The workflow documented in the README and elsewhere relies on having a host system in which the user runs rake-compiler-dock (or some variation like RakeCompilerDock.sh) which runs through RakeCompilerDock::Starter.exec. Specifically, there is an assumption being made that the user is logging in to the container via the runas script and setting all the necessary environment variables to make it work (e.g., GID, GROUP, UID, USER).
My current use case, which I think is not unique, is that I have a CI system which I provide an OCI image and a script to run. I want to use the rake-compiler-dock images to test building a native gem, but unfortunately I can't easily invoke runas because I don't want or need to create a container-local user and group.
To work around this, I'm keeping my my script in sync with runas, currently it contains:
and now for 1.1.0 to operate correctly I need to add
export RAKE_EXTENSION_TASK_NO_NATIVE=true
My mental model is that runas is conflating two separate concepts:
creating a container-local user and group so that file permissions aren't janky
setting up the user environment to build correctly
I'd like to propose separating these two concepts.
If you're open to this kind of a change, I'd be happy to work on a PR that would:
move environment variables (i.e., BASH_ENV and RAKE_EXTENSION_TASK_NO_NATIVE) into a system-wide configuration that's run for all users at login (such as /etc/profile.d)
move the symlinking of /usr/local/rake-compiler into one of:
the same profile.d script as above
or into both the default image (for the root user) and leave in runas (for any newly-created users)
An alternative approach might be to have runas conditionally create the user and group only if those (or other) environment variables are set.
larskanis
commented
2 years ago
The workflow documented in the README and elsewhere relies on having a host system in which the user runs
rake-compiler-dock(or some variation likeRakeCompilerDock.sh) which runs throughRakeCompilerDock::Starter.exec. Specifically, there is an assumption being made that the user is logging in to the container via therunasscript and setting all the necessary environment variables to make it work (e.g.,GID,GROUP,UID,USER).My current use case, which I think is not unique, is that I have a CI system which I provide an OCI image and a script to run. I want to use the
rake-compiler-dockimages to test building a native gem, but unfortunately I can't easily invokerunasbecause I don't want or need to create a container-local user and group.To work around this, I'm keeping my my script in sync with
runas, currently it contains:and now for 1.1.0 to operate correctly I need to add
My mental model is that
runasis conflating two separate concepts:I'd like to propose separating these two concepts.
If you're open to this kind of a change, I'd be happy to work on a PR that would:
BASH_ENVandRAKE_EXTENSION_TASK_NO_NATIVE) into a system-wide configuration that's run for all users at login (such as/etc/profile.d)/usr/local/rake-compilerinto one of:runas(for any newly-created users)An alternative approach might be to have
runasconditionally create the user and group only if those (or other) environment variables are set.Thoughts?