mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-25 11:11:08 +00:00
ci: Add a default non-root user in the toolbox image
Toolbox itself will try to make a new user and map the host uid:gid to it, however it good to also have a default user set in the image itself in case it needs to be used with other tooling or debugging. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7769>
This commit is contained in:
parent
bf00524c41
commit
19d5a58450
2 changed files with 13 additions and 1 deletions
|
@ -5,7 +5,7 @@ variables:
|
||||||
# If you are hacking on them or need a them to rebuild, its enough
|
# If you are hacking on them or need a them to rebuild, its enough
|
||||||
# to change any part of the string of the image you want.
|
# to change any part of the string of the image you want.
|
||||||
###
|
###
|
||||||
FEDORA_TAG: '2024-10-25.0'
|
FEDORA_TAG: '2024-10-30.1'
|
||||||
|
|
||||||
DEBIAN_TAG: '2024-10-25.0'
|
DEBIAN_TAG: '2024-10-25.0'
|
||||||
|
|
||||||
|
|
|
@ -105,10 +105,22 @@ build_container() {
|
||||||
buildah run $build_cntr dnf clean all
|
buildah run $build_cntr dnf clean all
|
||||||
buildah run $build_cntr rm -rf /var/lib/cache/dnf
|
buildah run $build_cntr rm -rf /var/lib/cache/dnf
|
||||||
|
|
||||||
|
# random uid
|
||||||
|
uid="10043"
|
||||||
|
name="containeruser"
|
||||||
|
buildah run $build_cntr -- groupadd $name -g $uid
|
||||||
|
buildah run $build_cntr -- useradd -u $uid -g $uid -ms /bin/bash $name
|
||||||
|
|
||||||
|
buildah run $build_cntr -- usermod -aG wheel $name
|
||||||
|
buildah run $build_cntr -- bash -c "echo $name ALL=\(ALL\) NOPASSWD:ALL > /etc/sudoers.d/$name"
|
||||||
|
buildah run $build_cntr -- chmod 0440 /etc/sudoers.d/$name
|
||||||
|
|
||||||
# Remove the hardcoded HOME env var that ci-templates adds
|
# Remove the hardcoded HOME env var that ci-templates adds
|
||||||
# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2433#note_2243222
|
# https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2433#note_2243222
|
||||||
# Also add the OCI labels that toolbox expects, to advertize that image is compatible
|
# Also add the OCI labels that toolbox expects, to advertize that image is compatible
|
||||||
|
# Additionally add a non-root default user
|
||||||
buildah config --env HOME- \
|
buildah config --env HOME- \
|
||||||
|
--user $name \
|
||||||
--label com.github.containers.toolbox=true \
|
--label com.github.containers.toolbox=true \
|
||||||
--label org.opencontainers.image.base.name=$BASE_CI_IMAGE \
|
--label org.opencontainers.image.base.name=$BASE_CI_IMAGE \
|
||||||
$build_cntr
|
$build_cntr
|
||||||
|
|
Loading…
Reference in a new issue