| Message ID | 20211103171339.721910-1-alex.bennee@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | [RFC] tests/docker: force NOUSER=1 for base images | expand |
On 11/3/21 18:13, Alex Bennée wrote: > As base images are often used to build further images like toolchains > ensure we don't add the local user by accident. The local user should > only exist on local images and not anything that gets pushed up to the > public registry. > > Reported-by: Richard Henderson <richard.henderson@linaro.org> > Signed-off-by: Alex Bennée <alex.bennee@linaro.org> > --- > tests/docker/Makefile.include | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include > index 5bbbaceed1..462a3758d7 100644 > --- a/tests/docker/Makefile.include > +++ b/tests/docker/Makefile.include > @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10 > # The native build should never use the registry > docker-image-debian-native: DOCKER_REGISTRY= > > +# base images should not add a local user > +docker-image-debian10: NOUSER=1 > +docker-image-debian11: NOUSER=1 What about covering all DOCKER_PARTIAL_IMAGES: -- >8 -- @@ -188,6 +188,9 @@ DOCKER_PARTIAL_IMAGES += debian-tricore-cross DOCKER_PARTIAL_IMAGES += debian-xtensa-cross DOCKER_PARTIAL_IMAGES += fedora-cris-cross +# base images should not add a local user +$(foreach image,$(DOCKER_PARTIAL_IMAGES),docker-image-$(image)): NOUSER=1 + # Rules for building linux-user powered images # # These are slower than using native cross compiler setups but can ---
Philippe Mathieu-Daudé <f4bug@amsat.org> writes: > On 11/3/21 18:13, Alex Bennée wrote: >> As base images are often used to build further images like toolchains >> ensure we don't add the local user by accident. The local user should >> only exist on local images and not anything that gets pushed up to the >> public registry. >> >> Reported-by: Richard Henderson <richard.henderson@linaro.org> >> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> >> --- >> tests/docker/Makefile.include | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include >> index 5bbbaceed1..462a3758d7 100644 >> --- a/tests/docker/Makefile.include >> +++ b/tests/docker/Makefile.include >> @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10 >> # The native build should never use the registry >> docker-image-debian-native: DOCKER_REGISTRY= >> >> +# base images should not add a local user >> +docker-image-debian10: NOUSER=1 >> +docker-image-debian11: NOUSER=1 > > What about covering all DOCKER_PARTIAL_IMAGES: Hmm maybe - to be honest the naming is at variance with what it actually indicates. They are perfectly usable images (they are used for cross compiling tests) but they are not usable for building QEMU itself hence use the DOCKER_PARTIAL_IMAGES field to stop them being expanded in the test runs. If I had my time again.... > > -- >8 -- > @@ -188,6 +188,9 @@ DOCKER_PARTIAL_IMAGES += debian-tricore-cross > DOCKER_PARTIAL_IMAGES += debian-xtensa-cross > DOCKER_PARTIAL_IMAGES += fedora-cris-cross > > +# base images should not add a local user > +$(foreach image,$(DOCKER_PARTIAL_IMAGES),docker-image-$(image)): NOUSER=1 > + > # Rules for building linux-user powered images > # > # These are slower than using native cross compiler setups but can > --- -- Alex Bennée
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index 5bbbaceed1..462a3758d7 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10 # The native build should never use the registry docker-image-debian-native: DOCKER_REGISTRY= +# base images should not add a local user +docker-image-debian10: NOUSER=1 +docker-image-debian11: NOUSER=1 + debian-toolchain-run = \ $(if $(NOCACHE), \ $(call quiet-command, \
As base images are often used to build further images like toolchains ensure we don't add the local user by accident. The local user should only exist on local images and not anything that gets pushed up to the public registry. Reported-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> --- tests/docker/Makefile.include | 4 ++++ 1 file changed, 4 insertions(+) -- 2.30.2