From cf40e4b299ca4023f842eed1ecc5b254eb3eb688 Mon Sep 17 00:00:00 2001 From: Stefan Becker Date: Mon, 27 Mar 2023 16:30:34 +0300 Subject: [PATCH 1/2] Check that docker is not set up in rootless mode (#679) Mounting binfmt_misc inside the container requires root rights. If "docker info" indicates rootless mode then fall back to "sudo docker". Allow the user to override the docker command with the DOCKER by setting the environment variable. --- build-docker.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/build-docker.sh b/build-docker.sh index a7f18f1..b3995d5 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -4,10 +4,15 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" BUILD_OPTS="$*" -DOCKER="docker" +# Allow user to override docker command +DOCKER=${DOCKER:-docker} -if ! ${DOCKER} ps >/dev/null 2>&1; then - DOCKER="sudo docker" +# Ensure that default docker command is not set up in rootless mode +if \ + ! ${DOCKER} ps >/dev/null 2>&1 || \ + ${DOCKER} info 2>/dev/null | grep -q rootless \ +; then + DOCKER="sudo ${DOCKER}" fi if ! ${DOCKER} ps >/dev/null; then echo "error connecting to docker:" From 0db41e35efc3ebee7c334e11ae8d91607ef5931a Mon Sep 17 00:00:00 2001 From: Stefan Becker Date: Mon, 27 Mar 2023 16:31:02 +0300 Subject: [PATCH 2/2] Ensure that deploy is always owned by user (#680) Switch "docker cp" to tar streaming mode. As the receiving "tar" command is executed outside Docker the resulting directories & files are owned by the calling user. --- build-docker.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build-docker.sh b/build-docker.sh index b3995d5..413c12a 100755 --- a/build-docker.sh +++ b/build-docker.sh @@ -126,8 +126,9 @@ else wait "$!" fi +# Ensure that deploy/ is always owned by calling user echo "copying results from deploy/" -${DOCKER} cp "${CONTAINER_NAME}":/pi-gen/deploy . +${DOCKER} cp "${CONTAINER_NAME}":/pi-gen/deploy - | tar -xf - ls -lah deploy # cleanup