Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3767161
D2349.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
D2349.diff
View Options
diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -54,3 +54,27 @@
> **Note:**
> If you use `arc call-conduit` you can't use -it, as you need to pass stdin to the command.
+
+I want a comprehensive arc command
+-----------------------------------
+
+We provide in `contrib/` folder a choice amongst two wrappers to offer
+a more comprehensive `arc` command:
+
+- `contrib/arc` is the recommended choice: if launched as root,
+ it will use the image as is, but if launched as an user, it will bootstrap
+ by building once a `nasqueron/arcanist:<your uid>-<your gid>` small image
+ to be able to run the container as any arbitrary unprivileged user
+
+- `contrib/arc-runs-as-root` is the legacy version if you prefer to skip
+ the build mechanism and run your container as privileged user
+
+The need for a specific image for user is mainly if you want to use ssh,
+as the OpenSSH client requires the running user to exist, and so requires
+a little more than just add `--user $UID` to the docker run command.
+
+Both wrappers solve the conduit issue by redirecting the output to logging,
+exiting the container when done, waiting a little time then reading the log.
+
+They've been battle-tested and used happily to maintain Git repositories
+for some dozens of Docker images and tools used on a PaaS built on Docker.
diff --git a/contrib/arc b/contrib/arc
--- a/contrib/arc
+++ b/contrib/arc
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/usr/bin/env bash
# -------------------------------------------------------------
# Phabricator — Arcanist Docker container wrapper
@@ -8,6 +8,7 @@
# Created: 2016-01-01
# Description: Wrapper to run Arcanist as a Docker container
# License: Trivial work, not eligible to copyright
+# If copyright eligible, BSD-2-Clause
# Image: nasqueron/arcanist
# -------------------------------------------------------------
@@ -25,7 +26,6 @@
# Logs are default disabled
PRINT_LOG=0
-
if [ "$1" = "shell" ]; then
# Launch commands
# in the container bash shell
@@ -40,26 +40,54 @@
# Enable log printing
PRINT_LOG=1
# Set a random name for the container
- INSTANCE="arc-"`openssl rand -hex 21`
+ INSTANCE="arc-"$(openssl rand -hex 21)
FLAGS="-i -a=stdin --name=$INSTANCE"
fi
fi
-if [ -d ~/.arc/ssh ]; then
- VOLUME_SSH="-v $HOME/.arc/ssh:/root/.ssh"
+# -------------------------------------------------------------
+# Build image
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+build_user_image () {
+ BUILD_DIR=$(mktemp -d -t arc-build-XXXXXXXXXX)
+ pushd "$BUILD_DIR" > /dev/null || exit 1
+ >&2 echo "🔨 Building user-specific image $IMAGE for $USER"
+ echo "FROM nasqueron/arcanist" > Dockerfile
+ echo "RUN groupadd -r $USER -g $GID && mkdir /home/$USER && useradd -u $UID -r -g $USER -d /home/$USER -s /bin/bash $USER && cp /root/.bashrc /home/$USER/ && chown -R $USER:$USER /home/$USER && ln -s /opt/config/gitconfig /home/$USER/.gitconfig && ln -s /opt/config/arcrc /home/$USER/.arcrc" >> Dockerfile
+ docker build -t "$IMAGE" .
+ popd > /dev/null
+ rm -rf "$BUILD_DIR"
+}
+
+test -v $UID && UID=$(id -u)
+test -v $GID && GID=$(id -g)
+
+if [ $UID -eq 0 ]; then
+ IMAGE=nasqueron/arcanist
+ CONTAINER_USER_HOME=/root
else
- VOLUME_SSH=""
+ IMAGE=nasqueron/arcanist:$UID-$GID
+ test ! -z $(docker images -q "$IMAGE") || build_user_image
+ CONTAINER_USER_HOME="/home/$USER"
fi
# -------------------------------------------------------------
# Run container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if [ -d ~/.arc/ssh ]; then
+ VOLUME_SSH="-v $HOME/.arc/ssh:$CONTAINER_USER_HOME/.ssh"
+else
+ VOLUME_SSH=""
+fi
+
if [ $PRINT_LOG -eq 0 ]; then
- docker run $FLAGS --rm -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND $*
+ docker run $FLAGS --rm --user $UID:$GID -v ~/.arc:/opt/config -v "$PWD:/opt/workspace" $VOLUME_SSH $IMAGE $COMMAND "$@"
else
- docker run $FLAGS -v ~/.arc:/opt/config -v $PWD:/opt/workspace $VOLUME_SSH nasqueron/arcanist $COMMAND $* > /dev/null
+ docker run $FLAGS --user $UID:$GID -v ~/.arc:/opt/config -v "$PWD:/opt/workspace" $VOLUME_SSH $IMAGE $COMMAND "$@" > /dev/null
sleep 3
- docker logs $INSTANCE
- docker rm $INSTANCE >/dev/null
+ docker logs "$INSTANCE"
+ docker rm "$INSTANCE" >/dev/null
fi
diff --git a/contrib/arc b/contrib/arc-to-run-as-root
copy from contrib/arc
copy to contrib/arc-to-run-as-root
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Nov 23, 22:47 (18 h, 49 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2259080
Default Alt Text
D2349.diff (4 KB)
Attached To
Mode
D2349: Allow to run the arc container as unprivileged user more easily
Attached
Detach File
Event Timeline
Log In to Comment