Re: [RFC PATCH] tests/docker: force NOUSER=1 for base images

[Alex Bennée]

Philippe Mathieu-Daudé <f4bug@amsat.org> writes:

> On 11/3/21 18:13, Alex Bennée wrote:
>> As base images are often used to build further images like toolchains
>> ensure we don't add the local user by accident. The local user should
>> only exist on local images and not anything that gets pushed up to the
>> public registry.
>> 
>> Reported-by: Richard Henderson <richard.henderson@linaro.org>
>> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
>> ---
>>  tests/docker/Makefile.include | 4 ++++
>>  1 file changed, 4 insertions(+)
>> 
>> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
>> index 5bbbaceed1..462a3758d7 100644
>> --- a/tests/docker/Makefile.include
>> +++ b/tests/docker/Makefile.include
>> @@ -150,6 +150,10 @@ docker-image-debian-sparc64-cross: docker-image-debian10
>>  # The native build should never use the registry
>>  docker-image-debian-native: DOCKER_REGISTRY=
>>  
>> +# base images should not add a local user
>> +docker-image-debian10: NOUSER=1
>> +docker-image-debian11: NOUSER=1
>
> What about covering all DOCKER_PARTIAL_IMAGES:

Hmm maybe - to be honest the naming is at variance with what it actually
indicates. They are perfectly usable images (they are used for cross
compiling tests) but they are not usable for building QEMU itself hence
use the DOCKER_PARTIAL_IMAGES field to stop them being expanded in the
test runs.

If I had my time again....

>
> -- >8 --
> @@ -188,6 +188,9 @@ DOCKER_PARTIAL_IMAGES += debian-tricore-cross
>  DOCKER_PARTIAL_IMAGES += debian-xtensa-cross
>  DOCKER_PARTIAL_IMAGES += fedora-cris-cross
>
> +# base images should not add a local user
> +$(foreach image,$(DOCKER_PARTIAL_IMAGES),docker-image-$(image)): NOUSER=1
> +
>  # Rules for building linux-user powered images
>  #
>  # These are slower than using native cross compiler setups but can
> ---


-- 
Alex Bennée