mirror of
https://github.com/bensuperpc/dockcross.git
synced 2025-10-24 06:10:52 +02:00
Merge pull request #136 from thewtex/gosu
common: Use gosu to replace chpst and add sudo abilities
This commit is contained in:
@@ -3,7 +3,7 @@ RUN REPO=http://cdn-fastly.deb.debian.org && \
|
|||||||
|
|
||||||
ARG DEBIAN_FRONTEND=noninteractive
|
ARG DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
RUN apt-get update --yes && apt-get install --yes \
|
RUN apt-get update --yes && apt-get install --no-install-recommends --yes \
|
||||||
automake \
|
automake \
|
||||||
autogen \
|
autogen \
|
||||||
bash \
|
bash \
|
||||||
@@ -30,6 +30,18 @@ RUN apt-get update --yes && apt-get install --yes \
|
|||||||
pax \
|
pax \
|
||||||
vim \
|
vim \
|
||||||
wget \
|
wget \
|
||||||
runit \
|
|
||||||
xz-utils && \
|
xz-utils && \
|
||||||
apt-get clean --yes
|
apt-get clean --yes
|
||||||
|
|
||||||
|
ENV GOSU_VERSION 1.10
|
||||||
|
RUN set -x \
|
||||||
|
&& apt-get update && apt-get install -y --no-install-recommends ca-certificates wget && rm -rf /var/lib/apt/lists/* \
|
||||||
|
&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
|
||||||
|
&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
|
||||||
|
&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
|
||||||
|
&& export GNUPGHOME="$(mktemp -d)" \
|
||||||
|
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
|
||||||
|
&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
|
||||||
|
&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
|
||||||
|
&& chmod +x /usr/local/bin/gosu \
|
||||||
|
&& gosu nobody true
|
||||||
|
@@ -19,6 +19,8 @@ RUN \
|
|||||||
|
|
||||||
COPY imagefiles/cmake.sh /usr/local/bin/cmake
|
COPY imagefiles/cmake.sh /usr/local/bin/cmake
|
||||||
COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
|
COPY imagefiles/ccmake.sh /usr/local/bin/ccmake
|
||||||
|
# /opt/rh/devtoolset-2/root/usr/bin/sudo expects sudo at this location
|
||||||
|
COPY imagefiles/sudo.sh /usr/bin/sudo
|
||||||
|
|
||||||
COPY imagefiles/install-ninja.sh /dockcross/
|
COPY imagefiles/install-ninja.sh /dockcross/
|
||||||
RUN \
|
RUN \
|
||||||
|
@@ -1,15 +1,22 @@
|
|||||||
RUN cd /opt && \
|
ENV GOSU_VERSION 1.10
|
||||||
wget --progress=bar:force "http://smarden.org/runit/runit-2.1.2.tar.gz" && \
|
RUN set -x \
|
||||||
tar xvzf runit-2.1.2.tar.gz && \
|
&& yum -y install epel-release \
|
||||||
cd admin/runit-2.1.2 && \
|
&& yum -y install wget gpg \
|
||||||
./package/install
|
&& dpkgArch=$(if test $(uname -m) = "x86_64"; then echo amd64; else echo i386; fi) \
|
||||||
|
&& wget -O /usr/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
|
||||||
|
&& wget -O /tmp/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
|
||||||
|
&& export GNUPGHOME="$(mktemp -d)" \
|
||||||
|
&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
|
||||||
|
&& gpg --batch --verify /tmp/gosu.asc /usr/bin/gosu \
|
||||||
|
&& rm -r "$GNUPGHOME" /tmp/gosu.asc \
|
||||||
|
&& chmod +x /usr/bin/gosu \
|
||||||
|
&& gosu nobody true \
|
||||||
|
&& yum clean all
|
||||||
|
|
||||||
COPY manylinux-common/install-python-packages.sh /usr/local/bin
|
COPY manylinux-common/install-python-packages.sh /usr/local/bin
|
||||||
RUN /usr/local/bin/install-python-packages.sh
|
RUN /usr/local/bin/install-python-packages.sh
|
||||||
|
|
||||||
COPY manylinux-common/pre_exec.sh /dockcross/pre_exec.sh
|
COPY manylinux-common/pre_exec.sh /dockcross/pre_exec.sh
|
||||||
|
|
||||||
RUN yum -y install pax zip sudo && \
|
RUN yum -y install pax zip \
|
||||||
sed -i 's/Defaults requiretty/#Defaults requiretty/' /etc/sudoers && \
|
&& yum clean all
|
||||||
visudo -c
|
|
||||||
|
|
||||||
|
@@ -24,7 +24,6 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
|
|||||||
|
|
||||||
groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
|
groupadd -o -g $BUILDER_GID $BUILDER_GROUP 2> /dev/null
|
||||||
useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
|
useradd -o -m -g $BUILDER_GID -u $BUILDER_UID $BUILDER_USER 2> /dev/null
|
||||||
echo "$BUILDER_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
|
||||||
export HOME=/home/${BUILDER_USER}
|
export HOME=/home/${BUILDER_USER}
|
||||||
shopt -s dotglob
|
shopt -s dotglob
|
||||||
cp -r /root/* $HOME/
|
cp -r /root/* $HOME/
|
||||||
@@ -37,11 +36,15 @@ if [[ -n $BUILDER_UID ]] && [[ -n $BUILDER_GID ]]; then
|
|||||||
|
|
||||||
# Execute project specific pre execution hook
|
# Execute project specific pre execution hook
|
||||||
if [[ -e /work/.dockcross ]]; then
|
if [[ -e /work/.dockcross ]]; then
|
||||||
chpst -u :$BUILDER_UID:$BUILDER_GID /work/.dockcross
|
gosu $BUILDER_UID:$BUILDER_GID /work/.dockcross
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Enable passwordless sudo capabilities for the user
|
||||||
|
chown root:$BUILDER_GID $(which gosu)
|
||||||
|
chmod +s $(which gosu)
|
||||||
|
|
||||||
# Run the command as the specified user/group.
|
# Run the command as the specified user/group.
|
||||||
exec chpst -u :$BUILDER_UID:$BUILDER_GID "$@"
|
exec gosu $BUILDER_UID:$BUILDER_GID "$@"
|
||||||
else
|
else
|
||||||
# Just run the command as root.
|
# Just run the command as root.
|
||||||
exec "$@"
|
exec "$@"
|
||||||
|
5
imagefiles/sudo.sh
Executable file
5
imagefiles/sudo.sh
Executable file
@@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Emulate the sudo command
|
||||||
|
|
||||||
|
exec gosu root:root "$@"
|
Reference in New Issue
Block a user