docker/with_the_same_user - tvm - Git at Google

 #!/usr/bin/env bash

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 # This script is a wrapper creating the same user inside container as the one
 # running the docker/build.sh outside the container. It also set the home directory
 # for the user inside container to match the same absolute path as the workspace
 # outside of container.  Do not run this manually. It does not make sense. It is
 # intended to be called by ci_build.sh only.

 set -e

 # NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum.
 # The --preserve-env option below passes those variables through to the invoked process; however,
 # this appears not to affect the environment used with execve, so we resolve the binary to run
 # in this file using the $PATH specified in the Dockerfile.
 COMMAND=( "$(which "$1")" )
 shift
 COMMAND=( "${COMMAND[@]}" "$@" )

 if ! touch /this_is_writable_file_system; then
   echo "You can't write to your filesystem!"
   echo "If you are in Docker you should check you do not have too many images" \
       "with too many files in them. Docker has some issue with it."
   exit 1
 else
   rm /this_is_writable_file_system
 fi

 getent group "${CI_BUILD_GID}" || (
     # Ensure "${CI_BUILD_GROUP}" is not already some other gid inside container.
     if grep -q "^${CI_BUILD_GROUP}:" /etc/group; then
         CI_BUILD_GROUP="${CI_BUILD_GROUP}2"
     fi
     addgroup --force-badname --gid "${CI_BUILD_GID}" "${CI_BUILD_GROUP}" >/dev/null)

 getent group tvm-venv || (addgroup tvm-venv >/dev/null)
 getent passwd "${CI_BUILD_UID}" || adduser --force-badname --gid "${CI_BUILD_GID}" --uid "${CI_BUILD_UID}" \
     --gecos "${CI_BUILD_USER} (generated by with_the_same_user script)" \
     --disabled-password --home "${CI_BUILD_HOME}" --quiet "${CI_BUILD_USER}"
 usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}"
 usermod -a -G sudo -G dialout "${CI_BUILD_USER}"

 # Add user to video group for ROCm
 if [[ ! -z "${ROCM_ENABLED-}" ]]; then
   usermod -a -G video "${CI_BUILD_USER}"
 fi

 # This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts.
 echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo

 if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then
     CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}"
 else
     CUDA_ENV=""
 fi

 if [[ "$CI_IMAGE_NAME" == *"hexagon"* ]] && [[ ${CI:-false} != "true" ]]; then
   PATH=$(echo "$PATH" | sed 's/\/opt\/sccache://g')
 fi

 sudo -u "#${CI_BUILD_UID}" --preserve-env \
 ${CUDA_ENV} \
 PATH=${PATH} \
 JAVA_HOME=${JAVA_HOME} \
 LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \
 PYTHONPATH="${PYTHONPATH-}" \
 CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \
 HOME="${CI_BUILD_HOME-}" \
 "${COMMAND[@]}"
	#!/usr/bin/env bash

	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	# This script is a wrapper creating the same user inside container as the one
	# running the docker/build.sh outside the container. It also set the home directory
	# for the user inside container to match the same absolute path as the workspace
	# outside of container. Do not run this manually. It does not make sense. It is
	# intended to be called by ci_build.sh only.

	set -e

	# NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum.
	# The --preserve-env option below passes those variables through to the invoked process; however,
	# this appears not to affect the environment used with execve, so we resolve the binary to run
	# in this file using the $PATH specified in the Dockerfile.
	COMMAND=( "$(which "$1")" )
	shift
	COMMAND=( "${COMMAND[@]}" "$@" )

	if ! touch /this_is_writable_file_system; then
	echo "You can't write to your filesystem!"
	echo "If you are in Docker you should check you do not have too many images" \
	"with too many files in them. Docker has some issue with it."
	exit 1
	else
	rm /this_is_writable_file_system
	fi

	getent group "${CI_BUILD_GID}" \|\| (
	# Ensure "${CI_BUILD_GROUP}" is not already some other gid inside container.
	if grep -q "^${CI_BUILD_GROUP}:" /etc/group; then
	CI_BUILD_GROUP="${CI_BUILD_GROUP}2"
	fi
	addgroup --force-badname --gid "${CI_BUILD_GID}" "${CI_BUILD_GROUP}" >/dev/null)

	getent group tvm-venv \|\| (addgroup tvm-venv >/dev/null)
	getent passwd "${CI_BUILD_UID}" \|\| adduser --force-badname --gid "${CI_BUILD_GID}" --uid "${CI_BUILD_UID}" \
	--gecos "${CI_BUILD_USER} (generated by with_the_same_user script)" \
	--disabled-password --home "${CI_BUILD_HOME}" --quiet "${CI_BUILD_USER}"
	usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}"
	usermod -a -G sudo -G dialout "${CI_BUILD_USER}"

	# Add user to video group for ROCm
	if [[ ! -z "${ROCM_ENABLED-}" ]]; then
	usermod -a -G video "${CI_BUILD_USER}"
	fi

	# This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts.
	echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo

	if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then
	CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}"
	else
	CUDA_ENV=""
	fi

	if [[ "$CI_IMAGE_NAME" == "hexagon" ]] && [[ ${CI:-false} != "true" ]]; then
	PATH=$(echo "$PATH" \| sed 's/\/opt\/sccache://g')
	fi

	sudo -u "#${CI_BUILD_UID}" --preserve-env \
	${CUDA_ENV} \
	PATH=${PATH} \
	JAVA_HOME=${JAVA_HOME} \
	LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \
	PYTHONPATH="${PYTHONPATH-}" \
	CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \
	HOME="${CI_BUILD_HOME-}" \
	"${COMMAND[@]}"