add gosu and refactor things

robbyoconnor · robbyoconnor · commit 7117279e7114 · 2017-08-04T02:26:42.000-04:00
diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,10 @@
 #
 FROM ubuntu:16.04
 
-MAINTAINER Kyle Manna <kyle@kylemanna.com>
+LABEL maintainer "Kyle Manna <kyle@kylemanna.com>"
+
+ENV GOSU_VERSION=1.10
+ENV DEBIAN_FRONTEND noninteractive
 
 # /bin/sh points to Dash by default, reconfigure to use bash until Android
 # build becomes POSIX compliant
@@ -12,21 +15,27 @@ RUN echo "dash dash/sh boolean false" | debconf-set-selections && \
 
 # Keep the dependency list as short as reasonable
 RUN apt-get update && \
-    apt-get install -y bc bison bsdmainutils build-essential curl \
+    apt-get install -y ca-certificates bc bison bsdmainutils build-essential curl \
         flex g++-multilib gcc-multilib git gnupg gperf lib32ncurses5-dev \
         lib32z1-dev libesd0-dev libncurses5-dev \
-        libsdl1.2-dev libwxgtk3.0-dev libxml2-utils lzop sudo \
-        openjdk-8-jdk \
-        pngcrush schedtool xsltproc zip zlib1g-dev graphviz && \
+        libsdl1.2-dev libwxgtk3.0-dev libxml2-utils lzop \
+        openjdk-8-jdk pngcrush schedtool xsltproc zip zlib1g-dev graphviz && \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" -o /usr/local/bin/gosu; \
+    curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" -o /usr/local/bin/gosu.asc \
+    # verify the signature
+    export GNUPGHOME="$(mktemp -d)"; \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+    chmod +x /usr/local/bin/gosu; \
+    # verify it works
+    gosu nobody true; \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 ADD https://commondatastorage.googleapis.com/git-repo-downloads/repo /usr/local/bin/
 RUN chmod 755 /usr/local/bin/*
 
-# Install latest version of JDK
-# See http://source.android.com/source/initializing.html#setting-up-a-linux-build-environment
-WORKDIR /tmp
-
 # All builds will be done by user aosp
 COPY gitconfig /root/.gitconfig
 COPY ssh_config /root/.ssh/config
@@ -38,5 +47,5 @@ VOLUME ["/tmp/ccache", "/aosp"]
 # Work in the build directory, repo is expected to be init'd here
 WORKDIR /aosp
 
-COPY utils/docker_entrypoint.sh /root/docker_entrypoint.sh
-ENTRYPOINT ["/root/docker_entrypoint.sh"]
+COPY utils/docker_entrypoint.sh /docker_entrypoint.sh
+ENTRYPOINT ["/docker_entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -60,7 +60,8 @@ on the main Ubuntu base image.
 The `aosp` wrapper is a simple wrapper to simplify invocation of the Docker
 image.  The wrapper ensures that a volume mount is accessible and has valid
 permissions for the `aosp` user in the Docker image (this unfortunately
-requires sudo).  It also forwards an ssh-agent in to the Docker container
+requires sudo, or you to be in the `docker` group).
+It also forwards an ssh-agent in to the Docker container
 so that private git repositories can be accessed if needed.
 
 The intention is to use `aosp` to prefix all commands one would run in the
@@ -82,10 +83,17 @@ version: "2"
 
 services:
   aosp:
+    build: . # comment out to use docker hub image -- otherwise an image will be built locally with the same name as the docker hub version
     image: kylemanna/aosp:latest
+    container_name: aosp
     volumes:
-      - /tmp/ccache:/ccache
+      - ~/aosp/ccache:/tmp/ccache
       - ~/aosp:/aosp
+      - ~/.gitconfig:/home/aosp/.gitconfig
+      - ~/.ssh:/home/aosp/.ssh
+      - $SSH_AUTH_SOCK:/tmp/ssh_auth
+    environment:
+      - SSH_AUTH_SOCK=/tmp/ssh_auth
 ```
 Example run: `docker-compose run --rm aosp repo sync -j4` -- your android build directory will be in `~/aosp`.
 
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,8 +2,14 @@ version: "2"
 
 services:
   aosp:
+    build: . # comment out to use docker hub image -- otherwise an image will be built locally with the same name as the docker hub version
     image: kylemanna/aosp:latest
     volumes:
       - ~/aosp/ccache:/tmp/ccache
       - ~/aosp:/aosp
-      - ~/.gitconfig:/root/.gitconfig
+      - ~/.gitconfig:/home/aosp/.gitconfig
+      - ~/.ssh:/home/aosp/.ssh
+      - $SSH_AUTH_SOCK:/tmp/ssh_auth
+    environment:
+      - SSH_AUTH_SOCK=/tmp/ssh_auth
+      - USER=aosp
diff --git a/utils/docker_entrypoint.sh b/utils/docker_entrypoint.sh
@@ -14,39 +14,42 @@ set -e
 #
 
 # Reasonable defaults if no USER_ID/GROUP_ID environment variables are set.
-if [ -z ${USER_ID+x} ]; then USER_ID=1000; fi
-if [ -z ${GROUP_ID+x} ]; then GROUP_ID=1000; fi
+USER_ID=${USER_ID:-1000}
+GROUP_ID=${GROUP_ID:-1000}
 
 # ccache
 export CCACHE_DIR=/tmp/ccache
 export USE_CCACHE=1
 
 msg="docker_entrypoint: Creating user UID/GID [$USER_ID/$GROUP_ID]" && echo $msg
-groupadd -g $GROUP_ID -r aosp && \
-useradd -u $USER_ID --create-home -r -g aosp aosp
+groupadd -g $GROUP_ID -r aosp ; useradd -u $USER_ID -r -g aosp aosp
 echo "$msg - done"
+echo ""
 
-msg="docker_entrypoint: Copying .gitconfig and .ssh/config to new user home" && echo $msg
-cp /root/.gitconfig /home/aosp/.gitconfig && \
-chown aosp:aosp /home/aosp/.gitconfig && \
-mkdir -p /home/aosp/.ssh && \
-cp /root/.ssh/config /home/aosp/.ssh/config && \
-chown aosp:aosp -R /home/aosp/.ssh &&
+msg="Changing ownership of /home/aosp" && echo $msg
+chown -R aosp:aosp /home/aosp
 echo "$msg - done"
+echo ""
 
 msg="docker_entrypoint: Creating /tmp/ccache and /aosp directory" && echo $msg
 mkdir -p /tmp/ccache /aosp
 chown aosp:aosp /tmp/ccache /aosp
 echo "$msg - done"
+echo ""
+
+msg="docker_entrypoint: Creating ssh and git config (if needed)" && echo $msg
+mkdir -p /home/aosp/.ssh
+cp -n /root/.gitconfig /home/aosp/ # no clobber (do not copy if file exists)
+cp -n /root/.ssh/config /home/aosp/.ssh/ # no clobber (do not copy if file exists)
+echo "$msg - done"
 
+msg="docker_entrypoint: Changing ownership of gitconfig and .ssh/config..." && echo $msg
+chown -R aosp:aosp /home/aosp/.gitconfig /home/aosp/.ssh/
+echo "$msg - done"
 echo ""
 
 # Default to 'bash' if no arguments are provided
 args="$@"
-if [ -z "$args" ]; then
-  args="bash"
-fi
 
 # Execute command as `aosp` user
-export HOME=/home/aosp
-exec sudo -E -u aosp $args
+exec gosu aosp ${args:-"bash"}
