From 91a34749c1ddee4ad182abd70c89a433236a0906 Mon Sep 17 00:00:00 2001
From: ayumi-signal <143036029+ayumi-signal@users.noreply.github.com>
Date: Thu, 8 Aug 2024 15:27:00 -0700
Subject: [PATCH] Fix Linux build permissions further

---
 reproducible-builds/Dockerfile | 6 ++++++
 reproducible-builds/build.sh   | 9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/reproducible-builds/Dockerfile b/reproducible-builds/Dockerfile
index 6e68b223bf..74fa453304 100644
--- a/reproducible-builds/Dockerfile
+++ b/reproducible-builds/Dockerfile
@@ -52,6 +52,12 @@ RUN git config --global --add safe.directory /project
 COPY docker-entrypoint.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
+# For electron builder cache.
+# It's tricky to synchronize user/group permissions between the host and container without creating
+# host-specific users at container build time, which would break reproducibility.
+# Instead of doing that we will fix permissions on required directories.
+RUN mkdir /.cache && chmod -R 777 /.cache
+
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 # Specify build type using CMD, which affects the app version and name of the resulting package.
diff --git a/reproducible-builds/build.sh b/reproducible-builds/build.sh
index ffcebf9167..52527a7a6e 100755
--- a/reproducible-builds/build.sh
+++ b/reproducible-builds/build.sh
@@ -33,4 +33,11 @@ fi
 # Perform the build by mounting the project into the container and passing in the 1st command line
 # arg to select the build type (e.g. "public"). The container runs docker-entrypoint.sh.
 # After the process is finished, the resulting package is located in the ./release/ directory.
-docker run --rm -v "$(pwd)":/project -w /project -e SOURCE_DATE_EPOCH=$source_date_epoch signal-desktop $1
+# npm cache set to tmp to fix permissions issues.
+docker run --rm \
+  -v "$(pwd)":/project \
+  -w /project \
+  --user "$(id -u):$(id -g)" \
+  -e NPM_CONFIG_CACHE=/tmp/.npm-cache \
+  -e SOURCE_DATE_EPOCH=$source_date_epoch \
+  signal-desktop $1