[commit: ghc] master: Use docker images with non-root user (648cb28)
git at git.haskell.org
git at git.haskell.org
Thu Mar 8 01:51:55 UTC 2018
Repository : ssh://git@git.haskell.org/ghc
On branch : master
Link : http://ghc.haskell.org/trac/ghc/changeset/648cb28f51593658176f83e8417a5b1f921f9df6/ghc
>---------------------------------------------------------------
commit 648cb28f51593658176f83e8417a5b1f921f9df6
Author: mrkkrp <markkarpov92 at gmail.com>
Date: Wed Feb 28 16:33:59 2018 +0700
Use docker images with non-root user
That image creates an unprivileged user to run the test suite under.
>---------------------------------------------------------------
648cb28f51593658176f83e8417a5b1f921f9df6
.circleci/config.yml | 31 ++++++-------------------------
.circleci/images/x86_64-linux/Dockerfile | 15 ++++++++++++++-
.circleci/prepare-system.sh | 12 +++++++-----
3 files changed, 27 insertions(+), 31 deletions(-)
diff --git a/.circleci/config.yml b/.circleci/config.yml
index 295d803..b4a9947 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,16 +3,6 @@ version: 2
aliases:
- &defaults
working_directory: ~/ghc
-
- # Make sure we have proper openssh before checkout: CircleCI git
- # does not check the repository out properly without it and also
- # takes 20 times longer than it should be.
- - &precheckout
- run:
- name: Install OpenSSH client
- command: |
- apt-get update -qq
- apt-get install -qy openssh-client
- &prepare
run:
name: prepare-system
@@ -92,11 +82,10 @@ jobs:
"validate-x86_64-linux":
resource_class: xlarge
docker:
- - image: haskell:8.2
+ - image: mrkkrp/ghcci-x86_64-linux:0.0.4
environment:
<<: *buildenv
steps:
- - *precheckout
- checkout
- *prepare
- *submodules
@@ -111,12 +100,11 @@ jobs:
"validate-x86_64-freebsd":
resource_class: xlarge
docker:
- - image: tweag/toolchain-x86_64-freebsd
+ - image: mrkkrp/ghcci-x86_64-freebsd
environment:
TARGET: FreeBSD
<<: *buildenv
steps:
- - *precheckout
- checkout
- *prepare
- *submodules
@@ -152,11 +140,10 @@ jobs:
"validate-hadrian-x86_64-linux":
resource_class: xlarge
docker:
- - image: haskell:8.2
+ - image: mrkkrp/ghcci-x86_64-linux:0.0.4
environment:
<<: *buildenv
steps:
- - *precheckout
- checkout
- *prepare
- *submodules
@@ -167,11 +154,10 @@ jobs:
"validate-x86_64-linux-unreg":
resource_class: xlarge
docker:
- - image: haskell:8.2
+ - image: mrkkrp/ghcci-x86_64-linux:0.0.4
environment:
<<: *buildenv
steps:
- - *precheckout
- checkout
- *prepare
- *submodules
@@ -183,7 +169,7 @@ jobs:
"validate-x86_64-linux-llvm":
resource_class: xlarge
docker:
- - image: haskell:8.2
+ - image: mrkkrp/ghcci-x86_64-linux:0.0.4
environment:
<<: *buildenv
BUILD_FLAVOUR: perf-llvm
@@ -191,15 +177,11 @@ jobs:
- run:
name: Install LLVM
command: |
- apt-get update
- apt-get install -y curl xz-utils
curl http://releases.llvm.org/5.0.0/clang+llvm-5.0.0-x86_64-linux-gnu-debian8.tar.xz | tar -xJC ..
- # See https://discuss.circleci.com/t/how-to-add-a-path-to-path-in-circle-2-0/11554/3
echo "export PATH=`pwd`/../clang+llvm-5.0.0-x86_64-linux-gnu-debian8/bin:\$PATH" >> $BASH_ENV
- run:
name: Verify that llc works
command: llc
- - *precheckout
- checkout
- *prepare
- *submodules
@@ -212,12 +194,11 @@ jobs:
"validate-x86_64-linux-debug":
resource_class: xlarge
docker:
- - image: haskell:8.2
+ - image: mrkkrp/ghcci-x86_64-linux:0.0.4
environment:
BUILD_FLAVOUR: devel2
<<: *buildenv
steps:
- - *precheckout
- checkout
- *prepare
- *submodules
diff --git a/.circleci/images/x86_64-linux/Dockerfile b/.circleci/images/x86_64-linux/Dockerfile
index aa8813f..d20f5ba 100644
--- a/.circleci/images/x86_64-linux/Dockerfile
+++ b/.circleci/images/x86_64-linux/Dockerfile
@@ -1,3 +1,16 @@
FROM haskell:8.2
-RUN adduser ghc --gecos 'GHC builds' --disabled-password
+
+# Make sure we have proper openssh before checkout: CircleCI git
+# does not check the repository out properly without it and also
+# takes 20 times longer than it should be.
+RUN apt-get update -qq
+RUN apt-get install -qy git make automake autoconf gcc perl python3 texinfo xz-utils lbzip2 patch openssh-client sudo -qq curl
+
+# Create a normal user.
+RUN adduser ghc --gecos "GHC builds" --disabled-password
+RUN echo "ghc ALL = NOPASSWD : ALL" > /etc/sudoers.d/ghc
USER ghc
+
+WORKDIR /home/ghc/
+
+CMD ["bash"]
diff --git a/.circleci/prepare-system.sh b/.circleci/prepare-system.sh
index 193fac9..61396c8 100755
--- a/.circleci/prepare-system.sh
+++ b/.circleci/prepare-system.sh
@@ -42,23 +42,25 @@ case "$(uname)" in
fail "TARGET=$target not supported"
fi
else
- # assuming Ubuntu
- apt-get install -qy git make automake autoconf gcc perl python3 texinfo xz-utils lbzip2 patch
cabal update
- cabal install --reinstall hscolour --index-state=$hackage_index_state
+ cabal install --reinstall hscolour
+ sudo ln -s /home/ghc/.cabal/bin/HsColour /usr/local/bin/HsColour || true
fi
;;
Darwin)
if [[ -n ${TARGET:-} ]]; then
fail "uname=$(uname) not supported for cross-compilation"
fi
- brew install ghc cabal-install python3 ncurses gmp
+ # It looks like we already have python2 here and just installing python3
+ # does not work.
+ brew upgrade python
+ brew install ghc cabal-install ncurses gmp
cabal update
cabal install --reinstall alex happy haddock hscolour --index-state=$hackage_index_state
# put them on the $PATH, don't fail if already installed
ln -s $HOME/.cabal/bin/alex /usr/local/bin/alex || true
ln -s $HOME/.cabal/bin/happy /usr/local/bin/happy || true
- ln -s $HOME/.cabal/bin/hscolour /usr/local/bin/hscolour || true
+ ln -s $HOME/.cabal/bin/HsColour /usr/local/bin/HsColour || true
;;
*)
fail "uname=$(uname) not supported"
More information about the ghc-commits
mailing list