cqfd: bind docker socket

This binds the docker socket to the container unless the environment CQFD_NO_DOCKER_SOCK is set to true. It guesses the host docker group-id or use the environment CQFD_DOCKER_GID to add the group cqfd with that id in the container.
savoirfairelinux · Feb 19, 2025 · 05f3ff2 · 05f3ff2
1 parent 669dab6
commit 05f3ff2
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -246,6 +246,9 @@ the user's ``~/.ssh`` configuration to the container.
 ``CQFD_NO_USER_GIT_CONFIG``: Set to ``true`` to disable forwarding
 the user's ``~/.gitconfig`` configuration to the container.
 
+``CQFD_NO_DOCKER_SOCK``: Set to ``true`` to disable forwarding
+the docker socket to the container.
+
 ``CQFD_SHELL``: The shell to be launched, by default ``/bin/sh``.
 
 ### Appending to the build command ###

diff --git a/cqfd b/cqfd
@@ -27,6 +27,7 @@ cqfd_user='builder'
 cqfd_user_home='/home/builder'
 cqfd_user_cwd="$cqfd_user_home/src"
 cqfd_shell=${CQFD_SHELL:-/bin/bash}
+cqfd_docker_gid="${CQFD_DOCKER_GID:-0}"
 
 ## usage() - print usage on stdout
 usage() {
@@ -58,7 +59,7 @@ Commands:
 Command options for run / release:
     -c <args>            Append args to the default command string.
 
-    cqfd is Copyright (C) 2015-2024 Savoir-faire Linux, Inc.
+    cqfd is Copyright (C) 2015-2025 Savoir-faire Linux, Inc.
 
     This program comes with ABSOLUTELY NO WARRANTY. This is free
     software, and you are welcome to redistribute it under the terms
@@ -240,6 +241,20 @@ docker_run() {
 		cqfd_user_cwd="$(pwd)"
 	fi
 
+	if [ "$cqfd_docker_gid" -eq 0 ]; then
+		local docker_group
+		if IFS=: read -a docker_group < <(getent group docker); then
+			local docker_users
+			IFS=, read -a docker_users <<<"${docker_group[3]}"
+			for user in "${docker_users[@]}"; do
+				if [ "$user" = "$cqfd_user" ]; then
+					cqfd_docker_gid="${docker_group[2]}"
+					break
+				fi
+			done
+		fi
+	fi
+
 	# Display a warning message if using no more supported options
 	if [ -n "$CQFD_EXTRA_VOLUMES" ]; then
 		die 'Warning: CQFD_EXTRA_VOLUMES is no more supported, use
@@ -304,6 +319,10 @@ docker_run() {
 		args+=(-v "$cqfd_user_home/.gitconfig:$cqfd_user_home/.gitconfig")
 	fi
 
+	if [ "$CQFD_NO_DOCKER_SOCK" != true ]; then
+		args+=(-v /var/run/docker.sock:/var/run/docker.sock)
+	fi
+
 	args+=(-v "$cqfd_project_dir:$cqfd_project_dir")
 
 	tmp_launcher=$(make_launcher)
@@ -448,6 +467,11 @@ useradd -s "\$shell" -oN -u "$UID" -g "${GROUPS[0]}" -d "$cqfd_user_home" "$cqfd
 mkdir -p "$cqfd_user_home" || die "mkdir command failed."
 chown "$UID:${GROUPS[0]}" "$cqfd_user_home" || die "chown command failed."
 
+if [ "${cqfd_docker_gid:-0}" -gt 0 ]; then
+	groupadd -og "$cqfd_docker_gid" -f cqfd || die "groupadd command failed."
+	usermod -a -G cqfd $cqfd_user || die "usermod command failed while adding group cqfd."
+fi	
+
 # Add specified groups to cqfd_user
 for g in ${CQFD_GROUPS}; do
 	group=\$(echo "\$g" | cut -d: -f1)