Run mkimage.sh as non-root user

jandubois · jandubois · commit cefe79a2a2a2 · 2026-01-05T16:42:02.000-08:00
Alpine 3.23 ships apk-tools 3.0 which deprecated --no-chown as an alias
for --usermode. The --usermode flag cannot be used as root, breaking
the previous root-based build.

Switch to running the build as a dedicated "build" user, which is the
intended way to use mkimage.sh with the --no-chown flag.

Signed-off-by: Jan Dubois &lt;jan.dubois@suse.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -14,10 +14,11 @@ RUN if [ "${TARGETARCH}" = "amd64" ]; then apk add syslinux; fi
 
 COPY --from=binfmt /usr/bin /binfmt
 
-RUN addgroup root abuild
-RUN abuild-keygen -i -a -n
 RUN apk update
+RUN adduser -D build && addgroup build abuild
+USER build
+RUN abuild-keygen -a -n
 
-ADD src/aports /home/build/aports
+ADD --chown=build:build src/aports /home/build/aports
 WORKDIR /home/build/aports/scripts
 ENTRYPOINT ["sh", "./mkimage.sh"]
diff --git a/build.sh b/build.sh
@@ -27,7 +27,6 @@ ${DOCKER} run --rm \
     --tag "${TAG}" \
     --outdir /iso \
     --arch "${ARCH}" \
-    --repository "/home/build/packages/lima" \
     --repository "http://dl-cdn.alpinelinux.org/alpine/${REPO_VERSION}/main" \
     --repository "http://dl-cdn.alpinelinux.org/alpine/${REPO_VERSION}/community" \
     --profile lima
