* [RFC PATCH] tests/docker: force NOUSER=1 for base images
@ 2021-11-03 17:13 Alex Bennée
2021-11-03 18:29 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 3+ messages in thread
From: Alex Bennée @ 2021-11-03 17:13 UTC (permalink / raw)
To: qemu-devel
Cc: Thomas Huth, richard.henderson, Philippe Mathieu-Daudé,
Wainer dos Santos Moschetta, Willian Rampazzo, Alex Bennée
As base images are often used to build further images like toolchains
ensure we don't add the local user by accident. The local user should
only exist on local images and not anything that gets pushed up to the
public registry.
Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
tests/docker/Makefile.include | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 5bbbaceed1..462a3758d7 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10
# The native build should never use the registry
docker-image-debian-native: DOCKER_REGISTRY=
+# base images should not add a local user
+docker-image-debian10: NOUSER=1
+docker-image-debian11: NOUSER=1
+
debian-toolchain-run = \
$(if $(NOCACHE), \
$(call quiet-command, \
--
2.30.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [RFC PATCH] tests/docker: force NOUSER=1 for base images
2021-11-03 17:13 [RFC PATCH] tests/docker: force NOUSER=1 for base images Alex Bennée
@ 2021-11-03 18:29 ` Philippe Mathieu-Daudé
2021-11-04 17:44 ` Alex Bennée
0 siblings, 1 reply; 3+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-11-03 18:29 UTC (permalink / raw)
To: Alex Bennée, qemu-devel
Cc: Willian Rampazzo, Thomas Huth, richard.henderson,
Wainer dos Santos Moschetta
On 11/3/21 18:13, Alex Bennée wrote:
> As base images are often used to build further images like toolchains
> ensure we don't add the local user by accident. The local user should
> only exist on local images and not anything that gets pushed up to the
> public registry.
>
> Reported-by: Richard Henderson <richard.henderson@linaro.org>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> tests/docker/Makefile.include | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
> index 5bbbaceed1..462a3758d7 100644
> --- a/tests/docker/Makefile.include
> +++ b/tests/docker/Makefile.include
> @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10
> # The native build should never use the registry
> docker-image-debian-native: DOCKER_REGISTRY=
>
> +# base images should not add a local user
> +docker-image-debian10: NOUSER=1
> +docker-image-debian11: NOUSER=1
What about covering all DOCKER_PARTIAL_IMAGES:
-- >8 --
@@ -188,6 +188,9 @@ DOCKER_PARTIAL_IMAGES += debian-tricore-cross
DOCKER_PARTIAL_IMAGES += debian-xtensa-cross
DOCKER_PARTIAL_IMAGES += fedora-cris-cross
+# base images should not add a local user
+$(foreach image,$(DOCKER_PARTIAL_IMAGES),docker-image-$(image)): NOUSER=1
+
# Rules for building linux-user powered images
#
# These are slower than using native cross compiler setups but can
---
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [RFC PATCH] tests/docker: force NOUSER=1 for base images
2021-11-03 18:29 ` Philippe Mathieu-Daudé
@ 2021-11-04 17:44 ` Alex Bennée
0 siblings, 0 replies; 3+ messages in thread
From: Alex Bennée @ 2021-11-04 17:44 UTC (permalink / raw)
To: Philippe Mathieu-Daudé
Cc: Willian Rampazzo, Thomas Huth, richard.henderson, qemu-devel,
Wainer dos Santos Moschetta
Philippe Mathieu-Daudé <f4bug@amsat.org> writes:
> On 11/3/21 18:13, Alex Bennée wrote:
>> As base images are often used to build further images like toolchains
>> ensure we don't add the local user by accident. The local user should
>> only exist on local images and not anything that gets pushed up to the
>> public registry.
>>
>> Reported-by: Richard Henderson <richard.henderson@linaro.org>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> ---
>> tests/docker/Makefile.include | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
>> index 5bbbaceed1..462a3758d7 100644
>> --- a/tests/docker/Makefile.include
>> +++ b/tests/docker/Makefile.include
>> @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10
>> # The native build should never use the registry
>> docker-image-debian-native: DOCKER_REGISTRY=
>>
>> +# base images should not add a local user
>> +docker-image-debian10: NOUSER=1
>> +docker-image-debian11: NOUSER=1
>
> What about covering all DOCKER_PARTIAL_IMAGES:
Hmm maybe - to be honest the naming is at variance with what it actually
indicates. They are perfectly usable images (they are used for cross
compiling tests) but they are not usable for building QEMU itself hence
use the DOCKER_PARTIAL_IMAGES field to stop them being expanded in the
test runs.
If I had my time again....
>
> -- >8 --
> @@ -188,6 +188,9 @@ DOCKER_PARTIAL_IMAGES += debian-tricore-cross
> DOCKER_PARTIAL_IMAGES += debian-xtensa-cross
> DOCKER_PARTIAL_IMAGES += fedora-cris-cross
>
> +# base images should not add a local user
> +$(foreach image,$(DOCKER_PARTIAL_IMAGES),docker-image-$(image)): NOUSER=1
> +
> # Rules for building linux-user powered images
> #
> # These are slower than using native cross compiler setups but can
> ---
--
Alex Bennée
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-04 17:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-03 17:13 [RFC PATCH] tests/docker: force NOUSER=1 for base images Alex Bennée
2021-11-03 18:29 ` Philippe Mathieu-Daudé
2021-11-04 17:44 ` Alex Bennée
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.