Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f9e6d39e8e0615d3a71ea1aef9d0d1e206f4c42c
rpi-buildroot/utils/docker-run
Julien Olivain f97e6293de utils/docker-run: set podman userns option in environment 
Commit 9a629f5 "utils/docker-run: allow running with Podman" added an
option on system providing the podman command. This case is mainly
for Fedora systems.

Fedora repositories have a podman-docker package, that provides the
docker command for compatibility. See [1]. In that case, invoking
"docker" redirects to podman.

When this package is installed on a Fedora system, both the docker and
podman commands are available. Since the docker command is checked
before podman, the --userns option is not passed in that case. This
brings "permission denied" errors.

Other cases are also possible, like a host system providing the real
Docker alongside a podman installation. In such a case, to avoid
unexpected change of behavior of the docker-run script, the original
search order is preserved (search for "docker" first, then "podman").

This commit changes the way the podman user namespace mode is set.
Rather than adding the "--userns=keep-id" command line option only in
the podman case, it is globally set using the PODMAN_USERNS=keep-id
environment variable [2].

Doing so makes sure that the variable will be consumed by the "docker"
compatibility command, and just ignored by the real "docker"
implementation.

[1] https://packages.fedoraproject.org/pkgs/podman/podman-docker/
[2] https://docs.podman.io/en/latest/markdown/podman-run.1.html

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-06-01 15:51:11 +02:00

103 lines
3.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -o errexit -o pipefail
DIR=$(dirname "${0}")
MAIN_DIR=$(readlink -f "${DIR}/..")
if [ -L "${MAIN_DIR}/.git/config" ]; then
# Support git-new-workdir
GIT_DIR="$(dirname "$(realpath "${MAIN_DIR}/.git/config")")"
else
# Support git-worktree
GIT_DIR="$(cd "${MAIN_DIR}" && git rev-parse --no-flags --git-common-dir)"
fi
if test -z "${IMAGE}" ; then
# shellcheck disable=SC2016
IMAGE=$(grep ^image: "${MAIN_DIR}/.gitlab-ci.yml" | \
sed -e 's,^image: ,,g' | sed -e 's,\$CI_REGISTRY,registry.gitlab.com,g')
fi
declare -a docker_opts=(
-i
--rm
--user "$(id -u):$(id -g)"
--workdir "$(pwd)"
--security-opt label=disable
--network host
)
declare -a mountpoints=(
"${MAIN_DIR}"
"$(pwd)"
)
# We use the PODMAN_USERNS environment variable rather than using the
# --userns command line argument because Fedora system may have the
# podman-docker package installed, providing the "docker"
# compatibility command.
export PODMAN_USERNS="keep-id"
if command -v docker >/dev/null; then
DOCKER="docker"
elif command -v podman >/dev/null; then
DOCKER="podman"
else
echo "ERROR: Neither docker nor podman available!" >&2
exit 1
fi
# curl lists (and recognises and uses) other types of *_proxy variables,
# but only those make sense for Buildroot:
for env in all_proxy http_proxy https_proxy ftp_proxy no_proxy; do
if [ "${!env}" ]; then
docker_opts+=( --env "${env}" )
# The lower-case variant takes precedence on the upper-case one
# (dixit curl)
continue
fi
# http_proxy is only lower-case (dixit curl)
if [ "${env}" = http_proxy ]; then
continue
fi
# All the others also exist in the upper-case variant
env="${env^^}"
if [ "${!env}" ]; then
docker_opts+=( --env "${env}" )
fi
done
# Empty GIT_DIR means that we are not in a workdir, *and* git is too old
# to know about worktrees, so we're not in a worktree either. So it means
# we're in the main git working copy, and thus we don't need to mount the
# .git directory.
if [ "${GIT_DIR}" ]; then
# GIT_DIR in the main working copy (when git supports worktrees) will
# be just '.git', but 'docker run' needs an absolute path. If it is
# not absolute, GIT_DIR is relative to MAIN_DIR. If it's an absolute
# path already (in a wordir), then that's a noop.
GIT_DIR="$(cd "${MAIN_DIR}"; readlink -e "${GIT_DIR}")"
mountpoints+=( "${GIT_DIR}" )
# 'repo' stores .git/objects separately.
if [ -L "${GIT_DIR}/objects" ]; then
# GITDIR is already an absolute path, but for symetry
# with the above, keep the same cd+readlink construct.
OBJECTS_DIR="$(cd "${MAIN_DIR}"; readlink -e "${GIT_DIR}/objects")"
mountpoints+=( "${OBJECTS_DIR}" )
fi
fi
if [ "${BR2_DL_DIR}" ]; then
mountpoints+=( "${BR2_DL_DIR}" )
docker_opts+=( --env BR2_DL_DIR )
fi
# shellcheck disable=SC2013 # can't use while-read because of the assignment
for dir in $(printf '%s\n' "${mountpoints[@]}" |LC_ALL=C sort -u); do
docker_opts+=( --mount "type=bind,src=${dir},dst=${dir}" )
done
if tty -s; then
docker_opts+=( -t )
fi
exec ${DOCKER} run "${docker_opts[@]}" "${IMAGE}" "${@}"
Reference in New Issue View Git Blame Copy Permalink