From 7c8fa216ff5f68e807146cdb78bd29b77444e94e Mon Sep 17 00:00:00 2001 From: Guillaume Nodet Date: Tue, 3 May 2022 17:58:48 +0200 Subject: [PATCH] FIx files generated with wrong user id, fixes #627 (#632) --- native/Makefile | 79 ++++++++++++++------- native/docker/crossbuild-uid/Dockerfile | 11 +++ native/docker/crossbuild-uid/crossbuild-uid | 31 ++++++++ pom.xml | 2 +- 4 files changed, 95 insertions(+), 28 deletions(-) create mode 100644 native/docker/crossbuild-uid/Dockerfile create mode 100755 native/docker/crossbuild-uid/crossbuild-uid diff --git a/native/Makefile b/native/Makefile index 1483344b..31722942 100644 --- a/native/Makefile +++ b/native/Makefile @@ -17,7 +17,7 @@ include Makefile.common -.phony: all package native native-all deploy +.PHONY: all package native native-all deploy crossbuild crossbuild-uid ducible clean-native all: package @@ -25,8 +25,10 @@ MVNDNATIVE_OUT:=target/native-$(OS_NAME)-$(OS_ARCH) CCFLAGS:= -I$(MVNDNATIVE_OUT) $(CCFLAGS) -download-includes: +target: @test -d target || mkdir target + +download-includes: target @test -d target/inc || mkdir target/inc @test -d target/inc/unix || mkdir target/inc/unix @test -d target/inc/windows || mkdir target/inc/windows @@ -34,6 +36,19 @@ download-includes: test -f target/inc/unix/jni_md.h || wget -O target/inc/unix/jni_md.h https://raw.githubusercontent.com/openjdk/jdk/jdk-11%2B28/src/java.base/unix/native/include/jni_md.h test -f target/inc/windows/jni_md.h || wget -O target/inc/windows/jni_md.h https://raw.githubusercontent.com/openjdk/jdk/jdk-11%2B28/src/java.base/windows/native/include/jni_md.h +crossbuild: target + @test -d target || mkdir target + test -d target/crossbuild || git clone https://github.com/multiarch/crossbuild.git target/crossbuild + git -C target/crossbuild reset --hard d06cdc31fce0c85ad78408b44794366dafd59554 + docker build target/crossbuild -t multiarch/crossbuild + +crossbuild-uid: crossbuild + docker build docker/crossbuild-uid -t maven-mvnd/crossbuild + +ducible: target + test -d target/ducible || git clone --branch v1.2.2 https://github.com/jasonwhite/ducible.git target/ducible + make --directory=target/ducible ducible CROSS_PREFIX= CXX=g++ CC=gcc + clean-native: rm -rf $(MVNDNATIVE_OUT) @@ -49,10 +64,7 @@ $(MVNDNATIVE_OUT)/$(LIBNAME): $(MVNDNATIVE_OUT)/mvndnative.o @mkdir -p $(@D) $(CC) $(CCFLAGS) -o $@ $(MVNDNATIVE_OUT)/mvndnative.o $(LINKFLAGS) ifeq ($(OS_NAME), Windows) - echo "running ducible on $(OS_NAME)" target/ducible/ducible $(MVNDNATIVE_OUT)/$(LIBNAME) -else - echo "not running ducible on $(OS_NAME)" endif NATIVE_DIR=src/main/resources/org/mvndaemon/mvnd/nativ/$(OS_NAME)/$(OS_ARCH) @@ -75,23 +87,33 @@ $(NATIVE_DLL): $(MVNDNATIVE_OUT)/$(LIBNAME) linux-x86: download-includes ./docker/dockcross-linux-x86 bash -c 'make clean-native native OS_NAME=Linux OS_ARCH=x86' -linux-x86_64: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=x86_64-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=x86_64 +linux-x86_64: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=x86_64-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=x86_64 -linux-arm: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=arm-linux-gnueabi multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm +linux-arm: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=arm-linux-gnueabi maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm linux-armv6: ./docker/dockcross-linux-armv6 bash -c 'make clean-native native CROSS_PREFIX=armv6-unknown-linux-gnueabihf- OS_NAME=Linux OS_ARCH=armv6' -linux-armv7: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=arm-linux-gnueabihf multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=armv7 +linux-armv7: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=arm-linux-gnueabihf maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=armv7 -linux-arm64: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=aarch64-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm64 +linux-arm64: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=aarch64-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=arm64 -linux-ppc64: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=powerpc64le-linux-gnu multiarch/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=ppc64 +linux-ppc64: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=powerpc64le-linux-gnu maven-mvnd/crossbuild make clean-native native OS_NAME=Linux OS_ARCH=ppc64 win-x86: download-includes ./docker/dockcross-windows-static-x86 bash -c 'make clean-native native CROSS_PREFIX=i686-w64-mingw32.static- OS_NAME=Windows OS_ARCH=x86' @@ -99,25 +121,28 @@ win-x86: download-includes win-x86_64: download-includes ./docker/dockcross-windows-static-x64 bash -c 'make clean-native native CROSS_PREFIX=x86_64-w64-mingw32.static- OS_NAME=Windows OS_ARCH=x86_64' -mac-x86: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=i386-apple-darwin multiarch/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86 +mac-x86: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=i386-apple-darwin maven-mvnd/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86 -mac-x86_64: download-includes - docker run -it --rm -v $$PWD:/workdir -e CROSS_TRIPLE=x86_64-apple-darwin multiarch/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86_64 +mac-x86_64: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/workdir \ + -e BUILDER_UID=$$( id -u ) -e BUILDER_GID=$$( id -g ) -e BUILDER_USER=$$( id -un ) -e BUILDER_GROUP=$$( id -gn ) \ + -e CROSS_TRIPLE=x86_64-apple-darwin maven-mvnd/crossbuild make clean-native native OS_NAME=Mac OS_ARCH=x86_64 -mac-arm64: download-includes - docker run -it --rm -v $$PWD:/src -e TARGET=arm64-apple-darwin mcandre/snek:darwin sh -c "make clean-native native CROSS_PREFIX=arm64-apple-darwin20.4- OS_NAME=Mac OS_ARCH=arm64" +mac-arm64: download-includes crossbuild-uid + docker run -it --rm -v $$PWD:/src \ + -e TARGET=arm64-apple-darwin mcandre/snek:darwin sh -c "make clean-native native CROSS_PREFIX=arm64-apple-darwin20.4- OS_NAME=Mac OS_ARCH=arm64" freebsd-x86: download-includes - docker run -it --rm -v $$PWD:/workdir empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=i386-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86 + docker run -it --rm -v $$PWD:/workdir \ + empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=i386-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86 freebsd-x86_64: download-includes - docker run -it --rm -v $$PWD:/workdir empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=x86_64-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86_64 + docker run -it --rm -v $$PWD:/workdir \ + empterdose/freebsd-cross-build:9.3 make clean-native native CROSS_PREFIX=x86_64-freebsd9- OS_NAME=FreeBSD OS_ARCH=x86_64 #sparcv9: # $(MAKE) native OS_NAME=SunOS OS_ARCH=sparcv9 -ducible: - test -d target/ducible || git clone --branch v1.2.2 https://github.com/jasonwhite/ducible.git target/ducible - make --directory=target/ducible ducible CROSS_PREFIX= CXX=g++ CC=gcc - diff --git a/native/docker/crossbuild-uid/Dockerfile b/native/docker/crossbuild-uid/Dockerfile new file mode 100644 index 00000000..ce18c9e2 --- /dev/null +++ b/native/docker/crossbuild-uid/Dockerfile @@ -0,0 +1,11 @@ +FROM multiarch/crossbuild +RUN cd /tmp; \ + git clone https://github.com/ncopa/su-exec.git; \ + cd /tmp/su-exec; \ + make; \ + cp su-exec /usr/bin; \ + rm -Rf /tmp/su-exec +ENTRYPOINT [ "/usr/bin/crossbuild-uid", "/usr/bin/crossbuild" ] +CMD ["/bin/bash"] +WORKDIR /workdir +COPY crossbuild-uid /usr/bin/crossbuild-uid diff --git a/native/docker/crossbuild-uid/crossbuild-uid b/native/docker/crossbuild-uid/crossbuild-uid new file mode 100755 index 00000000..0fdab915 --- /dev/null +++ b/native/docker/crossbuild-uid/crossbuild-uid @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +# This is the entrypoint script for the dockerfile. Executed in the +# container at runtime. + +export PATH_ORIGIN=$PATH +export LD_LIBRARY_PATH_ORIGIN=$LD_LIBRARY_PATH + +# If we are running docker natively, we want to create a user in the container +# with the same UID and GID as the user on the host machine, so that any files +# created are owned by that user. Without this they are all owned by root. +# The dockcross script sets the BUILDER_UID and BUILDER_GID vars. +if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then + + groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null + useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null + export HOME=/home/${BUILDER_USER} + shopt -s dotglob + cp -r /root/* $HOME/ + chown -R $BUILDER_UID:$BUILDER_GID $HOME + + # Enable passwordless sudo capabilities for the user + chown root:$BUILDER_GID $(which su-exec) + chmod +s $(which su-exec); sync + + # Run the command as the specified user/group. + exec su-exec $BUILDER_UID:$BUILDER_GID "$@" +else + # Just run the command as root. + exec "$@" +fi diff --git a/pom.xml b/pom.xml index 021497ca..e3d82ff4 100644 --- a/pom.xml +++ b/pom.xml @@ -334,7 +334,7 @@ limitations under the License. **/*.dll **/*.jnilib **/Makefile* - **/docker/* + **/docker/** **/*.tpl