[6.0-marshmallow] Add gosu and refactor things

robbyoconnor · robbyoconnor · commit 4c499215bfd1 · 2017-07-25T06:24:50.000-04:00
diff --git a/Dockerfile b/Dockerfile
@@ -3,8 +3,10 @@
 #
 FROM ubuntu:14.04
 
-MAINTAINER Kyle Manna <kyle@kylemanna.com>
+LABEL maintainer "Kyle Manna <kyle@kylemanna.com>"
 
+ENV GOSU_VERSION 1.10
+ENV DEBIAN_FRONTEND noninteractive
 # /bin/sh points to Dash by default, reconfigure to use bash until Android
 # build becomes POSIX compliant
 RUN echo "dash dash/sh boolean false" | debconf-set-selections && \
@@ -16,32 +18,22 @@ RUN apt-get update && \
         flex g++-multilib gcc-multilib git gnupg gperf lib32ncurses5-dev \
         lib32readline-gplv2-dev lib32z1-dev libesd0-dev libncurses5-dev \
         libsdl1.2-dev libwxgtk2.8-dev libxml2-utils lzop \
-        openjdk-7-jdk \
-        pngcrush schedtool xsltproc zip zlib1g-dev && \
+        openjdk-7-jdk pngcrush schedtool xsltproc zip zlib1g-dev && \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" -o /usr/local/bin/gosu; \
+    curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" -o /usr/local/bin/gosu.asc \
+    # verify the signature
+    export GNUPGHOME="$(mktemp -d)"; \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+    chmod +x /usr/local/bin/gosu; \
+    # verify it works
+    gosu nobody true; \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
 ADD https://commondatastorage.googleapis.com/git-repo-downloads/repo /usr/local/bin/
 RUN chmod 755 /usr/local/bin/*
 
-# Install latest version of JDK
-# See http://source.android.com/source/initializing.html#setting-up-a-linux-build-environment
-WORKDIR /tmp
-RUN curl -O http://mirrors.kernel.org/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre-headless_8u45-b14-1_amd64.deb && \
-    curl -O http://mirrors.kernel.org/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jre_8u45-b14-1_amd64.deb && \
-    curl -O http://mirrors.kernel.org/ubuntu/pool/universe/o/openjdk-8/openjdk-8-jdk_8u45-b14-1_amd64.deb && \
-    sum=`shasum ./openjdk-8-jre-headless_8u45-b14-1_amd64.deb | awk '{ print $1 }'` && \
-    [ $sum == "e10d79f7fd1b3d011d9a4910bc3e96c3090f3306" ] || \
-      ( echo "Hash mismatch. Problem downloading openjdk-8-jre-headless" ; exit 1; ) && \
-    sum=`shasum ./openjdk-8-jre_8u45-b14-1_amd64.deb | awk '{ print $1 }'` && \
-    [ $sum == "1e083bb952fc97ab33cd46f68e82688d2b8acc34" ] || \
-      ( echo "Hash mismatch. Problem downloading openjdk-8-jre" ; exit 1; ) && \
-    sum=`shasum ./openjdk-8-jdk_8u45-b14-1_amd64.deb | awk '{ print $1 }'` && \
-    [ $sum == "772e904961a2a5c7d2d129bdbcfd5c16a0fab4bf" ] || \
-      ( echo "Hash mismatch. Problem downloading openjdk-8-jdk" ; exit 1; ) && \
-    dpkg -i *.deb && \
-    apt-get -f install && \
-    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
 # All builds will be done by user aosp
 COPY gitconfig /root/.gitconfig
 COPY ssh_config /root/.ssh/config
@@ -52,6 +44,5 @@ VOLUME ["/tmp/ccache", "/aosp"]
 
 # Work in the build directory, repo is expected to be init'd here
 WORKDIR /aosp
-
-COPY utils/docker_entrypoint.sh /root/docker_entrypoint.sh
-ENTRYPOINT ["/root/docker_entrypoint.sh"]
+COPY utils/docker_entrypoint.sh /docker_entrypoint.sh
+ENTRYPOINT ["/docker_entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -60,7 +60,8 @@ on the main Ubuntu base image.
 The `aosp` wrapper is a simple wrapper to simplify invocation of the Docker
 image.  The wrapper ensures that a volume mount is accessible and has valid
 permissions for the `aosp` user in the Docker image (this unfortunately
-requires sudo).  It also forwards an ssh-agent in to the Docker container
+requires sudo, or for you to be in `docker` group.).
+It also forwards an ssh-agent in to the Docker container
 so that private git repositories can be accessed if needed.
 
 The intention is to use `aosp` to prefix all commands one would run in the
@@ -82,10 +83,17 @@ version: "2"
 
 services:
   aosp:
+    build: . # comment out to use docker hub image -- otherwise an image will be built locally with the same name as the docker hub version
     image: kylemanna/aosp:6.0-marshmallow
+    container_name: aosp
     volumes:
-      - /tmp/ccache:/ccache
+      - ~/aosp/ccache:/tmp/ccache
       - ~/aosp:/aosp
+      - ~/.gitconfig:/home/aosp/.gitconfig
+      - ~/.ssh:/home/aosp/.ssh
+      - $SSH_AUTH_SOCK:/tmp/ssh_auth
+    environment:
+      - SSH_AUTH_SOCK=/tmp/ssh_auth
 ```
 Example run: `docker-compose run --rm aosp repo sync -j4` -- your android build directory will be in `~/aosp`.
 
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,8 +2,13 @@ version: "2"
 
 services:
   aosp:
+    build: . # comment out to use docker hub image -- otherwise an image will be built locally with the same name as the docker hub version
     image: kylemanna/aosp:6.0-marshmallow
     volumes:
       - ~/aosp/ccache:/tmp/ccache
       - ~/aosp:/aosp
-      - ~/.gitconfig:/root/.gitconfig
+      - ~/.gitconfig:/home/aosp/.gitconfig
+      - ~/.ssh:/home/aosp/.ssh
+      - $SSH_AUTH_SOCK:/tmp/ssh_auth
+    environment:
+      - SSH_AUTH_SOCK=/tmp/ssh_auth
diff --git a/utils/docker_entrypoint.sh b/utils/docker_entrypoint.sh
@@ -14,39 +14,39 @@ set -e
 #
 
 # Reasonable defaults if no USER_ID/GROUP_ID environment variables are set.
-if [ -z ${USER_ID+x} ]; then USER_ID=1000; fi
-if [ -z ${GROUP_ID+x} ]; then GROUP_ID=1000; fi
+USER_ID=${USER_ID:-1000}
+GROUP_ID=${GROUP_ID:-1000}
 
 # ccache
 export CCACHE_DIR=/tmp/ccache
 export USE_CCACHE=1
 
 msg="docker_entrypoint: Creating user UID/GID [$USER_ID/$GROUP_ID]" && echo $msg
-groupadd -g $GROUP_ID -r aosp && \
-useradd -u $USER_ID --create-home -r -g aosp aosp
-echo "$msg - done"
-
-msg="docker_entrypoint: Copying .gitconfig and .ssh/config to new user home" && echo $msg
-cp /root/.gitconfig /home/aosp/.gitconfig && \
-chown aosp:aosp /home/aosp/.gitconfig && \
-mkdir -p /home/aosp/.ssh && \
-cp /root/.ssh/config /home/aosp/.ssh/config && \
-chown aosp:aosp -R /home/aosp/.ssh &&
+groupadd -g $GROUP_ID -r aosp ; useradd -u $USER_ID -r -g aosp aosp
 echo "$msg - done"
+echo ""
 
 msg="docker_entrypoint: Creating /tmp/ccache and /aosp directory" && echo $msg
 mkdir -p /tmp/ccache /aosp
 chown aosp:aosp /tmp/ccache /aosp
 echo "$msg - done"
+echo ""
+
+msg="docker_entrypoint: Creating ssh and git config (if needed)" && echo $msg
+mkdir -p /home/aosp/.ssh
+cp -n /root/.gitconfig /home/aosp/ # no clobber (do not copy if file exists)
+cp -n /root/.ssh/config /home/aosp/.ssh/ # no clobber (do not copy if file exists)
+echo "$msg - done"
 
+msg="docker_entrypoint: Changing ownership of gitconfig and .ssh/config..." && echo $msg
+chown -R aosp:aosp /home/aosp/.gitconfig /home/aosp/.ssh/
+echo "$msg - done"
 echo ""
 
 # Default to 'bash' if no arguments are provided
 args="$@"
-if [ -z "$args" ]; then
-  args="bash"
-fi
+
+export USER=aosp
 
 # Execute command as `aosp` user
-export HOME=/home/aosp
-exec sudo -u aosp $args
+exec gosu aosp ${args:-"bash"}
