diff --git a/Makefile b/Makefile index 33e1752..18ff378 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ IMAGE := local/$(NAME) UID := $(shell id -u) GID := $(shell id -g) USER := $(UID):$(GID) -CPUS := $(shell docker run -it debian nproc) +CPUS := $(shell docker run debian nproc) PRESERVE_CACHE := "false" GIT_REF := $(shell git log -1 --format=%H) GIT_AUTHOR := $(shell git log -1 --format=%an) @@ -214,20 +214,23 @@ define fetch_pgp_key ') endef +TOOLCHAIN_VOLUME := $(PWD):/home/build +TOOLCHAIN_WORKDIR := /home/build define toolchain - docker run \ - --rm \ - --tty \ - $(2) \ - --env UID=$(UID) \ - --env GID=$(GID) \ - --platform=linux/$(ARCH) \ - --privileged \ - --cpus $(CPUS) \ - --volume $(PWD):/home/build \ - --workdir /home/build \ - --env-file=$(CONFIG_DIR)/global.env \ - --env-file=$(CACHE_DIR_ROOT)/toolchain.env \ - $(shell cat cache/toolchain.state 2> /dev/null) \ - $(SRC_DIR)/toolchain/scripts/host-env bash -c $(1) + docker run \ + --rm \ + --tty \ + $(2) \ + --env UID=$(UID) \ + --env GID=$(GID) \ + --platform=linux/$(ARCH) \ + --privileged \ + --cpus $(CPUS) \ + --volume $(TOOLCHAIN_VOLUME) \ + --workdir $(TOOLCHAIN_WORKDIR) \ + --env-file=$(CONFIG_DIR)/global.env \ + --env-file=$(CACHE_DIR_ROOT)/toolchain.env \ + $(shell cat cache/toolchain.state 2> /dev/null) \ + $(SRC_DIR)/toolchain/scripts/host-env bash -c $(1) endef + diff --git a/scripts/host-env b/scripts/host-env index efa7e99..8c71cb7 100755 --- a/scripts/host-env +++ b/scripts/host-env @@ -6,15 +6,19 @@ gid=${GID?} user=${USER:-"build"} export HOME="/home/${user}" -groupdel dialout -groupadd -g "$gid" "${user}" -useradd \ - -g "$gid" \ - -G sudo \ - -u "$uid" \ - -d "/home/${user}" \ - -s /bin/bash \ - "${user}" +# If running user is not root, pivot to custom user/group +[ "$uid" != "0" ] && { + getent group "$gid" && groupdel "$gid" + getent passwd "$uid" && userdel "$uid" + groupadd -g "$gid" "${user}" + useradd \ + -g "$gid" \ + -G sudo \ + -u "$uid" \ + -d "/home/${user}" \ + -s /bin/bash \ + "${user}" + setpriv --reuid="$uid" --regid="$gid" --init-groups "$@" +} -cd "$HOME" -setpriv --reuid="$uid" --regid="$gid" --init-groups "$@" +exec "$@"