Merge pull request #317 from c-po/equuleus-updates

T3318: T5003: Docker and Kernel updates for equuleus

3 files changed, 8 insertions, 5 deletions

diff --git a/data/defaults.json b/data/defaults.json
index 0f10dc99..08e5e40c 100644
--- a/data/defaults.json
+++ b/data/defaults.json
@@ -5,7 +5,7 @@
   "debian_distribution": "buster",
   "vyos_mirror": "http://dev.packages.vyos.net/repositories/equuleus",
   "vyos_branch": "equuleus",
-  "kernel_version": "5.4.229",
+  "kernel_version": "5.4.233",
   "kernel_flavor": "amd64-vyos",
   "release_train": "equuleus",
   "additional_repositories": [
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 350ba5f5..9e563397 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -609,8 +609,8 @@ RUN gem install public_suffix -v 4.0.7
 RUN gem install --no-document fpm
 
 # Allow password-less 'sudo' for all users in group 'sudo'
-RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
-    chmod a+s /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/gosu /usr/sbin/usermod
+RUN echo -e "vyos_bld\tALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vyos_bld && \
+    chmod a+s /usr/sbin/useradd /usr/sbin/groupadd
 
 # Ensure sure all users have access to our OCAM and Go installation
 RUN echo "$(opam env --root=/opt/opam --set-root)" >> /etc/skel/.bashrc && \
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 8db41103..19c9423e 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -24,9 +24,12 @@ if ! grep -q $NEW_GID /etc/group; then
 fi
 
 useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME
-usermod --append --groups sudo $USER_NAME
 sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME
 export HOME=/home/$USER_NAME
 
+if [ "$(id -u)" == "0" ]; then
+    exec gosu $USER_NAME "$@"
+fi
+
 # Execute process
-exec /usr/sbin/gosu $USER_NAME "$@"
+exec "$@"