From patchwork Fri Feb 24 06:32:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Fam Zheng X-Patchwork-Id: 94416 Delivered-To: patch@linaro.org Received: by 10.140.20.99 with SMTP id 90csp557031qgi; Thu, 23 Feb 2017 22:34:18 -0800 (PST) X-Received: by 10.55.2.81 with SMTP id 78mr975500qkc.321.1487918058585; Thu, 23 Feb 2017 22:34:18 -0800 (PST) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id z35si4993819qkg.163.2017.02.23.22.34.18 for (version=TLS1 cipher=AES128-SHA bits=128/128); Thu, 23 Feb 2017 22:34:18 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Received: from localhost ([::1]:35002 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ch9SK-0001kP-Af for patch@linaro.org; Fri, 24 Feb 2017 01:34:16 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44261) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ch9QL-0008ED-SM for qemu-devel@nongnu.org; Fri, 24 Feb 2017 01:32:15 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ch9QK-0000Ep-R3 for qemu-devel@nongnu.org; Fri, 24 Feb 2017 01:32:13 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48272) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ch9QK-0000Eg-IK for qemu-devel@nongnu.org; Fri, 24 Feb 2017 01:32:12 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9F785C04BD4F; Fri, 24 Feb 2017 06:32:12 +0000 (UTC) Received: from lemon.redhat.com (ovpn-8-29.pek2.redhat.com [10.72.8.29]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1O6W7d4012311; Fri, 24 Feb 2017 01:32:10 -0500 From: Fam Zheng To: qemu-devel@nongnu.org Date: Fri, 24 Feb 2017 14:32:01 +0800 Message-Id: <20170224063205.2537-2-famz@redhat.com> In-Reply-To: <20170224063205.2537-1-famz@redhat.com> References: <20170224063205.2537-1-famz@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 24 Feb 2017 06:32:12 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 1/5] tests/docker: add basic user mapping support X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Alex_Benn=C3=A9e?= , Peter Maydell , Fam Zheng Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Alex Bennée Currently all docker builds are done by exporting a tarball to the docker container and running the build as the containers root user. Other use cases are possible however and it is possible to map a part of users file-system to the container. This is useful for example for doing cross-builds of arbitrary source trees. For this to work smoothly the container needs to have a user created that maps cleanly to the host system. This adds a -u option to the docker script so that: DEB_ARCH=armhf DEB_TYPE=stable ./tests/docker/docker.py build \ -u --include-executable=arm-linux-user/qemu-arm \ debian:armhf ./tests/docker/dockerfiles/debian-bootstrap.docker Will build a container that can then be run like: docker run --rm -it -v /home/alex/lsrc/qemu/risu.git/:/src \ --user=alex:alex -w /src/ debian:armhf \ sh -c "make clean && ./configure -s && make" All docker containers built will add the current user unless explicitly disabled by specifying NOUSER when invoking the Makefile: make docker-image-debian-armhf-cross NOUSER=1 Signed-off-by: Alex Bennée Reviewed-by: Fam Zheng Tested-by: Philippe Mathieu-Daudé Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20170220105139.21581-2-alex.bennee@linaro.org> Signed-off-by: Fam Zheng --- tests/docker/Makefile.include | 2 ++ tests/docker/docker.py | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) -- 2.9.3 diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 3f15d5a..3b5ffec 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -50,6 +50,7 @@ docker-image-%: $(DOCKER_FILES_DIR)/%.docker $(call quiet-command,\ $(SRC_PATH)/tests/docker/docker.py build qemu:$* $< \ $(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \ + $(if $(NOUSER),,--add-current-user) \ $(if $(EXECUTABLE),--include-executable=$(EXECUTABLE)),\ "BUILD","$*") @@ -99,6 +100,7 @@ docker: @echo ' (default is 1)' @echo ' DEBUG=1 Stop and drop to shell in the created container' @echo ' before running the command.' + @echo ' NOUSER Define to disable adding current user to containers passwd.' @echo ' NOCACHE=1 Ignore cache when build images.' @echo ' EXECUTABLE= Include executable in image.' diff --git a/tests/docker/docker.py b/tests/docker/docker.py index 37d8319..9fd32ab 100755 --- a/tests/docker/docker.py +++ b/tests/docker/docker.py @@ -25,6 +25,7 @@ import signal from tarfile import TarFile, TarInfo from StringIO import StringIO from shutil import copy, rmtree +from pwd import getpwuid DEVNULL = open(os.devnull, 'wb') @@ -149,13 +150,21 @@ class Docker(object): labels = json.loads(resp)[0]["Config"].get("Labels", {}) return labels.get("com.qemu.dockerfile-checksum", "") - def build_image(self, tag, docker_dir, dockerfile, quiet=True, argv=None): + def build_image(self, tag, docker_dir, dockerfile, + quiet=True, user=False, argv=None): if argv == None: argv = [] tmp_df = tempfile.NamedTemporaryFile(dir=docker_dir, suffix=".docker") tmp_df.write(dockerfile) + if user: + uid = os.getuid() + uname = getpwuid(uid).pw_name + tmp_df.write("\n") + tmp_df.write("RUN id %s 2>/dev/null || useradd -u %d -U %s" % + (uname, uid, uname)) + tmp_df.write("\n") tmp_df.write("LABEL com.qemu.dockerfile-checksum=%s" % _text_checksum(dockerfile)) @@ -225,6 +234,9 @@ class BuildCommand(SubCommand): help="""Specify a binary that will be copied to the container together with all its dependent libraries""") + parser.add_argument("--add-current-user", "-u", dest="user", + action="store_true", + help="Add the current user to image's passwd") parser.add_argument("tag", help="Image Tag") parser.add_argument("dockerfile", @@ -261,7 +273,7 @@ class BuildCommand(SubCommand): docker_dir) dkr.build_image(tag, docker_dir, dockerfile, - quiet=args.quiet, argv=argv) + quiet=args.quiet, user=args.user, argv=argv) rmtree(docker_dir)