diff --git a/Makefile b/Makefile index f214ba19d..634626769 100644 --- a/Makefile +++ b/Makefile @@ -23,8 +23,8 @@ setup_env: poetry run python -m pip install --force-reinstall numpy==1.21.4; \ fi; \ fi - # we need to pin a specific version of numpy to avoid having license conflicts - # see https://github.com/zama-ai/concretefhe-internal/runs/4455022611?check_suite_focus=true for details + @# we need to pin a specific version of numpy to avoid having license conflicts + @# see https://github.com/zama-ai/concretefhe-internal/runs/4455022611?check_suite_focus=true for details .PHONY: sync_env # Synchronise the environment sync_env: @@ -147,11 +147,13 @@ mypy_ci: .PHONY: docker_build # Build dev docker docker_build: - docker build --pull -t $(DEV_DOCKER_IMG) -f $(DEV_DOCKERFILE) . + docker build --build-arg BUILD_UID=$$(id -u) --build-arg BUILD_GID=$$(id -g) --pull \ + -t $(DEV_DOCKER_IMG) -f $(DEV_DOCKERFILE) . .PHONY: docker_rebuild # Rebuild docker -docker_rebuild: - docker build --pull --no-cache -t $(DEV_DOCKER_IMG) -f $(DEV_DOCKERFILE) . +docker_rebuild: docker_clean_volumes + docker build --build-arg BUILD_UID=$$(id -u) --build-arg BUILD_GID=$$(id -g) --pull \ + --no-cache -t $(DEV_DOCKER_IMG) -f $(DEV_DOCKERFILE) . .PHONY: docker_start # Launch docker docker_start: @@ -160,8 +162,8 @@ docker_start: -p 8888:8888 \ --env DISPLAY=host.docker.internal:0 \ --volume /"$$(pwd)":/src \ - --volume $(DEV_CONTAINER_VENV_VOLUME):/root/dev_venv \ - --volume $(DEV_CONTAINER_CACHE_VOLUME):/root/.cache \ + --volume $(DEV_CONTAINER_VENV_VOLUME):/home/dev_user/dev_venv \ + --volume $(DEV_CONTAINER_CACHE_VOLUME):/home/dev_user/.cache \ $(DEV_DOCKER_IMG) .PHONY: docker_build_and_start # Docker build and start diff --git a/docker/Dockerfile.concretefhe-dev b/docker/Dockerfile.concretefhe-dev index bbe88a500..fc78f8a56 100644 --- a/docker/Dockerfile.concretefhe-dev +++ b/docker/Dockerfile.concretefhe-dev @@ -1,15 +1,43 @@ FROM ghcr.io/zama-ai/concretefhe-env -ENV SRC_DIR_NAME=src +ENV SRC_DIR=/src -RUN echo "source /root/dev_venv/bin/activate" >> /root/.bashrc && \ - echo "if [[ \"\$?\" != \"0\" ]]; then" >> /root/.bashrc && \ - echo " python3 -m venv /root/dev_venv" >> /root/.bashrc && \ - echo " source /root/dev_venv/bin/activate" >> /root/.bashrc && \ - echo " cd /${SRC_DIR_NAME}/ && make setup_env" >> /root/.bashrc && \ - echo "fi" >> /root/.bashrc && \ - echo "export MPLBACKEND=TkAgg" >> /root/.bashrc +# Default to Ubuntu default uid for first user +ARG BUILD_GID=1000 +ARG BUILD_UID=1000 -WORKDIR /${SRC_DIR_NAME} +# Get sudo for our future user +RUN apt-get update && \ + apt-get install --no-install-recommends -y sudo && \ + rm -rf /var/lib/apt/lists/* + +# From https://dev.to/emmanuelnk/using-sudo-without-password-prompt-as-non-root-docker-user-52bg +# Create dev_user and add it to relevant groups +# Create /src and make the dev user own it +# Ensure sudo group users are not asked for a password when using +# sudo command by ammending sudoers file +RUN groupadd -g "${BUILD_GID}" dev_user && \ + adduser --disabled-password \ + --uid "${BUILD_UID}" --gid "${BUILD_GID}" --shell /bin/bash --gecos "" dev_user && \ + usermod -aG sudo dev_user && \ + mkdir -p "${SRC_DIR}" && \ + chown dev_user "${SRC_DIR}" && \ + echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers + +# Now switch to the newly created user +USER dev_user + +RUN echo "source ~/dev_venv/bin/activate" >> ~/.bashrc && \ + echo "if [[ \"\$?\" != \"0\" ]]; then" >> ~/.bashrc && \ + echo " python3 -m venv ~/dev_venv" >> ~/.bashrc && \ + echo " source ~/dev_venv/bin/activate" >> ~/.bashrc && \ + echo " cd ${SRC_DIR}/ && make setup_env" >> ~/.bashrc && \ + echo "fi" >> ~/.bashrc && \ + echo "export MPLBACKEND=TkAgg" >> ~/.bashrc && \ + touch ~/.sudo_as_admin_successful && \ + mkdir -p ~/dev_venv && \ + mkdir -p ~/.cache + +WORKDIR ${SRC_DIR} CMD ["/bin/bash"]