Yocto build container: start as same user as caller
Signed-off-by: Thomas Klaehn <thomas.klaehn@u-blox.com>
This commit is contained in:
Thomas Klaehn
parent
6691814ab4
commit
7c533389fc
21
Dockerfile
21
Dockerfile
@ -2,18 +2,23 @@ FROM debian:jessie
|
|||||||
|
|
||||||
LABEL maintainer="thomas.klaehn@u-blox.com"
|
LABEL maintainer="thomas.klaehn@u-blox.com"
|
||||||
|
|
||||||
RUN apt-get update && \
|
RUN DEBIAN_FRONTEND=noninteractive apt-get update && \
|
||||||
apt-get install -yq sudo build-essential git python python3 man bash diffstat \
|
DEBIAN_FRONTEND=noninteractive apt-get install -yq build-essential git \
|
||||||
gawk chrpath wget cpio texinfo lzop apt-utils bc screen libncurses5-dev \
|
python python3 man bash diffstat gawk chrpath wget cpio texinfo lzop \
|
||||||
locales libc6-dev-i386 doxygen libssl-dev dos2unix unzip gcc-multilib socat \
|
apt-utils bc screen libncurses5-dev locales libc6-dev-i386 doxygen \
|
||||||
python3-pip python3-pexpect xz-utils debianutils iputils-ping libsdl1.2-dev \
|
libssl-dev dos2unix unzip gcc-multilib socat python3-pip \
|
||||||
xterm p7zip-full && \
|
python3-pexpect xz-utils debianutils iputils-ping libsdl1.2-dev \
|
||||||
|
p7zip-full vim sssd libnss-sss libpam-sss && \
|
||||||
rm -rf /var/lib/apt-lists/* && \
|
rm -rf /var/lib/apt-lists/* && \
|
||||||
echo "dash dash/sh boolean false" | debconf-set-selections && \
|
echo "dash dash/sh boolean false" | debconf-set-selections && \
|
||||||
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash && \
|
DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash && \
|
||||||
dpkg --add-architecture i386 && \
|
dpkg --add-architecture i386 && \
|
||||||
apt-get update && \
|
DEBIAN_FRONTEND=noninteractive apt-get update && \
|
||||||
apt-get -yq install g++-multilib libusb-1.0-0-dev:i386
|
DEBIAN_FRONTEND=noninteractive apt-get -yq install g++-multilib \
|
||||||
|
libusb-1.0-0-dev:i386
|
||||||
|
|
||||||
|
#RUN echo " IdentiyFile /.ssh/id_rsa" >> /etc/ssh/ssh_config
|
||||||
|
RUN echo -e "auth required pam_sss.so\naccount required pam_sss.so\npassword required pam_sss.so\nsession required pam_sss.so" > /etc/pam.d/sss_test
|
||||||
|
|
||||||
RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
|
RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
|
||||||
|
|
||||||
|
|||||||
27
README.md
Normal file
27
README.md
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# Yocto build container
|
||||||
|
|
||||||
|
A docker container used to build yocto images. It's based on Debian jessie.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
Docker needs to be installed and the docker daemon needs to run. Also the user
|
||||||
|
needs to be member of the _docker_ group.
|
||||||
|
|
||||||
|
```sh
|
||||||
|
adduser <username> docker
|
||||||
|
```
|
||||||
|
|
||||||
|
## Build the container
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker build -t "<name>:<tag>" .
|
||||||
|
```
|
||||||
|
|
||||||
|
## Run the container
|
||||||
|
|
||||||
|
Run from HOME directory:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
docker run -it --rm -v=/var/lib/sss/pipes/:/var/lib/sss/pipes/:rw -v $(pwd):$(pwd) -w $(pwd) -u $(id -u $USER):$(id -g $USER) <name>:<tag> /bin/bash
|
||||||
|
```
|
||||||
|
|
||||||
48
init.sh
48
init.sh
@ -1,30 +1,22 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
now="$(date +%s >&1)"
|
uid=$(id -u $USER)
|
||||||
username=builduser_${now}
|
|
||||||
usergroup=buildgroup_${now}
|
|
||||||
builddir=$(pwd)
|
|
||||||
homedir=/home/${username}
|
|
||||||
sshdir=${homedir}/.ssh
|
|
||||||
|
|
||||||
# Figure out the uid/gid we need to use by integrating the path that has
|
if [ ${uid} -lt 100 ]
|
||||||
# been bind mounted in. This is then used for the builduser.
|
then
|
||||||
BUILD_UID=$(stat --printf=%u ${builddir} 2> /dev/null)
|
echo "Usage of system users isn't allowed (${uid})."
|
||||||
BUILD_GID=$(stat --printf=%g ${builddir} 2> /dev/null)
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# Add docker container group/user.
|
if [[ ! $(pwd) == /home/* ]]
|
||||||
groupadd --gid ${BUILD_GID} --non-unique ${usergroup}
|
then
|
||||||
useradd -s /bin/bash --home ${homedir} --non-unique --uid ${BUILD_UID} \
|
echo "Only run it from any '/home/*' folder, not '$(pwd)'."
|
||||||
--gid ${BUILD_GID} --groups sudo ${username}
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
# Give users in the sudo group sudo access in the container.
|
USERNAME=$(whoami | sed -e 's/@.*$//')
|
||||||
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
HOME=/home/$USERNAME
|
||||||
|
HOSTNAME=oe
|
||||||
# Copy ssh key files.
|
|
||||||
mkdir -p ${homedir}
|
|
||||||
mkdir -p ${sshdir}
|
|
||||||
cp /var/ssh/* ${sshdir}/
|
|
||||||
chown -R ${username}:${usergroup} ${homedir}
|
|
||||||
|
|
||||||
# Determine parallel build capabilities.
|
# Determine parallel build capabilities.
|
||||||
parallel_build="$(nproc >&1)"
|
parallel_build="$(nproc >&1)"
|
||||||
@ -32,14 +24,18 @@ parallel_build="$(nproc >&1)"
|
|||||||
if [ ${parallel_build} -gt 20 ]
|
if [ ${parallel_build} -gt 20 ]
|
||||||
then
|
then
|
||||||
BB_NUMBER_THREADS=20
|
BB_NUMBER_THREADS=20
|
||||||
PARALLEL_MAKE=20
|
PARALLEL_MAKE="-j 20"
|
||||||
else
|
else
|
||||||
BB_NUMBER_THREADS=${parallel_build}
|
BB_NUMBER_THREADS=${parallel_build}
|
||||||
PARALLEL_MAKE=${parallel_build}
|
PARALLEL_MAKE="-j "${parallel_build}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
BB_ENV_EXTRAWHITE="BB_NUMBER_THREADS PARALLEL_MAKE BB_NUMBER_PARSE_THREADS"
|
||||||
|
|
||||||
export BB_NUMBER_THREADS
|
export BB_NUMBER_THREADS
|
||||||
export PARALLEL_MAKE
|
export PARALLEL_MAKE
|
||||||
|
export BB_ENV_EXTRAWHITE
|
||||||
|
export HOME
|
||||||
|
export HOSTNAME
|
||||||
|
|
||||||
# Execute CMD
|
exec "$@"
|
||||||
su ${username} -c "$@"
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user