From b33d056de70507926f80c22e076d83a2b296ff3a Mon Sep 17 00:00:00 2001 From: Robert O'Connor Date: Tue, 18 Jul 2017 02:27:46 -0400 Subject: [PATCH] [6.0-marshmallow] Add gosu and refactor things --- Dockerfile | 43 +++++++++++++++----------------------- README.md | 12 +++++++++-- docker-compose.yml | 8 ++++++- utils/docker_entrypoint.sh | 34 +++++++++++++++++------------- 4 files changed, 53 insertions(+), 44 deletions(-) diff --git a/Dockerfile b/Dockerfile index c5d5570..5d4e9ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,10 @@ # FROM ubuntu:14.04 -MAINTAINER Kyle Manna +LABEL maintainer "Kyle Manna " +ENV GOSU_VERSION 1.10 +ENV DEBIAN_FRONTEND noninteractive # /bin/sh points to Dash by default, reconfigure to use bash until Android # build becomes POSIX compliant RUN echo "dash dash/sh boolean false" | debconf-set-selections && \ @@ -16,32 +18,22 @@ RUN apt-get update && \ flex g++-multilib gcc-multilib git gnupg gperf lib32ncurses5-dev \ lib32readline-gplv2-dev lib32z1-dev libesd0-dev libncurses5-dev \ libsdl1.2-dev libwxgtk2.8-dev libxml2-utils lzop \ - openjdk-7-jdk \ - pngcrush schedtool xsltproc zip zlib1g-dev && \ + openjdk-7-jdk pngcrush schedtool xsltproc zip zlib1g-dev && \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ + curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" -o /usr/local/bin/gosu; \ + curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" -o /usr/local/bin/gosu.asc \ + # verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + # verify it works + gosu nobody true; \ apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - ADD https://commondatastorage.googleapis.com/git-repo-downloads/repo /usr/local/bin/ RUN chmod 755 /usr/local/bin/* -# Install latest version of JDK -# See http://source.android.com/source/initializing.html#setting-up-a-linux-build-environment -WORKDIR /tmp -RUN curl -O http://mirrors.kernel.org/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre-headless_8u45-b14-1_amd64.deb && \ - curl -O http://mirrors.kernel.org/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre_8u45-b14-1_amd64.deb && \ - curl -O http://mirrors.kernel.org/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jdk_8u45-b14-1_amd64.deb && \ - sum=`shasum ./openjdk-8-jre-headless_8u45-b14-1_amd64.deb | awk '{ print $1 }'` && \ - [ $sum == "e10d79f7fd1b3d011d9a4910bc3e96c3090f3306" ] || \ - ( echo "Hash mismatch. Problem downloading openjdk-8-jre-headless" ; exit 1; ) && \ - sum=`shasum ./openjdk-8-jre_8u45-b14-1_amd64.deb | awk '{ print $1 }'` && \ - [ $sum == "1e083bb952fc97ab33cd46f68e82688d2b8acc34" ] || \ - ( echo "Hash mismatch. Problem downloading openjdk-8-jre" ; exit 1; ) && \ - sum=`shasum ./openjdk-8-jdk_8u45-b14-1_amd64.deb | awk '{ print $1 }'` && \ - [ $sum == "772e904961a2a5c7d2d129bdbcfd5c16a0fab4bf" ] || \ - ( echo "Hash mismatch. Problem downloading openjdk-8-jdk" ; exit 1; ) && \ - dpkg -i *.deb && \ - apt-get -f install && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - # All builds will be done by user aosp COPY gitconfig /root/.gitconfig COPY ssh_config /root/.ssh/config @@ -52,6 +44,5 @@ VOLUME ["/tmp/ccache", "/aosp"] # Work in the build directory, repo is expected to be init'd here WORKDIR /aosp - -COPY utils/docker_entrypoint.sh /root/docker_entrypoint.sh -ENTRYPOINT ["/root/docker_entrypoint.sh"] +COPY utils/docker_entrypoint.sh /docker_entrypoint.sh +ENTRYPOINT ["/docker_entrypoint.sh"] diff --git a/README.md b/README.md index 5aca5c2..d58975f 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,8 @@ on the main Ubuntu base image. The `aosp` wrapper is a simple wrapper to simplify invocation of the Docker image. The wrapper ensures that a volume mount is accessible and has valid permissions for the `aosp` user in the Docker image (this unfortunately -requires sudo). It also forwards an ssh-agent in to the Docker container +requires sudo, or for you to be in `docker` group.). +It also forwards an ssh-agent in to the Docker container so that private git repositories can be accessed if needed. The intention is to use `aosp` to prefix all commands one would run in the @@ -82,10 +83,17 @@ version: "2" services: aosp: + build: . # comment out to use docker hub image -- otherwise an image will be built locally with the same name as the docker hub version image: kylemanna/aosp:6.0-marshmallow + container_name: aosp volumes: - - /tmp/ccache:/ccache + - ~/aosp/ccache:/tmp/ccache - ~/aosp:/aosp + - ~/.gitconfig:/home/aosp/.gitconfig + - ~/.ssh:/home/aosp/.ssh + - $SSH_AUTH_SOCK:/tmp/ssh_auth + environment: + - SSH_AUTH_SOCK=/tmp/ssh_auth ``` Example run: `docker-compose run --rm aosp repo sync -j4` -- your android build directory will be in `~/aosp`. diff --git a/docker-compose.yml b/docker-compose.yml index d7bef62..2923f10 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,8 +2,14 @@ version: "2" services: aosp: + build: . # comment out to use docker hub image -- otherwise an image will be built locally with the same name as the docker hub version image: kylemanna/aosp:6.0-marshmallow volumes: - ~/aosp/ccache:/tmp/ccache - ~/aosp:/aosp - - ~/.gitconfig:/root/.gitconfig + - ~/.gitconfig:/home/aosp/.gitconfig + - ~/.ssh:/home/aosp/.ssh + - $SSH_AUTH_SOCK:/tmp/ssh_auth + environment: + - SSH_AUTH_SOCK=/tmp/ssh_auth + - USER=aosp diff --git a/utils/docker_entrypoint.sh b/utils/docker_entrypoint.sh index f40c609..7abaaaa 100755 --- a/utils/docker_entrypoint.sh +++ b/utils/docker_entrypoint.sh @@ -14,39 +14,43 @@ set -e # # Reasonable defaults if no USER_ID/GROUP_ID environment variables are set. -if [ -z ${USER_ID+x} ]; then USER_ID=1000; fi -if [ -z ${GROUP_ID+x} ]; then GROUP_ID=1000; fi +USER_ID=${USER_ID:-1000} +GROUP_ID=${GROUP_ID:-1000} # ccache export CCACHE_DIR=/tmp/ccache export USE_CCACHE=1 msg="docker_entrypoint: Creating user UID/GID [$USER_ID/$GROUP_ID]" && echo $msg -groupadd -g $GROUP_ID -r aosp && \ -useradd -u $USER_ID --create-home -r -g aosp aosp +groupadd -g $GROUP_ID -r aosp ; useradd -u $USER_ID -r -g aosp aosp echo "$msg - done" +echo "" -msg="docker_entrypoint: Copying .gitconfig and .ssh/config to new user home" && echo $msg -cp /root/.gitconfig /home/aosp/.gitconfig && \ -chown aosp:aosp /home/aosp/.gitconfig && \ -mkdir -p /home/aosp/.ssh && \ -cp /root/.ssh/config /home/aosp/.ssh/config && \ -chown aosp:aosp -R /home/aosp/.ssh && +msg="Changing ownership of /home/aosp (creating if non-existent)" && echo $msg +mkdir /home/aosp +chown -R aosp:aosp /home/aosp echo "$msg - done" +echo "" msg="docker_entrypoint: Creating /tmp/ccache and /aosp directory" && echo $msg mkdir -p /tmp/ccache /aosp chown aosp:aosp /tmp/ccache /aosp echo "$msg - done" +echo "" + +msg="docker_entrypoint: Creating ssh and git config (if needed)" && echo $msg +mkdir -p /home/aosp/.ssh +cp -n /root/.gitconfig /home/aosp/ # no clobber (do not copy if file exists) +cp -n /root/.ssh/config /home/aosp/.ssh/ # no clobber (do not copy if file exists) +echo "$msg - done" +msg="docker_entrypoint: Changing ownership of gitconfig and .ssh/config..." && echo $msg +chown -R aosp:aosp /home/aosp/.gitconfig /home/aosp/.ssh/ +echo "$msg - done" echo "" # Default to 'bash' if no arguments are provided args="$@" -if [ -z "$args" ]; then - args="bash" -fi # Execute command as `aosp` user -export HOME=/home/aosp -exec sudo -u aosp $args +exec gosu aosp ${args:-"bash"}