Docker: create user only when docker_start_user.sh got run

docker/build/cyber.x86_64.dockerfile

@@ -9,7 +9,7 @@ LABEL version="1.2"
 ENV DEBIAN_FRONTEND=noninteractive
 
 COPY installers /tmp/installers
-COPY misc /etc/misc
+COPY rcfiles /opt/apollo/rcfiles
 
 # Pre-downloaded tarballs
 COPY archive /tmp/archive

docker/build/installers/install_minimal_environment.sh

@@ -53,6 +53,7 @@ apt-get -y update && \
     vim \
     sed \
     gawk \
+    bc \
     patch \
     tree \
     lsof \

docker/build/new_dev.x86_64.dockerfile

-FROM apolloauto/apollo:cyber-x86_64-18.04-20200518_0934
+FROM apolloauto/apollo:cyber-x86_64-18.04-20200525_0253
 
 ARG GEOLOC
 ARG BUILD_STAGE

docker/build/misc/user.bash_aliases → docker/build/rcfiles/user.bash_aliases

 export PS1="\[\e[31m\][\[\e[m\]\[\e[32m\]\u\[\e[m\]\[\e[33m\]@\[\e[m\]\[\e[35m\]\h\[\e[m\]:\[\e[36m\]\w\[\e[m\]\[\e[31m\]]\[\e[m\]\[\e[1;32m\]\\$\[\e[m\] "
 
-ulimit -c unlimited
+export PATH="$PATH:/apollo/scripts"
 
-. /apollo/scripts/apollo_base.sh
+if [[ -e "/apollo/scripts/apollo_base.sh" ]]; then
+    . /apollo/scripts/apollo_base.sh
+fi
 
 alias bb="bazel build --distdir=/apollo/.cache/distdir"
 alias bt="bazel test  --distdir=/apollo/.cache/distdir"
@@ -15,3 +17,5 @@ function inc() {
         /bin/grep "#include" -r "${_path}" | sort -u
     fi
 }
+
+ulimit -c unlimited

docker/build/rcfiles/user.lcovrc

+genhtml_branch_coverage = 1
+lcov_branch_coverage = 1

docker/scripts/cyber_into.sh

@@ -16,37 +16,30 @@
 # limitations under the License.
 ###############################################################################
 
-ARCH=$(uname -m)
+DOCKER_USER="${USER}"
+CYBER_CONTAINER="apollo_cyber_${USER}"
 
-APOLLO_ROOT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
-
-USER_ID=$(id -u)
-DOCKER_USER=apollo
-
-if [[ "$USER" != "apollo" ]] && [[ $USER_ID -ne 1000 ]]; then
-    DOCKER_USER=$USER
-fi
-
-
-source ${APOLLO_ROOT_DIR}/scripts/apollo_base.sh CYBER_ONLY
+APOLLO_ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+source "${APOLLO_ROOT_DIR}/scripts/apollo_base.sh" CYBER_ONLY
 
 xhost +local:root 1>/dev/null 2>&1
 
-if [ ${ARCH} == "x86_64" ]; then
+ARCH="$(uname -m)"
+if [ "${ARCH}" == "x86_64" ]; then
     docker exec \
-        -u $DOCKER_USER \
-        -it apollo_cyber_$USER \
+        -u "${DOCKER_USER}" \
+        -it "${CYBER_CONTAINER}" \
         /bin/bash
-elif [ ${ARCH} == "aarch64" ]; then
+elif [ "${ARCH}" == "aarch64" ]; then
     warning "!!! For the first time after starting the Cyber RT container, please run the following two commands: !!!"
-    warning "!!!   1) /apollo/scripts/docker_adduser.sh !!!"
-    warning "!!!   2) su $DOCKER_USER !!!"
+    warning "!!!   1) /apollo/scripts/docker_start_user.sh # with root or sudo permissions!!!"
+    warning "!!!   2) su ${DOCKER_USER} !!!"
     warning "! To exit, please use 'ctrl+p ctrl+q' !"
 
-    docker attach apollo_cyber_$USER
+    docker attach "${CYBER_CONTAINER}"
 
 else
-    echo "Unknown architecture: ${ARCH}"
+    echo "Unsupported architecture: ${ARCH}"
     exit 0
 fi
 

docker/scripts/cyber_start.sh

@@ -15,14 +15,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ###############################################################################
-APOLLO_ROOT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
+APOLLO_ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)"
 CACHE_ROOT_DIR="${APOLLO_ROOT_DIR}/.cache"
 
 INCHINA="no"
 LOCAL_IMAGE="no"
 VERSION=""
 ARCH=$(uname -m)
-VERSION_X86_64="cyber-x86_64-18.04-20200519_2255"
+VERSION_X86_64="cyber-x86_64-18.04-20200525_0253"
 VERSION_AARCH64="cyber-aarch64-18.04-20190621_1606"
 VERSION_OPT=""
 
@@ -53,12 +53,11 @@ function check_agreement() {
 }
 
 function check_host_environment() {
-  echo 'Host environment checking done.'
+    echo 'Host environment checking done.'
 }
 
-function show_usage()
-{
-cat <<EOF
+function show_usage() {
+cat <EOF
 Usage: $(basename $0) [options] ...
 OPTIONS:
     -C                     Pull docker image from China mirror.
@@ -70,24 +69,21 @@ EOF
 exit 0
 }
 
-function stop_containers()
-{
-running_containers=$(docker ps --format "{{.Names}}")
-
-for i in ${running_containers[*]}
-do
-  if [[ "$i" =~ apollo_* ]];then
-    printf %-*s 70 "stopping container: $i ..."
-    if docker stop "$i" >/dev/null ; then
-      printf "\033[32m[DONE]\033[0m\n"
-    else
-      printf "\033[31m[FAILED]\033[0m\n"
-    fi
-  fi
-done
+function stop_containers() {
+    local running_containers
+    running_containers=$(docker ps --format "{{.Names}}")
+    for i in ${running_containers[*]} ; do
+        if [[ "$i" =~ apollo_* ]];then
+            printf %-*s 70 "stopping container: $i ..."
+            if docker stop "$i" >/dev/null ; then
+                printf "\033[32m[DONE]\033[0m\n"
+            else
+                printf "\033[31m[FAILED]\033[0m\n"
+            fi
+        fi
+    done
 }
 
-
 if [ ! -e /apollo ]; then
     sudo ln -sf "${APOLLO_ROOT_DIR}" /apollo
 fi
@@ -96,7 +92,7 @@ if [ -e /proc/sys/kernel ]; then
     echo "/apollo/data/core/core_%e.%p" | sudo tee /proc/sys/kernel/core_pattern > /dev/null
 fi
 
-source ${APOLLO_ROOT_DIR}/scripts/apollo_base.sh CYBER_ONLY
+source "${APOLLO_ROOT_DIR}/scripts/apollo_base.sh" CYBER_ONLY
 check_agreement
 check_host_environment
 
@@ -155,8 +151,7 @@ if [ "$LOCAL_IMAGE" == "yes" ] && [ -z "$VERSION_OPT" ]; then
     VERSION="local_cyber_dev"
 fi
 
-
-IMG=${DOCKER_REPO}:$VERSION
+IMG="${DOCKER_REPO}:$VERSION"
 
 function local_volumes() {
     # Apollo root and bazel cache dirs are required.
@@ -224,7 +219,6 @@ function determine_gpu_use() {
 }
 
 function main(){
-
     if [ "$LOCAL_IMAGE" = "yes" ];then
         info "Start docker container based on local image : $IMG"
     else
@@ -300,17 +294,15 @@ function main(){
 
 
     if [ "${ARCH}" == "x86_64" ]; then
-        # User with uid=1000 or username=apollo excluded
-        if [[ "${USER}" != "root" ]] && [[ "${USER}" != "apollo" ]] \
-            && [[ $USER_ID -ne 1000 ]]; then
-            docker exec -u root "${APOLLO_CYBER}" bash -c '/apollo/scripts/docker_adduser.sh'
+        if [[ "${USER}" != "root" ]]; then
+            docker exec -u root "${APOLLO_CYBER}" bash -c '/apollo/scripts/docker_start_user.sh'
         fi
     else
-        warning "!!! Due to the problem with 'docker exec' on Drive PX platform, please run '/apollo/scripts/docker_adduser.sh' for the first time when you get into the docker !!!"
+        warning "!!! Due to the problem with 'docker exec' on Drive PX platform, please run '/apollo/scripts/docker_start_user.sh' for the first time when you get into the docker !!!"
     fi
 
     ok "Finished setting up Apollo docker environment. Now you can enter with: \nbash docker/scripts/cyber_into.sh"
     ok "Enjoy!"
 }
 
-main
+main "$@"

docker/scripts/dev_into.sh

@@ -15,19 +15,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ###############################################################################
-USER_ID=$(id -u)
-DOCKER_USER=apollo
-
-if [[ "$USER" != "apollo" ]] && [[ $USER_ID -ne 1000 ]]; then
-    DOCKER_USER=$USER
-fi
+DOCKER_USER="${USER}"
+DEV_CONTAINER="apollo_dev_${USER}"
 
 xhost +local:root 1>/dev/null 2>&1
 
 docker exec \
-    -u $DOCKER_USER \
+    -u "${DOCKER_USER}" \
     -e HISTFILE=/apollo/.dev_bash_hist \
-    -it apollo_dev_$USER \
+    -it "${DEV_CONTAINER}" \
     /bin/bash
 
 xhost -local:root 1>/dev/null 2>&1

docker/scripts/dev_start.sh

@@ -16,15 +16,19 @@
 # limitations under the License.
 ###############################################################################
 
-APOLLO_ROOT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
+APOLLO_ROOT_DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd -P)"
 CACHE_ROOT_DIR="${APOLLO_ROOT_DIR}/.cache"
 
+DOCKER_REPO="apolloauto/apollo"
+
+## TODO(storypku): differentiate HOST_ARCH WITH TARGET_ARCH
+ARCH="$(uname -m)"
+
 LOCAL_IMAGE="no"
 FAST_BUILD_MODE="no"
 FAST_TEST_MODE="no"
 VERSION=""
-ARCH=$(uname -m)
-VERSION_X86_64="dev-x86_64-18.04-20200519_0522"
+VERSION_X86_64="dev-x86_64-18.04-20200525_0533"
 VERSION_AARCH64="dev-aarch64-20170927_1111"
 VERSION_OPT=""
 NO_PULL_IMAGE=""
@@ -71,12 +75,9 @@ EOF
 exit 0
 }
 
-function stop_containers()
-{
+function stop_containers() {
 running_containers=$(docker ps --format "{{.Names}}")
-
-for i in ${running_containers[*]}
-do
+for i in ${running_containers[*]} ; do
   if [[ "$i" =~ apollo_* ]];then
     printf %-*s 70 "stopping container: $i ..."
     docker stop $i > /dev/null
@@ -89,12 +90,10 @@ do
 done
 }
 
-function set_registry_mirrors()
-{
-sed -i '$aDOCKER_OPTS=\"--registry-mirror=http://hub-mirror.c.163.com\"' /etc/default/docker
-sed -i '$i  ,"registry-mirrors": [ "http://hub-mirror.c.163.com"]' /etc/docker/daemon.json
-service docker restart
-
+function set_registry_mirrors() {
+    sed -i '$aDOCKER_OPTS=\"--registry-mirror=http://hub-mirror.c.163.com\"' /etc/default/docker
+    sed -i '$i  ,"registry-mirrors": [ "http://hub-mirror.c.163.com"]' /etc/docker/daemon.json
+    service docker restart
 }
 
 if [ "$(readlink -f /apollo)" != "${APOLLO_ROOT_DIR}" ]; then
@@ -122,9 +121,7 @@ DEFAULT_TEST_MAPS=(
 MAP_VOLUME_CONF=""
 OTHER_VOLUME_CONF=""
 
-while [ $# -gt 0 ]
-do
-
+while [ $# -gt 0 ] ; do
     case "$1" in
     -image)
         echo -e "\033[093mWarning\033[0m: This option has been replaced by \"-t\" and \"--tag\", please use the new one.\n"
@@ -148,7 +145,7 @@ do
         FAST_BUILD_MODE="yes"
         ;;
     -c|--china)
-       set_registry_mirrors
+        set_registry_mirrors
 	;;
     -f|--fast-test)
         FAST_TEST_MODE="yes"
@@ -170,9 +167,9 @@ do
         info "running without pulling docker image"
         ;;
     stop)
-	stop_containers
-	exit 0
-	;;
+	    stop_containers
+	    exit 0
+	    ;;
     *)
         echo -e "\033[93mWarning\033[0m: Unknown option: $1"
         exit 2
@@ -192,15 +189,10 @@ else
     exit 0
 fi
 
-if [ -z "${DOCKER_REPO}" ]; then
-    DOCKER_REPO=apolloauto/apollo
-fi
-
 if [ "$LOCAL_IMAGE" == "yes" ] && [ -z "$VERSION_OPT" ]; then
     VERSION="local_dev"
 fi
 
-
 APOLLO_DEV_IMAGE=${DOCKER_REPO}:$VERSION
 LOCALIZATION_VOLUME_IMAGE=${DOCKER_REPO}:localization_volume-${ARCH}-latest
 PADDLE_VOLUME_IMAGE=${DOCKER_REPO}:paddlepaddle_volume-${ARCH}-2.0.0
@@ -239,8 +231,7 @@ function local_volumes() {
 }
 
 ## customized docker cmd
-function do_docker_image_inspect()
-{
+function do_docker_image_inspect() {
     docker image inspect -f {{.Config.Image}} $1 &> /dev/null
     if [ $? -ne 0 ];then
         error "Failed to find local docker image : $1"
@@ -248,8 +239,7 @@ function do_docker_image_inspect()
     fi
 }
 
-function do_docker_pull()
-{
+function do_docker_pull() {
     IMG=$1
     if [ "$NO_PULL_IMAGE" = "yes" ];then
         echo "Skipping pull docker image for $IMG"
@@ -374,7 +364,7 @@ function main() {
     OTHER_VOLUME_CONF="${OTHER_VOLUME_CONF} --volumes-from ${LOCAL_THIRD_PARTY_VOLUME}"
 
     local display=""
-    if [[ -z ${DISPLAY} ]];then
+    if [[ -z "${DISPLAY}" ]];then
         display=":0"
     else
         display="${DISPLAY}"
@@ -386,12 +376,9 @@ function main() {
     GRP=$(id -g -n)
     GRP_ID=$(id -g)
     LOCAL_HOST=`hostname`
-    DOCKER_HOME="/home/$USER"
-    if [ "$USER" == "root" ];then
-        DOCKER_HOME="/root"
-    fi
+
     if [ ! -d "${CACHE_ROOT_DIR}" ]; then
-        mkdir "${CACHE_ROOT_DIR}"
+        mkdir -p "${CACHE_ROOT_DIR}"
     fi
 
     info "Starting docker container \"${APOLLO_DEV}\" ..."
@@ -408,7 +395,7 @@ function main() {
         ${OTHER_VOLUME_CONF} \
         -e DISPLAY=$display \
         -e DOCKER_USER=$USER \
-        -e USER=$USER \
+        -e USER="${USER}" \
         -e DOCKER_USER_ID=$USER_ID \
         -e DOCKER_GRP="$GRP" \
         -e DOCKER_GRP_ID=$GRP_ID \
@@ -433,14 +420,12 @@ function main() {
     fi
     set +x
 
-    # User with uid=1000 or username=apollo excluded
-    if [[ "${USER}" != "root" ]] && [[ "${USER}" != "apollo" ]] \
-        && [[ $USER_ID -ne 1000 ]]; then
-        docker exec -u root $APOLLO_DEV bash -c '/apollo/scripts/docker_adduser.sh'
+    if [[ "${USER}" != "root" ]]; then
+        docker exec -u root $APOLLO_DEV bash -c '/apollo/scripts/docker_start_user.sh'
     fi
 
     ok "Finished setting up Apollo docker environment. Now you can enter with: \nbash docker/scripts/dev_into.sh"
     ok "Enjoy!"
 }
 
-main
+main "$@"

scripts/docker_start_user.sh

+#!/usr/bin/env bash
+
+###############################################################################
+# Copyright 2020 The Apollo Authors. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+###############################################################################
+# Ref: https://serverfault.com/questions/72476/clean-way-to-write-complex-multi-line-string-to-a-variable
+##===========================================================##
+
+function _create_user_account() {
+    local user_name="$1"
+    local uid="$2"
+    local group_name="$3"
+    local gid="$4"
+    addgroup --gid "${gid}" "${group_name}"
+
+    adduser --disabled-password --force-badname --gecos '' \
+            "${user_name}" --uid "${uid}" --gid "${gid}" # 2>/dev/null
+
+    usermod -aG sudo "${user_name}"
+}
+
+function setup_user_bashrc() {
+    local uid="$1"
+    local gid="$2"
+    local user_home="/home/$3"
+    cp -rf /etc/skel/.{profile,bash*} "${user_home}"
+    local RCFILES_DIR="/opt/apollo/rcfiles"
+    local rc
+    if [[ -d "${RCFILES_DIR}" ]]; then
+        for entry in ${RCFILES_DIR}/*; do
+            rc=$(basename "${entry}")
+            if [[ "${rc}" = user.* ]]; then
+                cp -rf ${entry} "${user_home}/${rc##user}"
+            fi
+        done
+    fi
+    # Set user files ownership to current user, such as .bashrc, .profile, etc.
+    chown -R "${uid}:${gid}" "${user_home}"
+}
+
+function setup_user_account() {
+    local user_name="$1"
+    local uid="$2"
+    local group_name="$3"
+    local gid="$4"
+    _create_user_account "$@"
+    setup_user_bashrc "${uid}" "${gid}" "${user_name}"
+}
+
+function grant_device_permissions() {
+    # setup GPS device
+    [ -e /dev/novatel0 ] && chmod a+rw /dev/novatel0
+    [ -e /dev/novatel1 ] && chmod a+rw /dev/novatel1
+    [ -e /dev/novatel2 ] && chmod a+rw /dev/novatel2
+
+    [ -e /dev/ttyACM0 ]  && chmod a+rw /dev/ttyACM0
+
+    # setup camera device
+    [ -e /dev/camera/obstacle ]      && chmod a+rw /dev/camera/obstacle
+    [ -e /dev/camera/trafficlights ] && chmod a+rw /dev/camera/trafficlights
+}
+
+##===================== Main ==============================##
+function main() {
+    local user_name="$1"
+    local uid="$2"
+    local group_name="$3"
+    local gid="$4"
+
+    if [ "${uid}" != "${gid}" ]; then
+        echo "Warning: uid(${uid}) != gid(${gid}) found."
+    fi
+    if [ "${user_name}" != "${group_name}" ]; then
+        echo "Warning: user_name(${user_name}) != group_name(${group_name}) found."
+    fi
+    setup_user_account "$@"
+    grant_device_permissions
+}
+
+main "${DOCKER_USER}" "${DOCKER_USER_ID}" "${DOCKER_GRP}" "${DOCKER_GRP_ID}"