mirror of https://github.com/thesofproject/sof.git
zephyr/docker: move exec_as_sof_uid() to new sudo-cwd.sh
Besides making things more obvious, the important functional change is that the user switch is now performed for _every_ invoked, command, not just for the build command. Signed-off-by: Marc Herbert <marc.herbert@intel.com>
This commit is contained in:
parent
76e35fbec2
commit
027be98371
|
@ -0,0 +1,73 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
|
# Copyright(c) 2022 Intel Corporation. All rights reserved.
|
||||||
|
|
||||||
|
# This is a "brute force" solution to filesystem permission issues:
|
||||||
|
#
|
||||||
|
# If the current user does not own the current directory then this
|
||||||
|
# wrapper script switches to the user who does own the current directory
|
||||||
|
# before running the given command.
|
||||||
|
|
||||||
|
# If no user owns the current directory, a user who does gets created
|
||||||
|
# first!
|
||||||
|
|
||||||
|
# The main use case is to run this first thing inside a container to
|
||||||
|
# solve file ownership mismatches.
|
||||||
|
|
||||||
|
# `docker run --user=$(id -un) ...` achieves something very similar
|
||||||
|
# without any code except the resulting user many not exist inside the
|
||||||
|
# container. Some commands may not like that.
|
||||||
|
#
|
||||||
|
# To understand more about the Docker problem solved here take a look at
|
||||||
|
# https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee
|
||||||
|
# and many other similar questions.
|
||||||
|
|
||||||
|
# TODO: replace sudo with gosu?
|
||||||
|
|
||||||
|
set -e
|
||||||
|
set -x
|
||||||
|
|
||||||
|
# TODO: rename the "sof_" bits
|
||||||
|
|
||||||
|
main()
|
||||||
|
{
|
||||||
|
sof_uid="$(stat --printf='%u' .)"
|
||||||
|
local current_uid; current_uid="$(id -u)"
|
||||||
|
if test "$current_uid" = "$sof_uid"; then
|
||||||
|
exec "$@"
|
||||||
|
else
|
||||||
|
exec_as_sof_uid "$@"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
exec_as_sof_uid()
|
||||||
|
{
|
||||||
|
# Add new container user matching the host user owning the SOF
|
||||||
|
# checkout
|
||||||
|
local sof_user; sof_user="$(id "$sof_uid")" || {
|
||||||
|
sof_user=sof_zephyr_docker_builder
|
||||||
|
|
||||||
|
local sof_guid; sof_guid="$(stat --printf='%g' .)"
|
||||||
|
|
||||||
|
getent group "$sof_guid" ||
|
||||||
|
sudo groupadd -g "$sof_guid" sof_zephyr_docker_group
|
||||||
|
|
||||||
|
sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user"
|
||||||
|
|
||||||
|
local current_user; current_user="$(id -un)"
|
||||||
|
|
||||||
|
# Copy sudo permissions just in case the build needs it
|
||||||
|
sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" |
|
||||||
|
sudo tee -a /etc/sudoers.d/"$sof_user"
|
||||||
|
sudo chmod --reference=/etc/sudoers.d/"$current_user" \
|
||||||
|
/etc/sudoers.d/"$sof_user"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Double sudo to work around some funny restriction in
|
||||||
|
# zephyr-build:/etc/sudoers: 'user' can do anything but... only as
|
||||||
|
# root.
|
||||||
|
sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$@"
|
||||||
|
exit "$?"
|
||||||
|
}
|
||||||
|
|
||||||
|
main "$@"
|
|
@ -20,49 +20,8 @@ PATH="$PATH":/opt/sparse/bin
|
||||||
command -v sparse || true
|
command -v sparse || true
|
||||||
: REAL_CC="$REAL_CC"
|
: REAL_CC="$REAL_CC"
|
||||||
|
|
||||||
# See https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee + many others
|
|
||||||
exec_as_sof_uid()
|
|
||||||
{
|
|
||||||
local sof_uid; sof_uid="$(stat --printf='%u' .)"
|
|
||||||
local current_uid; current_uid="$(id -u)"
|
|
||||||
if test "$current_uid" = "$sof_uid"; then
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Add new container user matching the host user owning the SOF
|
# TODO: move all code to a function
|
||||||
# checkout
|
|
||||||
local sof_user; sof_user="$(id "$sof_uid")" || {
|
|
||||||
sof_user=sof_zephyr_docker_builder
|
|
||||||
|
|
||||||
local sof_guid; sof_guid="$(stat --printf='%g' .)"
|
|
||||||
|
|
||||||
getent group "$sof_guid" ||
|
|
||||||
sudo groupadd -g "$sof_guid" sof_zephyr_docker_group
|
|
||||||
|
|
||||||
sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user"
|
|
||||||
|
|
||||||
local current_user; current_user="$(id -un)"
|
|
||||||
|
|
||||||
# Copy sudo permissions just in case the build needs it
|
|
||||||
sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" |
|
|
||||||
sudo tee -a /etc/sudoers.d/"$sof_user"
|
|
||||||
sudo chmod --reference=/etc/sudoers.d/"$current_user" \
|
|
||||||
/etc/sudoers.d/"$sof_user"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Safety delay: slower infinite loops are much better
|
|
||||||
sleep 0.5
|
|
||||||
|
|
||||||
# Double sudo to work around some funny restriction in
|
|
||||||
# zephyr-build:/etc/sudoers: 'user' can do anything but... only as
|
|
||||||
# root.
|
|
||||||
sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$0" "$@"
|
|
||||||
exit "$?"
|
|
||||||
}
|
|
||||||
|
|
||||||
exec_as_sof_uid "$@"
|
|
||||||
|
|
||||||
# Work in progress: move more code to a function
|
|
||||||
# https://github.com/thesofproject/sof-test/issues/740
|
# https://github.com/thesofproject/sof-test/issues/740
|
||||||
|
|
||||||
# As of container version 0.18.4,
|
# As of container version 0.18.4,
|
||||||
|
|
|
@ -55,7 +55,7 @@ main()
|
||||||
$SOF_DOCKER_RUN \
|
$SOF_DOCKER_RUN \
|
||||||
--env REAL_CC \
|
--env REAL_CC \
|
||||||
ghcr.io/zephyrproject-rtos/zephyr-build:latest \
|
ghcr.io/zephyrproject-rtos/zephyr-build:latest \
|
||||||
"$@"
|
./sof/scripts/sudo-cwd.sh "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
main "$@"
|
main "$@"
|
||||||
|
|
Loading…
Reference in New Issue