Skip to content

rootless: use Giuseppe's newuidmap/newgidmap#686

Merged
AkihiroSuda merged 1 commit into
moby:masterfrom
AkihiroSuda:use-giuseppe-newuidmap
Oct 16, 2018
Merged

rootless: use Giuseppe's newuidmap/newgidmap#686
AkihiroSuda merged 1 commit into
moby:masterfrom
AkihiroSuda:use-giuseppe-newuidmap

Conversation

@AkihiroSuda
Copy link
Copy Markdown
Member

@AkihiroSuda AkihiroSuda commented Oct 15, 2018

Apply shadow-maint/shadow#132 so that newuidmap/newgidmap
doesn't require CAP_SYS_ADMIN

Signed-off-by: Akihiro Suda suda.akihiro@lab.ntt.co.jp

Close #671

AkihiroSuda
AkihiroSuda commented Oct 15, 2018
View reviewed changes
Comment thread hack/dockerfiles/test.buildkit.Dockerfile Outdated
# We lock the root account by `passwd -l root`, so as to disable su completely.

# tonistiigi/buildkit:rootless-base is a pre-built multi-arch version of rootless-base-internal https://github.com/moby/buildkit/pull/666#pullrequestreview-161872350
FROM tonistiigi/buildkit:rootless-base@sha256:6d9c50e2d006c2a8745e9d7f2bc075e4469191eccada41936ec0c6070361d45a AS rootless-base-external
Copy link
Copy Markdown
Member Author

@AkihiroSuda AkihiroSuda Oct 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I set status/do-not-merge label because tonistiigi/buildkit:rootless-base needs to be updated

@tonistiigi please update the image if LGTY

Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Oct 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tonistiigi/buildkit:rootless-base@sha256:d0ad2d97de253eca727679e22cc6a5982b6aa79d048ef6c79e4938204a6dc803

Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Oct 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AkihiroSuda Do you want me to recreate this after the last modifications?

Copy link
Copy Markdown
Member Author

@AkihiroSuda AkihiroSuda Oct 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, please 🙏

Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Oct 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tonistiigi/buildkit:rootless-base@sha256:51a8017db80e9757fc05071996947abb5d3e91508c3d641b01cfcaeff77e676e

@AkihiroSuda AkihiroSuda force-pushed the use-giuseppe-newuidmap branch from 8baff95 to 1d10c56 Compare October 15, 2018 06:33
@AkihiroSuda
Copy link
Copy Markdown
Member Author

AkihiroSuda commented Oct 15, 2018

I'd like to release v0.3.1 when this PR gets merged

tonistiigi
tonistiigi reviewed Oct 15, 2018
View reviewed changes
Comment thread hack/dockerfiles/test.buildkit.Dockerfile

FROM alpine AS rootless-base-internal
RUN apk add --no-cache git shadow shadow-uidmap \
RUN apk add --no-cache git
Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Oct 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't build for me. Needs apk add --no-cache git shadow for the useradd binary.

Copy link
Copy Markdown
Member Author

@AkihiroSuda AkihiroSuda Oct 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed to use busybox adduser

@AkihiroSuda AkihiroSuda force-pushed the use-giuseppe-newuidmap branch 2 times, most recently from ca8f151 to ba5636a Compare October 16, 2018 04:23
@AkihiroSuda
rootless: use Giuseppe's newuidmap/newgidmap
ed64652 
Apply shadow-maint/shadow#132 so that newuidmap/newgidmap
doesn't require CAP_SYS_ADMIN

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
@AkihiroSuda
Copy link
Copy Markdown
Member Author

AkihiroSuda commented Oct 16, 2018

thanks, updated

@AkihiroSuda AkihiroSuda force-pushed the use-giuseppe-newuidmap branch from ba5636a to ed64652 Compare October 16, 2018 06:11
@AkihiroSuda AkihiroSuda merged commit 7a4dc7c into moby:master Oct 16, 2018
@AkihiroSuda
Copy link
Copy Markdown
Member Author

AkihiroSuda commented Oct 16, 2018

release seems failing. PTAL? https://travis-ci.org/moby/buildkit/builds/442025898?utm_source=github_status&utm_medium=notification

@tonistiigi

tonistiigi
tonistiigi reviewed Oct 16, 2018
View reviewed changes
Comment thread hack/dockerfiles/test.buildkit.Dockerfile

# tonistiigi/buildkit:rootless-base is a pre-built multi-arch version of rootless-base-internal https://github.com/moby/buildkit/pull/666#pullrequestreview-161872350
FROM tonistiigi/buildkit:rootless-base@sha256:6d9c50e2d006c2a8745e9d7f2bc075e4469191eccada41936ec0c6070361d45a AS rootless-base-external
FROM tonistiigi/buildkit:rootless-base@sha256:51a8017db80e9757fc05071996947abb5d3e91508c3d641b01cfcaeff77e676e
Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Oct 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AkihiroSuda AS rootless-base-external missing here

Copy link
Copy Markdown
Member Author

@AkihiroSuda AkihiroSuda Oct 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh sorry #690

crazy-max pushed a commit to crazy-max/buildkit that referenced this pull request Jun 8, 2022
@thaJeztah
Merge pull request moby#686 from mvasin/patch-1
35e9bf6 
Fix grammar
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AkihiroSuda @tonistiigi