docker: use local user UID

usbarmory · Mar 10, 2022 · 09721b1 · 09721b1
1 parent 4f4a242
commit 09721b1
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 12 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,26 +1,35 @@
-FROM debian:20.04
+FROM ubuntu:20.04
 
 RUN apt-get update && apt-get upgrade -y
 RUN apt-get install -y \
     bc binfmt-support bzip2 fakeroot gcc gcc-arm-linux-gnueabihf \
     git gnupg make parted rsync qemu-user-static wget xz-utils zip \
     debootstrap sudo dirmngr bison flex libssl-dev kmod udev cpio
 
+# create user "builder" with sudo privileges
+ARG GID
+ARG UID
+ARG USER=builder
+RUN groupadd --gid ${GID} $USER
+RUN useradd --uid ${UID} --gid $USER --shell /bin/bash --home-dir /home/$USER --create-home $USER
+RUN echo "builder ALL=(ALL) NOPASSWD: ALL" | tee -a /etc/sudoers
+
 # import U-Boot signing keys
-RUN gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 38DBBDC86092693E && \
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 147C39FF9634B72C && \
+RUN su - $USER -c "gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 38DBBDC86092693E"
+RUN su - $USER -c "gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 147C39FF9634B72C"
 # import golang signing keys
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 7721F63BD38B4796
+RUN su - $USER -c "gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 7721F63BD38B4796"
 
 # install golang
 ENV GOLANG_VERSION="1.17.8"
 
-RUN wget -O go.tgz https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz --progress=dot:giga
-RUN wget -O go.tgz.asc https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz.asc --progress=dot:giga
-RUN gpg --batch --verify go.tgz.asc go.tgz
-RUN tar -C /usr/local -xzf go.tgz && rm go.tgz
+RUN su - $USER -c "wget -O go.tgz https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz"
+RUN su - $USER -c "wget -O go.tgz.asc https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz.asc"
+RUN su - $USER -c "gpg --batch --verify go.tgz.asc go.tgz"
+RUN tar -C /usr/local -xzf /home/$USER/go.tgz && rm /home/$USER/go.tgz*
 
 ENV PATH "$PATH:/usr/local/go/bin"
-ENV GOPATH /go
+ENV GOPATH "/home/${USER}/go"
 
-WORKDIR /opt/armory
+USER $USER
+WORKDIR /usbarmory
diff --git a/README.md b/README.md
@@ -32,8 +32,8 @@ When building the image under Docker the `--privileged` option is required to
 give privileges for handling loop devices, example:
 
 ```
-docker build --rm -t armory ./
-docker run --rm -it --privileged -v $(pwd):/opt/armory --name armory armory
+docker build --rm --build-arg UID=$(id -u) --build-arg GID=$(id -g) -t armory ./
+docker run --rm -it --privileged -v $(pwd):/usbarmory --name armory armory
 ```
 
 On Mac OS X the build needs to be done in a case-sensitive filesystem. Such