Skip to content

Don't run mkimage.sh as root #144

Description

@jandubois

I believe the proper way to run mkimage.sh is:

--- Dockerfile
+++ Dockerfile
@@ -14,10 +14,11 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then apk add syslinux; fi

 COPY --from=binfmt /usr/bin /binfmt

-RUN addgroup root abuild
-RUN abuild-keygen -i -a -n
 RUN apk update
+RUN adduser -D build && addgroup build abuild
+USER build
+RUN abuild-keygen -a -n

-ADD src/aports /home/build/aports
+ADD --chown=build:build src/aports /home/build/aports
 WORKDIR /home/build/aports/scripts
 ENTRYPOINT ["sh", "./mkimage.sh"]

The problem was that xorriso did not work without root on GitHub runners:

>>> mkimage-x86_64: Creating alpine-lima-std-3.23.0-x86_64.iso
xorriso 1.5.6 : RockRidge filesystem manipulator, libburnia project.

xorriso : NOTE : Environment variable SOURCE_DATE_EPOCH encountered with value 1767662178
libburn : SORRY : Failed to open device (a pseudo-drive) : Permission denied
libburn : FATAL : Burn run failed
xorriso : FATAL : -abort_on 'FAILURE' encountered 'FATAL' during image writing
libisofs: MISHAP : Image write cancelled
xorriso : FAILURE : libburn indicates failure with writing.

It worked fine for me locally on macOS with a Lima based docker container.

Ref #142

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions