diff --git a/docker/.bash_aliases b/docker/.bash_aliases new file mode 100644 index 0000000..732bcf9 --- /dev/null +++ b/docker/.bash_aliases @@ -0,0 +1,3 @@ +# Hijack this file to set this PS1, visually indicating to the user that we are running the docker container + +PS1="\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[1;35m\]<$IMAGE_NAME>\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ " diff --git a/docker/Dockerfile b/docker/Dockerfile index 0b85581..cacbb44 100755 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,47 +1,39 @@ -FROM ubuntu:17.04 +FROM rustlang/rust:nightly -ENV USER user -ARG LOCAL_UID=local -ARG LOCAL_GID=local -ENV BUILD_UID=${LOCAL_UID:-9001} -ENV BUILD_GID=${LOCAL_GID:-9001} +ENV IMAGE_NAME=redox-os-docker -RUN apt-get update \ - && apt-get install -y dirmngr git gosu gcc fuse nasm qemu-utils pkg-config \ - libfuse-dev make curl wget file sudo apt-transport-https autoconf flex \ - bison texinfo \ - && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA12E97F0881517F \ - && echo "deb https://static.redox-os.org/toolchain/apt/ /" >> /etc/apt/sources.list.d/redox.list \ - && apt-get update -o Dir::Etc::sourcelist="redox.list" \ - && apt-get install -y x86-64-unknown-redox-newlib x86-64-unknown-redox-binutils x86-64-unknown-redox-gcc \ - && if [ $BUILD_UID != local ] && [ $BUILD_GID != local ]; then \ - groupadd -g $BUILD_GID user; \ - useradd --shell /bin/bash -u $BUILD_UID -g $BUILD_GID -o -c "" -m $USER; \ - else \ - useradd --shell /bin/bash -c "" -m $USER; \ - fi \ - && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password +RUN set -ex; \ + apt-get update; \ + apt-get install -q -y --no-install-recommends \ + apt-transport-https \ + bison \ + flex \ + fuse \ + gosu \ + libfuse-dev \ + nasm \ + qemu-utils \ + sudo \ + texinfo \ + git \ + ; \ + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA12E97F0881517F; \ + echo "deb https://static.redox-os.org/toolchain/apt/ /" >> \ + /etc/apt/sources.list.d/redox.list; \ + apt-get update -o Dir::Etc::sourcelist="redox.list"; \ + apt-get install -q -y --no-install-recommends \ + x86-64-unknown-redox-newlib \ + x86-64-unknown-redox-binutils \ + x86-64-unknown-redox-gcc \ + ; \ + cargo install xargo; \ + cargo install cargo-config; \ + apt-get autoremove -q -y; \ + apt-get clean -q -y; \ + rm -rf /var/lib/apt/lists/* -COPY entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh +COPY entrypoint.sh /usr/local/bin/ +COPY .bash_aliases /etc/skel/ -USER $USER -ENV HOME /home/$USER -ENV PATH $HOME/.cargo/bin:$PATH -ENV SRC_PATH $HOME/src -WORKDIR $HOME -RUN curl https://sh.rustup.rs > sh.rustup.rs \ - && sh sh.rustup.rs -y \ - && rustup update \ - && rustup component add rust-src \ - && rustup default nightly \ - && curl -O https://ftp.gnu.org/gnu/automake/automake-1.15.1.tar.gz \ - && tar -xvpf automake-1.15.1.tar.gz; cd automake-1.15.1; ./configure; make; sudo make install; cd .. \ - && cargo install xargo \ - && cargo install cargo-config \ - && mkdir -p $SRC_PATH - -WORKDIR $SRC_PATH -USER root - -ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +ENTRYPOINT ["bash", "/usr/local/bin/entrypoint.sh"] +CMD ["/bin/bash"] diff --git a/docker/README.md b/docker/README.md index 4d9ad93..5e76b15 100644 --- a/docker/README.md +++ b/docker/README.md @@ -12,15 +12,10 @@ git clone https://github.com/redox-os/redox.git ; cd redox ``` ### Build the container -This will prepare an Ubuntu 17.04 docker image with the required -dependencies and the pre-built toolchain. As long as you rely on this particular -dependencies and toolchain versions, you don't need to rebuild the container. -#### Linux -```shell -docker build --build-arg LOCAL_UID="$(id -u)" --build-arg LOCAL_GID="$(id -g)" \ - -t redox docker/ -``` -#### MacOS +This will prepare a docker image with the required dependencies and +the pre-built toolchain. As long as you rely on this particular +dependencies and toolchain versions, you don't need to rebuild the +container. ```shell docker build -t redox docker/ ``` @@ -34,12 +29,12 @@ git pull --rebase --recurse-submodules && git submodule sync \ ``` ### Run the container to build Redox -#### Linux without security modules ```shell docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \ -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ - -v redox-"$(id -u)"-"$(id -g)"-cargo:/home/user/.cargo \ - -v "$(pwd):/home/user/src" --rm redox make fetch all + -v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \ + -v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \ + -v "$(pwd):$(pwd)" -w "$(pwd)" --rm redox make fetch all ``` #### Linux with security modules
Add the following options depending on the security modules activated on your system: @@ -53,23 +48,24 @@ Ex.: for a SELinux only system such as Fedora or CentOS docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \ -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ --security-opt label=disable \ - -v redox-"$(id -u)"-"$(id -g)"-cargo:/home/user/.cargo \ - -v "$(pwd):/home/user/src" --rm redox make fetch all + -v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \ + -v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \ + -v "$(pwd):$(pwd)" -w "$(pwd)" --rm redox make fetch all ``` -#### MacOS +### Run the container interactively ```shell docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \ - -v redox-cargo:/home/user/.cargo \ - -v "$(pwd):/home/user/src" --rm redox make fetch all + -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \ + -v redox-"$(id -u)-$(id -g)"-cargo:/usr/local/cargo \ + -v redox-"$(id -u)-$(id -g)"-rustup:/usr/local/rustup \ + -v "$(pwd):$(pwd)" -w "$(pwd)" --rm -it redox ``` +#### Demo +![Image of Usage](interactive_demo.gif) + ### Clear the named volume containing the cargo cache -#### Linux ```shell -docker volume rm redox-"$(id -u)"-"$(id -g)"-cargo -``` - -#### MacOS -```shell -docker volume rm redox-cargo +docker volume rm redox-"$(id -u)-$(id -g)"-cargo \ + redox-"$(id -u)-$(id -g)"-rustup ``` diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index d47300e..c893b72 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,18 +1,29 @@ #!/usr/bin/env bash -# Use -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" -# on the docker run command line if the container build user is different -# from the run user +# Add local user +# Either use LOCAL_UID and LOCAL_GID if passed in at runtime via +# -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" or fallback +USER_NAME=redox +RUN_UID=${LOCAL_UID:-9001} +RUN_GID=${LOCAL_GID:-9001} -CONT_UID=`id -u user` -CONT_GID=`id -g user` -RUN_UID=${LOCAL_UID:-$CONT_UID} -RUN_GID=${LOCAL_GID:-$CONT_GID} +groupadd --non-unique --gid $RUN_GID $USER_NAME +useradd --non-unique --create-home --uid $RUN_UID --gid $USER_NAME --groups sudo $USER_NAME -if [ $RUN_UID != $CONT_UID ] || [ $RUN_GID != $CONT_GID ]; then +echo "$USER_NAME ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/user-no-sudo-password + +export HOME=/home/$USER_NAME + +# Check current UID and GID of files in the named volume caches for +# cargo and rustup. Test only one of the top level folders to speed +# things up. +TESTFILE=$RUSTUP_HOME/settings.toml +CACHED_UID=$(stat -c "%u" $TESTFILE) +CACHED_GID=$(stat -c "%g" $TESTFILE) + +if [ $CACHED_UID != $RUN_UID ] || [ $RUN_GID != $CACHED_GID ]; then echo -e "\033[01;38;5;155mChanging user id:group to ${RUN_UID}:${RUN_GID}. Please wait...\033[0m" - groupmod -g $RUN_GID user - usermod -u $RUN_UID -g $RUN_GID user + chown $RUN_UID:$RUN_GID -R $CARGO_HOME $RUSTUP_HOME fi -exec gosu user:user "$@" +exec gosu $USER_NAME "$@" diff --git a/docker/interactive_demo.gif b/docker/interactive_demo.gif new file mode 100644 index 0000000..3d31594 Binary files /dev/null and b/docker/interactive_demo.gif differ