dockerrpm: run docker build process as the current user, not as root
Docker can be run by ordinary users if they are in the docker group. The build
process would however be run as a root user, only protected by the sandboxing.
That caused problems with the shared directory where rpmbuild would be picky
about building from sources owned by less privileged users and producing files
owned by root.
Instead, add a build user with the right uid/gid to the image and run the
docker process as that user.
#!/bin/bash -e
BUILDDIR=$(dirname $0)
ROOTDIR=$(cd $BUILDDIR/..; pwd)
if which docker.io >> /dev/null 2>&1 ; then
DOCKER=docker.io
elif which docker >> /dev/null 2>&1 ; then
DOCKER=docker
else
echo "Error: docker must be installed"
exit 1
fi
$DOCKER -h 2> /dev/null | grep -q Jansens && { echo "Error: $DOCKER is the Docking System Tray - install docker.io instead"; exit 1; }
$DOCKER version | grep -q "^Client version:" || { echo "Error: unexpected output from \"$DOCKER version\""; exit 1; }
$DOCKER version | grep -q "^Server version:" || { echo "Error: could not get docker server version - check it is running and your permissions"; exit 1; }
PLATFORM="$1"
[ "$PLATFORM" ] || { echo "Error: platform name must be specified"; exit 1; }
DFILE="$ROOTDIR/contrib/docker/$PLATFORM"
[ -f "$DFILE" ] || { echo "Error: docker file $DFILE not found"; exit 1; }
CONTAINER="hg-dockerrpm-$PLATFORM"
DBUILDUSER=build
(
cat $DFILE
echo RUN groupadd $DBUILDUSER -g `id -g`
echo RUN useradd $DBUILDUSER -u `id -u` -g $DBUILDUSER
) | $DOCKER build --tag $CONTAINER -
$DOCKER run -u $DBUILDUSER --rm -v $ROOTDIR:/hg $CONTAINER bash -c \
"cp -a hg hg-build; cd hg-build; make clean local $PLATFORM; cp packages/$PLATFORM/* /hg/packages/$PLATFORM/"