Fix Linux build permissions further

reproducible-builds/Dockerfile

@@ -52,6 +52,12 @@ RUN git config --global --add safe.directory /project
 COPY docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
+# For electron builder cache.
+# It's tricky to synchronize user/group permissions between the host and container without creating
+# host-specific users at container build time, which would break reproducibility.
+# Instead of doing that we will fix permissions on required directories.
+RUN mkdir /.cache && chmod -R 777 /.cache
+
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 # Specify build type using CMD, which affects the app version and name of the resulting package.

reproducible-builds/build.sh

@@ -33,4 +33,11 @@ fi
 # Perform the build by mounting the project into the container and passing in the 1st command line
 # arg to select the build type (e.g. "public"). The container runs docker-entrypoint.sh.
 # After the process is finished, the resulting package is located in the ./release/ directory.
-docker run --rm -v "$(pwd)":/project -w /project -e SOURCE_DATE_EPOCH=$source_date_epoch signal-desktop $1
+# npm cache set to tmp to fix permissions issues.
+docker run --rm \
+  -v "$(pwd)":/project \
+  -w /project \
+  --user "$(id -u):$(id -g)" \
+  -e NPM_CONFIG_CACHE=/tmp/.npm-cache \
+  -e SOURCE_DATE_EPOCH=$source_date_epoch \
+  signal-desktop $1