[PATCH 15 of 22] dockerrpm: run docker build process as the current user, not as root
Mads Kiilerich
mads at kiilerich.com
Tue May 20 02:10:10 UTC 2014
# HG changeset patch
# User Mads Kiilerich <madski at unity3d.com>
# Date 1400551681 -7200
# Tue May 20 04:08:01 2014 +0200
# Node ID faa57fbb78d29a730fa2764fec50211dfc70c5b4
# Parent 74bca1400cea133b94089cb4297c12a6e7bd817e
dockerrpm: run docker build process as the current user, not as root
Docker can be run by ordinary users if they are in the docker group. The build
process would however be run as a root user, only protected by the sandboxing.
That caused problems with the shared directory where rpmbuild would be picky
about building from sources owned by less privileged users and producing files
owned by root.
Instead, add a build user with the right uid/gid to the image and run the
docker process as that user.
diff --git a/contrib/dockerrpm b/contrib/dockerrpm
--- a/contrib/dockerrpm
+++ b/contrib/dockerrpm
@@ -21,6 +21,11 @@ DFILE="$ROOTDIR/contrib/docker/$1"
CONTAINER="hg-rpm-$1"
-$DOCKER build --tag $CONTAINER - < $BUILDDIR/docker/$1
-$DOCKER run --rm -v $ROOTDIR:/hg $CONTAINER bash -c \
+DBUILDUSER=build
+(
+cat $DFILE
+echo RUN groupadd $DBUILDUSER -g `id -g`
+echo RUN useradd $DBUILDUSER -u `id -u` -g $DBUILDUSER
+) | $DOCKER build --tag $CONTAINER -
+$DOCKER run -u $DBUILDUSER --rm -v $ROOTDIR:/hg $CONTAINER bash -c \
"cp -a hg hg-build; cd hg-build; make clean local $1; cp build/$1/* /hg/build/$1/"
More information about the Mercurial-devel
mailing list