From 6fb385bc8c2d05cd38c7b0fb07a76b7932ba1e8f Mon Sep 17 00:00:00 2001
From: Hood Chatham <hood@mit.edu>
Date: Sun, 4 Apr 2021 15:19:54 -0400
Subject: [PATCH] BLD run_docker as the host user not as root (#1429)

---
 .gitignore | 43 +++++++++++++++++++------------------------
 run_docker | 38 +++++++++++++++++++++++++++++++++-----
 2 files changed, 52 insertions(+), 29 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1e1984101..00a50e3e1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,31 +1,26 @@
 *.a
 *.o
 *.pyc
-.patched
-.built
-.packaged
-.pytest_cache/
-__pycache__
-geckodriver.log
-firefox/
-.vscode
-.idea
-.mypy_cache/
-.hypothesis
-node_modules/
-
-build
-downloads
-host
-installs
-ccache
-
-/emsdk/emsdk
 
 *.egg-info/
+
+__pycache__
+
+.docker_home
+.hypothesis
+.idea
+.mozilla
+.mypy_cache/
+.pytest_cache/
+.vscode
+
+build
+ccache
+cpython/downloads
+cpython/installs
+docs/_build/
+emsdk/emsdk
+geckodriver.log
+node_modules/
 packages/.artifacts
 packages/*/build.log
-
-docs/usage/python-api/
-docs/usage/micropip-api/
-docs/_build/
diff --git a/run_docker b/run_docker
index 28262091b..96485ecd0 100755
--- a/run_docker
+++ b/run_docker
@@ -91,11 +91,39 @@ case $DEFAULT_PYODIDE_SYSTEM_PORT in
   ;;
 esac
 
-exec docker run \
-    $PORT_CONFIGURATION_LINE \
-    -it --rm \
+mkdir -p .docker_home
+
+USER_HOME="/src/.docker_home"
+USER_NAME="$(id -u -n)"
+USER_PASS="x"
+USER_ID="$(id -u)"
+USER_GID=0
+USER_COMMENT_FIELD="${USER_NAME} pyodide user alias"
+USER_INTERPRETER="/sbin/nologin"
+USER_ACCOUNT_INFO="${USER_NAME}:${USER_PASS}:${USER_ID}:${USER_GID}:${USER_COMMENT_FIELD}:${USER_HOME}:${USER_INTERPRETER}"
+
+# Start a detached container as root, add the host uname and uid to /etc/passwd,
+# then run forever
+CONTAINER=$(\
+  docker run \
+    -d --rm \
     -v $PWD:/src \
-    --user root -e NB_UID=$UID -e NB_GID=$GID \
+    --user root \
     --shm-size 2g \
     "${PYODIDE_DOCKER_IMAGE}" \
-    $DOCKER_COMMAND
+    /bin/bash -c " \
+      echo '${USER_ACCOUNT_INFO}' >> /etc/passwd ; \
+      tail -f /dev/null \
+    " \
+)
+
+EXIT_STATUS=0
+# Execute the provided command as the host user with HOME=/src
+docker exec \
+  -it \
+  --user $(id --user):$(id --group) \
+  $CONTAINER \
+  /bin/bash -c "${DOCKER_COMMAND}" || EXIT_STATUS=$?
+
+docker kill $CONTAINER > /dev/null
+exit $EXIT_STATUS