Bensuperpc/dockcross
1
0
Fork 0
mirror of https://github.com/bensuperpc/dockcross.git synced 2024-11-12 22:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

common: Use gosu to replace chpst and add sudo abilities

Browse Source 
From:

  https://github.com/tianon/gosu
This commit is contained in:
Matt McCormick 2017-04-22 20:52:31 -04:00
parent 6c77167ad6
commit 4c3612da2b
5 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
common.debian
View File

@ -3,7 +3,7 @@ RUN REPO=http://cdn-fastly.deb.debian.org && \
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update --yes && apt-get install --yes \ RUN apt-get update --yes && apt-get install --no-install-recommends --yes \
automake \ automake \
autogen \ autogen \
bash \ bash \
@ -30,6 +30,18 @@ RUN apt-get update --yes && apt-get install --yes \
pax \ pax \
vim \ vim \
wget \ wget \
runit \
xz-utils && \ xz-utils && \
apt-get clean --yes apt-get clean --yes
ENV GOSU_VERSION 1.10
RUN set -x \
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
&& chmod +x /usr/local/bin/gosu \
&& gosu nobody true

2
common.docker
View File

@ -19,6 +19,8 @@ RUN \
COPY imagefiles/cmake.sh /usr/local/bin/cmake COPY imagefiles/cmake.sh /usr/local/bin/cmake
COPY imagefiles/ccmake.sh /usr/local/bin/ccmake COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location
COPY imagefiles/sudo.sh /usr/bin/sudo
COPY imagefiles/install-ninja.sh /dockcross/ COPY imagefiles/install-ninja.sh /dockcross/
RUN \ RUN \

25
common.manylinux
View File

@ -1,15 +1,22 @@
RUN cd /opt && \ ENV GOSU_VERSION 1.10
wget --progress=bar:force "http://smarden.org/runit/runit-2.1.2.tar.gz" && \ RUN set -x \
tar xvzf runit-2.1.2.tar.gz && \ && yum -y install epel-release \
cd admin/runit-2.1.2 && \ && yum -y install wget gpg \
./package/install && dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \
&& wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
&& wget -O /tmp/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
&& gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \
&& rm -r "$GNUPGHOME" /tmp/gosu.asc \
&& chmod +x /usr/bin/gosu \
&& gosu nobody true \
&& yum clean all
COPY manylinux-common/install-python-packages.sh /usr/local/bin COPY manylinux-common/install-python-packages.sh /usr/local/bin
RUN /usr/local/bin/install-python-packages.sh RUN /usr/local/bin/install-python-packages.sh
COPY manylinux-common/pre_exec.sh /dockcross/pre_exec.sh COPY manylinux-common/pre_exec.sh /dockcross/pre_exec.sh
RUN yum -y install pax zip sudo && \ RUN yum -y install pax zip \
sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers && \ && yum clean all
visudo -c

9
imagefiles/entrypoint.sh
View File

@ -24,7 +24,6 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
echo "$BUILDER_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
export HOME=/home/${BUILDER_USER} export HOME=/home/${BUILDER_USER}
shopt -s dotglob shopt -s dotglob
cp -r /root/* $HOME/ cp -r /root/* $HOME/
@ -37,11 +36,15 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
# Execute project specific pre execution hook # Execute project specific pre execution hook
if [[ -e /work/.dockcross ]]; then if [[ -e /work/.dockcross ]]; then
chpst -u :$BUILDER_UID:$BUILDER_GID /work/.dockcross gosu $BUILDER_UID:$BUILDER_GID /work/.dockcross
fi fi
# Enable passwordless sudo capabilities for the user
chown root:$BUILDER_GID $(which gosu)
chmod +s $(which gosu)
# Run the command as the specified user/group. # Run the command as the specified user/group.
exec chpst -u :$BUILDER_UID:$BUILDER_GID "$@" exec gosu $BUILDER_UID:$BUILDER_GID "$@"
else else
# Just run the command as root. # Just run the command as root.
exec "$@" exec "$@"

5
imagefiles/sudo.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
# Emulate the sudo command
exec gosu root:root "$@"