sev [Tue, 5 Jul 2022 10:55:02 +0000 (05:55 -0500)]
lots of small changes
- don't cache docker build
- add dabuild user to sudoers
- update some comments
- dabuild: error out if REPODEST can't be created
- entrypoint: always create dabuild user and assign to DABUILD_UID
- entrypoint: actually copy .ssh and .gitconfig
- entrypoint: add ability to run other commands than abuild
sev [Wed, 15 Dec 2021 08:39:25 +0000 (02:39 -0600)]
run as any user + lots of small tweaks and fixes
dabuild can now run as any user/group combination, and supports root. it
will now more thoroughly and sanely check to ensure it is able to write
to its destination directories, and will take into account any
additional group memberships in addition to primary group. this
constituted touching up and rewriting a lot of the entrypoint logic.
aside from that there are a lot of other small tweaks and fixes:
- removed extraneous commands from Dockerfile, and use better initial
package management + unnecessary config pruning
- added dabuild tag to die() messages
- prevent additional debug vars from being sent, now that we check_debug
multiple times; while likely not necessary, it should help provide a
more sane docker command line and prevent edge cases in the future
- replace $* with $@ in arg()
- fix potential empty case in setup_volume, some sh complain
- clean up comments
- add DABUILD_SKIP_PERMISSION_CHECKS and
DABUILD_IGNORE_PERMISSION_ERRORS to skip checks/ignore errors when
checking important dir permissions, useful in environments with ACLs
that are not checked or where the underlying filesystem may otherwise
be reporting permissions that actually work
- set defaults for missing abuild.conf
- remove unnecessary DABUILD_DEBUG default value declaration
- set vars directly instead of using ${x:=y} where possible
sev [Sun, 11 Jul 2021 16:46:01 +0000 (11:46 -0500)]
complete code refactor
added/improved:
- abuild is now run with the same UID as the calling user
- packager keys and other files are copied over more reliably
- environent vars are now much more deeply inspected and copied
- new vars from default abuild.conf added to copy list
- renamed a lot of variables for readability and context
- added helper functions in various places to help streamline
- any repos/packages in DABUILD_REPODIR are available in the container
removed:
- multiarch/cross-compile not implemented
- CI and related automation not implemented
- dabuild.conf, not rewritten for new values
- dabuild-admin, make_images.sh, and other unnecessary scripts
- builder user is no longer set up in container
issues compared to upstream:
- expects Alpine userland
- no automation
- less command line interactivity (dabuild-admin etc)
known bugs:
- user group memberships are not considered when calculating permission
- currently cannot be run as root
Carlo Landmeter [Sat, 11 Jan 2020 14:11:59 +0000 (15:11 +0100)]
dabuild: do not mount hosts /etc/abuild.conf
On Alpine (and also on other dists) its not safe to share the same
abuild.conf for multiple Alpine releases and architectures. Use the
users .abuild/abuild.conf instead.
Carlo Landmeter [Fri, 10 Jan 2020 08:16:18 +0000 (09:16 +0100)]
add apk cache and simplify named volumes
- apk supports caching of packages for reuse on next run. This is the
prefered way and should be relativly fast compared to other package
magenagers. This also removed the need for other named volumes which
need to be setup and maintained on each run.
- correcly set perm of volume mount points
macmpi [Sun, 27 Oct 2019 16:55:24 +0000 (17:55 +0100)]
Workaround for ARCH detection
Restored alpine docker genuinely supported architectures (as other ones are definitely not).
Just give a clue to set wanted DABUILD_ARCH variable at invocation, when uname does not provide adequate info on some platforms like Pi.
Carlo Landmeter [Fri, 17 May 2019 08:00:13 +0000 (08:00 +0000)]
dabuild: refactor volumes
- printf -v is not posix
- check for abuild.conf instead of alpine-release
- check if distfiles is writable
- do not mount /var/cache/apk as this will break apkindex
- do not create volumes from makefile