vinzenz/redox
0
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
redox/docker
History
fengalin 20a38979c4 Docker: allow building the container on MacOS and Linux (#1037) 
On MacOS, while building the container, `useradd` returns with code 4 (UID already in use), even with option -o. On this platform, the access rights for a volume attached to the container are translated to the container's user and group. So, there is no need to handle UID and GID compliance like we do on Linux. See this for reference: https://docs.docker.com/docker-for-mac/osxfs/

This modification allows not specifying the UID and GID while building the container, keeping the defaults for `useradd`.
2017-08-29 11:12:59 +02:00
..
Dockerfile Docker: allow building the container on MacOS and Linux (#1037) 2017-08-29 11:12:59 +02:00
entrypoint.sh Build docker container with ready to use user env 2017-07-26 00:18:27 +02:00
README.md Docker: allow building the container on MacOS and Linux (#1037) 2017-08-29 11:12:59 +02:00

README.md

Building Redox using a Docker image with the pre-built toolchain

All you need is git, make, qemu, fuse and docker. The method requires a non-privileged user able to run the docker command, which is usually achieved by adding the user to the docker group.

It's a four-steps process with variations depending on the platform.

Get the sources

git clone https://github.com/redox-os/redox.git ; cd redox

Build the container

This will prepare an Ubuntu 17.04 docker image with the required dependencies and the pre-built toolchain. As long as you rely on this particular dependencies and toolchain versions, you don't need to rebuild the container.

Linux

docker build --build-arg LOCAL_UID="$(id -u)" --build-arg LOCAL_GID="$(id -g)" \
    -t redox docker/

MacOS

docker build -t redox docker/

Upate the source tree

Note: if you use the container on a different host or with a different user, get the sources first.

git pull --rebase --recurse-submodules && git submodule sync \
    && git submodule update --recursive --init

Run the container to build Redox

Linux without security modules

docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
    -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
    -v "$(pwd):/home/user/src" --rm redox make fetch all

Linux with security modules

Add the following options depending on the security modules activated on your system:

--security-opt label=disable         // disable SELinux
--security-opt seccomp=unconfined    // disable seccomp
--security-opt apparmor=unconfined   // disable AppArmor

Ex.: for a SELinux only system such as Fedora or CentOS

docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
    -e LOCAL_UID="$(id -u)" -e LOCAL_GID="$(id -g)" \
     --security-opt label=disable \
    -v "$(pwd):/home/user/src" --rm redox make fetch all

MacOS

docker run --cap-add MKNOD --cap-add SYS_ADMIN --device /dev/fuse \
    -v "$(pwd):/home/user/src" --rm redox make fetch all