[Sound-open-firmware] [PATCH V2 2/2] scripts: docker: Simplify docker build

Pan, Xiuli xiuli.pan at linux.intel.com
Thu Jun 7 20:18:51 CEST 2018



On 6/7/2018 22:47, Liam Girdwood wrote:
> On Thu, 2018-06-07 at 20:33 +0800, Pan, Xiuli wrote:
>>> We can't compromise security. Maybe the easiest thing is to make xtensa-
>>> build.sh
>> So even if we are running in a docker we could not make the NOPASSWD to
>> make life easier. It only influence the docker container.
> Yes, but what happens if we also use the container for security testing/fuzzing
> of FW/driver/alsa/userspace components ? Need to keep security consistent.
I think the docker is designed to make sure the host and container are 
isolated.
This change just make password not needed for sudo. Actually the 
password for the docker user is just store in text in Dockerfile.
I do not see any security issue here if we just make sudo without password

>
>>> take a -l flag to install rimage to ~/bin and use this version.
>> Or maybe I will add a ENV in docker like export DOCKERRUN=1. The
>> xtensa-build.sh then check the ENV, if it had the ENV then we install
>> the rimage into ~/bin, otherwise the scripts goes like the normal way.
> Adding -l to xtensa-build.sh will be easy, you can then make sure ~/bin is first
> in it's $PATH and then ./configure rimage --prexix=~/bin
Then we should run the scripts with a flag? I think the docker may be 
more complex then a native build environment.
I just hope to keep the docker more easy to use.

Thanks
Xiuli
> Liam



More information about the Sound-open-firmware mailing list