add gosu and refactor things

Author: robbyoconnor

Dockerfile

@@ -3,7 +3,10 @@
 #
 FROM ubuntu:16.04
 
-MAINTAINER Kyle Manna <kyle@kylemanna.com>
+LABEL maintainer "Kyle Manna <kyle@kylemanna.com>"
+
+ENV GOSU_VERSION=1.10
+ENV DEBIAN_FRONTEND noninteractive
 
 # /bin/sh points to Dash by default, reconfigure to use bash until Android
 # build becomes POSIX compliant
@@ -12,24 +15,31 @@ RUN echo "dash dash/sh boolean false" | debconf-set-selections && \
 
 # Keep the dependency list as short as reasonable
 RUN apt-get update && \
-    apt-get install -y bc bison bsdmainutils build-essential curl \
+    apt-get install -y ca-certificates bc bison bsdmainutils build-essential curl \
         flex g++-multilib gcc-multilib git gnupg gperf lib32ncurses5-dev \
         lib32z1-dev libesd0-dev libncurses5-dev \
         libsdl1.2-dev libwxgtk3.0-dev libxml2-utils lzop sudo \
         openjdk-8-jdk \
         pngcrush schedtool xsltproc zip zlib1g-dev graphviz && \
-    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" -o /usr/local/bin/gosu; \
+    curl -Ls "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" -o /usr/local/bin/gosu.asc \
+    # verify the signature
+    export GNUPGHOME="$(mktemp -d)"; \
+    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+    chmod +x /usr/local/bin/gosu; \
+    # verify it works
+    gosu nobody true; \
+    apt-get purge -y --auto-remove ca-certificates ; apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 ADD https://commondatastorage.googleapis.com/git-repo-downloads/repo /usr/local/bin/
 RUN chmod 755 /usr/local/bin/*
 
-# Install latest version of JDK
-# See http://source.android.com/source/initializing.html#setting-up-a-linux-build-environment
-WORKDIR /tmp
-
 # All builds will be done by user aosp
-COPY gitconfig /root/.gitconfig
-COPY ssh_config /root/.ssh/config
+COPY gitconfig /home/aosp/.gitconfig
+COPY ssh_config /home/aosp/.ssh/config
 
 # The persistent data will be in these two directories, everything else is
 # considered to be ephemeral
@@ -38,5 +48,5 @@ VOLUME ["/tmp/ccache", "/aosp"]
 # Work in the build directory, repo is expected to be init'd here
 WORKDIR /aosp
 
-COPY utils/docker_entrypoint.sh /root/docker_entrypoint.sh
-ENTRYPOINT ["/root/docker_entrypoint.sh"]
+COPY utils/docker_entrypoint.sh /docker_entrypoint.sh
+ENTRYPOINT ["/docker_entrypoint.sh"]

docker-compose.yml

@@ -6,4 +6,6 @@ services:
     volumes:
       - ~/aosp/ccache:/tmp/ccache
       - ~/aosp:/aosp
-      - ~/.gitconfig:/root/.gitconfig
+      - ~/.gitconfig:/home/aosp/.gitconfig
+      # uncomment if you want this
+      #- ~/.ssh/:/home/.ssh/

utils/docker_entrypoint.sh

@@ -14,39 +14,31 @@ set -e
 #
 
 # Reasonable defaults if no USER_ID/GROUP_ID environment variables are set.
-if [ -z ${USER_ID+x} ]; then USER_ID=1000; fi
-if [ -z ${GROUP_ID+x} ]; then GROUP_ID=1000; fi
+USER_ID=${USER_ID:-1000}
+GROUP_ID=${GROUP_ID:-1000}
 
 # ccache
 export CCACHE_DIR=/tmp/ccache
 export USE_CCACHE=1
 
 msg="docker_entrypoint: Creating user UID/GID [$USER_ID/$GROUP_ID]" && echo $msg
-groupadd -g $GROUP_ID -r aosp && \
-useradd -u $USER_ID --create-home -r -g aosp aosp
+groupadd -g $GROUP_ID -r aosp ; useradd -u $USER_ID -r -g aosp aosp
 echo "$msg - done"
+echo ""
 
-msg="docker_entrypoint: Copying .gitconfig and .ssh/config to new user home" && echo $msg
-cp /root/.gitconfig /home/aosp/.gitconfig && \
-chown aosp:aosp /home/aosp/.gitconfig && \
-mkdir -p /home/aosp/.ssh && \
-cp /root/.ssh/config /home/aosp/.ssh/config && \
-chown aosp:aosp -R /home/aosp/.ssh &&
+msg="docker_entrypoint: Changing ownership of /tmp/ccache and /aosp..." && echo $msg
+chown -R aosp:aosp /tmp/ccache /aosp
 echo "$msg - done"
+echo ""
 
-msg="docker_entrypoint: Creating /tmp/ccache and /aosp directory" && echo $msg
-mkdir -p /tmp/ccache /aosp
-chown aosp:aosp /tmp/ccache /aosp
+msg="docker_entrypoint: Changing ownership of gitconfig and .ssh/config..." && echo $msg
+chown -R aosp:aosp /home/aosp/.gitconfig /home/aosp/.ssh/
 echo "$msg - done"
-
 echo ""
 
 # Default to 'bash' if no arguments are provided
 args="$@"
-if [ -z "$args" ]; then
-  args="bash"
-fi
 
 # Execute command as `aosp` user
 export HOME=/home/aosp
-exec sudo -E -u aosp $args
+exec gosu aosp ${args:-"bash"}