From 1b7557b73b446e610336710d5901af27b8d6f1a9 Mon Sep 17 00:00:00 2001
From: Florian Bruhin <me@the-compiler.org>
Date: Tue, 6 May 2025 09:15:27 +0200
Subject: [PATCH] docker: Don't run makepkg as root

---
 scripts/dev/ci/docker/Dockerfile.j2 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/dev/ci/docker/Dockerfile.j2 b/scripts/dev/ci/docker/Dockerfile.j2
index 5378d78af..bfe47a363 100644
--- a/scripts/dev/ci/docker/Dockerfile.j2
+++ b/scripts/dev/ci/docker/Dockerfile.j2
@@ -39,6 +39,7 @@ RUN pacman -Su --noconfirm \
 RUN useradd user -u 1001 && \
     mkdir /home/user && \
     chown user:users /home/user
+RUN echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers  # needed for makepkg
 
 {% if not webengine %}
 RUN pacman -U --noconfirm \
@@ -56,7 +57,6 @@ RUN pacman -U --noconfirm \
     https://archive.archlinux.org/packages/q/qt5-webchannel/qt5-webchannel-5.15.10%2Bkde%2Br3-1-x86_64.pkg.tar.zst
 RUN pacman -S --noconfirm base-devel
 
-RUN echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers  # needed for makepkg
 USER user
 RUN cd ~ && \
     git clone https://aur.archlinux.org/python310.git && \
@@ -68,10 +68,12 @@ RUN python3.10 -m pip install tox pyqt5-sip
 {% endif %}
 
 # Needed for running PyPI Qt builds
+USER user
 RUN cd ~ && \
     git clone https://aur.archlinux.org/libxml2.13.git && \
     cd libxml2.13 && \
     makepkg -si --noconfirm
+USER root
 
 {% if qt6 %}
   {% set pyqt_module = 'PyQt6' %}