From 26d632a596e4dc0d063c33dca33d82d993bb5078 Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Tue, 2 May 2023 17:31:28 -0700 Subject: [PATCH 01/14] .github/zephyr: hardcode docker image to v0.23.4 (ZSDK 0.14) This is a release branch, we shouldn't be using any "latest" docker image. Signed-off-by: Marc Herbert --- .github/workflows/zephyr.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 79be79fb4a9b..5bfb2dec95d5 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -15,11 +15,19 @@ jobs: # From time to time this will catch a git tag and change SOF_VERSION with: {fetch-depth: 10, submodules: recursive} + # v0.23.4 is the last image with Zephyr SDK 0.14. + # SDK 0.15 fails with the following Werror: + # /workdir/zephyrproject/zephyr/include/zephyr/kernel/thread_stack.h:190:16: + # error: ignoring attribute 'section (".cached.\"WEST_TOPDIR/zephyr/kernel/init.c\".3")' + # because it conflicts with previous 'section + # (".cached.\"WEST_TOPDIR/zephyr/arch/xtensa/include/kernel_arch_func.h\"' + # [-Werror=attributes] + # https://github.com/zephyrproject-rtos/docker-image # Note: env variables can be passed to the container with # -e https_proxy=... - name: build run: docker run -v "$(pwd)":/workdir - ghcr.io/zephyrproject-rtos/zephyr-build:latest + ghcr.io/zephyrproject-rtos/zephyr-build:v0.23.4 ./zephyr/docker-build.sh --cmake-args=-DEXTRA_CFLAGS=-Werror --cmake-args=--warn-uninitialized -a From 4d33ae4686b11a7587f3c34f4cd17227877ff93e Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Tue, 2 May 2023 16:40:52 -0700 Subject: [PATCH 02/14] zephyr/docker-build.sh: pass http[s]_proxy variables to the container Support downloads from within the container - notably cloning Zephyr. Similar to commit 424da2cd9d43 ("zephyr/docker: pass http[s]_proxy variables to the container") on the main branch. Signed-off-by: Marc Herbert --- zephyr/docker-build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zephyr/docker-build.sh b/zephyr/docker-build.sh index 191fa7b45975..77c7b2875efa 100755 --- a/zephyr/docker-build.sh +++ b/zephyr/docker-build.sh @@ -52,7 +52,7 @@ exec_as_sof_uid() # Double sudo to work around some funny restriction in # zephyr-build:/etc/sudoers: 'user' can do anything but... only as # root. - sudo sudo -u "$sof_user" "$0" "$@" + sudo sudo -u "$sof_user" http_proxy="$http_proxy" https_proxy="$https_proxy" "$0" "$@" exit "$?" } From c02aa82a014af97e8d67dee1d829d72efb9e1ed7 Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Sat, 17 Sep 2022 00:30:23 +0000 Subject: [PATCH 03/14] .github: extend yamllint line-length to 100 Dropping *.yml change from the original commit cause there is no west.yml in this branch. Signed-off-by: Marc Herbert (cherry picked from commit 3d69a7f69eb63e29f526d502e8d11f4de011a829) --- .github/workflows/codestyle.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codestyle.yml b/.github/workflows/codestyle.yml index 6c0577a093ce..0480d3ead79d 100644 --- a/.github/workflows/codestyle.yml +++ b/.github/workflows/codestyle.yml @@ -53,4 +53,9 @@ jobs: - uses: actions/checkout@v2 - name: run yamllint - run: yamllint --strict .github/workflows/*.yml + # Quoting to please all parsers is hard. This indirection helps. + env: + yamllint_config: '{extends: default, rules: {line-length: {max: 100}}}' + run: yamllint -f parsable + -d "$yamllint_config" + --strict .github/workflows/*.yml From 475f193993b6363fa3dae5685211c3648ea209dc Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Wed, 1 Jun 2022 11:23:54 -0700 Subject: [PATCH 04/14] .github: add new job that builds all DEFAULT_PLATFORMS This will make sure platforms without an open-source toolchain available are added to SUPPORTED_PLATFORMS and do not break the -a option Signed-off-by: Marc Herbert (cherry picked from commit 8a7a1ad76af2deaa37e57fe9f7dfe4690a98a26f) --- .github/workflows/pull-request.yml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 01639e699845..6f25c475adfc 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -83,6 +83,26 @@ jobs: run: ./scripts/host-testbench.sh + # This is a bit redundant with the other jobs below and with the (much + # faster!) installer[.yml] but it may differ in which platforms are + # built. This makes sure platforms without any open-source toolchain + # are added in the right place and do not accidentally break the -a + # option, Docker testing etc. + gcc-build-default-platforms: + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v2 + with: {fetch-depth: 5, submodules: recursive} + + - name: docker + run: docker pull thesofproject/sof && docker tag thesofproject/sof sof + + - name: xtensa-build-all.sh -a + run: ./scripts/docker-run.sh ./scripts/xtensa-build-all.sh -a || + ./scripts/docker-run.sh ./scripts/xtensa-build-all.sh -a -j 1 + + gcc-build-only: runs-on: ubuntu-20.04 @@ -107,7 +127,7 @@ jobs: - name: docker run: docker pull thesofproject/sof && docker tag thesofproject/sof sof - - name: xtensa-build-all + - name: xtensa-build-all.sh platforms env: PLATFORM: ${{ matrix.platform }} run: ./scripts/docker-run.sh @@ -146,7 +166,7 @@ jobs: - name: docker SOF run: docker pull thesofproject/sof && docker tag thesofproject/sof sof - - name: xtensa-build-all -o no-agent + - name: xtensa-build-all.sh -o no-agent platforms env: PLATFORM: ${{ matrix.platform }} run: ./scripts/docker-run.sh From f0715da3c648b088780c746ea501f25cc2061aee Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Mon, 5 Dec 2022 10:54:19 -0800 Subject: [PATCH 05/14] .github/workflows: upgrade actions/checkout@v2 -> v3 This should get rid of most warnings in daily tests ``` Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/ 2022-09-22-github-actions-all-actions-will-begin-running-on-node16... Please update the following actions to use Node.js 16: actions/checkout@v2 ``` Example at https://github.com/thesofproject/sof/actions/runs/3597808171 v3 seems backward compatible. Upgrade only the most used instances for now (most used because of the `matrix` of platforms), upgrade everything in a few days if no issue is spotted. Signed-off-by: Marc Herbert (cherry picked from commit f71eb15818fd43d9ecd16a73fe58e2983e527ecb) --- .github/workflows/pull-request.yml | 4 ++-- .github/workflows/zephyr.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 6f25c475adfc..ac7ab33abe70 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -92,7 +92,7 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 5, submodules: recursive} - name: docker @@ -121,7 +121,7 @@ jobs: steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 0, submodules: recursive} - name: docker diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 5bfb2dec95d5..737313368204 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -11,7 +11,7 @@ jobs: zephyr-build: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 # From time to time this will catch a git tag and change SOF_VERSION with: {fetch-depth: 10, submodules: recursive} From 252eda458bba80f11b2b1213576b2462fff5c961 Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Fri, 16 Dec 2022 15:26:13 -0800 Subject: [PATCH 06/14] .github/pull-request.yml: upgrade checkout v2 -> v3 This upgrade was already performed for other jobs in commit f71eb15818fd (".github/workflows: upgrade actions/checkout@v2 -> v3") and everything went fine. Finish the job and get rid of the last warnings in the daily tests (example: https://github.com/thesofproject/sof/actions/runs/3709176785) stable-v2.2: dropped sof-docs action which does not exist in this branch. Signed-off-by: Marc Herbert (cherry picked from commit 2ea4bc0ec43c0da1646eaaaec6cc73d6bd513097) --- .github/workflows/pull-request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index ac7ab33abe70..531cbd05a677 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: apt get doxygen graphviz run: sudo apt-get -y install ninja-build doxygen graphviz @@ -156,7 +156,7 @@ jobs: steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 0, submodules: recursive} - name: turn off HAVE_AGENT From 834387c4b737fe6e40064770e046980d159136bb Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Tue, 2 May 2023 13:21:55 -0700 Subject: [PATCH 07/14] .github: upgrade all checkout actions to v3 Search and replace checkout@v2 with checkout@v3. This finally gets rid of all warnings "Node.js 12 actions are deprecated". We've been using v3 in a few other places and never met any backwards compatibility issue. Fixed testbench.yml conflict, still embedded in pull-request.yml Signed-off-by: Marc Herbert (cherry picked from commit 65a68b7c313ed4fea266902c8f6945c3d4079293) --- .github/workflows/codestyle.yml | 4 ++-- .github/workflows/installer.yml | 2 +- .github/workflows/pull-request.yml | 2 +- .github/workflows/repro-build.yml | 2 +- .github/workflows/tools.yml | 2 +- .github/workflows/unit-tests.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codestyle.yml b/.github/workflows/codestyle.yml index 0480d3ead79d..3cb568999b39 100644 --- a/.github/workflows/codestyle.yml +++ b/.github/workflows/codestyle.yml @@ -27,7 +27,7 @@ jobs: # depth 2 so: # ^1. we can show the Subject of the current target branch tip # ^2. we reconnect/graft to the later fetch pull/1234/head, - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 2} - name: install codespell @@ -50,7 +50,7 @@ jobs: yamllint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: run yamllint # Quoting to please all parsers is hard. This indirection helps. diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 178c090f89d9..2b0601d9ef37 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -28,7 +28,7 @@ jobs: ] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 # From time to time this will catch a git tag and change SOF_VERSION with: {fetch-depth: 50, submodules: recursive} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 531cbd05a677..3a06f122765a 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 5} - name: apt get valgrind diff --git a/.github/workflows/repro-build.yml b/.github/workflows/repro-build.yml index c3090154b608..4325467123ce 100644 --- a/.github/workflows/repro-build.yml +++ b/.github/workflows/repro-build.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 5, submodules: recursive} - name: docker pull diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 5be87125a8ba..670d67ad9627 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -12,7 +12,7 @@ jobs: top-level_default_CMake_target_ALL: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 # The ALSA version in Ubuntu 20.04 is buggy # (https://github.com/thesofproject/sof/issues/2543) and likely diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index 9bbe004092ea..bc1619fda3b5 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -14,7 +14,7 @@ jobs: cmocka_utests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: {fetch-depth: 2} - name: build and run all defconfigs From be64732a158236bfa03227d5fca3f746ba3f1995 Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Thu, 1 Sep 2022 16:40:08 +0000 Subject: [PATCH 08/14] scripts/docker-run.sh: fix wrong "id -n" command -> "id -u" Fixes commit d09844ab98cc ("zephyr/docker-build.sh: match UID with 'adduser' instead of 'chgrp -R'") Signed-off-by: Marc Herbert (cherry picked from commit dfc6b46e1d52624fa95e9ecb630be9a8843b36b0) --- scripts/docker-run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker-run.sh b/scripts/docker-run.sh index 96034cf27359..58dd16b594b4 100755 --- a/scripts/docker-run.sh +++ b/scripts/docker-run.sh @@ -27,7 +27,7 @@ fi # Not fatal, just a warning to allow other "creative" solutions. # TODO: fix this with 'adduser' like in zephyr/docker-build.sh -test "$(id -n)" = 1001 || +test "$(id -u)" = 1001 || >&2 printf "Warning: this script should be run as user ID 1001 to match the container\n" set -x From ac9a4876c40ddd33c18deb4cc381976c8fbaaa6d Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Wed, 5 Oct 2022 22:09:31 -0700 Subject: [PATCH 09/14] Add new sudo-cwd.sh - partial cherry-pick from main branch. sudo-cwd.sh was developed on the main branch for zephyr but now we want to re-use it for building topologies. Cherry-pick only that script, not the zephyr parts. Original commit message: Besides making things more obvious, the important functional change is that the user switch is now performed for _every_ invoked, command, not just for the build command. Signed-off-by: Marc Herbert (cherry picked from commit 027be9837173444c6c92d5b331a3c75a0769c7bf) --- scripts/sudo-cwd.sh | 73 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100755 scripts/sudo-cwd.sh diff --git a/scripts/sudo-cwd.sh b/scripts/sudo-cwd.sh new file mode 100755 index 000000000000..c8499fbf05fb --- /dev/null +++ b/scripts/sudo-cwd.sh @@ -0,0 +1,73 @@ +#!/bin/sh +# SPDX-License-Identifier: BSD-3-Clause +# Copyright(c) 2022 Intel Corporation. All rights reserved. + +# This is a "brute force" solution to filesystem permission issues: +# +# If the current user does not own the current directory then this +# wrapper script switches to the user who does own the current directory +# before running the given command. + +# If no user owns the current directory, a user who does gets created +# first! + +# The main use case is to run this first thing inside a container to +# solve file ownership mismatches. + +# `docker run --user=$(id -un) ...` achieves something very similar +# without any code except the resulting user many not exist inside the +# container. Some commands may not like that. +# +# To understand more about the Docker problem solved here take a look at +# https://stackoverflow.com/questions/35291520/docker-and-userns-remap-how-to-manage-volume-permissions-to-share-data-betwee +# and many other similar questions. + +# TODO: replace sudo with gosu? + +set -e +set -x + +# TODO: rename the "sof_" bits + +main() +{ + sof_uid="$(stat --printf='%u' .)" + local current_uid; current_uid="$(id -u)" + if test "$current_uid" = "$sof_uid"; then + exec "$@" + else + exec_as_sof_uid "$@" + fi +} + +exec_as_sof_uid() +{ + # Add new container user matching the host user owning the SOF + # checkout + local sof_user; sof_user="$(id "$sof_uid")" || { + sof_user=sof_zephyr_docker_builder + + local sof_guid; sof_guid="$(stat --printf='%g' .)" + + getent group "$sof_guid" || + sudo groupadd -g "$sof_guid" sof_zephyr_docker_group + + sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user" + + local current_user; current_user="$(id -un)" + + # Copy sudo permissions just in case the build needs it + sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" | + sudo tee -a /etc/sudoers.d/"$sof_user" + sudo chmod --reference=/etc/sudoers.d/"$current_user" \ + /etc/sudoers.d/"$sof_user" + } + + # Double sudo to work around some funny restriction in + # zephyr-build:/etc/sudoers: 'user' can do anything but... only as + # root. + sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$@" + exit "$?" +} + +main "$@" From 06eb7fc978bc1707c3cc91e8f3ac65880874656e Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Wed, 5 Oct 2022 22:34:38 -0700 Subject: [PATCH 10/14] sudo-cwd.sh: drop the all 'sof_' prefixes and references This script is now generic. This was not done earlier to be gentle on git blame. Signed-off-by: Marc Herbert (cherry picked from commit 0a4b1d62d5b31b41699b5df60f837bf53326292a) --- scripts/sudo-cwd.sh | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/scripts/sudo-cwd.sh b/scripts/sudo-cwd.sh index c8499fbf05fb..2901fd95ee77 100755 --- a/scripts/sudo-cwd.sh +++ b/scripts/sudo-cwd.sh @@ -27,46 +27,43 @@ set -e set -x -# TODO: rename the "sof_" bits - main() { - sof_uid="$(stat --printf='%u' .)" + cwd_uid="$(stat --printf='%u' .)" local current_uid; current_uid="$(id -u)" - if test "$current_uid" = "$sof_uid"; then + if test "$current_uid" = "$cwd_uid"; then exec "$@" else - exec_as_sof_uid "$@" + exec_as_cwd_uid "$@" fi } -exec_as_sof_uid() +exec_as_cwd_uid() { - # Add new container user matching the host user owning the SOF - # checkout - local sof_user; sof_user="$(id "$sof_uid")" || { - sof_user=sof_zephyr_docker_builder + # If missing, add new user owning the current directory + local cwd_user; cwd_user="$(id "$cwd_uid")" || { + cwd_user='cwd_user' - local sof_guid; sof_guid="$(stat --printf='%g' .)" + local cwd_guid; cwd_guid="$(stat --printf='%g' .)" - getent group "$sof_guid" || - sudo groupadd -g "$sof_guid" sof_zephyr_docker_group + getent group "$cwd_guid" || + sudo groupadd -g "$cwd_guid" 'cwd_group' - sudo useradd -m -u "$sof_uid" -g "$sof_guid" "$sof_user" + sudo useradd -m -u "$cwd_uid" -g "$cwd_guid" "$cwd_user" local current_user; current_user="$(id -un)" # Copy sudo permissions just in case the build needs it - sudo sed -e "s/$current_user/$sof_user/" /etc/sudoers.d/"$current_user" | - sudo tee -a /etc/sudoers.d/"$sof_user" + sudo sed -e "s/$current_user/$cwd_user/" /etc/sudoers.d/"$current_user" | + sudo tee -a /etc/sudoers.d/"$cwd_user" sudo chmod --reference=/etc/sudoers.d/"$current_user" \ - /etc/sudoers.d/"$sof_user" + /etc/sudoers.d/"$cwd_user" } # Double sudo to work around some funny restriction in # zephyr-build:/etc/sudoers: 'user' can do anything but... only as # root. - sudo sudo -u "$sof_user" REAL_CC="$REAL_CC" "$@" + sudo sudo -u "$cwd_user" REAL_CC="$REAL_CC" "$@" exit "$?" } From e32deb48ab1747170948835cfdca682936eaf0de Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Wed, 5 Oct 2022 22:15:36 -0700 Subject: [PATCH 11/14] scripts/docker-run.sh: fix wrong uid in warning 1001 -> 1000 Fixes commit d09844ab98cc ("zephyr/docker-build.sh: match UID with 'adduser' instead of 'chgrp -R'") Also clarify comment and add reference to new sudo-cwd.sh script. Signed-off-by: Marc Herbert (cherry picked from commit c28400baaa383030f0e6860e922365a79e51c31a) --- scripts/docker-run.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scripts/docker-run.sh b/scripts/docker-run.sh index 58dd16b594b4..21e2919db194 100755 --- a/scripts/docker-run.sh +++ b/scripts/docker-run.sh @@ -25,10 +25,12 @@ if tty --quiet; then SOF_DOCKER_RUN="$SOF_DOCKER_RUN --tty" fi -# Not fatal, just a warning to allow other "creative" solutions. -# TODO: fix this with 'adduser' like in zephyr/docker-build.sh -test "$(id -u)" = 1001 || - >&2 printf "Warning: this script should be run as user ID 1001 to match the container\n" +# The --user option below can cause the command to run as a user who +# does not exist in the container. So far so good but in case something +# ever goes wrong try replacing --user with the newer +# scripts/sudo-cwd.sh script. +test "$(id -u)" = 1000 || + >&2 printf "Warning: this script should be run as user ID 1000 to match the container's account\n" set -x docker run -i -v "${SOF_TOP}":/home/sof/work/sof.git \ From 6fadce302d6bcd2b93d46db955f11efa72637204 Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Thu, 15 Dec 2022 02:33:35 +0000 Subject: [PATCH 12/14] zephyr/docker: pass http[s]_proxy variables to the container Support downloads from within the container. Signed-off-by: Marc Herbert (cherry picked from commit 424da2cd9d436ed42a8323b0200d0401e6be7f84) --- scripts/sudo-cwd.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/sudo-cwd.sh b/scripts/sudo-cwd.sh index 2901fd95ee77..2c4d859345d8 100755 --- a/scripts/sudo-cwd.sh +++ b/scripts/sudo-cwd.sh @@ -63,7 +63,12 @@ exec_as_cwd_uid() # Double sudo to work around some funny restriction in # zephyr-build:/etc/sudoers: 'user' can do anything but... only as # root. - sudo sudo -u "$cwd_user" REAL_CC="$REAL_CC" "$@" + # Passing empty http[s]_proxy is OK + # shellcheck disable=SC2154 + sudo sudo -u "$cwd_user" REAL_CC="$REAL_CC" \ + http_proxy="$http_proxy" https_proxy="$https_proxy" \ + "$@" + exit "$?" } From a15fcde47b93572d2cd396d4d391095cfdff14ea Mon Sep 17 00:00:00 2001 From: Marc Herbert Date: Fri, 6 Jan 2023 01:22:00 +0000 Subject: [PATCH 13/14] scripts/sudo-cwd.sh: don't try to copy missing sudoers.d/ permissions Copying a file that does not exist obviously fails. This bug was found when trying to switch from the current "Developer Image" to the smaller "CI Image": https://github.com/zephyrproject-rtos/docker-image zephyr-build Signed-off-by: Marc Herbert (cherry picked from commit 75fa04de091581eb182cf4e25f7251ef9e15ebf4) --- scripts/sudo-cwd.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/sudo-cwd.sh b/scripts/sudo-cwd.sh index 2c4d859345d8..2823cf2f6c73 100755 --- a/scripts/sudo-cwd.sh +++ b/scripts/sudo-cwd.sh @@ -54,10 +54,12 @@ exec_as_cwd_uid() local current_user; current_user="$(id -un)" # Copy sudo permissions just in case the build needs it - sudo sed -e "s/$current_user/$cwd_user/" /etc/sudoers.d/"$current_user" | + if test -e /etc/sudoers.d/"$current_user"; then + sudo sed -e "s/$current_user/$cwd_user/" /etc/sudoers.d/"$current_user" | sudo tee -a /etc/sudoers.d/"$cwd_user" - sudo chmod --reference=/etc/sudoers.d/"$current_user" \ + sudo chmod --reference=/etc/sudoers.d/"$current_user" \ /etc/sudoers.d/"$cwd_user" + fi } # Double sudo to work around some funny restriction in From 75f6ae2130fcab1bbad770fbbe967a55687139d3 Mon Sep 17 00:00:00 2001 From: Fred Oh Date: Fri, 28 Apr 2023 08:01:07 -0700 Subject: [PATCH 14/14] scripts/docker-run.sh: run with sudo-cwd.sh There is a UID mistmatch and file permission problem. sudo-cwd.sh will switch id every docker run command. Commit 80e9c3454a0a ("scripts/docker-run.sh: run with sudo-cwd.sh") was reverted due to missing a toolchain. Signed-off-by: Fred Oh (cherry picked from commit 745d4ccd8bbf5509fd3af6218f663441d5b18862) --- scripts/docker-run.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/docker-run.sh b/scripts/docker-run.sh index 21e2919db194..4b3d64fe1c12 100755 --- a/scripts/docker-run.sh +++ b/scripts/docker-run.sh @@ -33,6 +33,8 @@ test "$(id -u)" = 1000 || >&2 printf "Warning: this script should be run as user ID 1000 to match the container's account\n" set -x +# FIXME: During the transition to sudo-cwd.sh, the tag will be "latest_ubuntu22.04". +# Later it will be back to latest docker run -i -v "${SOF_TOP}":/home/sof/work/sof.git \ -v "${SOF_TOP}":/home/sof/work/sof-bind-mount-DO-NOT-DELETE \ --env CMAKE_BUILD_TYPE \ @@ -42,6 +44,5 @@ docker run -i -v "${SOF_TOP}":/home/sof/work/sof.git \ --env VERBOSE \ --env http_proxy="$http_proxy" \ --env https_proxy="$https_proxy" \ - --user "$(id -u)" \ $SOF_DOCKER_RUN \ - thesofproject/sof "$@" + thesofproject/sof:latest_ubuntu22.04 ./scripts/sudo-cwd.sh "$@"