From 08ed3a726ae00ee938761dfedc8211658d95f1d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= <bpiotrowski@gnome.org>
Date: Mon, 17 Feb 2020 11:23:00 +0100
Subject: [PATCH 1/3] base: Run as unprivileged builds user

In order to make GitLab CI runners run without --privileged,
make flatpak-builder builds run as non-root user. The commit also
moves Flatpak remotes to user installation and re-organizes steps
for better layer caching.
---
 base | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/base b/base
index aaafa31..634a64a 100644
--- a/base
+++ b/base
@@ -1,20 +1,23 @@
 FROM registry.fedoraproject.org/fedora:latest
 
-VOLUME /build
-WORKDIR /build
 ENV FLATPAK_GL_DRIVERS=dummy
 
+RUN useradd --home-dir /build --create-home --shell /bin/bash build
+WORKDIR /build
+
+# Add a machine-id as specified in the freedesktop spec:
+# https://www.freedesktop.org/software/systemd/man/machine-id.html
+# gnome-builder test suite depends on this
+RUN cat /dev/urandom | tr -dc a-f0-9 | head -c32 > /etc/machine-id && echo "" >> /etc/machine-id
+
 RUN dnf -y update && \
     dnf install -y flatpak flatpak-builder librsvg2 ostree fuse elfutils \
     dconf dbus-daemon git bzr xorg-x11-server-Xvfb dbus-x11 && \
     dnf clean all
 
-RUN flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
-    flatpak remote-add gnome-nightly https://nightly.gnome.org/gnome-nightly.flatpakrepo && \
-    flatpak remote-add flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
+USER build
 
-# Add a machine-id as specified in the freedesktop spec:
-# https://www.freedesktop.org/software/systemd/man/machine-id.html
-# gnome-builder test suite depends on this
-RUN cat /dev/urandom | tr -dc a-f0-9 | head -c32 > /etc/machine-id && echo "" >> /etc/machine-id
+RUN flatpak remote-add --user flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
+    flatpak remote-add --user gnome-nightly https://nightly.gnome.org/gnome-nightly.flatpakrepo && \
+    flatpak remote-add --user flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
 
-- 
GitLab


From 65c3783c21d00261925808385eea1aa4049e42b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= <bpiotrowski@gnome.org>
Date: Mon, 17 Feb 2020 22:47:18 +0100
Subject: [PATCH 2/3] gnome-*: Install org.gnome.{Sdk,Platform} tp user
 installation

---
 gnome-3-26/Dockerfile   | 2 +-
 gnome-3-28/Dockerfile   | 2 +-
 gnome-3-30/Dockerfile   | 2 +-
 gnome-3-32/Dockerfile   | 2 +-
 gnome-3-34/Dockerfile   | 2 +-
 gnome-master/Dockerfile | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/gnome-3-26/Dockerfile b/gnome-3-26/Dockerfile
index 664f53b..0d83248 100644
--- a/gnome-3-26/Dockerfile
+++ b/gnome-3-26/Dockerfile
@@ -1,3 +1,3 @@
 FROM registry.gitlab.gnome.org/gnome/gnome-runtime-images/base
 
-RUN flatpak install -y --noninteractive flathub org.gnome.Sdk//3.26 org.gnome.Sdk.Debug//3.26  org.gnome.Platform//3.26
+RUN flatpak install --user -y --noninteractive flathub org.gnome.Sdk//3.26 org.gnome.Sdk.Debug//3.26  org.gnome.Platform//3.26
diff --git a/gnome-3-28/Dockerfile b/gnome-3-28/Dockerfile
index 7911dca..e8ac8c9 100644
--- a/gnome-3-28/Dockerfile
+++ b/gnome-3-28/Dockerfile
@@ -1,3 +1,3 @@
 FROM registry.gitlab.gnome.org/gnome/gnome-runtime-images/base
 
-RUN flatpak install -y --noninteractive flathub org.gnome.Sdk//3.28 org.gnome.Sdk.Debug//3.28  org.gnome.Platform//3.28
+RUN flatpak install --user -y --noninteractive flathub org.gnome.Sdk//3.28 org.gnome.Sdk.Debug//3.28  org.gnome.Platform//3.28
diff --git a/gnome-3-30/Dockerfile b/gnome-3-30/Dockerfile
index ed898e9..9973fb9 100644
--- a/gnome-3-30/Dockerfile
+++ b/gnome-3-30/Dockerfile
@@ -1,3 +1,3 @@
 FROM registry.gitlab.gnome.org/gnome/gnome-runtime-images/base
 
-RUN flatpak install -y --noninteractive flathub org.gnome.Sdk//3.30 org.gnome.Platform//3.30
+RUN flatpak install --user -y --noninteractive flathub org.gnome.Sdk//3.30 org.gnome.Platform//3.30
diff --git a/gnome-3-32/Dockerfile b/gnome-3-32/Dockerfile
index 2be309d..2884aab 100644
--- a/gnome-3-32/Dockerfile
+++ b/gnome-3-32/Dockerfile
@@ -1,3 +1,3 @@
 FROM registry.gitlab.gnome.org/gnome/gnome-runtime-images/base
 
-RUN flatpak install -y --noninteractive flathub org.gnome.Sdk//3.32 org.gnome.Platform//3.32
+RUN flatpak install --user -y --noninteractive flathub org.gnome.Sdk//3.32 org.gnome.Platform//3.32
diff --git a/gnome-3-34/Dockerfile b/gnome-3-34/Dockerfile
index 7dbba12..8d2e343 100644
--- a/gnome-3-34/Dockerfile
+++ b/gnome-3-34/Dockerfile
@@ -1,3 +1,3 @@
 FROM registry.gitlab.gnome.org/gnome/gnome-runtime-images/base
 
-RUN flatpak install -y --noninteractive flathub org.gnome.Sdk//3.34 org.gnome.Platform//3.34
+RUN flatpak install --user -y --noninteractive flathub org.gnome.Sdk//3.34 org.gnome.Platform//3.34
diff --git a/gnome-master/Dockerfile b/gnome-master/Dockerfile
index 8438f2b..9f668d1 100644
--- a/gnome-master/Dockerfile
+++ b/gnome-master/Dockerfile
@@ -1,3 +1,3 @@
 FROM registry.gitlab.gnome.org/gnome/gnome-runtime-images/base
 
-RUN flatpak install -y --noninteractive gnome-nightly org.gnome.Sdk org.gnome.Platform
+RUN flatpak install --user -y --noninteractive gnome-nightly org.gnome.Sdk org.gnome.Platform
-- 
GitLab


From ec92a0b43df4032a5fe51de5b92e842b2357d8fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bart=C5=82omiej=20Piotrowski?= <bpiotrowski@gnome.org>
Date: Tue, 18 Feb 2020 21:08:19 +0100
Subject: [PATCH 3/3] base: Build flatpak-builder with support for
 --disable-rofiles-fuse with --run

---
 base | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/base b/base
index 634a64a..966d4ba 100644
--- a/base
+++ b/base
@@ -1,5 +1,17 @@
 FROM registry.fedoraproject.org/fedora:latest
 
+RUN dnf -y update && dnf install -y git 'dnf-command(builddep)' libtool \
+        automake gettext-devel autoconf && \
+    dnf builddep -y flatpak-builder && \
+    dnf groupinstall -y "Development Tools"
+
+RUN git clone --recursive https://github.com/flatpak/flatpak-builder -b run-without-fuse && \
+    cd flatpak-builder && \
+    ./autogen.sh && make -j$(nproc)
+
+FROM registry.fedoraproject.org/fedora:latest
+COPY --from=0 /flatpak-builder/flatpak-builder /usr/local/bin/flatpak-builder
+
 ENV FLATPAK_GL_DRIVERS=dummy
 
 RUN useradd --home-dir /build --create-home --shell /bin/bash build
@@ -11,7 +23,7 @@ WORKDIR /build
 RUN cat /dev/urandom | tr -dc a-f0-9 | head -c32 > /etc/machine-id && echo "" >> /etc/machine-id
 
 RUN dnf -y update && \
-    dnf install -y flatpak flatpak-builder librsvg2 ostree fuse elfutils \
+    dnf install -y flatpak librsvg2 ostree fuse elfutils \
     dconf dbus-daemon git bzr xorg-x11-server-Xvfb dbus-x11 && \
     dnf clean all
 
@@ -20,4 +32,3 @@ USER build
 RUN flatpak remote-add --user flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \
     flatpak remote-add --user gnome-nightly https://nightly.gnome.org/gnome-nightly.flatpakrepo && \
     flatpak remote-add --user flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
-
-- 
GitLab