summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2023-03-01 22:22:35 +0100
committerChristian Poessinger <christian@poessinger.com>2023-03-01 22:22:35 +0100
commit06a908594fdc1e55ddd72b3f2746cb09e2907a3f (patch)
tree990d82e1a4d2436a27404fdd7909197d9378d12b
parent598e9f5821f5894ed2765eb34a8a12d92d9c0fdc (diff)
downloadvyos-build-06a908594fdc1e55ddd72b3f2746cb09e2907a3f.tar.gz
vyos-build-06a908594fdc1e55ddd72b3f2746cb09e2907a3f.zip
T5003: backport changes from master to support latest Docker version on CI hosts
The newer Docker versions seem to be a bit more picky when using tools like goso. The container will no longer start if the gosu binary has the setuid root bit set. This change adjusts the container to continue working on recent Docker versions.
-rw-r--r--docker/Dockerfile4
-rwxr-xr-xdocker/entrypoint.sh7
2 files changed, 7 insertions, 4 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 350ba5f5..9e563397 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -609,8 +609,8 @@ RUN gem install public_suffix -v 4.0.7
RUN gem install --no-document fpm
# Allow password-less 'sudo' for all users in group 'sudo'
-RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
- chmod a+s /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/gosu /usr/sbin/usermod
+RUN echo -e "vyos_bld\tALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vyos_bld && \
+ chmod a+s /usr/sbin/useradd /usr/sbin/groupadd
# Ensure sure all users have access to our OCAM and Go installation
RUN echo "$(opam env --root=/opt/opam --set-root)" >> /etc/skel/.bashrc && \
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 8db41103..19c9423e 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -24,9 +24,12 @@ if ! grep -q $NEW_GID /etc/group; then
fi
useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME
-usermod --append --groups sudo $USER_NAME
sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME
export HOME=/home/$USER_NAME
+if [ "$(id -u)" == "0" ]; then
+ exec gosu $USER_NAME "$@"
+fi
+
# Execute process
-exec /usr/sbin/gosu $USER_NAME "$@"
+exec "$@"