[infra] use $BUILD_UID if it is defined (fixes #30) (#211)

If $BUILD_UID is defined, then compile script will create a user
with a given UID and switch to it prior to calling project's build.sh.

infra/base-images/base-libfuzzer/README.md

@@ -41,6 +41,7 @@ Build configuration is performed through following environment variables:
 | `$SANITIZER ("address")` | Specifies sanitizer configuration to use. `address` or `undefined`.
 | `$SANITIZER_FLAGS` | Specify compiler sanitizer flags directly. Overrides `$SANITIZER`.
 | `$COVERAGE_FLAGS` | Specify compiler flags to use for fuzzer feedback coverage.
+| `$BUILD_UID` | User id to use while building fuzzers.
 
 # Examples
 

infra/base-images/base-libfuzzer/compile

@@ -42,4 +42,12 @@ echo "CXXFLAGS=$CXXFLAGS"
 
 echo "---------------------------------------------------------------"
 
-bash -x $SRC/build.sh
+BUILD_CMD="bash -x $SRC/build.sh"
+if [ -z "${BUILD_UID+}" ]; then
+  adduser -u $BUILD_UID --disabled-password --no-create-home --gecos '' builder
+  chown -R builder $SRC
+  chown builder $OUT
+  su -c "$BUILD_CMD" builder
+else
+  $BUILD_CMD
+fi

infra/helper.py

@@ -148,6 +148,7 @@ def build_fuzzers(build_args):
 
   command = [
         'docker', 'run', '--rm', '-i', '--cap-add', 'SYS_PTRACE',
+        '-e', 'BUILD_UID=%d' % os.getuid(),
         '-v', '%s:/out' % os.path.join(BUILD_DIR, 'out', args.project_name),
         '-v', '%s:/work' % os.path.join(BUILD_DIR, 'work', args.project_name),
         '-t', 'ossfuzz/' + args.project_name,

infra/libfuzzer-pipeline.groovy

@@ -22,6 +22,7 @@ def call(body) {
     body()
 
     def project = new groovy.json.JsonSlurperClassic().parseText(config["project_json"])
+    def uid = sh(returnStdout: true, script: 'id -u $USER').trim()
 
     // Project configuration.
     def projectName = project["name"] ?: env.JOB_BASE_NAME
@@ -38,18 +39,15 @@ def call(body) {
     def dockerGit = dockerfileConfig["git"]
     def dockerContextDir = dockerfileConfig["context"] ?: ""
     def dockerTag = "ossfuzz/$projectName"
-    def dockerUid = 0 // TODO: try to make $USER to work
-    def dockerRunOptions = "--user $dockerUid --cap-add SYS_PTRACE"
-
+    def dockerRunOptions = "-e BUILD_UID=$uid --cap-add SYS_PTRACE"
+
     def date = java.time.format.DateTimeFormatter.ofPattern("yyyyMMddHHmm")
         .format(java.time.LocalDateTime.now())
 
     node {
         def workspace = pwd()
-        // def uid = sh(returnStdout: true, script: 'id -u $USER').trim()
-        echo "using uid $dockerUid"
-
         def srcmapFile = "$workspace/srcmap.json"
+
         echo "Building $dockerTag: $project"
 
         sh "docker run --rm $dockerRunOptions -v $workspace:/workspace ubuntu bash -c \"rm -rf /workspace/out\""