From b122190cd83632be217a8da61481871ecfc7eabe Mon Sep 17 00:00:00 2001 From: Bryan Thornbury Date: Tue, 17 Nov 2015 00:45:49 -0800 Subject: [PATCH] Set Docker Internal UID to Host UID, Remove Postbuild step These changes will use docker's new Dockerfile Arguments to pass the Host User ID to the docker container at build time. This allows the docker container to set it's internal user to match that of the host. When using shared volumes between the host and container, this prevents files created in the container from being owned by root. This will solve our problem of needing a cleanup step after every ubuntu CI run. --- netci.groovy | 11 ------ .../test/integration_tests/test_package.bats | 10 ++--- scripts/ci_postbuild.sh | 24 ------------ scripts/docker/Dockerfile | 20 ++++++++-- scripts/docker/dockerbuild.sh | 2 +- scripts/docker/dockerpostbuild.sh | 38 ------------------- 6 files changed, 23 insertions(+), 82 deletions(-) delete mode 100755 scripts/ci_postbuild.sh delete mode 100755 scripts/docker/dockerpostbuild.sh diff --git a/netci.groovy b/netci.groovy index 505b206c2..70961ef67 100644 --- a/netci.groovy +++ b/netci.groovy @@ -35,7 +35,6 @@ def static getBuildJobName(def configuration, def os) { } else { buildCommand = "./scripts/ci_build.sh ${lowerConfiguration}" - postBuildCommand = "./scripts/ci_postbuild.sh ${lowerConfiguration}" } // Create the new job @@ -50,16 +49,6 @@ def static getBuildJobName(def configuration, def os) { else { // Shell shell(buildCommand) - - // Post Build Cleanup - publishers { - postBuildScripts { - steps { - shell(postBuildCommand) - } - onlyIfBuildSucceeds(false) - } - } } } } diff --git a/packaging/debian/package_tool/test/integration_tests/test_package.bats b/packaging/debian/package_tool/test/integration_tests/test_package.bats index 3c9a80d95..9ba86f8ac 100755 --- a/packaging/debian/package_tool/test/integration_tests/test_package.bats +++ b/packaging/debian/package_tool/test/integration_tests/test_package.bats @@ -7,8 +7,8 @@ #Ensure running with superuser privileges current_user=$(whoami) if [ $current_user != "root" ]; then - echo "test_package.sh requires superuser privileges to run" - exit 1 + echo "WARNING: test_package.sh requires superuser privileges to run" + SUDO_PREFIX="sudo" fi setup(){ @@ -22,15 +22,15 @@ setup(){ } install_package(){ - dpkg -i $PACKAGE_PATH + $SUDO_PREFIX dpkg -i $PACKAGE_PATH } remove_package(){ - dpkg -r $PACKAGE_NAME + $SUDO_PREFIX dpkg -r $PACKAGE_NAME } purge_package(){ - dpkg -P $PACKAGE_NAME + $SUDO_PREFIX dpkg -P $PACKAGE_NAME } @test "package install + removal test" { diff --git a/scripts/ci_postbuild.sh b/scripts/ci_postbuild.sh deleted file mode 100755 index e2ba1a341..000000000 --- a/scripts/ci_postbuild.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright (c) .NET Foundation and contributors. All rights reserved. -# Licensed under the MIT license. See LICENSE file in the project root for full license information. -# - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -if [[ "$(uname)" == "Linux" ]]; then - # Set Docker Container name to be unique - container_name="" - - #Jenkins - [ ! -z "$BUILD_TAG" ] && container_name="$BUILD_TAG" - #VSO - [ ! -z "$BUILD_BUILDID" ] && container_name="$BUILD_BUILDID" - - export DOTNET_BUILD_CONTAINER_NAME="$container_name" - - $SCRIPT_DIR/docker/dockerpostbuild.sh $@ -fi - -ret_code=$? -exit $ret_code diff --git a/scripts/docker/Dockerfile b/scripts/docker/Dockerfile index 85828d254..7dcc6e1cc 100644 --- a/scripts/docker/Dockerfile +++ b/scripts/docker/Dockerfile @@ -11,8 +11,6 @@ FROM debian:jessie RUN apt-get update && \ apt-get -qqy install unzip curl libicu-dev libunwind8 gettext libssl-dev libcurl3-gnutls zlib1g -# No longer need to install DNX since it is embedded (and soon will be gone!) - # Install Build Prereqs RUN echo "deb http://llvm.org/apt/trusty/ llvm-toolchain-trusty-3.6 main" | tee /etc/apt/sources.list.d/llvm.list && \ curl http://llvm.org/apt/llvm-snapshot.gpg.key | apt-key add - && \ @@ -22,10 +20,26 @@ RUN echo "deb http://llvm.org/apt/trusty/ llvm-toolchain-trusty-3.6 main" | tee # Use clang as c++ compiler RUN update-alternatives --set c++ /usr/bin/clang++ -# Install azure cli. We need this to publish atrifacts. +# Install azure cli. We need this to publish artifacts. RUN apt-get -y install nodejs-legacy && \ apt-get -y install npm && \ npm install -g azure-cli + +RUN apt-get install -qqy sudo + +# Setup User to match Host User, and give superuser permissions +ARG USER_ID=0 +RUN useradd code_executor -u ${USER_ID} -g sudo +RUN echo 'code_executor ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + +# With the User Change, we need to change permssions on these directories +RUN chmod -R a+rwx /usr/local +RUN chmod -R a+rwx /home +RUN chmod -R 755 /usr/lib/sudo + +# Set user to the one we just created +USER ${USER_ID} + # Set working directory WORKDIR /opt/code diff --git a/scripts/docker/dockerbuild.sh b/scripts/docker/dockerbuild.sh index 0aecc368e..85b802357 100755 --- a/scripts/docker/dockerbuild.sh +++ b/scripts/docker/dockerbuild.sh @@ -23,7 +23,7 @@ cd $DIR/../.. # Build the docker container (will be fast if it is already built) header "Building Docker Container" -docker build -t $DOTNET_BUILD_CONTAINER_TAG scripts/docker/ +docker build --build-arg USER_ID=$(id -u) -t $DOTNET_BUILD_CONTAINER_TAG scripts/docker/ # Run the build in the container header "Launching build in Docker Container" diff --git a/scripts/docker/dockerpostbuild.sh b/scripts/docker/dockerpostbuild.sh deleted file mode 100755 index fcf62dd7a..000000000 --- a/scripts/docker/dockerpostbuild.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright (c) .NET Foundation and contributors. All rights reserved. -# Licensed under the MIT license. See LICENSE file in the project root for full license information. -# - -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink - DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - SOURCE="$(readlink "$SOURCE")" - [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located -done -DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" - -source "$DIR/../_common.sh" - -cd $DIR/../.. - -[ -z "$DOTNET_BUILD_CONTAINER_TAG" ] && DOTNET_BUILD_CONTAINER_TAG="dotnetcli-build" -[ -z "$DOTNET_BUILD_CONTAINER_NAME" ] && DOTNET_BUILD_CONTAINER_NAME="dotnetcli-build-container" -[ -z "$DOCKER_HOST_SHARE_DIR" ] && DOCKER_HOST_SHARE_DIR=$(pwd) - -# Build the docker container (will be fast if it is already built) -info "Building docker container" -docker build -t $DOTNET_BUILD_CONTAINER_TAG scripts/docker/ - -# Remove the sticky bit on directories created by docker so we can delete them -info "Cleaning directories created by docker build" -docker run --rm \ - -v $DOCKER_HOST_SHARE_DIR:/opt/code \ - -e DOTNET_BUILD_VERSION=$DOTNET_BUILD_VERSION \ - $DOTNET_BUILD_CONTAINER_TAG chmod -R -t /opt/code - -# And Actually make those directories accessible to be deleted -docker run --rm \ - -v $DOCKER_HOST_SHARE_DIR:/opt/code \ - -e DOTNET_BUILD_VERSION=$DOTNET_BUILD_VERSION \ - $DOTNET_BUILD_CONTAINER_TAG chmod -R a+rwx /opt/code