From: "Alex Bennée" <alex.bennee@linaro.org>
To: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Willian Rampazzo <willianr@redhat.com>,
Thomas Huth <thuth@redhat.com>,
richard.henderson@linaro.org, qemu-devel@nongnu.org,
Wainer dos Santos Moschetta <wainersm@redhat.com>
Subject: Re: [RFC PATCH] tests/docker: force NOUSER=1 for base images
Date: Thu, 04 Nov 2021 17:44:49 +0000 [thread overview]
Message-ID: <878ry3izhm.fsf@linaro.org> (raw)
In-Reply-To: <122de229-1451-71a2-0c0b-fd8c85c8666d@amsat.org>
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> On 11/3/21 18:13, Alex Bennée wrote:
>> As base images are often used to build further images like toolchains
>> ensure we don't add the local user by accident. The local user should
>> only exist on local images and not anything that gets pushed up to the
>> public registry.
>>
>> Reported-by: Richard Henderson <richard.henderson@linaro.org>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> ---
>> tests/docker/Makefile.include | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
>> index 5bbbaceed1..462a3758d7 100644
>> --- a/tests/docker/Makefile.include
>> +++ b/tests/docker/Makefile.include
>> @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10
>> # The native build should never use the registry
>> docker-image-debian-native: DOCKER_REGISTRY=
>>
>> +# base images should not add a local user
>> +docker-image-debian10: NOUSER=1
>> +docker-image-debian11: NOUSER=1
>
> What about covering all DOCKER_PARTIAL_IMAGES:
Hmm maybe - to be honest the naming is at variance with what it actually
indicates. They are perfectly usable images (they are used for cross
compiling tests) but they are not usable for building QEMU itself hence
use the DOCKER_PARTIAL_IMAGES field to stop them being expanded in the
test runs.
If I had my time again....
>
> -- >8 --
> @@ -188,6 +188,9 @@ DOCKER_PARTIAL_IMAGES += debian-tricore-cross
> DOCKER_PARTIAL_IMAGES += debian-xtensa-cross
> DOCKER_PARTIAL_IMAGES += fedora-cris-cross
>
> +# base images should not add a local user
> +$(foreach image,$(DOCKER_PARTIAL_IMAGES),docker-image-$(image)): NOUSER=1
> +
> # Rules for building linux-user powered images
> #
> # These are slower than using native cross compiler setups but can
> ---
--
Alex Bennée
prev parent reply other threads:[~2021-11-04 17:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-03 17:13 [RFC PATCH] tests/docker: force NOUSER=1 for base images Alex Bennée
2021-11-03 18:29 ` Philippe Mathieu-Daudé
2021-11-04 17:44 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878ry3izhm.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
--cc=willianr@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).