From 5310194a9ad048f7c10896de3feefb83a7c7edf3 Mon Sep 17 00:00:00 2001 From: Raphael Nestler Date: Mon, 13 Jan 2025 12:05:23 +0100 Subject: [PATCH 1/2] Add a builder user and run everything as it This should allow to also build PKGBUILDs with makepkg which isn't allowed to run as root. --- Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index d3f5ee2..7993173 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,17 @@ FROM archlinux:latest -RUN pacman --noconfirm -Sy rustup gcc pkg-config \ +RUN pacman --noconfirm -Sy rustup gcc pkg-config sudo \ && rm /var/lib/pacman/sync/* \ && rm /var/cache/pacman/pkg/* +# Add a builder user since makepkg cannot (and should not) be run as root +RUN useradd -m builder \ + && echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder + +USER builder +WORKDIR /home/builder + ARG RUST_VERSION=stable RUN rustup install --profile minimal $RUST_VERSION -ENV PATH="/root/.cargo/bin:${PATH}" -ENV RUSTUP_HOME="/root/.rustup" +ENV PATH="/home/builder/.cargo/bin:${PATH}" +ENV RUSTUP_HOME="/home/builder/.rustup" From e1e754ec519808434b210ca2b9a1437f590dc4c7 Mon Sep 17 00:00:00 2001 From: Raphael Nestler Date: Mon, 13 Jan 2025 13:52:32 +0100 Subject: [PATCH 2/2] Only create the user, don't run as it by default GitHub Actions run the checkout modules as a separate user which breaks if the Docker container defines its own user. --- Dockerfile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7993173..413a6df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,11 +7,8 @@ RUN pacman --noconfirm -Sy rustup gcc pkg-config sudo \ RUN useradd -m builder \ && echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder -USER builder -WORKDIR /home/builder - ARG RUST_VERSION=stable RUN rustup install --profile minimal $RUST_VERSION -ENV PATH="/home/builder/.cargo/bin:${PATH}" -ENV RUSTUP_HOME="/home/builder/.rustup" +ENV PATH="/root/.cargo/bin:${PATH}" +ENV RUSTUP_HOME="/root/.rustup"