Commit e47aa6c8 authored by Simon Latapie's avatar Simon Latapie Committed by Konstantin Pavlov

videolan-base-*: force a jenkins user uid/gid

This sets jenkins uid/gid to a fixed number outside of commonly used
range of users logins.
It helps avoiding conflicts with external storages that could be used
with the container (volume option, remote storage mounted, etc.)
parent a55bf542
...@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org> ...@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=201711121500 ENV IMAGE_DATE=201711121500
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y openssh-server openjdk-8-jdk lftp ca-certificates && \ apt-get install -y openssh-server openjdk-8-jdk lftp ca-certificates && \
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \ apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
...@@ -11,5 +18,6 @@ RUN apt-get update && \ ...@@ -11,5 +18,6 @@ RUN apt-get update && \
sed -i 's,use_authtok ,,' /etc/pam.d/common-password && \ sed -i 's,use_authtok ,,' /etc/pam.d/common-password && \
ssh-keygen -A && \ ssh-keygen -A && \
mkdir -p /var/run/sshd && \ mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \ addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd echo "jenkins:jenkins" | chpasswd
...@@ -2,6 +2,13 @@ FROM docker:1.11 ...@@ -2,6 +2,13 @@ FROM docker:1.11
MAINTAINER VideoLAN roots <roots@videolan.org> MAINTAINER VideoLAN roots <roots@videolan.org>
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
# https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
RUN apk add --no-cache \ RUN apk add --no-cache \
btrfs-progs \ btrfs-progs \
...@@ -31,7 +38,8 @@ COPY dind /usr/local/bin ...@@ -31,7 +38,8 @@ COPY dind /usr/local/bin
COPY dockerd-entrypoint.sh /usr/local/bin/ COPY dockerd-entrypoint.sh /usr/local/bin/
RUN mkdir -p /var/run/sshd && \ RUN mkdir -p /var/run/sshd && \
adduser -D jenkins && \ addgroup -g ${JENKINS_UID} jenkins && \
adduser -D -u ${JENKINS_UID} -G jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd echo "jenkins:jenkins" | chpasswd
VOLUME /var/lib/docker VOLUME /var/lib/docker
......
...@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org> ...@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=201803111930 ENV IMAGE_DATE=201803111930
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN echo "deb http://ftp.fr.debian.org/debian/ sid main" > /etc/apt/sources.list && \ RUN echo "deb http://ftp.fr.debian.org/debian/ sid main" > /etc/apt/sources.list && \
echo "deb-src http://ftp.fr.debian.org/debian/ sid main" >> /etc/apt/sources.list && \ echo "deb-src http://ftp.fr.debian.org/debian/ sid main" >> /etc/apt/sources.list && \
apt-get update && \ apt-get update && \
...@@ -11,7 +18,8 @@ RUN echo "deb http://ftp.fr.debian.org/debian/ sid main" > /etc/apt/sources.list ...@@ -11,7 +18,8 @@ RUN echo "deb http://ftp.fr.debian.org/debian/ sid main" > /etc/apt/sources.list
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \ apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd && \ sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd && \
mkdir -p /var/run/sshd && \ mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \ addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd echo "jenkins:jenkins" | chpasswd
# Standard SSH port # Standard SSH port
......
FROM debian:stretch FROM debian:stretch
MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=201712141608 ENV IMAGE_DATE=201712141608
MAINTAINER VideoLAN roots <roots@videolan.org> # If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN echo "deb http://ftp.fr.debian.org/debian/ stretch main" > /etc/apt/sources.list && \ RUN echo "deb http://ftp.fr.debian.org/debian/ stretch main" > /etc/apt/sources.list && \
echo "deb-src http://ftp.fr.debian.org/debian/ stretch main" >> /etc/apt/sources.list && \ echo "deb-src http://ftp.fr.debian.org/debian/ stretch main" >> /etc/apt/sources.list && \
...@@ -15,7 +22,8 @@ RUN echo "deb http://ftp.fr.debian.org/debian/ stretch main" > /etc/apt/sources. ...@@ -15,7 +22,8 @@ RUN echo "deb http://ftp.fr.debian.org/debian/ stretch main" > /etc/apt/sources.
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \ apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd && \ sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd && \
mkdir -p /var/run/sshd && \ mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \ addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd echo "jenkins:jenkins" | chpasswd
# Standard SSH port # Standard SSH port
......
...@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org> ...@@ -4,6 +4,13 @@ MAINTAINER VideoLAN roots <roots@videolan.org>
ENV IMAGE_DATE=20180202152100 ENV IMAGE_DATE=20180202152100
# If someone wants to use VideoLAN docker images on a local machine and does
# not want to be disturbed by the jenkins user, we should not take an uid/gid
# in the user range of main distributions, which means:
# - Debian based: <1000
# - RPM based: <500 (CentOS, RedHat, etc.)
ARG JENKINS_UID=499
RUN apt-get update && apt-get -y upgrade && \ RUN apt-get update && apt-get -y upgrade && \
apt-get install -y openssh-server openjdk-8-jdk lftp ca-certificates && \ apt-get install -y openssh-server openjdk-8-jdk lftp ca-certificates && \
apt-get clean -y && rm -rf /var/lib/apt/lists/* && \ apt-get clean -y && rm -rf /var/lib/apt/lists/* && \
...@@ -11,5 +18,6 @@ RUN apt-get update && apt-get -y upgrade && \ ...@@ -11,5 +18,6 @@ RUN apt-get update && apt-get -y upgrade && \
sed -i 's,use_authtok ,,' /etc/pam.d/common-password && \ sed -i 's,use_authtok ,,' /etc/pam.d/common-password && \
ssh-keygen -A && \ ssh-keygen -A && \
mkdir -p /var/run/sshd && \ mkdir -p /var/run/sshd && \
adduser --quiet jenkins && \ addgroup --quiet --gid ${JENKINS_UID} jenkins && \
adduser --quiet --uid ${JENKINS_UID} --ingroup jenkins jenkins && \
echo "jenkins:jenkins" | chpasswd echo "jenkins:jenkins" | chpasswd
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment