From 027be9837173444c6c92d5b331a3c75a0769c7bf Mon Sep 17 00:00:00 2001
From: Marc Herbert <marc.herbert@intel.com>
Date: Wed, 5 Oct 2022 22:09:31 -0700
Subject: [PATCH] zephyr/docker: move exec_as_sof_uid() to new sudo-cwd.sh

Besides making things more obvious, the important functional change is
that the user switch is now performed for _every_ invoked, command, not
just for the build command.

Signed-off-by: Marc Herbert <marc.herbert@intel.com>
---
 scripts/sudo-cwd.sh    | 73 ++++++++++++++++++++++++++++++++++++++++++
 zephyr/docker-build.sh | 43 +------------------------
 zephyr/docker-run.sh   |  2 +-
 3 files changed, 75 insertions(+), 43 deletions(-)
 create mode 100755 scripts/sudo-cwd.sh

diff --git a/scripts/sudo-cwd.sh b/scripts/sudo-cwd.sh
new file mode 100755
index 000000000..c8499fbf0
--- /dev/null
+++ b/scripts/sudo-cwd.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright(c) 2022 Intel Corporation. All rights reserved.
+
+# This is a "brute force" solution to filesystem permission issues:
+#
+# If the current user does not own the current directory then this
+# wrapper script switches to the user who does own the current directory
+# before running the given command.
+
+# If no user owns the current directory, a user who does gets created
+# first!
+
+# The main use case is to run this first thing inside a container to
+# solve file ownership mismatches.
+
+# `docker run --user=$(id -un) ...` achieves something very similar
+# without any code except the resulting user many not exist inside the
+# container. Some commands may not like that.
+#
+# To understand more about the Docker problem solved here take a look at
+# https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee
+# and many other similar questions.
+
+# TODO: replace sudo with gosu?
+
+set -e
+set -x
+
+# TODO: rename the "sof_" bits
+
+main()
+{
+    sof_uid="$(stat --printf='%u' .)"
+    local current_uid; current_uid="$(id -u)"
+    if test "$current_uid" = "$sof_uid"; then
+        exec "$@"
+    else
+        exec_as_sof_uid "$@"
+    fi
+}
+
+exec_as_sof_uid()
+{
+    # Add new container user matching the host user owning the SOF
+    # checkout
+    local sof_user; sof_user="$(id "$sof_uid")" || {
+        sof_user=sof_zephyr_docker_builder
+
+        local sof_guid; sof_guid="$(stat --printf='%g' .)"
+
+        getent group "$sof_guid" ||
+            sudo groupadd -g  "$sof_guid" sof_zephyr_docker_group
+
+        sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user"
+
+        local current_user; current_user="$(id -un)"
+
+        # Copy sudo permissions just in case the build needs it
+        sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" |
+            sudo tee -a /etc/sudoers.d/"$sof_user"
+        sudo chmod --reference=/etc/sudoers.d/"$current_user" \
+             /etc/sudoers.d/"$sof_user"
+    }
+
+    # Double sudo to work around some funny restriction in
+    # zephyr-build:/etc/sudoers: 'user' can do anything but... only as
+    # root.
+    sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$@"
+    exit "$?"
+}
+
+main "$@"
diff --git a/zephyr/docker-build.sh b/zephyr/docker-build.sh
index a612a9ac0..02aada258 100755
--- a/zephyr/docker-build.sh
+++ b/zephyr/docker-build.sh
@@ -20,49 +20,8 @@ PATH="$PATH":/opt/sparse/bin
 command -v sparse  || true
 : REAL_CC="$REAL_CC"
 
-# See https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee + many others
-exec_as_sof_uid()
-{
-    local sof_uid; sof_uid="$(stat --printf='%u' .)"
-    local current_uid; current_uid="$(id -u)"
-    if test "$current_uid" = "$sof_uid"; then
-        return 0
-    fi
 
-    # Add new container user matching the host user owning the SOF
-    # checkout
-    local sof_user; sof_user="$(id "$sof_uid")" || {
-        sof_user=sof_zephyr_docker_builder
-
-        local sof_guid; sof_guid="$(stat --printf='%g' .)"
-
-        getent group "$sof_guid" ||
-            sudo groupadd -g  "$sof_guid" sof_zephyr_docker_group
-
-        sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user"
-
-        local current_user; current_user="$(id -un)"
-
-        # Copy sudo permissions just in case the build needs it
-        sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" |
-            sudo tee -a /etc/sudoers.d/"$sof_user"
-        sudo chmod --reference=/etc/sudoers.d/"$current_user" \
-             /etc/sudoers.d/"$sof_user"
-    }
-
-    # Safety delay: slower infinite loops are much better
-    sleep 0.5
-
-    # Double sudo to work around some funny restriction in
-    # zephyr-build:/etc/sudoers: 'user' can do anything but... only as
-    # root.
-    sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$0" "$@"
-    exit "$?"
-}
-
-exec_as_sof_uid "$@"
-
-# Work in progress: move more code to a function
+# TODO: move all code to a function
 # https://github.com/thesofproject/sof-test/issues/740
 
 # As of container version 0.18.4,
diff --git a/zephyr/docker-run.sh b/zephyr/docker-run.sh
index 6d9a382f8..26dbd1fdc 100755
--- a/zephyr/docker-run.sh
+++ b/zephyr/docker-run.sh
@@ -55,7 +55,7 @@ main()
            $SOF_DOCKER_RUN \
            --env REAL_CC \
            ghcr.io/zephyrproject-rtos/zephyr-build:latest \
-           "$@"
+           ./sof/scripts/sudo-cwd.sh "$@"
 }
 
 main "$@"