Skip to content

Update hack.sh to use user ids as user ids, not group ids as user ids#447

Merged
EthanHeilman merged 1 commit into
openpubkey:mainfrom
TheToddLuci0:uids_arent_always_gids
Jan 12, 2026
Merged

Update hack.sh to use user ids as user ids, not group ids as user ids#447
EthanHeilman merged 1 commit into
openpubkey:mainfrom
TheToddLuci0:uids_arent_always_gids

Conversation

@TheToddLuci0
Copy link
Copy Markdown
Contributor

@TheToddLuci0 TheToddLuci0 commented Jan 10, 2026

Not all operating systems implement User Private Groups by default. When running /hack/build.sh on such a system (one where there is not a group with a gid that matches the user uid), the variable substitution in docker run breaks.

All that to say, id -u added

set -ex./hack/build.sh
+++ dirname -- ./hack/build.sh
++ cd -- ./hack
++ pwd
+ SCRIPT_DIR=/home/notroot/git/opkssh/hack
+ set -eou pipefail
+ pushd /home/notroot/git/opkssh/hack/../
~/git/opkssh ~/git/opkssh
+ GO_VERSION=1.24.2
+ mkdir -p .cache
+ mkdir -p .mod-cache
++ id -g
++ id -g
+ docker run --rm -v /home/notroot/git/opkssh:/data/ -w /data --user=100:100 -v /home/notroot/git/opkssh/.cache:/.cache -v /home/notroot/git/opkssh/.mod-cache:/go/pkg/mod golang:1.24.2-alpine go build -v -o opkssh
failed to initialize build cache at /.cache/go-build: mkdir /.cache/go-build: permission deniedid
uid=1000(notroot) gid=100(users) groups=100(users),1(wheel),17(audio),57(networkmanager),131(docker),988(gamemode),992(rtkit)id -g
100id -u
1000

@EthanHeilman
Copy link
Copy Markdown
Member

EthanHeilman commented Jan 12, 2026

Thanks for this!

@EthanHeilman EthanHeilman merged commit f573c46 into openpubkey:main Jan 12, 2026
13 checks passed
renovate Bot added a commit to sdwilsh/ansible-playbooks that referenced this pull request Jan 19, 2026
@renovate
chore(deps): update dependency openpubkey/opkssh to v0.12.0
f7437cb 
##### [\`v0.12.0\`](https://github.com/openpubkey/opkssh/releases/tag/v0.12.0)

Main feature of this release is the audit command, which allows you to check server side configurations.  Read the docs here: <https://github.com/openpubkey/opkssh/blob/main/docs/audit.md>

##### Changes

- docs: warn that azure alias URI hardcodes the tenant ID [@TheToddLuci0](https://github.com/TheToddLuci0) ([#446](openpubkey/opkssh#446))
- docs: Add Keycloak docs [@sylvain-vq](https://github.com/sylvain-vq) ([#442](openpubkey/opkssh#442))

##### 🚀 Features

- feat: Audit command [@Basti-Fantasti](https://github.com/Basti-Fantasti) ([#396](openpubkey/opkssh#396))

##### 🐛 Bug Fixes

- Update hack.sh to use user ids as user ids, not group ids as user ids [@TheToddLuci0](https://github.com/TheToddLuci0) ([#447](openpubkey/opkssh#447))
- Fix openssh version detection bug [@EthanHeilman](https://github.com/EthanHeilman) ([#444](openpubkey/opkssh#444))
- fix(deps): Update Docker @[renovate\[bot\]](https://github.com/apps/renovate) ([#450](openpubkey/opkssh#450))
- fix(deps): Update actions/setup-go action to v6.2.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#449](openpubkey/opkssh#449))
renovate Bot added a commit to sdwilsh/ansible-playbooks that referenced this pull request Jan 20, 2026
@renovate
chore(deps): update dependency openpubkey/opkssh to v0.12.0
b24eeb6 
##### [\`v0.12.0\`](https://github.com/openpubkey/opkssh/releases/tag/v0.12.0)

Main feature of this release is the audit command, which allows you to check server side configurations.  Read the docs here: <https://github.com/openpubkey/opkssh/blob/main/docs/audit.md>

##### Changes

- docs: warn that azure alias URI hardcodes the tenant ID [@TheToddLuci0](https://github.com/TheToddLuci0) ([#446](openpubkey/opkssh#446))
- docs: Add Keycloak docs [@sylvain-vq](https://github.com/sylvain-vq) ([#442](openpubkey/opkssh#442))

##### 🚀 Features

- feat: Audit command [@Basti-Fantasti](https://github.com/Basti-Fantasti) ([#396](openpubkey/opkssh#396))

##### 🐛 Bug Fixes

- Update hack.sh to use user ids as user ids, not group ids as user ids [@TheToddLuci0](https://github.com/TheToddLuci0) ([#447](openpubkey/opkssh#447))
- Fix openssh version detection bug [@EthanHeilman](https://github.com/EthanHeilman) ([#444](openpubkey/opkssh#444))
- fix(deps): Update Docker @[renovate\[bot\]](https://github.com/apps/renovate) ([#450](openpubkey/opkssh#450))
- fix(deps): Update actions/setup-go action to v6.2.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#449](openpubkey/opkssh#449))
sdwilsh pushed a commit to sdwilsh/ansible-playbooks that referenced this pull request Jan 20, 2026
@renovate @sdwilsh
chore(deps): update dependency openpubkey/opkssh to v0.12.0
981d8fa 
##### [\`v0.12.0\`](https://github.com/openpubkey/opkssh/releases/tag/v0.12.0)

Main feature of this release is the audit command, which allows you to check server side configurations.  Read the docs here: <https://github.com/openpubkey/opkssh/blob/main/docs/audit.md>

##### Changes

- docs: warn that azure alias URI hardcodes the tenant ID [@TheToddLuci0](https://github.com/TheToddLuci0) ([#446](openpubkey/opkssh#446))
- docs: Add Keycloak docs [@sylvain-vq](https://github.com/sylvain-vq) ([#442](openpubkey/opkssh#442))

##### 🚀 Features

- feat: Audit command [@Basti-Fantasti](https://github.com/Basti-Fantasti) ([#396](openpubkey/opkssh#396))

##### 🐛 Bug Fixes

- Update hack.sh to use user ids as user ids, not group ids as user ids [@TheToddLuci0](https://github.com/TheToddLuci0) ([#447](openpubkey/opkssh#447))
- Fix openssh version detection bug [@EthanHeilman](https://github.com/EthanHeilman) ([#444](openpubkey/opkssh#444))
- fix(deps): Update Docker @[renovate\[bot\]](https://github.com/apps/renovate) ([#450](openpubkey/opkssh#450))
- fix(deps): Update actions/setup-go action to v6.2.0 @[renovate\[bot\]](https://github.com/apps/renovate) ([#449](openpubkey/opkssh#449))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@EthanHeilman EthanHeilman EthanHeilman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TheToddLuci0 @EthanHeilman