[docker] Copy files into container as user
We use some scripts within the container as dev user. Explicitly copy
them as this user to ensure the user executing the script has
permissions on them later on.
(`COPY` always uses root:root as target user/group. On some machines,
the files ended up executable as docker ran, while on others it didn't.
Making things explicit should give us a consistent build experience.)
See #8569
Signed-off-by: Philipp Wagner <phw@lowrisc.org>
diff --git a/util/container/Dockerfile b/util/container/Dockerfile
index cddcbf0..17d69fb 100644
--- a/util/container/Dockerfile
+++ b/util/container/Dockerfile
@@ -102,11 +102,12 @@
&& passwd -u dev
# All subsequent steps are performed as user.
-USER dev
+USER dev:dev
# Install Rust plus packages.
-COPY sw/vendor/rustup/rustup-init.sh /tmp/rustup-init.sh
-RUN /tmp/rustup-init.sh -y --default-toolchain ${RUST_VERSION}
+COPY --chown=dev:dev sw/vendor/rustup/rustup-init.sh /tmp/rustup-init.sh
+RUN /tmp/rustup-init.sh -y --default-toolchain ${RUST_VERSION} \
+ && rm -f /tmp/rustup-init.sh
# Install Python plus packages.
#
@@ -116,11 +117,12 @@
# Python version. If that information is not read, pip installs the latest
# version, which then fails to run.
ENV PATH "/home/dev/.local/bin:${PATH}"
-COPY python-requirements.txt /tmp/python-requirements.txt
+COPY --chown=dev:dev python-requirements.txt /tmp/python-requirements.txt
RUN python3 -m pip install --user -U pip setuptools \
&& python3 -m pip install --user -r /tmp/python-requirements.txt \
- --no-warn-script-location
+ --no-warn-script-location \
+ && rm -f /tmp/python-requirements.txt
-USER root
+USER root:root
ENTRYPOINT [ "/start.sh" ]
