vinzenz/redox
0
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

docker: Switch to official Rust image as base and rework

Browse source 
1. Use the official Rust nightly docker image as base
2. Remove hardcoded user
3. Use named volumes to cache .rustup and .cargo toolchain folders
    - Changing file permissions to user (chown) only needed on first launch
4. Cleanup apt folders after installing
5. Make bash the default fallback command
6. README.md: Unify workflows for Linux and MacOS
This commit is contained in:
Andre Richter 2017-09-02 21:51:46 +02:00
parent a93a63a6b7
commit 6e3c76ea23
No known key found for this signature in database
GPG key ID: 2116C1AB102F615E
3 changed files with 65 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
docker/Dockerfile
View file

@ -1,47 +1,37 @@
FROM ubuntu:17.04 FROM rustlang/rust:nightly
ENV USER user RUN set -ex; \
ARG LOCAL_UID=local apt-get update; \
ARG LOCAL_GID=local apt-get install -q -y --no-install-recommends \
ENV BUILD_UID=${LOCAL_UID:-9001} apt-transport-https \
ENV BUILD_GID=${LOCAL_GID:-9001} bison \
flex \
RUN apt-get update \ fuse \
&& apt-get install -y dirmngr git gosu gcc fuse nasm qemu-utils pkg-config \ gosu \
libfuse-dev make curl wget file sudo apt-transport-https autoconf flex \ libfuse-dev \
bison texinfo \ nasm \
&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA12E97F0881517F \ qemu-utils \
&& echo "deb https://static.redox-os.org/toolchain/apt/ /" >> /etc/apt/sources.list.d/redox.list \ sudo \
&& apt-get update -o Dir::Etc::sourcelist="redox.list" \ texinfo \
&& apt-get install -y x86-64-unknown-redox-newlib x86-64-unknown-redox-binutils x86-64-unknown-redox-gcc \ git \
&& if [ $BUILD_UID != local ] && [ $BUILD_GID != local ]; then \ ; \
groupadd -g $BUILD_GID user; \ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA12E97F0881517F; \
useradd --shell /bin/bash -u $BUILD_UID -g $BUILD_GID -o -c "" -m $USER; \ echo "deb https://static.redox-os.org/toolchain/apt/ /" >> \
else \ /etc/apt/sources.list.d/redox.list; \
useradd --shell /bin/bash -c "" -m $USER; \ apt-get update -o Dir::Etc::sourcelist="redox.list"; \
fi \ apt-get install -q -y --no-install-recommends \
&& echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password x86-64-unknown-redox-newlib \
x86-64-unknown-redox-binutils \
x86-64-unknown-redox-gcc \
; \
cargo install xargo; \
cargo install cargo-config; \
apt-get autoremove -q -y; \
apt-get clean -q -y; \
rm -rf /var/lib/apt/lists/*
COPY entrypoint.sh /usr/local/bin/entrypoint.sh COPY entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh RUN chmod +x /usr/local/bin/entrypoint.sh
USER $USER
ENV HOME /home/$USER
ENV PATH $HOME/.cargo/bin:$PATH
ENV SRC_PATH $HOME/src
WORKDIR $HOME
RUN curl https://sh.rustup.rs > sh.rustup.rs \
&& sh sh.rustup.rs -y \
&& rustup update \
&& rustup component add rust-src \
&& rustup default nightly \
&& curl -O https://ftp.gnu.org/gnu/automake/automake-1.15.1.tar.gz \
&& tar -xvpf automake-1.15.1.tar.gz; cd automake-1.15.1; ./configure; make; sudo make install; cd .. \
&& cargo install xargo \
&& cargo install cargo-config \
&& mkdir -p $SRC_PATH
WORKDIR $SRC_PATH
USER root
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["/bin/bash"]

39
docker/README.md
View file

@ -12,15 +12,10 @@ git clone https://github.com/redox-os/redox.git ; cd redox
``` ```
### Build the container ### Build the container
This will prepare an Ubuntu 17.04 docker image with the required This will prepare a docker image with the required dependencies and
dependencies and the pre-built toolchain. As long as you rely on this particular the pre-built toolchain. As long as you rely on this particular
dependencies and toolchain versions, you don't need to rebuild the container. dependencies and toolchain versions, you don't need to rebuild the
#### Linux container.
```shell
docker build --build-arg LOCAL_UID="$(id -u)" --build-arg LOCAL_GID="$(id -g)" \
-t redox docker/
```
#### MacOS
```shell ```shell
docker build -t redox docker/ docker build -t redox docker/
``` ```
@ -34,12 +29,12 @@ git pull --rebase --recurse-submodules && git submodule sync \
``` ```
### Run the container to build Redox ### Run the container to build Redox
#### Linux without security modules
```shell ```shell
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \ docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
-v redox-"$(id -u)"-"$(id -g)"-cargo:/home/user/.cargo \ -v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \
-v "$(pwd):/home/user/src" --rm redox make fetch all -v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \
-v "$(pwd):$(pwd)" -w "$(pwd)" --rm redox make fetch all
``` ```
#### Linux with security modules<br> #### Linux with security modules<br>
Add the following options depending on the security modules activated on your system: Add the following options depending on the security modules activated on your system:
@ -53,23 +48,13 @@ Ex.: for a SELinux only system such as Fedora or CentOS
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \ docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
-e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
--security-opt label=disable \ --security-opt label=disable \
-v redox-"$(id -u)"-"$(id -g)"-cargo:/home/user/.cargo \ -v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \
-v "$(pwd):/home/user/src" --rm redox make fetch all -v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \
``` -v "$(pwd):$(pwd)" -w "$(pwd)" --rm redox make fetch all
#### MacOS
```shell
docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
-v redox-cargo:/home/user/.cargo \
-v "$(pwd):/home/user/src" --rm redox make fetch all
``` ```
### Clear the named volume containing the cargo cache ### Clear the named volume containing the cargo cache
#### Linux
```shell ```shell
docker volume rm redox-"$(id -u)"-"$(id -g)"-cargo docker volume rm redox-"$(id -u)-$(id -g)"-cargo \
``` redox-"$(id -u)-$(id -g)"-rustup
#### MacOS
```shell
docker volume rm redox-cargo
``` ```

33
docker/entrypoint.sh
View file

@ -1,18 +1,29 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Use -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" # Add local user
# on the docker run command line if the container build user is different # Either use LOCAL_UID and LOCAL_GID if passed in at runtime via
# from the run user # -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" or fallback
USER_NAME=redox
RUN_UID=${LOCAL_UID:-9001}
RUN_GID=${LOCAL_GID:-9001}
CONT_UID=`id -u user` groupadd --non-unique --gid $RUN_GID $USER_NAME
CONT_GID=`id -g user` useradd --non-unique --create-home --uid $RUN_UID --gid $USER_NAME --groups sudo $USER_NAME
RUN_UID=${LOCAL_UID:-$CONT_UID}
RUN_GID=${LOCAL_GID:-$CONT_GID}
if [ $RUN_UID != $CONT_UID ] || [ $RUN_GID != $CONT_GID ]; then echo "$USER_NAME ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password
export HOME=/home/$USER_NAME
# Check current UID and GID of files in the named volume caches for
# cargo and rustup. Test only one of the top level folders to speed
# things up.
TESTFILE=$RUSTUP_HOME/settings.toml
CACHED_UID=$(stat -c "%u" $TESTFILE)
CACHED_GID=$(stat -c "%g" $TESTFILE)
if [ $CACHED_UID != $RUN_UID ] || [ $RUN_GID != $CACHED_GID ]; then
echo -e "\033[01;38;5;155mChanging user id:group to ${RUN_UID}:${RUN_GID}. Please wait...\033[0m" echo -e "\033[01;38;5;155mChanging user id:group to ${RUN_UID}:${RUN_GID}. Please wait...\033[0m"
groupmod -g $RUN_GID user chown $RUN_UID:$RUN_GID -R $CARGO_HOME $RUSTUP_HOME
usermod -u $RUN_UID -g $RUN_GID user
fi fi
exec gosu user:user "$@" exec gosu $USER_NAME "$@"