Merge pull request #325 from jcfr/add-install-gosu-binary-wrapper-script

Backport install-gosu-binary-wrapper from dockbuid
This commit is contained in:
Jean-Christophe Fillion-Robin 2019-06-09 12:09:53 -04:00 committed by GitHub
commit 76aad84b89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 36 additions and 36 deletions

View File

@ -1,5 +1,8 @@
# Image build scripts # Image build scripts
COPY imagefiles/install-gosu-binary.sh /buildscripts/ COPY \
imagefiles/install-gosu-binary.sh \
imagefiles/install-gosu-binary-wrapper.sh \
/buildscripts/
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ARG REPO=http://cdn-fastly.deb.debian.org ARG REPO=http://cdn-fastly.deb.debian.org
@ -45,4 +48,5 @@ RUN \
&& \ && \
apt-get clean --yes && \ apt-get clean --yes && \
/buildscripts/install-gosu-binary.sh && \ /buildscripts/install-gosu-binary.sh && \
/buildscripts/install-gosu-binary-wrapper.sh && \
rm -rf /buildscripts rm -rf /buildscripts

View File

@ -1,6 +1,7 @@
# Image build scripts # Image build scripts
COPY \ COPY \
imagefiles/install-gosu-binary.sh \ imagefiles/install-gosu-binary.sh \
imagefiles/install-gosu-binary-wrapper.sh \
manylinux-common/install-python-packages.sh \ manylinux-common/install-python-packages.sh \
/buildscripts/ /buildscripts/
@ -18,6 +19,7 @@ RUN \
&& \ && \
yum clean all && \ yum clean all && \
/buildscripts/install-gosu-binary.sh && \ /buildscripts/install-gosu-binary.sh && \
/buildscripts/install-gosu-binary-wrapper.sh && \
# Remove sudo provided by "devtoolset-2" and "devtoolset-8" since it doesn't work with # Remove sudo provided by "devtoolset-2" and "devtoolset-8" since it doesn't work with
# our sudo wrapper calling gosu. # our sudo wrapper calling gosu.
rm -f /opt/rh/devtoolset-2/root/usr/bin/sudo && \ rm -f /opt/rh/devtoolset-2/root/usr/bin/sudo && \

View File

@ -0,0 +1,25 @@
#!/usr/bin/env bash
set -ex
set -o pipefail
if ! command -v gosu &> /dev/null; then
echo >&2 'error: "gosu" not found!'
exit 1
fi
# verify that the binary works
gosu nobody true
# To ensure that our custom sudo wrapper is not
# overwritten by a future re-install of sudo, it
# is created in /usr/loca/bin
cat << EOF >> /usr/local/bin/sudo
#!/bin/sh
# Emulate the sudo command
exec gosu root:root "\$@"
EOF
chmod +x /usr/local/bin/sudo

View File

@ -44,18 +44,3 @@ fi
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc
chmod +x /usr/local/bin/gosu chmod +x /usr/local/bin/gosu
# verify that the binary works
gosu nobody true
cat << EOF >> /usr/bin/sudo
#!/bin/sh
# Emulate the sudo command
exec gosu root:root "\$@"
EOF
chmod +x /usr/bin/sudo

View File

@ -5,7 +5,7 @@ MAINTAINER Matt McCormick "matt.mccormick@kitware.com"
# See https://github.com/asRIA/emscripten-docker/blob/master/Dockerfile.in#L4 # See https://github.com/asRIA/emscripten-docker/blob/master/Dockerfile.in#L4
RUN rm /bin/sh && ln -s /bin/dash /bin/sh RUN rm /bin/sh && ln -s /bin/dash /bin/sh
COPY install-gosu-sudo.sh /buildscripts/ COPY imagefiles/install-gosu-binary-wrapper.sh /buildscripts/
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ARG REPO=http://cdn-fastly.deb.debian.org ARG REPO=http://cdn-fastly.deb.debian.org
@ -51,7 +51,7 @@ RUN \
zlib1g-dev \ zlib1g-dev \
&& \ && \
apt-get clean --yes && \ apt-get clean --yes && \
/buildscripts/install-gosu-sudo.sh && \ /buildscripts/install-gosu-binary-wrapper.sh && \
rm -rf /buildscripts rm -rf /buildscripts
#include "common.docker" #include "common.docker"

View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
# verify that the binary works
gosu nobody true
cat << EOF >> /usr/bin/sudo
#!/bin/sh
# Emulate the sudo command
exec gosu root:root "\$@"
EOF
chmod +x /usr/bin/sudo