diff options
| author | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-02-10 04:33:48 +0000 |
|---|---|---|
| committer | Bruce Ashfield <bruce.ashfield@gmail.com> | 2026-02-10 21:04:20 +0000 |
| commit | 6f53d7763906f24d86e89da4da744421c52d591c (patch) | |
| tree | f37ff082e424b1e4aaa820c8e2db07b31146f091 /recipes-extended/builder-container-config/files | |
| parent | a71e7b0499c51c74686e41e7810e2f202d851ce6 (diff) | |
| download | meta-virtualization-6f53d7763906f24d86e89da4da744421c52d591c.tar.gz | |
container-yocto-builder: add Yocto build container with systemd
Multi-layer OCI container image that can compile the Yocto Project.
Three layers: systemd-base, build-tools, yocto-extras. Features
CROPS-style dynamic user creation matching /workdir volume owner
UID/GID.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Diffstat (limited to 'recipes-extended/builder-container-config/files')
| -rw-r--r-- | recipes-extended/builder-container-config/files/builder-entry.sh | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/recipes-extended/builder-container-config/files/builder-entry.sh b/recipes-extended/builder-container-config/files/builder-entry.sh new file mode 100644 index 00000000..a23d8dae --- /dev/null +++ b/recipes-extended/builder-container-config/files/builder-entry.sh | |||
| @@ -0,0 +1,48 @@ | |||
| 1 | #!/bin/bash | ||
| 2 | # builder-entry.sh - Container entrypoint for Yocto builder | ||
| 3 | # Creates a 'builder' user matching the /workdir owner's UID/GID, | ||
| 4 | # then exec's /sbin/init (systemd). | ||
| 5 | # | ||
| 6 | # Usage: | ||
| 7 | # docker run --privileged -v /home/user/yocto:/workdir builder-image | ||
| 8 | # docker run --privileged -e BUILDER_UID=1000 -e BUILDER_GID=1000 builder-image | ||
| 9 | |||
| 10 | WORKDIR="/workdir" | ||
| 11 | DEFAULT_UID=1000 | ||
| 12 | DEFAULT_GID=1000 | ||
| 13 | |||
| 14 | # Determine UID/GID | ||
| 15 | if [ -n "$BUILDER_UID" ] && [ -n "$BUILDER_GID" ]; then | ||
| 16 | TARGET_UID="$BUILDER_UID" | ||
| 17 | TARGET_GID="$BUILDER_GID" | ||
| 18 | elif [ -d "$WORKDIR" ] && [ "$(stat -c %u "$WORKDIR")" != "0" ]; then | ||
| 19 | TARGET_UID=$(stat -c %u "$WORKDIR") | ||
| 20 | TARGET_GID=$(stat -c %g "$WORKDIR") | ||
| 21 | else | ||
| 22 | TARGET_UID=$DEFAULT_UID | ||
| 23 | TARGET_GID=$DEFAULT_GID | ||
| 24 | fi | ||
| 25 | |||
| 26 | # Refuse UID/GID 0 (root) | ||
| 27 | [ "$TARGET_UID" = "0" ] && TARGET_UID=$DEFAULT_UID | ||
| 28 | [ "$TARGET_GID" = "0" ] && TARGET_GID=$DEFAULT_GID | ||
| 29 | |||
| 30 | # Create group and user if they don't exist | ||
| 31 | if ! getent group builder >/dev/null 2>&1; then | ||
| 32 | groupadd -g "$TARGET_GID" builder 2>/dev/null || groupadd builder | ||
| 33 | fi | ||
| 34 | if ! getent passwd builder >/dev/null 2>&1; then | ||
| 35 | useradd -m -u "$TARGET_UID" -g builder -s /bin/bash builder | ||
| 36 | fi | ||
| 37 | |||
| 38 | # Ensure /workdir is accessible | ||
| 39 | [ -d "$WORKDIR" ] && chown builder:builder "$WORKDIR" | ||
| 40 | |||
| 41 | # Grant passwordless sudo | ||
| 42 | if [ -d /etc/sudoers.d ]; then | ||
| 43 | echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder | ||
| 44 | chmod 0440 /etc/sudoers.d/builder | ||
| 45 | fi | ||
| 46 | |||
| 47 | # Hand off to systemd | ||
| 48 | exec /sbin/init "$@" | ||