From 7a8315f146c713575fcc26c70bc17a407bb9a804 Mon Sep 17 00:00:00 2001
From: Max Neverov <neverov.max@gmail.com>
Date: Wed, 23 Oct 2024 16:01:47 +0200
Subject: [PATCH] Avoid elevating permissions to clean cache directories by
 using host user in docker and "-modcacherw" in go build command.

---
 Makefile               | 4 ++--
 build/build.sh         | 8 ++++----
 build/run-in-docker.sh | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 1c35c12b2..4ebf361c8 100644
--- a/Makefile
+++ b/Makefile
@@ -121,8 +121,8 @@ build:  ## Build ingress controller, debug tool and pre-stop hook.
 
 
 .PHONY: clean
-clean: ## Remove .gocache directory.
-	rm -rf bin/ .gocache/ .cache/
+clean: ## Remove cache and bin directories.
+	rm -rf bin/ .modcache/ .cache/ rootfs/bin
 
 .PHONY: verify-docs
 verify-docs: ## Verify doc generation
diff --git a/build/build.sh b/build/build.sh
index bbcaf78e8..e39583b99 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -41,7 +41,7 @@ echo "Building targets for ${ARCH}, generated targets in ${TARGETS_DIR} director
 echo "Building ${PKG}/cmd/nginx"
 
 ${GO_BUILD_CMD} \
-  -trimpath -ldflags="-buildid= -w -s \
+  -modcacherw -trimpath -ldflags="-buildid= -w -s \
   -X ${PKG}/version.RELEASE=${TAG} \
   -X ${PKG}/version.COMMIT=${COMMIT_SHA} \
   -X ${PKG}/version.REPO=${REPO_INFO}" \
@@ -51,7 +51,7 @@ ${GO_BUILD_CMD} \
 echo "Building ${PKG}/cmd/dbg"
 
 ${GO_BUILD_CMD} \
-  -trimpath -ldflags="-buildid= -w -s \
+  -modcacherw -trimpath -ldflags="-buildid= -w -s \
   -X ${PKG}/version.RELEASE=${TAG} \
   -X ${PKG}/version.COMMIT=${COMMIT_SHA} \
   -X ${PKG}/version.REPO=${REPO_INFO}" \
@@ -61,9 +61,9 @@ ${GO_BUILD_CMD} \
 echo "Building ${PKG}/cmd/waitshutdown"
 
 ${GO_BUILD_CMD} \
-  -trimpath -ldflags="-buildid= -w -s \
+  -modcacherw -trimpath -ldflags="-buildid= -w -s \
   -X ${PKG}/version.RELEASE=${TAG} \
   -X ${PKG}/version.COMMIT=${COMMIT_SHA} \
   -X ${PKG}/version.REPO=${REPO_INFO}" \
   -buildvcs=false \
-  -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown"
\ No newline at end of file
+  -o "${TARGETS_DIR}/wait-shutdown" "${PKG}/cmd/waitshutdown"
diff --git a/build/run-in-docker.sh b/build/run-in-docker.sh
index 095e09b91..0b5e742ec 100755
--- a/build/run-in-docker.sh
+++ b/build/run-in-docker.sh
@@ -89,7 +89,7 @@ if [[ "$DOCKER_IN_DOCKER_ENABLED" == "true" ]]; then
 else
   echo "Reached DIND check ELSE block, inside run-in-docker.sh"
 
-  args="${PLATFORM_FLAG} ${PLATFORM} --tty --rm ${DOCKER_OPTS} -e DEBUG=${DEBUG} -e GOCACHE="/go/src/${PKG}/.cache" -e GOMODCACHE="/go/src/${PKG}/.modcache" -e DOCKER_IN_DOCKER_ENABLED="true" -v "${HOME}/.kube:${HOME}/.kube" -v "${KUBE_ROOT}:/go/src/${PKG}" -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" -v "${INGRESS_VOLUME}:/etc/ingress-controller/" -w "/go/src/${PKG}""
+  args="${PLATFORM_FLAG} ${PLATFORM} --tty --rm ${DOCKER_OPTS} -e DEBUG=${DEBUG} -e GOCACHE="/go/src/${PKG}/.cache" -e GOMODCACHE="/go/src/${PKG}/.modcache" -e DOCKER_IN_DOCKER_ENABLED="true" -v "${HOME}/.kube:${HOME}/.kube" -v "${KUBE_ROOT}:/go/src/${PKG}" -v "${KUBE_ROOT}/bin/${ARCH}:/go/bin/linux_${ARCH}" -v "${INGRESS_VOLUME}:/etc/ingress-controller/" -w "/go/src/${PKG}" -u "$(id -u ${USER}):$(id -g ${USER})""
 
   if [[ "$RUNTIME" == "docker" ]]; then
     args="$args -v /var/run/docker.sock:/var/run/docker.sock"