[Sound-open-firmware] [PATCH V2 2/2] scripts: docker: Simplify docker build
Liam Girdwood
liam.r.girdwood at linux.intel.com
Thu Jun 7 21:48:39 CEST 2018
On Fri, 2018-06-08 at 02:18 +0800, Pan, Xiuli wrote:
>
> On 6/7/2018 22:47, Liam Girdwood wrote:
> > On Thu, 2018-06-07 at 20:33 +0800, Pan, Xiuli wrote:
> > > > We can't compromise security. Maybe the easiest thing is to make xtensa-
> > > > build.sh
> > >
> > > So even if we are running in a docker we could not make the NOPASSWD to
> > > make life easier. It only influence the docker container.
> >
> > Yes, but what happens if we also use the container for security
> > testing/fuzzing
> > of FW/driver/alsa/userspace components ? Need to keep security consistent.
>
> I think the docker is designed to make sure the host and container are
> isolated.
> This change just make password not needed for sudo. Actually the
> password for the docker user is just store in text in Dockerfile.
> I do not see any security issue here if we just make sudo without password
The point here is that the container must behave like a typical OS installation
and follow the same rules/settings.
>
> >
> > > > take a -l flag to install rimage to ~/bin and use this version.
> > >
> > > Or maybe I will add a ENV in docker like export DOCKERRUN=1. The
> > > xtensa-build.sh then check the ENV, if it had the ENV then we install
> > > the rimage into ~/bin, otherwise the scripts goes like the normal way.
> >
> > Adding -l to xtensa-build.sh will be easy, you can then make sure ~/bin is
> > first
> > in it's $PATH and then ./configure rimage --prexix=~/bin
>
> Then we should run the scripts with a flag? I think the docker may be
> more complex then a native build environment.
> I just hope to keep the docker more easy to use.
Yes, we will run the script with a flag inside or outside of Docker. This is an
easy change for xtensa-build.sh, because all you are doing is modifying --prefix
for rimage and setting $PATH.
Liam
>
> Thanks
> Xiuli
> > Liam
>
> _______________________________________________
> Sound-open-firmware mailing list
> Sound-open-firmware at alsa-project.org
> http://mailman.alsa-project.org/mailman/listinfo/sound-open-firmware
More information about the Sound-open-firmware
mailing list