From 19d5a584504dd0e79569dbbffa792a2ad3763652 Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jordan@centricular.com>
Date: Sun, 27 Oct 2024 20:25:36 +0200
Subject: [PATCH] ci: Add a default non-root user in the toolbox image

Toolbox itself will try to make a new user and map the host
uid:gid to it, however it good to also have a default user
set in the image itself in case it needs to be used with
other tooling or debugging.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7769>
---
 .gitlab-image-tags.yml            |  2 +-
 ci/scripts/build-toolbox-image.sh | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.gitlab-image-tags.yml b/.gitlab-image-tags.yml
index 1a37bdaea1..587a8c3eb8 100644
--- a/.gitlab-image-tags.yml
+++ b/.gitlab-image-tags.yml
@@ -5,7 +5,7 @@ variables:
   # If you are hacking on them or need a them to rebuild, its enough
   # to change any part of the string of the image you want.
   ###
-  FEDORA_TAG:  '2024-10-25.0'
+  FEDORA_TAG:  '2024-10-30.1'
 
   DEBIAN_TAG:  '2024-10-25.0'
 
diff --git a/ci/scripts/build-toolbox-image.sh b/ci/scripts/build-toolbox-image.sh
index 063767e5a3..23ce973043 100644
--- a/ci/scripts/build-toolbox-image.sh
+++ b/ci/scripts/build-toolbox-image.sh
@@ -105,10 +105,22 @@ build_container() {
   buildah run $build_cntr dnf clean all
   buildah run $build_cntr rm -rf /var/lib/cache/dnf
 
+  # random uid
+  uid="10043"
+  name="containeruser"
+  buildah run $build_cntr -- groupadd $name -g $uid
+  buildah run $build_cntr -- useradd -u $uid -g $uid -ms /bin/bash $name
+
+  buildah run $build_cntr -- usermod -aG wheel $name
+  buildah run $build_cntr -- bash -c "echo $name ALL=\(ALL\) NOPASSWD:ALL > /etc/sudoers.d/$name"
+  buildah run $build_cntr -- chmod 0440 /etc/sudoers.d/$name
+
   # Remove the hardcoded HOME env var that ci-templates adds
   # https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2433#note_2243222
   # Also add the OCI labels that toolbox expects, to advertize that image is compatible
+  # Additionally add a non-root default user
   buildah config --env HOME- \
+    --user $name \
     --label com.github.containers.toolbox=true \
     --label org.opencontainers.image.base.name=$BASE_CI_IMAGE \
     $build_cntr