Commit e47aa6c8 authored by Simon Latapie's avatar Simon Latapie Committed by Konstantin Pavlov

videolan-base-*: force a jenkins user uid/gid

This sets jenkins uid/gid to a fixed number outside of commonly used
range of users logins.
It helps avoiding conflicts with external storages that could be used
with the container (volume option, remote storage mounted, etc.)
parent a55bf542
......@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=201711121500
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN apt-get update && \
apt-get install -y openssh-server openjdk-8-jdk lftp ca-certificates && \
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
......@@ -11,5 +18,6 @@ RUN apt-get update && \
sed -i 's,use_authtok ,,' /etc/pam.d/common-password && \
ssh-keygen -A && \
mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \
addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd
......@@ -2,6 +2,13 @@ FROM docker:1.11
MAINTAINER VideoLAN roots <roots@videolan.org>
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
RUN apk add --no-cache \
btrfs-progs \
......@@ -31,7 +38,8 @@ COPY dind /usr/local/bin
COPY dockerd-entrypoint.sh /usr/local/bin/
RUN mkdir -p /var/run/sshd && \
adduser -D jenkins && \
addgroup -g ${JENKINS_UID} jenkins && \
adduser -D -u ${JENKINS_UID} -G jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd
VOLUME /var/lib/docker
......
......@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=201803111930
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN echo "deb http://ftp.fr.debian.org/debian/ sid main" > /etc/apt/sources.list && \
echo "deb-src http://ftp.fr.debian.org/debian/ sid main" >> /etc/apt/sources.list && \
apt-get update && \
......@@ -11,7 +18,8 @@ RUN echo "deb http://ftp.fr.debian.org/debian/ sid main" > /etc/apt/sources.list
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd && \
mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \
addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd
# Standard SSH port
......
FROM debian:stretch
MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=201712141608
MAINTAINER VideoLAN roots <roots@videolan.org>
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN echo "deb http://ftp.fr.debian.org/debian/ stretch main" > /etc/apt/sources.list && \
echo "deb-src http://ftp.fr.debian.org/debian/ stretch main" >> /etc/apt/sources.list && \
......@@ -15,7 +22,8 @@ RUN echo "deb http://ftp.fr.debian.org/debian/ stretch main" > /etc/apt/sources.
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd && \
mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \
addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd
# Standard SSH port
......
......@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=20180202152100
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN apt-get update && apt-get -y upgrade && \
apt-get install -y openssh-server openjdk-8-jdk lftp ca-certificates && \
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
......@@ -11,5 +18,6 @@ RUN apt-get update && apt-get -y upgrade && \
sed -i 's,use_authtok ,,' /etc/pam.d/common-password && \
ssh-keygen -A && \
mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \
addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment