mirror of https://github.com/thesofproject/sof.git
zephyr/docker: move exec_as_sof_uid() to new sudo-cwd.sh
Besides making things more obvious, the important functional change is that the user switch is now performed for _every_ invoked, command, not just for the build command. Signed-off-by: Marc Herbert <marc.herbert@intel.com>
This commit is contained in:
parent
76e35fbec2
commit
027be98371
|
@ -0,0 +1,73 @@
|
|||
#!/bin/sh
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
# Copyright(c) 2022 Intel Corporation. All rights reserved.
|
||||
|
||||
# This is a "brute force" solution to filesystem permission issues:
|
||||
#
|
||||
# If the current user does not own the current directory then this
|
||||
# wrapper script switches to the user who does own the current directory
|
||||
# before running the given command.
|
||||
|
||||
# If no user owns the current directory, a user who does gets created
|
||||
# first!
|
||||
|
||||
# The main use case is to run this first thing inside a container to
|
||||
# solve file ownership mismatches.
|
||||
|
||||
# `docker run --user=$(id -un) ...` achieves something very similar
|
||||
# without any code except the resulting user many not exist inside the
|
||||
# container. Some commands may not like that.
|
||||
#
|
||||
# To understand more about the Docker problem solved here take a look at
|
||||
# https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee
|
||||
# and many other similar questions.
|
||||
|
||||
# TODO: replace sudo with gosu?
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
# TODO: rename the "sof_" bits
|
||||
|
||||
main()
|
||||
{
|
||||
sof_uid="$(stat --printf='%u' .)"
|
||||
local current_uid; current_uid="$(id -u)"
|
||||
if test "$current_uid" = "$sof_uid"; then
|
||||
exec "$@"
|
||||
else
|
||||
exec_as_sof_uid "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
exec_as_sof_uid()
|
||||
{
|
||||
# Add new container user matching the host user owning the SOF
|
||||
# checkout
|
||||
local sof_user; sof_user="$(id "$sof_uid")" || {
|
||||
sof_user=sof_zephyr_docker_builder
|
||||
|
||||
local sof_guid; sof_guid="$(stat --printf='%g' .)"
|
||||
|
||||
getent group "$sof_guid" ||
|
||||
sudo groupadd -g "$sof_guid" sof_zephyr_docker_group
|
||||
|
||||
sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user"
|
||||
|
||||
local current_user; current_user="$(id -un)"
|
||||
|
||||
# Copy sudo permissions just in case the build needs it
|
||||
sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" |
|
||||
sudo tee -a /etc/sudoers.d/"$sof_user"
|
||||
sudo chmod --reference=/etc/sudoers.d/"$current_user" \
|
||||
/etc/sudoers.d/"$sof_user"
|
||||
}
|
||||
|
||||
# Double sudo to work around some funny restriction in
|
||||
# zephyr-build:/etc/sudoers: 'user' can do anything but... only as
|
||||
# root.
|
||||
sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$@"
|
||||
exit "$?"
|
||||
}
|
||||
|
||||
main "$@"
|
|
@ -20,49 +20,8 @@ PATH="$PATH":/opt/sparse/bin
|
|||
command -v sparse || true
|
||||
: REAL_CC="$REAL_CC"
|
||||
|
||||
# See https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee + many others
|
||||
exec_as_sof_uid()
|
||||
{
|
||||
local sof_uid; sof_uid="$(stat --printf='%u' .)"
|
||||
local current_uid; current_uid="$(id -u)"
|
||||
if test "$current_uid" = "$sof_uid"; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
# Add new container user matching the host user owning the SOF
|
||||
# checkout
|
||||
local sof_user; sof_user="$(id "$sof_uid")" || {
|
||||
sof_user=sof_zephyr_docker_builder
|
||||
|
||||
local sof_guid; sof_guid="$(stat --printf='%g' .)"
|
||||
|
||||
getent group "$sof_guid" ||
|
||||
sudo groupadd -g "$sof_guid" sof_zephyr_docker_group
|
||||
|
||||
sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user"
|
||||
|
||||
local current_user; current_user="$(id -un)"
|
||||
|
||||
# Copy sudo permissions just in case the build needs it
|
||||
sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" |
|
||||
sudo tee -a /etc/sudoers.d/"$sof_user"
|
||||
sudo chmod --reference=/etc/sudoers.d/"$current_user" \
|
||||
/etc/sudoers.d/"$sof_user"
|
||||
}
|
||||
|
||||
# Safety delay: slower infinite loops are much better
|
||||
sleep 0.5
|
||||
|
||||
# Double sudo to work around some funny restriction in
|
||||
# zephyr-build:/etc/sudoers: 'user' can do anything but... only as
|
||||
# root.
|
||||
sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$0" "$@"
|
||||
exit "$?"
|
||||
}
|
||||
|
||||
exec_as_sof_uid "$@"
|
||||
|
||||
# Work in progress: move more code to a function
|
||||
# TODO: move all code to a function
|
||||
# https://github.com/thesofproject/sof-test/issues/740
|
||||
|
||||
# As of container version 0.18.4,
|
||||
|
|
|
@ -55,7 +55,7 @@ main()
|
|||
$SOF_DOCKER_RUN \
|
||||
--env REAL_CC \
|
||||
ghcr.io/zephyrproject-rtos/zephyr-build:latest \
|
||||
"$@"
|
||||
./sof/scripts/sudo-cwd.sh "$@"
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
|
Loading…
Reference in New Issue