make build -D work with podman (#3796)

* added podman to switches

with -D podman is preffered, becuase if there is podman, then docker
woudl be podman wrapper, and it is not 1:1 with original docker

All other work shoudl be in signalhandler.sh and  docker-build.sh and
not sure how with ./docker/buildDocker.sh

* Adjusted signalHandler to countwith podman/docker

Not sure if it is used:
KEEP_CONTAINER and $CONTAINER_NAME are nowhere to found
however BUILD_CONFIG[KEEP_CONTAINER] and BUILD_CONFIG[CONTAINER_NAME] are
thus using them and BUILD_CONFIG[USE_DOCKER] for command handler

* reworked BUILD_CONFIG[DOCKER] to contain only sudo information

it is not used consitently anyway, there is BUILD_CONFIG[DOCKER]  x
plain docker. It will be utilised to ${BUILD_CONFIG[DOCKER]} ${BUILD_CONFIG[USE_DOCKER]}
where commands are same.

Where not (eg buildah), ${BUILD_CONFIG[DOCKER]} will be used as needed

Once it is unified, it would be worth to rename
BUILD_CONFIG[DOCKER] to BUILD_CONFIG[CONTAINER_WITH_SUDO]
BUILD_CONFIG[USE_DOCKER] to BUILD_CONFIG[CONTAINER_PROVIDER]

* using the BUILD_CONFIG[DOCKER] BUILD_CONFIG[USE_DOCKER] combo proeprly

* On podman, set --userns=keep-id

* porecreate all necessary dirs

Podman is creating all mounted folders as root root 744
So next to --userns=keep-id which set proeprly the owner ow mounted
folder itself, we have to pre-create the used parents of mounted folder

Maybe this should be podman only, but afaik it do not hurt in docker

* Added warinbg to `docker build` command when used with podman

* Using absolute path instead of "."

however it was not guilty:
open my $fh, '<', $filename or die "Couldn't open file: $!";
in mk-ca-bundle.pl is.

* docker-build.sh jsut-> just

Co-authored-by: Stewart X Addison <[email protected]>

* Removed unused parameter of buildOpenJDKViaDocker

buildOpenJDKViaDocker do not need  ${BUILD_CONFIG[USE_DOCKER]} as
parameter. docker-build.sh  is inheriting the whole BUILD_CONFIG

* use which podman without [] and to dev/null

Co-authored-by: Stewart X Addison <[email protected]>

* Revert "Using absolute path instead of ".""

This reverts commit 55f1195.

* Fixed issue with missing test for mk-ca-bundle.pl

* Always generate configure-and-build.sh

* Removed more hardcoded dockers

* Do not set boot jdk for docekr builds (it is removed later anyway)

* Added few more missing dirs

* Fixed boot jdk check against new  docker/podman/false

* replacing missed ${BUILD_CONFIG[DOCKER]} by ${BUILD_CONFIG[DOCKER]} "${BUILD_CONFIG[USE_DOCKER]}"

Originally, this patch started to fix properly quote for safety (thanx
linter), I foudn that on sme pleaces, original  ${BUILD_CONFIG[DOCKER]}
 was not repalced by new tandem.  ${BUILD_CONFIG[DOCKER]} was 'docker'
or 'sudo docker'. I had split it, so ${BUILD_CONFIG[DOCKER]} is sudo or
nothing and ${BUILD_CONFIG[USE_DOCKER]}" is docker or podman.  The
variables have to be renamed at the end to adhere more to theirs purposes.

* instead of workspace/build/src creatig directly /workspace/build

all sub dirs should be then created by follwoing prepare-workspace

* Remoed accident tab

* Added support for building local dir/src tarball in contianer

* Removed wrongly added ASSEMBLE_EXPLODED_IMAGE=true to container builds

* used -n instead of '! -z '

* Highlighted sudo for dcoekr

* Added missing bracket

* Fixed typo

* Mentioned issue with --custom-cacerts on podman

with #3862

* renamed  USE_DOCKER->CONTAINER_COMMAND DOCKER->CONTAINER_AS_ROOT

BUILD_CONFIG[USE_DOCKER]-> BUILD_CONFIG[CONTAINER_COMMAND]
BUILD_CONFIG[DOCKER] -> BUILD_CONFIG[CONTAINER_AS_ROOT]

BUILD_CONFIG[USE_DOCKER] values: false, podman, docker
BUILD_CONFIG[DOCKER] values: sudo,empty string

Other docker based variables which are globally container bound remained
intact (CLEAN_DOCKER_BUILD, DEBUG_DOCKER, DOCKER_FILE_PATH...)

* Improved warning about --custom-cacerts

---------

Co-authored-by: Stewart X Addison <[email protected]>

Author: judovana

README.md

@@ -45,7 +45,7 @@ as we can generate valid dockerfile for it):
 
 ```bash
 ./makejdk-any-platform.sh --docker --clean-docker-build jdk8u
-./makejdk-any-platform.sh --docker --clean-docker-build --build-variant openj9 jdk11u
+./makejdk-any-platform.sh --podman --clean-docker-build --build-variant openj9 jdk11u
 ```
 
 We test these dockerfiles on a regular basis in the
@@ -144,8 +144,8 @@ specify the location for the built binary, e.g. /path/.
 This is typically used in conjunction with -T to create a custom path
 / file name for the resulting binary.
 
--D, --docker
-build OpenJDK in a docker container.
+-D, --docker, --podman
+build OpenJDK in a docker/podman container. -D will autodetect, using podman if found, docker otherwise.
 
 --cross-compile
 use this if you are cross compiling - it will skip the java -version checks at the end
@@ -253,7 +253,7 @@ specify the JVM variant (server or client), defaults to server.
 
 Example usage:
 
-./makejdk-any-platform --docker jdk8u
+./makejdk-any-platform -D jdk8u
 ./makejdk-any-platform -T MyOpenJDK10.tar.gz jdk10
 
 ```

configureBuild.sh

@@ -86,7 +86,7 @@ doAnyBuildVariantOverrides() {
 # Set the working directory for this build
 setWorkingDirectory() {
   if [ -z "${BUILD_CONFIG[WORKSPACE_DIR]}" ]; then
-    if [[ "${BUILD_CONFIG[USE_DOCKER]}" == "true" ]]; then
+    if [[ "${BUILD_CONFIG[CONTAINER_COMMAND]}" == "true" ]]; then
       BUILD_CONFIG[WORKSPACE_DIR]="/openjdk/"
     else
       BUILD_CONFIG[WORKSPACE_DIR]="$PWD/workspace"
@@ -410,5 +410,7 @@ configure_build() {
   setWorkingDirectory
   configureMacFreeFont
   setMakeArgs
-  setBootJdk
+  if [ "${BUILD_CONFIG[CONTAINER_COMMAND]}" == false ] ; then
+    setBootJdk
+  fi
 }

cyclonedx-lib/build.xml

@@ -354,7 +354,7 @@
                   <arg value="--name"/>
                   <arg value="openjdk_built_config"/>
                   <arg value="--value"/>
-                  <arg value="# ============================\n# OPENJDK BUILD CONFIGURATION:\n# ============================\nBUILD_CONFIG[ADOPT_PATCHES]=\true\\nBUILD_CONFIG[ASSEMBLE_EXPLODED_IMAGE]=\false\\nBUILD_CONFIG[BRANCH]=\dev\\nBUILD_CONFIG[BUILD_FULL_NAME]=\linux-x86_64--server-release\\nBUILD_CONFIG[BUILD_VARIANT]=\hotspot\\nBUILD_CONFIG[CLEAN_DOCKER_BUILD]=\false\/>\nBUILD_CONFIG[CLEAN_GIT_REPO]=\true\nBUILD_CONFIG[CLEAN_LIBS]=\false\\nBUILD_CONFIG[CONTAINER_NAME]=\openjdk_container\\nBUILD_CONFIG[COPY_MACOSX_FREE_FONT_LIB_FOR_JDK_FLAG]=\false\\nBUILD_CONFIG[COPY_MACOSX_FREE_FONT_LIB_FOR_JRE_FLAG]=\false\\nBUILD_CONFIG[CREATE_DEBUG_IMAGE]=\true\\nBUILD_CONFIG[CREATE_SOURCE_ARCHIVE]=\false\\nBUILD_CONFIG[CROSSCOMPILE]=\false\\nBUILD_CONFIG[CUSTOM_CACERTS]=\true\\nBUILD_CONFIG[DEBUG_DOCKER]=\false\\nBUILD_CONFIG[DEBUG_IMAGE_PATH]=\debug-image\\nBUILD_CONFIG[DISABLE_ADOPT_BRANCH_SAFETY]=\false\\nBUILD_CONFIG[DOCKER]=\docker\\nBUILD_CONFIG[DOCKER_FILE_PATH]=\\nBUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]=\openjdk-source-volume-jdk17-hotspot\\nBUILD_CONFIG[FREETYPE]=\false\\nBUILD_CONFIG[FREETYPE_DIRECTORY]=\\nBUILD_CONFIG[FREETYPE_FONT_BUILD_TYPE_PARAM]=\\nBUILD_CONFIG[FREETYPE_FONT_VERSION]=\2.9.1\\nBUILD_CONFIG[GRADLE_USER_HOME_DIR]=\\nBUILD_CONFIG[JDK_BOOT_DIR]=\/usr/lib/jvm/jdk-16\              \nBUILD_CONFIG[JDK_PATH]=\jdk\\nBUILD_CONFIG[JRE_PATH]=\jre\\nBUILD_CONFIG[JVM_VARIANT]=\server\\nBUILD_CONFIG[KEEP_CONTAINER]=\false\\nBUILD_CONFIG[MACOSX_CODESIGN_IDENTITY]=\\nBUILD_CONFIG[MAKE_ARGS_FOR_ANY_PLATFORM]=\product-images legacy-jre-image\\nBUILD_CONFIG[MAKE_COMMAND_NAME]=\make\\nBUILD_CONFIG[MAKE_EXPLODED]=\false\\nBUILD_CONFIG[NUM_PROCESSORS]=\1\\nBUILD_CONFIG[OPENJDK_BUILD_NUMBER]=\\nBUILD_CONFIG[OPENJDK_BUILD_REPO_BRANCH]=\master\\nBUILD_CONFIG[OPENJDK_BUILD_REPO_URI]=\https://github.com/adoptium/temurin-build.git\\nBUILD_CONFIG[OPENJDK_CORE_VERSION]=\jdk17\\nBUILD_CONFIG[OPENJDK_FEATURE_NUMBER]=\17\\nBUILD_CONFIG[OPENJDK_FOREST_NAME]=\jdk17\\nBUILD_CONFIG[OPENJDK_SOURCE_DIR]=\src\nBUILD_CONFIG[OPENJDK_UPDATE_VERSION]=\\nBUILD_CONFIG[OS_ARCHITECTURE]=\x86_64\\nBUILD_CONFIG[OS_FULL_VERSION]=\Linux 5.8.0-34-generic : CentOS release 6.10 (Final)\\nBUILD_CONFIG[OS_KERNEL_NAME]=\linux\\nBUILD_CONFIG[PATCHES]=\\nBUILD_CONFIG[RELEASE]=\true\\nBUILD_CONFIG[REPOSITORY]=\https://github.com/adoptium/jdk17\\nBUILD_CONFIG[REUSE_CONTAINER]=\true\\nBUILD_CONFIG[SHALLOW_CLONE_OPTION]=\\nBUILD_CONFIG[SIGN]=\false\\nBUILD_CONFIG[TAG]=\jdk-17+35_adopt\\nBUILD_CONFIG[TARGET_DIR]=\target/\\nBUILD_CONFIG[TARGET_FILE_NAME]=\OpenJDK17-jdk_x64_linux_hotspot_17_35.tar.gz\\nBUILD_CONFIG[TEST_IMAGE_PATH]=\test\\nBUILD_CONFIG[TMP_CONTAINER_NAME]=\openjdk-copy-src\\nBUILD_CONFIG[TMP_SPACE_BUILD]=\false\\nBUILD_CONFIG[USER_SUPPLIED_CONFIGURE_ARGS]=\ --disable-warnings-as-errors --enable-ccache --enable-dtrace\\nBUILD_CONFIG[USER_SUPPLIED_MAKE_ARGS]=\\nBUILD_CONFIG[USE_DOCKER]=\false\\nBUILD_CONFIG[USE_JEP319_CERTS]=\true\\nBUILD_CONFIG[USE_SSH]=\false\\nBUILD_CONFIG[VENDOR]=\Eclipse Adoptium\\nBUILD_CONFIG[WORKING_DIR]=\./build/\\nBUILD_CONFIG[WORKSPACE_DIR]=\/home/jenkins/workspace/build-scripts/jobs/jdk17/jdk17-linux-x64-hotspot/workspace\"/>
+                  <arg value="# ============================\n# OPENJDK BUILD CONFIGURATION:\n# ============================\nBUILD_CONFIG[ADOPT_PATCHES]=\true\\nBUILD_CONFIG[ASSEMBLE_EXPLODED_IMAGE]=\false\\nBUILD_CONFIG[BRANCH]=\dev\\nBUILD_CONFIG[BUILD_FULL_NAME]=\linux-x86_64--server-release\\nBUILD_CONFIG[BUILD_VARIANT]=\hotspot\\nBUILD_CONFIG[CLEAN_DOCKER_BUILD]=\false\/>\nBUILD_CONFIG[CLEAN_GIT_REPO]=\true\nBUILD_CONFIG[CLEAN_LIBS]=\false\\nBUILD_CONFIG[CONTAINER_NAME]=\openjdk_container\\nBUILD_CONFIG[COPY_MACOSX_FREE_FONT_LIB_FOR_JDK_FLAG]=\false\\nBUILD_CONFIG[COPY_MACOSX_FREE_FONT_LIB_FOR_JRE_FLAG]=\false\\nBUILD_CONFIG[CREATE_DEBUG_IMAGE]=\true\\nBUILD_CONFIG[CREATE_SOURCE_ARCHIVE]=\false\\nBUILD_CONFIG[CROSSCOMPILE]=\false\\nBUILD_CONFIG[CUSTOM_CACERTS]=\true\\nBUILD_CONFIG[DEBUG_DOCKER]=\false\\nBUILD_CONFIG[DEBUG_IMAGE_PATH]=\debug-image\\nBUILD_CONFIG[DISABLE_ADOPT_BRANCH_SAFETY]=\false\\nBUILD_CONFIG[CONTAINER_AS_ROOT]=\docker\\nBUILD_CONFIG[DOCKER_FILE_PATH]=\\nBUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]=\openjdk-source-volume-jdk17-hotspot\\nBUILD_CONFIG[FREETYPE]=\false\\nBUILD_CONFIG[FREETYPE_DIRECTORY]=\\nBUILD_CONFIG[FREETYPE_FONT_BUILD_TYPE_PARAM]=\\nBUILD_CONFIG[FREETYPE_FONT_VERSION]=\2.9.1\\nBUILD_CONFIG[GRADLE_USER_HOME_DIR]=\\nBUILD_CONFIG[JDK_BOOT_DIR]=\/usr/lib/jvm/jdk-16\              \nBUILD_CONFIG[JDK_PATH]=\jdk\\nBUILD_CONFIG[JRE_PATH]=\jre\\nBUILD_CONFIG[JVM_VARIANT]=\server\\nBUILD_CONFIG[KEEP_CONTAINER]=\false\\nBUILD_CONFIG[MACOSX_CODESIGN_IDENTITY]=\\nBUILD_CONFIG[MAKE_ARGS_FOR_ANY_PLATFORM]=\product-images legacy-jre-image\\nBUILD_CONFIG[MAKE_COMMAND_NAME]=\make\\nBUILD_CONFIG[MAKE_EXPLODED]=\false\\nBUILD_CONFIG[NUM_PROCESSORS]=\1\\nBUILD_CONFIG[OPENJDK_BUILD_NUMBER]=\\nBUILD_CONFIG[OPENJDK_BUILD_REPO_BRANCH]=\master\\nBUILD_CONFIG[OPENJDK_BUILD_REPO_URI]=\https://github.com/adoptium/temurin-build.git\\nBUILD_CONFIG[OPENJDK_CORE_VERSION]=\jdk17\\nBUILD_CONFIG[OPENJDK_FEATURE_NUMBER]=\17\\nBUILD_CONFIG[OPENJDK_FOREST_NAME]=\jdk17\\nBUILD_CONFIG[OPENJDK_SOURCE_DIR]=\src\nBUILD_CONFIG[OPENJDK_UPDATE_VERSION]=\\nBUILD_CONFIG[OS_ARCHITECTURE]=\x86_64\\nBUILD_CONFIG[OS_FULL_VERSION]=\Linux 5.8.0-34-generic : CentOS release 6.10 (Final)\\nBUILD_CONFIG[OS_KERNEL_NAME]=\linux\\nBUILD_CONFIG[PATCHES]=\\nBUILD_CONFIG[RELEASE]=\true\\nBUILD_CONFIG[REPOSITORY]=\https://github.com/adoptium/jdk17\\nBUILD_CONFIG[REUSE_CONTAINER]=\true\\nBUILD_CONFIG[SHALLOW_CLONE_OPTION]=\\nBUILD_CONFIG[SIGN]=\false\\nBUILD_CONFIG[TAG]=\jdk-17+35_adopt\\nBUILD_CONFIG[TARGET_DIR]=\target/\\nBUILD_CONFIG[TARGET_FILE_NAME]=\OpenJDK17-jdk_x64_linux_hotspot_17_35.tar.gz\\nBUILD_CONFIG[TEST_IMAGE_PATH]=\test\\nBUILD_CONFIG[TMP_CONTAINER_NAME]=\openjdk-copy-src\\nBUILD_CONFIG[TMP_SPACE_BUILD]=\false\\nBUILD_CONFIG[USER_SUPPLIED_CONFIGURE_ARGS]=\ --disable-warnings-as-errors --enable-ccache --enable-dtrace\\nBUILD_CONFIG[USER_SUPPLIED_MAKE_ARGS]=\\nBUILD_CONFIG[CONTAINER_COMMAND]=\false\\nBUILD_CONFIG[USE_JEP319_CERTS]=\true\\nBUILD_CONFIG[USE_SSH]=\false\\nBUILD_CONFIG[VENDOR]=\Eclipse Adoptium\\nBUILD_CONFIG[WORKING_DIR]=\./build/\\nBUILD_CONFIG[WORKSPACE_DIR]=\/home/jenkins/workspace/build-scripts/jobs/jdk17/jdk17-linux-x64-hotspot/workspace\"/>
                   <arg value="--jsonFile"/>
                   <arg value="${testSBOMFile}"/>
                 </java>

docker-build.sh

@@ -20,6 +20,12 @@
 #
 ################################################################################
 
+# the ${BUILD_CONFIG[CONTAINER_AS_ROOT]} can not be quoted. It is sudo (or simialrly) or nothing. "" is not an option.
+# simialrly the  ${cpuset} and ${userns}
+# shellcheck disable=SC2206
+# shellcheck disable=SC2046
+# shellcheck disable=SC2086
+
 set -eu
 
 # Create a data volume called ${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]},
@@ -30,21 +36,24 @@ set -eu
 createPersistentDockerDataVolume()
 {
   set +e
-  ${BUILD_CONFIG[DOCKER]} volume inspect "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}" > /dev/null 2>&1
+  ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" volume inspect "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}" > /dev/null 2>&1
   local data_volume_exists=$?
   set -e
 
   if [[ "${BUILD_CONFIG[CLEAN_DOCKER_BUILD]}" == "true" || "$data_volume_exists" != "0" ]]; then
 
     # shellcheck disable=SC2154
     echo "Removing old volumes and containers"
-    # shellcheck disable=SC2046
-    ${BUILD_CONFIG[DOCKER]} rm -f $(${BUILD_CONFIG[DOCKER]} ps -a --no-trunc -q -f volume="${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}") || true
-    ${BUILD_CONFIG[DOCKER]} volume rm -f "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}" || true
+    ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" rm -f $(${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" ps -a --no-trunc -q -f volume="${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}") || true
+    ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" volume rm -f "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}" || true
 
     # shellcheck disable=SC2154
     echo "Creating tmp container"
-    ${BUILD_CONFIG[DOCKER]} volume create --name "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}"
+    if echo "${BUILD_CONFIG[CONTAINER_COMMAND]}" | grep docker ; then
+      ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" volume create --name "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}"
+    else
+      ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" volume create "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}"
+    fi
   fi
 }
 
@@ -64,12 +73,25 @@ buildDockerContainer()
 
   writeConfigToFile
 
-  ${BUILD_CONFIG[DOCKER]} build -t "${BUILD_CONFIG[CONTAINER_NAME]}" -f "${dockerFile}" . --build-arg "OPENJDK_CORE_VERSION=${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" --build-arg "HostUID=${UID}"
+  ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" build -t "${BUILD_CONFIG[CONTAINER_NAME]}" -f "${dockerFile}" . --build-arg "OPENJDK_CORE_VERSION=${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" --build-arg "HostUID=${UID}"
 }
 
 # Execute the (Adoptium) OpenJDK build inside the Docker Container
 buildOpenJDKViaDocker()
 {
+  local hostDir
+  hostDir="$(pwd)"
+  local pipelinesdir="${hostDir}"/workspace/pipelines
+  local workspacedir="${hostDir}"/workspace # we must ensure build user have correct permissions here
+  local targetdir="${hostDir}"/workspace/target
+  local targetbuilddir="${hostDir}"/workspace/build
+  local configdir="${hostDir}"/workspace/config
+  local localsourcesdir=
+
+  if [ "${BUILD_CONFIG[OPENJDK_LOCAL_SOURCE_ARCHIVE]}" = "true" ] ; then
+    # OPENJDK_LOCAL_SOURCE_ARCHIVE_ABSPATH can be file, you can nto mount file
+    localsourcesdir=$(dirname "${BUILD_CONFIG[OPENJDK_LOCAL_SOURCE_ARCHIVE_ABSPATH]}")
+  fi
 
   # TODO This could be extracted overridden by the user if we support more
   # architectures going forwards
@@ -80,7 +102,8 @@ buildOpenJDKViaDocker()
   if [ "${BUILD_CONFIG[BUILD_VARIANT]}" == "openj9" ]; then
     build_variant_flag="--openj9"
   fi
-  docker/dockerfile-generator.sh --version "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" --path "${BUILD_CONFIG[DOCKER_FILE_PATH]}" "$build_variant_flag"
+  docker/dockerfile-generator.sh --version "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" --path "${BUILD_CONFIG[DOCKER_FILE_PATH]}" "$build_variant_flag" \
+     --dirs "${workspacedir} ${targetdir} ${targetbuilddir} ${configdir} ${localsourcesdir}" --command "${BUILD_CONFIG[CONTAINER_AS_ROOT]} ${BUILD_CONFIG[CONTAINER_COMMAND]}"
 
   # shellcheck disable=SC1090,SC1091
   source "${BUILD_CONFIG[DOCKER_FILE_PATH]}/dockerConfiguration.sh"
@@ -129,7 +152,7 @@ buildOpenJDKViaDocker()
     BUILD_CONFIG[DEBUG_IMAGE_PATH]=$openjdk_debug_image_path
     BUILD_CONFIG[STATIC_LIBS_IMAGE_PATH]=$static_libs_dir
 
-  if [ -z "$(command -v docker)" ]; then
+  if [ -z "$(command -v "${BUILD_CONFIG[CONTAINER_COMMAND]}")" ]; then
      # shellcheck disable=SC2154
     echo "Error, please install docker and ensure that it is in your path and running!"
     exit
@@ -144,15 +167,15 @@ buildOpenJDKViaDocker()
   if [[ "${BUILD_CONFIG[REUSE_CONTAINER]}" == "true" ]] ; then
      # shellcheck disable=SC2086
      # If we can't find the previous Docker container then build a new one
-     if [ "$(${BUILD_CONFIG[DOCKER]} ps -a | grep -c \"${BUILD_CONFIG[CONTAINER_NAME]}\")" == 0 ]; then
+     if [ "$(${BUILD_CONFIG[CONTAINER_AS_ROOT]} ${BUILD_CONFIG[CONTAINER_COMMAND]} ps -a | grep -c \"${BUILD_CONFIG[CONTAINER_NAME]}\")" == 0 ]; then
          echo "No docker container for reuse was found, so creating '${BUILD_CONFIG[CONTAINER_NAME]}' "
          buildDockerContainer
      fi
   else
      # shellcheck disable=SC2154
      echo "Since you specified --ignore-container, we are removing the existing container (if it exists) and building you a new one{$good}"
      # Find the previous Docker container and remove it (if it exists)
-     ${BUILD_CONFIG[DOCKER]} ps -a | awk '{ print $1,$2 }' | grep "${BUILD_CONFIG[CONTAINER_NAME]}" | awk '{print $1 }' | xargs -I {} "${BUILD_CONFIG[DOCKER]}" rm -f {}
+     ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" ps -a | awk '{ print $1,$2 }' | grep "${BUILD_CONFIG[CONTAINER_NAME]}" | awk '{print $1 }' | xargs -I {} ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" rm -f {}
 
      # Build a new container
      buildDockerContainer
@@ -161,9 +184,6 @@ buildOpenJDKViaDocker()
   # Show the user all of the config before we build
   displayParams
 
-  local hostDir
-  hostDir="$(pwd)"
-
   echo "Target binary directory on host machine: ${hostDir}/target"
   mkdir -p "${hostDir}/workspace/target"
 
@@ -183,11 +203,36 @@ buildOpenJDKViaDocker()
   fi
 
   # Command without gitSshAccess or dockerMode arrays
+  if [ -e "${hostDir}"/pipelines ] ; then
+    local pipelinesdir="${hostDir}"/pipelines
+  else
+    mkdir -p "${pipelinesdir}"
+  fi
+  if echo "${BUILD_CONFIG[CONTAINER_COMMAND]}" | grep docker ; then
+    local cpuset="--cpuset-cpus=${cpuSet}"
+  else
+    local cpuset=""
+  fi
+  if echo "${BUILD_CONFIG[CONTAINER_COMMAND]}" | grep podman ; then
+    local userns="--userns=keep-id"
+  else
+    local userns=""
+  fi
+  local mountflag=Z #rw? maybe this should be bound to root/rootles content of BUILD_CONFIG[CONTAINER_AS_ROOT] rather then just podman/docker in USE_DOCKER?
+  mkdir -p "${hostDir}"/workspace/build  # shouldnt be already there?
+  local localsourcesdirmount=
+  if [ -n "${localsourcesdir}" ] ; then
+    localsourcesdirmount="-v ${localsourcesdir}:${localsourcesdir}:${mountflag}" #read only? Is copied anwya
+  fi
+  echo "If you get permissions denied on ${targetdir} or ${pipelinesdir} try to turn off selinux"
   local commandString=(
-         "--cpuset-cpus=${cpuSet}" 
+         ${cpuset}
+         ${userns}
+         ${localsourcesdirmount}
          -v "${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}:/openjdk/build"
-         -v "${hostDir}"/workspace/target:/"${BUILD_CONFIG[WORKSPACE_DIR]}"/"${BUILD_CONFIG[TARGET_DIR]}":Z 
-         -v "${hostDir}"/pipelines:/openjdk/pipelines:Z
+         -v "${targetdir}":/"${BUILD_CONFIG[WORKSPACE_DIR]}"/"${BUILD_CONFIG[TARGET_DIR]}":"${mountflag}"
+         -v "${pipelinesdir}":/openjdk/pipelines:"${mountflag}"
+         -v "${configdir}":/"${BUILD_CONFIG[WORKSPACE_DIR]}"/"config":"${mountflag}"
          -e "DEBUG_DOCKER_FLAG=${BUILD_CONFIG[DEBUG_DOCKER]}" 
          -e "BUILD_VARIANT=${BUILD_CONFIG[BUILD_VARIANT]}"
           "${dockerEntrypoint[@]:+${dockerEntrypoint[@]}}")
@@ -204,14 +249,14 @@ buildOpenJDKViaDocker()
   fi
 
   # Run the command string in Docker
-  ${BUILD_CONFIG[DOCKER]} run --name "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" "${commandString[@]}"
+  ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" run --name "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" "${commandString[@]}"
 
   # Tell user where the resulting binary can be found on the host system
-  echo "The finished image can be found in ${hostDir}/workspace/target on the host system"
+  echo "The finished image can be found in ${targetdir} on the host system"
 
   # If we didn't specify to keep the container then remove it
   if [[ "${BUILD_CONFIG[KEEP_CONTAINER]}" == "false" ]] ; then
       echo "Removing container ${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}"
-      ${BUILD_CONFIG[DOCKER]} ps -a | awk '{ print $1,$(NF) }' | grep "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" | awk '{print $1 }' | xargs -I {} "${BUILD_CONFIG[DOCKER]}" rm {}
+      ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" ps -a | awk '{ print $1,$(NF) }' | grep "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" | awk '{print $1 }' | xargs -I {} ${BUILD_CONFIG[CONTAINER_AS_ROOT]} ${BUILD_CONFIG[CONTAINER_COMMAND]} rm {}
   fi
 }