docker: Switch to official Rust image as base and rework
1. Use the official Rust nightly docker image as base
2. Remove hardcoded user
3. Use named volumes to cache .rustup and .cargo toolchain folders
- Changing file permissions to user (chown) only needed on first launch
4. Cleanup apt folders after installing
5. Make bash the default fallback command
6. README.md: Unify workflows for Linux and MacOS
This commit is contained in:
Andre Richter
parent
a93a63a6b7
commit
6e3c76ea23
|
|
@ -1,47 +1,37 @@
|
|||
FROM ubuntu:17.04
|
||||
FROM rustlang/rust:nightly
|
||||
|
||||
ENV USER user
|
||||
ARG LOCAL_UID=local
|
||||
ARG LOCAL_GID=local
|
||||
ENV BUILD_UID=${LOCAL_UID:-9001}
|
||||
ENV BUILD_GID=${LOCAL_GID:-9001}
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y dirmngr git gosu gcc fuse nasm qemu-utils pkg-config \
|
||||
libfuse-dev make curl wget file sudo apt-transport-https autoconf flex \
|
||||
bison texinfo \
|
||||
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA12E97F0881517F \
|
||||
&& echo "deb https://static.redox-os.org/toolchain/apt/ /" >> /etc/apt/sources.list.d/redox.list \
|
||||
&& apt-get update -o Dir::Etc::sourcelist="redox.list" \
|
||||
&& apt-get install -y x86-64-unknown-redox-newlib x86-64-unknown-redox-binutils x86-64-unknown-redox-gcc \
|
||||
&& if [ $BUILD_UID != local ] && [ $BUILD_GID != local ]; then \
|
||||
groupadd -g $BUILD_GID user; \
|
||||
useradd --shell /bin/bash -u $BUILD_UID -g $BUILD_GID -o -c "" -m $USER; \
|
||||
else \
|
||||
useradd --shell /bin/bash -c "" -m $USER; \
|
||||
fi \
|
||||
&& echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password
|
||||
RUN set -ex; \
|
||||
apt-get update; \
|
||||
apt-get install -q -y --no-install-recommends \
|
||||
apt-transport-https \
|
||||
bison \
|
||||
flex \
|
||||
fuse \
|
||||
gosu \
|
||||
libfuse-dev \
|
||||
nasm \
|
||||
qemu-utils \
|
||||
sudo \
|
||||
texinfo \
|
||||
git \
|
||||
; \
|
||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA12E97F0881517F; \
|
||||
echo "deb https://static.redox-os.org/toolchain/apt/ /" >> \
|
||||
/etc/apt/sources.list.d/redox.list; \
|
||||
apt-get update -o Dir::Etc::sourcelist="redox.list"; \
|
||||
apt-get install -q -y --no-install-recommends \
|
||||
x86-64-unknown-redox-newlib \
|
||||
x86-64-unknown-redox-binutils \
|
||||
x86-64-unknown-redox-gcc \
|
||||
; \
|
||||
cargo install xargo; \
|
||||
cargo install cargo-config; \
|
||||
apt-get autoremove -q -y; \
|
||||
apt-get clean -q -y; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||
RUN chmod +x /usr/local/bin/entrypoint.sh
|
||||
|
||||
USER $USER
|
||||
ENV HOME /home/$USER
|
||||
ENV PATH $HOME/.cargo/bin:$PATH
|
||||
ENV SRC_PATH $HOME/src
|
||||
WORKDIR $HOME
|
||||
RUN curl https://sh.rustup.rs > sh.rustup.rs \
|
||||
&& sh sh.rustup.rs -y \
|
||||
&& rustup update \
|
||||
&& rustup component add rust-src \
|
||||
&& rustup default nightly \
|
||||
&& curl -O https://ftp.gnu.org/gnu/automake/automake-1.15.1.tar.gz \
|
||||
&& tar -xvpf automake-1.15.1.tar.gz; cd automake-1.15.1; ./configure; make; sudo make install; cd .. \
|
||||
&& cargo install xargo \
|
||||
&& cargo install cargo-config \
|
||||
&& mkdir -p $SRC_PATH
|
||||
|
||||
WORKDIR $SRC_PATH
|
||||
USER root
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
||||
CMD ["/bin/bash"]
|
||||
|
|
|
|||
|
|
@ -12,15 +12,10 @@ git clone https://github.com/redox-os/redox.git ; cd redox
|
|||
```
|
||||
|
||||
### Build the container
|
||||
This will prepare an Ubuntu 17.04 docker image with the required
|
||||
dependencies and the pre-built toolchain. As long as you rely on this particular
|
||||
dependencies and toolchain versions, you don't need to rebuild the container.
|
||||
#### Linux
|
||||
```shell
|
||||
docker build --build-arg LOCAL_UID="$(id -u)" --build-arg LOCAL_GID="$(id -g)" \
|
||||
-t redox docker/
|
||||
```
|
||||
#### MacOS
|
||||
This will prepare a docker image with the required dependencies and
|
||||
the pre-built toolchain. As long as you rely on this particular
|
||||
dependencies and toolchain versions, you don't need to rebuild the
|
||||
container.
|
||||
```shell
|
||||
docker build -t redox docker/
|
||||
```
|
||||
|
|
@ -34,12 +29,12 @@ git pull --rebase --recurse-submodules && git submodule sync \
|
|||
```
|
||||
|
||||
### Run the container to build Redox
|
||||
#### Linux without security modules
|
||||
```shell
|
||||
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
|
||||
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
|
||||
-v redox-"$(id -u)"-"$(id -g)"-cargo:/home/user/.cargo \
|
||||
-v "$(pwd):/home/user/src" --rm redox make fetch all
|
||||
-v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \
|
||||
-v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \
|
||||
-v "$(pwd):$(pwd)" -w "$(pwd)" --rm redox make fetch all
|
||||
```
|
||||
#### Linux with security modules<br>
|
||||
Add the following options depending on the security modules activated on your system:
|
||||
|
|
@ -53,23 +48,13 @@ Ex.: for a SELinux only system such as Fedora or CentOS
|
|||
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
|
||||
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
|
||||
--security-opt label=disable \
|
||||
-v redox-"$(id -u)"-"$(id -g)"-cargo:/home/user/.cargo \
|
||||
-v "$(pwd):/home/user/src" --rm redox make fetch all
|
||||
```
|
||||
#### MacOS
|
||||
```shell
|
||||
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
|
||||
-v redox-cargo:/home/user/.cargo \
|
||||
-v "$(pwd):/home/user/src" --rm redox make fetch all
|
||||
-v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \
|
||||
-v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \
|
||||
-v "$(pwd):$(pwd)" -w "$(pwd)" --rm redox make fetch all
|
||||
```
|
||||
|
||||
### Clear the named volume containing the cargo cache
|
||||
#### Linux
|
||||
```shell
|
||||
docker volume rm redox-"$(id -u)"-"$(id -g)"-cargo
|
||||
```
|
||||
|
||||
#### MacOS
|
||||
```shell
|
||||
docker volume rm redox-cargo
|
||||
docker volume rm redox-"$(id -u)-$(id -g)"-cargo \
|
||||
redox-"$(id -u)-$(id -g)"-rustup
|
||||
```
|
||||
|
|
|
|||
|
|
@ -1,18 +1,29 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Use -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)"
|
||||
# on the docker run command line if the container build user is different
|
||||
# from the run user
|
||||
# Add local user
|
||||
# Either use LOCAL_UID and LOCAL_GID if passed in at runtime via
|
||||
# -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" or fallback
|
||||
USER_NAME=redox
|
||||
RUN_UID=${LOCAL_UID:-9001}
|
||||
RUN_GID=${LOCAL_GID:-9001}
|
||||
|
||||
CONT_UID=`id -u user`
|
||||
CONT_GID=`id -g user`
|
||||
RUN_UID=${LOCAL_UID:-$CONT_UID}
|
||||
RUN_GID=${LOCAL_GID:-$CONT_GID}
|
||||
groupadd --non-unique --gid $RUN_GID $USER_NAME
|
||||
useradd --non-unique --create-home --uid $RUN_UID --gid $USER_NAME --groups sudo $USER_NAME
|
||||
|
||||
if [ $RUN_UID != $CONT_UID ] || [ $RUN_GID != $CONT_GID ]; then
|
||||
echo "$USER_NAME ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password
|
||||
|
||||
export HOME=/home/$USER_NAME
|
||||
|
||||
# Check current UID and GID of files in the named volume caches for
|
||||
# cargo and rustup. Test only one of the top level folders to speed
|
||||
# things up.
|
||||
TESTFILE=$RUSTUP_HOME/settings.toml
|
||||
CACHED_UID=$(stat -c "%u" $TESTFILE)
|
||||
CACHED_GID=$(stat -c "%g" $TESTFILE)
|
||||
|
||||
if [ $CACHED_UID != $RUN_UID ] || [ $RUN_GID != $CACHED_GID ]; then
|
||||
echo -e "\033[01;38;5;155mChanging user id:group to ${RUN_UID}:${RUN_GID}. Please wait...\033[0m"
|
||||
groupmod -g $RUN_GID user
|
||||
usermod -u $RUN_UID -g $RUN_GID user
|
||||
chown $RUN_UID:$RUN_GID -R $CARGO_HOME $RUSTUP_HOME
|
||||
fi
|
||||
|
||||
exec gosu user:user "$@"
|
||||
exec gosu $USER_NAME "$@"
|
||||
|
|
|
|||
Loading…
Reference in a new issue