From e76b44cba127f1765180bd8a24836328fae100ea Mon Sep 17 00:00:00 2001
From: Norbert Manthey <nmanthey@amazon.de>
Date: Wed, 25 Nov 2020 10:52:30 +0100
Subject: [PATCH] docker: forward user and group as run

To avoid issues with the adduser call in the Dockerfile in Ubuntu, but
still allow sharing image artifacts, we will invoke docker runs with the
correct user ID and group ID. This allows to share the build artifacts
without creating a new user inside the container.

Signed-off-by: Norbert Manthey <nmanthey@amazon.de>
---
 Makefile                | 10 ++++------
 tools/docker/Dockerfile | 11 -----------
 2 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/Makefile b/Makefile
index 21ce50ec..635fb894 100644
--- a/Makefile
+++ b/Makefile
@@ -191,12 +191,10 @@ style:
 
 DOCKERFILE  := $(shell find $(ROOT) -type f -name Dockerfile)
 DOCKERIMAGE := "ktf:build"
+DOCKERUSERFLAGS := --user $(shell id -u):$(shell id -g) $(shell printf -- "--group-add=%q " $(shell id -G))
+
 ifeq ($(SYSTEM), LINUX)
-	DOCKER_BUILD_ARGS=--build-arg USER_ID=$$(id -u) --build-arg GROUP_ID=$$(id -g) --build-arg USER=$$USER
-else
-	# On Docker for Mac I ran into issues because Mac user IDs are huge and Ubuntu did not like creating
-	# UIDs with such huge numbers. Hence, use fixed UID/GID here. Confirmed we still get our image built.
-	DOCKER_BUILD_ARGS=--build-arg USER_ID=1024 --build-arg GROUP_ID=1024 --build-arg USER=$$USER
+	DOCKER_BUILD_ARGS=--network=host
 endif
 
 .PHONY: dockerimage
@@ -208,7 +206,7 @@ dockerimage:
 .PHONY: docker%
 docker%: dockerimage
 	@echo "running target '$(strip $(subst :,, $*))' in docker"
-	$(VERBOSE) docker run -t -e UNITTEST=$(UNITTEST) -v $(PWD):$(PWD)$(DOCKER_MOUNT_OPTS) -w $(PWD) $(DOCKERIMAGE) bash -c "make -j $(strip $(subst :,, $*))"
+	$(VERBOSE) docker run -t $(DOCKERUSERFLAGS) -e UNITTEST=$(UNITTEST) -v $(PWD):$(PWD)$(DOCKER_MOUNT_OPTS) -w $(PWD) $(DOCKERIMAGE) bash -c "make -j $(strip $(subst :,, $*))"
 
 .PHONY: onelinescan
 onelinescan:
diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
index 9584f0c6..59acc467 100644
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@@ -1,20 +1,9 @@
 FROM ubuntu:20.04
 
-ARG USER
-ARG USER_ID
-ARG GROUP_ID
-
 # build dependencies
 RUN apt-get update -y
 RUN apt-get install -y gcc make xorriso qemu-utils
 # grub is a bit special in containers
 RUN DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install grub2 python
 
-# Create proper users so that our build artifacts
-# can be shared with the outside user
-# https://vsupalov.com/docker-shared-permissions/
-RUN addgroup --gid $GROUP_ID $USER
-RUN adduser --disabled-password --gecos '' --uid $USER_ID --gid $GROUP_ID $USER
-USER $USER
-
 CMD ["/bin/bash"]