> +from pwd import getpwuid
>  
>  
>  DEVNULL = open(os.devnull, 'wb')
> @@ -225,6 +227,8 @@ class BuildCommand(SubCommand):
>                              help="""Specify a binary that will be copied to the
>                              container together with all its dependent
>                              libraries""")
> +        parser.add_argument("--user", "-u", action="store_true",
> +                            help="Add the current user to images passwd")

Maybe use --add-current-user for the full argument name?

>          parser.add_argument("tag",
>                              help="Image Tag")
>          parser.add_argument("dockerfile",
> @@ -260,6 +264,21 @@ class BuildCommand(SubCommand):
>                  _copy_binary_with_libs(args.include_executable,
>                                         docker_dir)
>  
> +            if args.user:
> +                uid = os.getuid()
> +                uname = getpwuid(uid).pw_name
> +                scriptlet = docker_dir+"/setup_user.sh"
> +
> +                # write scriptlet
> +                setup = open(scriptlet, "w")
> +                setup.write("#!/bin/sh\n")
> +                setup.write("useradd -u %d -U %s" % (uid, uname))
> +                setup.close()
> +
> +                st = os.stat(scriptlet)
> +                os.chmod(scriptlet,
> +                         st.st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)

Is it cleaner we inject commands into the docker file directly?

> +
>              dkr.build_image(tag, docker_dir, dockerfile,
>                              quiet=args.quiet, argv=argv)
>  
> diff --git a/tests/docker/dockerfiles/debian-bootstrap.docker b/tests/docker/dockerfiles/debian-bootstrap.docker
> index 3a9125e497..127782eedf 100644
> --- a/tests/docker/dockerfiles/debian-bootstrap.docker
> +++ b/tests/docker/dockerfiles/debian-bootstrap.docker
> @@ -14,6 +14,9 @@ RUN sed -i 's/in_target mount/echo not for docker in_target mount/g' /debootstra
>  # Run stage 2
>  RUN /debootstrap/debootstrap --second-stage
>  
> +# Do we want to tweak the user?
> +RUN if test -e /setup_user.sh; then /setup_user.sh; fi

If we do above, there is no need to manually add this in dockerfile.

> +
>  # At this point we can install additional packages if we want
>  # Duplicate deb line as deb-src
>  RUN cat /etc/apt/sources.list | sed "s/deb/deb-src/" >> /etc/apt/sources.list
> -- 
> 2.11.0
> 
> 

Fam

next prev parent reply	other threads:[~2017-01-17  9:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-13 13:22 [Qemu-devel] [RFC PATCH] tests/docker: add basic user mapping support Alex Bennée
2017-01-17  9:49 ` Fam Zheng [this message]
2017-01-17 11:19   ` Alex Bennée
2017-01-17 11:34     ` Fam Zheng

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170117094953.GA6199@lemon \
    --to=famz@redhat.com \
    --cc=alex.bennee@linaro.org \
    --cc=bobby.prani@gmail.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.