kumquat-buildroot/utils/docker-run
Yann E. MORIN 893bd56974 utils/docker: use host's network setup
Our utils/docker-run wrapper is needed to provide a reproducible build
environment: tools, variables, etc... but is not meant for
isolation. As such, we do not care which network configuration is
used.

In some settings (e.g. enterprise networks), it is often the case that
a VPN is in use, especially in those wonderful times of widespread
remote work.

Letting Docker decide on the network setup will most usually lead to
it creating a private network that is NATed onto the principal network
interface, leading to non-functional network in the container when a
VPN is in use.

As such, always use the host network configuration, and do not let
Docker create a private network for the container.

Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
Cc: Ricardo Martincoski <ricardo.martincoski@datacom.com.br>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2023-11-04 18:42:13 +01:00

68 lines
2.1 KiB
Bash
Executable File

#!/usr/bin/env bash
set -o errexit -o pipefail
DIR=$(dirname "${0}")
MAIN_DIR=$(readlink -f "${DIR}/..")
if [ -L "${MAIN_DIR}/.git/config" ]; then
# Support git-new-workdir
GIT_DIR="$(dirname "$(realpath "${MAIN_DIR}/.git/config")")"
else
# Support git-worktree
GIT_DIR="$(cd "${MAIN_DIR}" && git rev-parse --no-flags --git-common-dir)"
fi
if test -z "${IMAGE}" ; then
# shellcheck disable=SC2016
IMAGE=$(grep ^image: "${MAIN_DIR}/.gitlab-ci.yml" | \
sed -e 's,^image: ,,g' | sed -e 's,\$CI_REGISTRY,registry.gitlab.com,g')
fi
declare -a docker_opts=(
-i
--rm
--user "$(id -u):$(id -g)"
--workdir "$(pwd)"
--security-opt label=disable
--network host
)
declare -a mountpoints=(
"${MAIN_DIR}"
"$(pwd)"
)
# Empty GIT_DIR means that we are not in a workdir, *and* git is too old
# to know about worktrees, so we're not in a worktree either. So it means
# we're in the main git working copy, and thus we don't need to mount the
# .git directory.
if [ "${GIT_DIR}" ]; then
# GIT_DIR in the main working copy (when git supports worktrees) will
# be just '.git', but 'docker run' needs an absolute path. If it is
# not absolute, GIT_DIR is relative to MAIN_DIR. If it's an absolute
# path already (in a wordir), then that's a noop.
GIT_DIR="$(cd "${MAIN_DIR}"; readlink -e "${GIT_DIR}")"
mountpoints+=( "${GIT_DIR}" )
# 'repo' stores .git/objects separately.
if [ -L "${GIT_DIR}/objects" ]; then
# GITDIR is already an absolute path, but for symetry
# with the above, keep the same cd+readlink construct.
OBJECTS_DIR="$(cd "${MAIN_DIR}"; readlink -e "${GIT_DIR}/objects")"
mountpoints+=( "${OBJECTS_DIR}" )
fi
fi
if [ "${BR2_DL_DIR}" ]; then
mountpoints+=( "${BR2_DL_DIR}" )
docker_opts+=( --env BR2_DL_DIR )
fi
# shellcheck disable=SC2013 # can't use while-read because of the assignment
for dir in $(printf '%s\n' "${mountpoints[@]}" |LC_ALL=C sort -u); do
docker_opts+=( --mount "type=bind,src=${dir},dst=${dir}" )
done
if tty -s; then
docker_opts+=( -t )
fi
exec docker run "${docker_opts[@]}" "${IMAGE}" "${@}"