common: Use gosu to replace chpst and add sudo abilities

From:

  https://github.com/tianon/gosu

common.debian

@@ -3,7 +3,7 @@ RUN REPO=http://cdn-fastly.deb.debian.org && \
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update --yes && apt-get install --yes \
+RUN apt-get update --yes && apt-get install --no-install-recommends --yes \
   automake \
   autogen \
   bash \
@@ -30,6 +30,18 @@ RUN apt-get update --yes && apt-get install --yes \
   pax \
   vim \
   wget \
-  runit \
   xz-utils && \
   apt-get clean --yes
+
+ENV GOSU_VERSION 1.10
+RUN set -x \
+        && apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
+        && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
+        && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
+        && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
+        && export GNUPGHOME="$(mktemp -d)" \
+        && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+        && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
+        && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
+        && chmod +x /usr/local/bin/gosu \
+        && gosu nobody true

common.docker

@@ -19,6 +19,8 @@ RUN \
 
 COPY imagefiles/cmake.sh /usr/local/bin/cmake
 COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
+# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location
+COPY imagefiles/sudo.sh /usr/bin/sudo
 
 COPY imagefiles/install-ninja.sh /dockcross/
 RUN \

common.manylinux

@@ -1,15 +1,22 @@
-RUN cd /opt && \
-  wget --progress=bar:force "http://smarden.org/runit/runit-2.1.2.tar.gz" && \
-  tar xvzf runit-2.1.2.tar.gz && \
-  cd admin/runit-2.1.2 && \
-  ./package/install
+ENV GOSU_VERSION 1.10
+RUN set -x \
+	&& yum -y install epel-release \
+	&& yum -y install wget gpg \
+	&& dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \
+	&& wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
+	&& wget -O /tmp/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
+	&& export GNUPGHOME="$(mktemp -d)" \
+	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+	&& gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \
+	&& rm -r "$GNUPGHOME" /tmp/gosu.asc \
+	&& chmod +x /usr/bin/gosu \
+	&& gosu nobody true \
+	&& yum clean all
 
 COPY manylinux-common/install-python-packages.sh /usr/local/bin
 RUN /usr/local/bin/install-python-packages.sh
 
 COPY manylinux-common/pre_exec.sh /dockcross/pre_exec.sh
 
-RUN yum -y install pax zip sudo && \
-  sed -i 's/Defaults    requiretty/#Defaults    requiretty/' /etc/sudoers && \
-  visudo -c
-
+RUN yum -y install pax zip \
+  && yum clean all

imagefiles/entrypoint.sh

@@ -24,7 +24,6 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
 
     groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
     useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
-    echo "$BUILDER_USER    ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
     export HOME=/home/${BUILDER_USER}
     shopt -s dotglob
     cp -r /root/* $HOME/
@@ -37,11 +36,15 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
 
     # Execute project specific pre execution hook
     if [[ -e /work/.dockcross ]]; then
-       chpst -u :$BUILDER_UID:$BUILDER_GID /work/.dockcross
+       gosu $BUILDER_UID:$BUILDER_GID /work/.dockcross
     fi
 
+    # Enable passwordless sudo capabilities for the user
+    chown root:$BUILDER_GID $(which gosu)
+    chmod +s $(which gosu)
+
     # Run the command as the specified user/group.
-    exec chpst -u :$BUILDER_UID:$BUILDER_GID "$@"
+    exec gosu $BUILDER_UID:$BUILDER_GID "$@"
 else
     # Just run the command as root.
     exec "$@"

imagefiles/sudo.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Emulate the sudo command
+
+exec gosu root:root "$@"