[U-Boot] [gitlab-ci-runner][PATCH 1/2] Dockerfile: Switch to non-root user
Add a 'uboot' user / group, allow them sudo access and make use of them in the container.
Signed-off-by: Tom Rini trini@konsulko.com --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/Dockerfile b/Dockerfile index 1d7a3dae39d0..c7b35026a171 100644 --- a/Dockerfile +++ b/Dockerfile @@ -136,6 +136,11 @@ RUN git clone git://git.qemu.org/qemu.git /tmp/qemu && \ make -j$(nproc) all install && \ rm -rf /tmp/qemu
+# Create our user/group +RUN echo uboot ALL=NOPASSWD: ALL > /etc/sudoers.d/uboot +RUN useradd -m -U uboot +USER uboot:uboot + # Create the buildman config file RUN /bin/echo -e "[toolchain]\nroot = /usr" > ~/.buildman RUN /bin/echo -e "kernelorg = /opt/gcc-7.3.0-nolibc/*" >> ~/.buildman
As part of this we stop installing python-pytest (we enforce a specific version via pip in tests) as well as python-coverage (this can and should be done via pip as well).
Signed-off-by: Tom Rini trini@konsulko.com --- Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/Dockerfile b/Dockerfile index c7b35026a171..bf840a5f1b33 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ # This Dockerfile is used to build an image containing basic stuff to be used # to build U-Boot and run our test suites.
-FROM ubuntu:xenial-20190720 +FROM ubuntu:bionic-20190912.1 MAINTAINER Tom Rini trini@konsulko.com LABEL Description=" This image is for building U-Boot inside a container"
@@ -10,9 +10,9 @@ LABEL Description=" This image is for building U-Boot inside a container" ENV DEBIAN_FRONTEND=noninteractive
# Add LLVM repository -RUN apt-get update && apt-get install -y wget xz-utils && rm -rf /var/lib/apt/lists/* +RUN apt-get update && apt-get install -y gnupg2 wget xz-utils && rm -rf /var/lib/apt/lists/* RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -RUN echo deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main | tee /etc/apt/sources.list.d/llvm.list +RUN echo deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-7 main | tee /etc/apt/sources.list.d/llvm.list
# Manually install the kernel.org "Crosstool" based toolchains for gcc-7.3 RUN wget -O - https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/7.3.0/x... | tar -C /opt -xJ @@ -52,6 +52,7 @@ RUN apt-get update && apt-get install -y \ grub-efi-ia32-bin \ iasl \ iputils-ping \ + libisl15 \ liblz4-tool \ libpixman-1-dev \ libpython-dev \ @@ -63,10 +64,8 @@ RUN apt-get update && apt-get install -y \ lzop \ picocom \ python \ - python-coverage \ python-dev \ python-pip \ - python-pytest \ python-virtualenv \ python3-sphinx \ rpm2cpio \ @@ -79,6 +78,9 @@ RUN apt-get update && apt-get install -y \ zip \ && rm -rf /var/lib/apt/lists/*
+# Manually install libmpfr4 for the toolchains +RUN wget http://mirrors.kernel.org/ubuntu/pool/main/m/mpfr4/libmpfr4_3.1.4-1_amd64.de... && dpkg -i libmpfr4_3.1.4-1_amd64.deb && rm libmpfr4_3.1.4-1_amd64.deb + # Build GRUB UEFI targets grubarm.efi and grubaa64.efi RUN git clone git://git.savannah.gnu.org/grub.git /tmp/grub && \ cd /tmp/grub && \
On Fri, Oct 04, 2019 at 11:32:35AM -0400, Tom Rini wrote:
As part of this we stop installing python-pytest (we enforce a specific version via pip in tests) as well as python-coverage (this can and should be done via pip as well).
Signed-off-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
On Fri, Oct 04, 2019 at 11:32:34AM -0400, Tom Rini wrote:
Add a 'uboot' user / group, allow them sudo access and make use of them in the container.
Signed-off-by: Tom Rini trini@konsulko.com
Applied to u-boot/master, thanks!
participants (1)
-
Tom Rini