[gnome-runtime-images/bpiotrowski/unpriv] base: Run as unprivileged builds user

From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-runtime-images/bpiotrowski/unpriv] base: Run as unprivileged builds user
Date: Mon, 17 Feb 2020 10:32:40 +0000 (UTC)

commit 08ed3a726ae00ee938761dfedc8211658d95f1d2
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Mon Feb 17 11:23:00 2020 +0100

    base: Run as unprivileged builds user
    
    In order to make GitLab CI runners run without --privileged,
    make flatpak-builder builds run as non-root user. The commit also
    moves Flatpak remotes to user installation and re-organizes steps
    for better layer caching.

 base | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)
---
diff --git a/base b/base
index aaafa31..634a64a 100644
--- a/base
+++ b/base
@@ -1,20 +1,23 @@
 FROM registry.fedoraproject.org/fedora:latest
 
-VOLUME /build
-WORKDIR /build
 ENV FLATPAK_GL_DRIVERS=dummy
 
+RUN useradd --home-dir /build --create-home --shell /bin/bash build
+WORKDIR /build
+
+# Add a machine-id as specified in the freedesktop spec:
+# https://www.freedesktop.org/software/systemd/man/machine-id.html
+# gnome-builder test suite depends on this
+RUN cat /dev/urandom | tr -dc a-f0-9 | head -c32 > /etc/machine-id && echo "" >> /etc/machine-id
+
 RUN dnf -y update && \
     dnf install -y flatpak flatpak-builder librsvg2 ostree fuse elfutils \
     dconf dbus-daemon git bzr xorg-x11-server-Xvfb dbus-x11 && \
     dnf clean all
 
-RUN flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
-    flatpak remote-add gnome-nightly https://nightly.gnome.org/gnome-nightly.flatpakrepo && \
-    flatpak remote-add flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
+USER build
 
-# Add a machine-id as specified in the freedesktop spec:
-# https://www.freedesktop.org/software/systemd/man/machine-id.html
-# gnome-builder test suite depends on this
-RUN cat /dev/urandom | tr -dc a-f0-9 | head -c32 > /etc/machine-id && echo "" >> /etc/machine-id
+RUN flatpak remote-add --user flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
+    flatpak remote-add --user gnome-nightly https://nightly.gnome.org/gnome-nightly.flatpakrepo && \
+    flatpak remote-add --user flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]