lukechilds
/
termux-packages
mirror of https://github.com/lukechilds/termux-packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use non-root user when using docker 

We now use a non-root user when building packages using a docker
container. This allows detecting misconfigured packages which try
to install files outside of $TERMUX_PREFIX or otherwise mess with
the system during a build.
android-5
Fredrik Fornwall 8 years ago
parent
71430aa64e
commit
e59984067b
2 changed files with 17 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      scripts/Dockerfile
  2. 10
      scripts/run-docker.sh

26
scripts/Dockerfile
View File

@ -9,26 +9,28 @@ FROM ubuntu:16.10
# Fix locale to avoid warnings: # Fix locale to avoid warnings:
ENV LANG C.UTF-8 ENV LANG C.UTF-8
# We expect this to be mounted with '-v $PWD:/root/termux-packages':
WORKDIR /root/termux-packages
# Needed for setup: # Needed for setup:
ADD ./setup-ubuntu.sh /tmp/setup-ubuntu.sh ADD ./setup-ubuntu.sh /tmp/setup-ubuntu.sh
ADD ./setup-android-sdk.sh /tmp/setup-android-sdk.sh ADD ./setup-android-sdk.sh /tmp/setup-android-sdk.sh
# Allow configure to be run as root:
ENV FORCE_UNSAFE_CONFIGURE 1
# Setup needed packages and the Android SDK and NDK: # Setup needed packages and the Android SDK and NDK:
RUN apt-get update && \ RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -yq sudo && \ apt-get -yq upgrade && \
/tmp/setup-ubuntu.sh && \ apt-get install -yq sudo && \
apt-get clean && \ adduser --disabled-password --shell /bin/bash --gecos "" builder && \
/tmp/setup-android-sdk.sh && \ echo "builder ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/builder && \
chmod 0440 /etc/sudoers.d/builder && \
su - builder -c /tmp/setup-ubuntu.sh && \
su - builder -c /tmp/setup-android-sdk.sh && \
# Removed unused parts to make a smaller Docker image: # Removed unused parts to make a smaller Docker image:
cd /root/lib/android-ndk/ && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
cd /home/builder/lib/android-ndk/ && \
rm -Rf toolchains/mips* && \ rm -Rf toolchains/mips* && \
rm -Rf sources/cxx-stl/gabi++ sources/cxx-stl/llvm-libc++* sources/cxx-stl/system/ sources/cxx-stl/stlport && \ rm -Rf sources/cxx-stl/gabi++ sources/cxx-stl/llvm-libc++* sources/cxx-stl/system/ sources/cxx-stl/stlport && \
cd platforms && ls | grep -v android-21 | xargs rm -Rf && \ cd platforms && ls | grep -v android-21 | xargs rm -Rf && \
cd /root/lib/android-sdk/tools && rm -Rf emulator* lib* proguard templates cd /home/builder/lib/android-sdk/tools && rm -Rf emulator* lib* proguard templates
# We expect this to be mounted with '-v $PWD:/home/builder/termux-packages':
WORKDIR /home/builder/termux-packages

10
scripts/run-docker.sh
View File

@ -1,10 +1,6 @@
#!/bin/sh #!/bin/sh
set -e -u set -e -u
# Read settings from .termuxrc if existing
test -f $HOME/.termuxrc && . $HOME/.termuxrc
: ${TERMUX_TOPDIR:="$HOME/.termux-build"}
IMAGE_NAME=termux/package-builder IMAGE_NAME=termux/package-builder
CONTAINER_NAME=termux-package-builder CONTAINER_NAME=termux-package-builder
@ -15,14 +11,14 @@ docker start $CONTAINER_NAME > /dev/null 2> /dev/null || {
docker run \ docker run \
-d \ -d \
--name $CONTAINER_NAME \ --name $CONTAINER_NAME \
-v $PWD:/root/termux-packages \ -v $PWD:/home/builder/termux-packages \
-t $IMAGE_NAME -t $IMAGE_NAME
} }
if [ "$#" -eq "0" ]; then if [ "$#" -eq "0" ]; then
docker exec -it $CONTAINER_NAME bash docker exec -i -t -u builder $CONTAINER_NAME bash
else else
docker exec -it $CONTAINER_NAME $@ docker exec -i -t -u builder $CONTAINER_NAME $@
fi fi

Write Preview
Loading…
Cancel
Save