Bring back local uid/gid env vars

projectcalico · Oct 16, 2023 · 672aaf8 · 672aaf8
1 parent 79d79ea
commit 672aaf8
Show file tree

Hide file tree

Showing 8 changed files with 33 additions and 18 deletions.
diff --git a/Makefile b/Makefile
@@ -5,10 +5,10 @@ include lib.Makefile
 
 DOCKER_RUN := mkdir -p ./.go-pkg-cache bin $(GOMOD_CACHE) && \
 	docker run --rm \
-		--init \
 		--net=host \
-		--user=$(shell id -u):$(shell id -g) \
+		--init \
 		$(EXTRA_DOCKER_ARGS) \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-e GOCACHE=/go-cache \
 		$(GOARCH_FLAGS) \
 		-e GOPATH=/go \

diff --git a/api/Makefile b/api/Makefile
@@ -30,10 +30,10 @@ endif
 # that its package is github.com/projectcalico/api for easier mirroring.
 DOCKER_RUN := mkdir -p ../.go-pkg-cache bin $(GOMOD_CACHE) && \
 	docker run --rm \
-		--init \
 		--net=host \
-		--user=$(shell id -u):$(shell id -g) \
+		--init \
 		$(EXTRA_DOCKER_ARGS) \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-e GOCACHE=/go-cache \
 		$(GOARCH_FLAGS) \
 		-e GOPATH=/go \

diff --git a/app-policy/Makefile b/app-policy/Makefile
@@ -141,15 +141,15 @@ PROTOC_IMPORTS =  -I proto\
 protobuf: proto/felixbackend.pb.go proto/healthz.pb.go
 
 proto/felixbackend.pb.go: proto/felixbackend.proto
-	$(DOCKER_RUN) -v $(CURDIR):/src:rw --user $(shell id -u):$(shell id -g) \
+	$(DOCKER_RUN) -v $(CURDIR):/src:rw --user $(LOCAL_USER_ID):$(LOCAL_GROUP_ID) \
 		      $(PROTOC_CONTAINER) \
 		      $(PROTOC_IMPORTS) \
 		      proto/*.proto \
 		      --gogofast_out=plugins=grpc:proto
 	$(MAKE) fix
 
 proto/healthz.pb.go: proto/healthz.proto
-	$(DOCKER_RUN) -v $(CURDIR):/src:rw --user $(shell id -u):$(shell id -g) \
+	$(DOCKER_RUN) -v $(CURDIR):/src:rw --user $(LOCAL_USER_ID):$(LOCAL_GROUP_ID) \
 		      $(PROTOC_CONTAINER) \
 		      $(PROTOC_IMPORTS) \
 		      proto/*.proto \

diff --git a/confd/Makefile b/confd/Makefile
@@ -55,13 +55,14 @@ UPDATE_EXPECTED_DATA?=false
 test-kdd: bin/confd bin/kubectl bin/bird bin/bird6 bin/calico-node bin/calicoctl bin/typha run-k8s-apiserver
 	-git clean -fx etc/calico/confd
 	mkdir -p tests/logs
-	docker run --rm --net=host --user=$(shell id -u):$(shell id -g) \
+	docker run --rm --net=host \
 		-v $(CERTS_PATH):/home/user/certs \
 		-v $(CURDIR)/tests/:/tests/ \
 		-v $(CURDIR)/bin:/calico/bin/ \
 		-v $(CURDIR)/etc/calico:/etc/calico/ \
 		-v $(CURDIR)/../:/go/src/github.com/projectcalico/calico:rw \
 		-e GOPATH=/go \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-e FELIX_TYPHAADDR=127.0.0.1:5473 \
 		-e FELIX_TYPHAREADTIMEOUT=50 \
 		-e UPDATE_EXPECTED_DATA=$(UPDATE_EXPECTED_DATA) \
@@ -87,13 +88,14 @@ test-kdd: bin/confd bin/kubectl bin/bird bin/bird6 bin/calico-node bin/calicoctl
 test-etcd: bin/confd bin/etcdctl bin/bird bin/bird6 bin/calico-node bin/kubectl bin/calicoctl run-etcd run-k8s-apiserver
 	-git clean -fx etc/calico/confd
 	mkdir -p tests/logs
-	docker run --rm --net=host --user=$(shell id -u):$(shell id -g) \
+	docker run --rm --net=host \
 		-v $(CERTS_PATH):/home/user/certs \
 		-v $(CURDIR)/tests/:/tests/ \
 		-v $(CURDIR)/bin:/calico/bin/ \
 		-v $(CURDIR)/etc/calico:/etc/calico/ \
 		-v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \
 		-e GOPATH=/go \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-e UPDATE_EXPECTED_DATA=$(UPDATE_EXPECTED_DATA) \
 		$(CALICO_BUILD) /tests/test_suite_etcd.sh
 	-git clean -fx etc/calico/confd

diff --git a/felix/Makefile b/felix/Makefile
@@ -185,7 +185,7 @@ bin/calico-felix-race-$(ARCH): $(LIBBPF_A) $(SRC_FILES) ../go.mod
 
 # Generate the protobuf bindings for go. The proto/felixbackend.pb.go file is included in SRC_FILES
 protobuf proto/felixbackend.pb.go: proto/felixbackend.proto
-	docker run --rm --user=$(shell id -u):$(shell id -g) \
+	docker run --rm --user $(LOCAL_USER_ID):$(LOCAL_GROUP_ID) \
 		  -v $(CURDIR):/code -v $(CURDIR)/proto:/src:rw \
 		      $(PROTOC_CONTAINER) \
 		      --gogofaster_out=plugins=grpc:. \

diff --git a/felix/bpf-apache/README b/felix/bpf-apache/README
@@ -9,4 +9,4 @@ The build requires
 
 The calico/go-build container image provides a suitable environment:
 
-    docker run --user=$UID --rm -v `pwd`:/bpf-apache -w /bpf-apache calico/go-build:v0.35-deb-cgo make clean all
+    docker run -e LOCAL_USER_ID=$UID --rm -v `pwd`:/bpf-apache -w /bpf-apache calico/go-build:v0.35-deb-cgo make clean all
diff --git a/felix/bpf-gpl/README b/felix/bpf-gpl/README
@@ -13,4 +13,4 @@ The build requires
 
 The calico/go-build container image provides a suitable environment:
 
-    docker run --user=$UID --rm -v `pwd`:/bpf-gpl -w /bpf-gpl calico/go-build:v0.35-deb-cgo make clean all
+    docker run -e LOCAL_USER_ID=$UID --rm -v `pwd`:/bpf-gpl -w /bpf-gpl calico/go-build:v0.35-deb-cgo make clean all
diff --git a/lib.Makefile b/lib.Makefile
@@ -246,11 +246,24 @@ BUILD_ID:=$(shell git rev-parse HEAD || uuidgen | sed 's/-//g')
 # Variables elsewhere that depend on this (such as LDFLAGS) must also be lazy.
 GIT_DESCRIPTION=$(shell git describe --tags --dirty --always --abbrev=12 || echo '<unknown>')
 
-# Calculate a timestamp for any build artefacts.
+# Calculate a timestamp for any build artifacts.
 ifneq ($(OS),Windows_NT)
 DATE:=$(shell date -u +'%FT%T%z')
 endif
 
+# Figure out the users UID/GID.  These are needed to run docker containers
+# as the current user and ensure that files built inside containers are
+# owned by the current user.
+ifneq ($(OS),Windows_NT)
+LOCAL_USER_ID:=$(shell id -u)
+LOCAL_GROUP_ID:=$(shell id -g)
+endif
+
+ifeq ("$(LOCAL_USER_ID)", "0")
+# The build needs to run as root.
+EXTRA_DOCKER_ARGS+=-e RUN_AS_ROOT='true'
+endif
+
 # Allow the ssh auth sock to be mapped into the build container.
 ifdef SSH_AUTH_SOCK
 	EXTRA_DOCKER_ARGS += -v $(SSH_AUTH_SOCK):/ssh-agent --env SSH_AUTH_SOCK=/ssh-agent
@@ -296,10 +309,10 @@ DOCKER_BUILD=docker buildx build --pull \
 
 DOCKER_RUN := mkdir -p ../.go-pkg-cache bin $(GOMOD_CACHE) && \
 	docker run --rm \
-		--init \
 		--net=host \
-		--user=$(shell id -u):$(shell id -g) \
+		--init \
 		$(EXTRA_DOCKER_ARGS) \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-e GOCACHE=/go-cache \
 		$(GOARCH_FLAGS) \
 		-e GOPATH=/go \
@@ -312,10 +325,10 @@ DOCKER_RUN := mkdir -p ../.go-pkg-cache bin $(GOMOD_CACHE) && \
 
 DOCKER_RUN_RO := mkdir -p .go-pkg-cache bin $(GOMOD_CACHE) && \
 	docker run --rm \
-		--init \
 		--net=host \
-		--user=$(shell id -u):$(shell id -g) \
+		--init \
 		$(EXTRA_DOCKER_ARGS) \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-e GOCACHE=/go-cache \
 		$(GOARCH_FLAGS) \
 		-e GOPATH=/go \
@@ -1350,10 +1363,10 @@ endif
 # but not have any effect on the host config.
 CRANE_BINDMOUNT_CMD := \
 	docker run --rm \
-		--init \
 		--net=host \
-		--user=$(shell id -u):$(shell id -g) \
+		--init \
 		--entrypoint /bin/sh \
+		-e LOCAL_USER_ID=$(LOCAL_USER_ID) \
 		-v $(CURDIR):/go/src/$(PACKAGE_NAME):rw \
 		-v $(DOCKER_CONFIG):/root/.docker/config.json_host:ro \
 		-e PATH=$${PATH}:/go/src/$(PACKAGE_NAME)/$(WINDOWS_DIST)/bin \
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,4 +9,4 @@ The build requires

		The calico/go-build container image provides a suitable environment:

		docker run --user=$UID --rm -v `pwd`:/bpf-apache -w /bpf-apache calico/go-build:v0.35-deb-cgo make clean all
		docker run -e LOCAL_USER_ID=$UID --rm -v `pwd`:/bpf-apache -w /bpf-apache calico/go-build:v0.35-deb-cgo make clean all
Original file line number	Diff line number	Diff line change
Expand Up		@@ -13,4 +13,4 @@ The build requires

		The calico/go-build container image provides a suitable environment:

		docker run --user=$UID --rm -v `pwd`:/bpf-gpl -w /bpf-gpl calico/go-build:v0.35-deb-cgo make clean all
		docker run -e LOCAL_USER_ID=$UID --rm -v `pwd`:/bpf-gpl -w /bpf-gpl calico/go-build:v0.35-deb-cgo make clean all