From e70a05edcd1e2aa149e529376a5f7d731c4e7dcd Mon Sep 17 00:00:00 2001 From: Dan Nicholson Date: Thu, 21 Apr 2022 06:04:43 -0600 Subject: [PATCH] Adjust docker script when using podman In podman, a user namespace is setup with IDs mapped such that the executing user is root in the container. When that's the case (or if docker is in use and the executing user is root), don't override the container user or the HOME environment variable. In that case, the container user's home directory will be /root, so mount the cache there instead of the predefined /cache. --- scripts/rundocker.sh | 45 +++++++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/scripts/rundocker.sh b/scripts/rundocker.sh index 5f00e6cc..5d222025 100755 --- a/scripts/rundocker.sh +++ b/scripts/rundocker.sh @@ -8,27 +8,20 @@ DOCKER=${DOCKER:-"docker"} BUILD_CACHE_VOLUME=kolibri-android-cache BUILD_CACHE_PATH=/cache -BUILD_UID=$(id -u) -BUILD_GID=$(id -g) + +docker_is_podman() { + "${DOCKER}" --version 2>/dev/null | grep -q "^podman" +} # Build array of options to pass to docker run. RUN_OPTS=( -it --rm - # Mount the cache volume. - --mount "type=volume,src=${BUILD_CACHE_VOLUME},dst=${BUILD_CACHE_PATH}" - # Bind mount the source directory into the container and make it the # working dirctory. --mount "type=bind,src=${SRCDIR},dst=${SRCDIR}" --workdir "${SRCDIR}" - # Run as the calling user and make the cache volume the user's home - # directory so all the intermediate build outputs (e.g., - # ~/.local/share/python-for-android and ~/.gradle) are stored. - --user "${BUILD_UID}:${BUILD_GID}" - --env HOME="${BUILD_CACHE_PATH}" - # Pass through other environment variables. --env BUILDKITE_BUILD_NUMBER --env P4A_RELEASE_KEYALIAS @@ -37,6 +30,36 @@ RUN_OPTS=( --env ARCHES ) +# If we're running in podman, assume the user namespace is setup so that +# root inside the container is the same as the outside user. Otherwise, +# get the UID and GID to run as. +if docker_is_podman; then + BUILD_UID=0 + BUILD_GID=0 +else + BUILD_UID=$(id -u) + BUILD_GID=$(id -g) +fi + +# If the container user is root, mount the cache at /root. Otherwise, +# set HOME since there's likely no account with that UID in the image. +# The user's home directory is where all the intermediate build outputs +# (e.g., ~/.local/share/python-for-android and ~/.gradle) are stored. +if [ "$BUILD_UID" -eq 0 ]; then + BUILD_CACHE_PATH=/root +else + BUILD_CACHE_PATH=/cache + RUN_OPTS+=( + --user "${BUILD_UID}:${BUILD_GID}" + --env HOME="${BUILD_CACHE_PATH}" + ) +fi + +# Mount the cache volume. +RUN_OPTS+=( + --mount "type=volume,src=${BUILD_CACHE_VOLUME},dst=${BUILD_CACHE_PATH}" +) + # If the release signing key has been specified and exists, ensure the # path is absolute and bind mount it readonly into the container. if [ -e "${P4A_RELEASE_KEYSTORE}" ]; then