From 041bc80e71c3c700ff0c01702d9ffd0885d2b75b Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 11 Jan 2019 07:31:05 +0100
Subject: CI/CD: Improve 'goso' handling for Docker and Jenkins

* Inside the container user can call 'sudo' without password
* Added Docker environment variables to controll the 'gosu' UID/GID
---
 Dockerfile                   | 13 +++++--------
 Jenkinsfile                  |  5 ++---
 scripts/docker-entrypoint.sh | 33 ++++++++++++++++++++++-----------
 3 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4c66a15a..a76dc8b7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -123,7 +123,7 @@ RUN apt-get update && apt-get install -y \
       liblua5.1-dev
 
 # Packages needed for vyos-frr
-RUN sudo apt-get update && sudo apt-get install -y \
+RUN apt-get update && apt-get install -y \
       texinfo \
       imagemagick \
       groff \
@@ -156,12 +156,9 @@ RUN export LATEST="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packe
     curl -K- | gzip -d > /usr/bin/packer && \
     chmod +x /usr/bin/packer
 
-COPY scripts/docker-entrypoint.sh /usr/local/bin/
-# Create vyos_bld user account and enable sudo
-#RUN useradd -ms /bin/bash -u 1006 --gid users vyos_bld && \
-#    usermod -aG sudo vyos_bld && \
-#    echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+# Allow password-less 'sudo' for all users in group 'sudo'
+RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
+    chmod a+s /usr/sbin/useradd /usr/sbin/gosu /usr/sbin/usermod
 
-#USER vyos_bld
-#WORKDIR /home/vyos_bld
+COPY scripts/docker-entrypoint.sh /usr/local/bin/
 ENTRYPOINT ["docker-entrypoint.sh"]
diff --git a/Jenkinsfile b/Jenkinsfile
index 611777cc..3406e606 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -21,7 +21,7 @@ pipeline {
         dockerfile {
             filename 'Dockerfile'
             label 'jessie-amd64'
-            args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0'
+            args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006'
         }
     }
 
@@ -44,8 +44,7 @@ pipeline {
                 sh '''
                     #!/bin/sh
                     ./configure --build-by="autobuild@vyos.net" --debian-mirror="http://ftp.us.debian.org/debian/"
-                    ls -al
-                    ls -al packages
+                    ls -al packages/*.deb
                     sudo make iso
                 '''
             }
diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh
index 7520a8d9..845cb2ff 100755
--- a/scripts/docker-entrypoint.sh
+++ b/scripts/docker-entrypoint.sh
@@ -1,17 +1,28 @@
 #!/bin/bash
-
 set -e
 
-# Use GOSU_USER if its specified, else wirking dir user
-if [ -n "$GOSU_USER" ]; then 
-  ID=$GOSU_USER
-else
-  ID=$(stat -c "%u:%g" .)
+USER_NAME="vyos_bld"
+NEW_UID=$(stat -c "%u" .)
+NEW_GID=$(stat -c "%g" .)
+
+# Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`"
+if [ -n "$GOSU_UID" ]; then
+    NEW_UID=$GOSU_UID
 fi
 
-# Don't use GOSU if we are root
-if [ ! "$ID" = "0:0" ]; then
-  exec gosu $ID "$@"
-else
-  exec "$@"
+# Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`"
+if [ -n "$GOSU_GID" ]; then
+    NEW_GID=$GOSU_GID
 fi
+
+# Notify user about selected UID/GID
+echo "Current UID/GID: $NEW_UID/$NEW_GID"
+
+# Create user called "docker" with selected UID
+useradd --shell /bin/bash -u $NEW_UID -g $NEW_GID -o -m $USER_NAME
+usermod -aG sudo $USER_NAME
+sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME
+export HOME=/home/$USER_NAME
+
+# Execute process
+exec /usr/sbin/gosu $USER_NAME "$@"
-- 
cgit v1.2.3