[Sound-open-firmware] [PATCH V2 2/2] scripts: docker: Simplify docker build
Pan, Xiuli
xiuli.pan at linux.intel.com
Fri Jun 8 05:36:58 CEST 2018
On 6/8/2018 03:48, Liam Girdwood wrote:
> On Fri, 2018-06-08 at 02:18 +0800, Pan, Xiuli wrote:
>> On 6/7/2018 22:47, Liam Girdwood wrote:
>>> On Thu, 2018-06-07 at 20:33 +0800, Pan, Xiuli wrote:
>>>>> We can't compromise security. Maybe the easiest thing is to make xtensa-
>>>>> build.sh
>>>> So even if we are running in a docker we could not make the NOPASSWD to
>>>> make life easier. It only influence the docker container.
>>> Yes, but what happens if we also use the container for security
>>> testing/fuzzing
>>> of FW/driver/alsa/userspace components ? Need to keep security consistent.
>> I think the docker is designed to make sure the host and container are
>> isolated.
>> This change just make password not needed for sudo. Actually the
>> password for the docker user is just store in text in Dockerfile.
>> I do not see any security issue here if we just make sudo without password
> The point here is that the container must behave like a typical OS installation
> and follow the same rules/settings.
OK I will remove this setting.
>
>>>>> take a -l flag to install rimage to ~/bin and use this version.
>>>> Or maybe I will add a ENV in docker like export DOCKERRUN=1. The
>>>> xtensa-build.sh then check the ENV, if it had the ENV then we install
>>>> the rimage into ~/bin, otherwise the scripts goes like the normal way.
>>> Adding -l to xtensa-build.sh will be easy, you can then make sure ~/bin is
>>> first
>>> in it's $PATH and then ./configure rimage --prexix=~/bin
>> Then we should run the scripts with a flag? I think the docker may be
>> more complex then a native build environment.
>> I just hope to keep the docker more easy to use.
> Yes, we will run the script with a flag inside or outside of Docker. This is an
> easy change for xtensa-build.sh, because all you are doing is modifying --prefix
> for rimage and setting $PATH.
I still want to add a ENV flag check in the xtensa-build.sh to make life
easier. User may forget to add a flag and may have some error, but using
a ENV flag in container will do no harm and just like a flag in scripts.
Thanks
Xiuli
>
> Liam
>
>> Thanks
>> Xiuli
>>> Liam
>> _______________________________________________
>> Sound-open-firmware mailing list
>> Sound-open-firmware at alsa-project.org
>> http://mailman.alsa-project.org/mailman/listinfo/sound-open-firmware
More information about the Sound-open-firmware
mailing list