mirror of
https://github.com/bensuperpc/dockcross.git
synced 2024-12-22 16:24:27 +01:00
common: Use gosu to replace chpst and add sudo abilities
From: https://github.com/tianon/gosu
This commit is contained in:
parent
6c77167ad6
commit
4c3612da2b
@ -3,7 +3,7 @@ RUN REPO=http://cdn-fastly.deb.debian.org && \
|
||||
|
||||
ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
RUN apt-get update --yes && apt-get install --yes \
|
||||
RUN apt-get update --yes && apt-get install --no-install-recommends --yes \
|
||||
automake \
|
||||
autogen \
|
||||
bash \
|
||||
@ -30,6 +30,18 @@ RUN apt-get update --yes && apt-get install --yes \
|
||||
pax \
|
||||
vim \
|
||||
wget \
|
||||
runit \
|
||||
xz-utils && \
|
||||
apt-get clean --yes
|
||||
|
||||
ENV GOSU_VERSION 1.10
|
||||
RUN set -x \
|
||||
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
|
||||
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
|
||||
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
|
||||
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
|
||||
&& export GNUPGHOME="$(mktemp -d)" \
|
||||
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
|
||||
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
|
||||
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
|
||||
&& chmod +x /usr/local/bin/gosu \
|
||||
&& gosu nobody true
|
||||
|
@ -19,6 +19,8 @@ RUN \
|
||||
|
||||
COPY imagefiles/cmake.sh /usr/local/bin/cmake
|
||||
COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
|
||||
# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location
|
||||
COPY imagefiles/sudo.sh /usr/bin/sudo
|
||||
|
||||
COPY imagefiles/install-ninja.sh /dockcross/
|
||||
RUN \
|
||||
|
@ -1,15 +1,22 @@
|
||||
RUN cd /opt && \
|
||||
wget --progress=bar:force "http://smarden.org/runit/runit-2.1.2.tar.gz" && \
|
||||
tar xvzf runit-2.1.2.tar.gz && \
|
||||
cd admin/runit-2.1.2 && \
|
||||
./package/install
|
||||
ENV GOSU_VERSION 1.10
|
||||
RUN set -x \
|
||||
&& yum -y install epel-release \
|
||||
&& yum -y install wget gpg \
|
||||
&& dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \
|
||||
&& wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
|
||||
&& wget -O /tmp/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
|
||||
&& export GNUPGHOME="$(mktemp -d)" \
|
||||
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
|
||||
&& gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \
|
||||
&& rm -r "$GNUPGHOME" /tmp/gosu.asc \
|
||||
&& chmod +x /usr/bin/gosu \
|
||||
&& gosu nobody true \
|
||||
&& yum clean all
|
||||
|
||||
COPY manylinux-common/install-python-packages.sh /usr/local/bin
|
||||
RUN /usr/local/bin/install-python-packages.sh
|
||||
|
||||
COPY manylinux-common/pre_exec.sh /dockcross/pre_exec.sh
|
||||
|
||||
RUN yum -y install pax zip sudo && \
|
||||
sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers && \
|
||||
visudo -c
|
||||
|
||||
RUN yum -y install pax zip \
|
||||
&& yum clean all
|
||||
|
@ -24,7 +24,6 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
|
||||
|
||||
groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
|
||||
useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
|
||||
echo "$BUILDER_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
export HOME=/home/${BUILDER_USER}
|
||||
shopt -s dotglob
|
||||
cp -r /root/* $HOME/
|
||||
@ -37,11 +36,15 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
|
||||
|
||||
# Execute project specific pre execution hook
|
||||
if [[ -e /work/.dockcross ]]; then
|
||||
chpst -u :$BUILDER_UID:$BUILDER_GID /work/.dockcross
|
||||
gosu $BUILDER_UID:$BUILDER_GID /work/.dockcross
|
||||
fi
|
||||
|
||||
# Enable passwordless sudo capabilities for the user
|
||||
chown root:$BUILDER_GID $(which gosu)
|
||||
chmod +s $(which gosu)
|
||||
|
||||
# Run the command as the specified user/group.
|
||||
exec chpst -u :$BUILDER_UID:$BUILDER_GID "$@"
|
||||
exec gosu $BUILDER_UID:$BUILDER_GID "$@"
|
||||
else
|
||||
# Just run the command as root.
|
||||
exec "$@"
|
||||
|
5
imagefiles/sudo.sh
Executable file
5
imagefiles/sudo.sh
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Emulate the sudo command
|
||||
|
||||
exec gosu root:root "$@"
|
Loading…
Reference in New Issue
Block a user