Use non-root user when using docker

author Fredrik Fornwall <fredrik@fornwall.net>

Sun, 22 Jan 2017 22:13:48 +0000 (23:13 +0100)

committer Fredrik Fornwall <fredrik@fornwall.net>

Sun, 22 Jan 2017 22:13:48 +0000 (23:13 +0100)
author Fredrik Fornwall <fredrik@fornwall.net>
Sun, 22 Jan 2017 22:13:48 +0000 (23:13 +0100)
committer Fredrik Fornwall <fredrik@fornwall.net>
Sun, 22 Jan 2017 22:13:48 +0000 (23:13 +0100)
diff --git a/scripts/Dockerfile b/scripts/Dockerfile

index 43f4ba5..2c75046 100644 (file)
--- a/scripts/Dockerfile
+++ b/scripts/Dockerfile
@@ -9,26 +9,28 @@ FROM ubuntu:16.10
  # Fix locale to avoid warnings:
  ENV LANG C.UTF-8
  
-# We expect this to be mounted with '-v $PWD:/root/termux-packages':
-WORKDIR /root/termux-packages
-
  # Needed for setup:
  ADD ./setup-ubuntu.sh /tmp/setup-ubuntu.sh
  ADD ./setup-android-sdk.sh /tmp/setup-android-sdk.sh
  
-# Allow configure to be run as root:
-ENV FORCE_UNSAFE_CONFIGURE 1
-
  # Setup needed packages and the Android SDK and NDK:
  RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -yq sudo && \
-    /tmp/setup-ubuntu.sh && \
-    apt-get clean && \
-    /tmp/setup-android-sdk.sh && \
+    apt-get -yq upgrade && \
+    apt-get install -yq sudo && \
+    adduser --disabled-password --shell /bin/bash --gecos "" builder && \
+    echo "builder ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/builder && \
+    chmod 0440 /etc/sudoers.d/builder && \
+    su - builder -c /tmp/setup-ubuntu.sh && \
+    su - builder -c /tmp/setup-android-sdk.sh && \
      # Removed unused parts to make a smaller Docker image:
-    cd /root/lib/android-ndk/ && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    cd /home/builder/lib/android-ndk/ && \
      rm -Rf toolchains/mips* && \
      rm -Rf sources/cxx-stl/gabi++ sources/cxx-stl/llvm-libc++* sources/cxx-stl/system/ sources/cxx-stl/stlport && \
      cd platforms && ls | grep -v android-21 | xargs rm -Rf && \
-    cd /root/lib/android-sdk/tools && rm -Rf emulator* lib* proguard templates
+    cd /home/builder/lib/android-sdk/tools && rm -Rf emulator* lib* proguard templates
+
+# We expect this to be mounted with '-v $PWD:/home/builder/termux-packages':
+WORKDIR /home/builder/termux-packages
  
diff --git a/scripts/run-docker.sh b/scripts/run-docker.sh

index d14127d..f751cf8 100755 (executable)
--- a/scripts/run-docker.sh
+++ b/scripts/run-docker.sh
@@ -1,10 +1,6 @@
  #!/bin/sh
  set -e -u
  
-# Read settings from .termuxrc if existing
-test -f $HOME/.termuxrc && . $HOME/.termuxrc
-: ${TERMUX_TOPDIR:="$HOME/.termux-build"}
-
  IMAGE_NAME=termux/package-builder
  CONTAINER_NAME=termux-package-builder
  
@@ -15,14 +11,14 @@ docker start $CONTAINER_NAME > /dev/null 2> /dev/null || {
         docker run \
                 -d \
                 --name $CONTAINER_NAME \
-               -v $PWD:/root/termux-packages \
+               -v $PWD:/home/builder/termux-packages \
                 -t $IMAGE_NAME
  }
  
  if [ "$#" -eq  "0" ]; then
-       docker exec -it $CONTAINER_NAME bash
+       docker exec -i -t -u builder $CONTAINER_NAME bash
  else
-       docker exec -it $CONTAINER_NAME $@
+       docker exec -i -t -u builder $CONTAINER_NAME $@
  fi
author	Fredrik Fornwall <fredrik@fornwall.net>
	Sun, 22 Jan 2017 22:13:48 +0000 (23:13 +0100)
committer	Fredrik Fornwall <fredrik@fornwall.net>
	Sun, 22 Jan 2017 22:13:48 +0000 (23:13 +0100)
scripts/Dockerfile		patch \| blob \| blame \| history
scripts/run-docker.sh		patch \| blob \| blame \| history