Browse Source

docker: allow setting UID and GID when running a container (#4776)

* Allow setting the UID and GID when running a docker container via shadow

* Disable password login via usermod (fix leaving user in insecure state)
pull/4805/merge
Robert Beal 7 years ago committed by 无闻
parent
commit
ce7496aec9
  1. 24
      Dockerfile
  2. 24
      Dockerfile.aarch64
  3. 24
      Dockerfile.rpi
  4. 24
      Dockerfile.rpihub
  5. 3
      docker/build.sh
  6. 5
      docker/finalize.sh
  7. 8
      docker/start.sh

24
Dockerfile

@ -3,20 +3,34 @@ FROM alpine:3.5
# Install system utils & Gogs runtime dependencies
ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-amd64 /usr/sbin/gosu
RUN chmod +x /usr/sbin/gosu \
&& apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
&& echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
&& apk --no-cache --no-progress add \
bash \
ca-certificates \
curl \
git \
linux-pam \
openssh \
s6 \
shadow \
socat \
tzdata
ENV GOGS_CUSTOM /data/gogs
COPY . /app/gogs/build
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
COPY docker /app/gogs/docker
COPY templates /app/gogs/templates
COPY public /app/gogs/public
WORKDIR /app/gogs/build
COPY . .
RUN ./docker/build-go.sh \
&& ./docker/build.sh \
&& ./docker/finalize.sh
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
# Configure Docker Container
VOLUME ["/data"]
EXPOSE 22 3000

24
Dockerfile.aarch64

@ -3,20 +3,34 @@ FROM aarch64/alpine:3.5
# Install system utils & Gogs runtime dependencies
ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-arm64 /usr/sbin/gosu
RUN chmod +x /usr/sbin/gosu \
&& apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
&& echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
&& apk --no-cache --no-progress add \
bash \
ca-certificates \
curl \
git \
linux-pam \
openssh \
s6 \
shadow \
socat \
tzdata
ENV GOGS_CUSTOM /data/gogs
COPY . /app/gogs/build
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
COPY docker /app/gogs/docker
COPY templates /app/gogs/templates
COPY public /app/gogs/public
WORKDIR /app/gogs/build
COPY . .
RUN ./docker/build-go.sh \
&& ./docker/build.sh \
&& ./docker/finalize.sh
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
# Configure Docker Container
VOLUME ["/data"]
EXPOSE 22 3000

24
Dockerfile.rpi

@ -3,20 +3,34 @@ FROM armhf/alpine:3.5
# Install system utils & Gogs runtime dependencies
ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu
RUN chmod +x /usr/sbin/gosu \
&& apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
&& echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
&& apk --no-cache --no-progress add \
bash \
ca-certificates \
curl \
git \
linux-pam \
openssh \
s6 \
shadow \
socat \
tzdata
ENV GOGS_CUSTOM /data/gogs
COPY . /app/gogs/build
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
COPY docker /app/gogs/docker
COPY templates /app/gogs/templates
COPY public /app/gogs/public
WORKDIR /app/gogs/build
COPY . .
RUN ./docker/build-go.sh \
&& ./docker/build.sh \
&& ./docker/finalize.sh
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
# Configure Docker Container
VOLUME ["/data"]
EXPOSE 22 3000

24
Dockerfile.rpihub

@ -19,18 +19,32 @@ RUN [ "cross-build-start" ]
# Install system utils & Gogs runtime dependencies
ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu
RUN chmod +x /usr/sbin/gosu \
&& apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
&& echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
&& apk --no-cache --no-progress add \
bash \
ca-certificates \
curl \
git \
linux-pam \
openssh \
s6 \
shadow \
socat \
tzdata
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
COPY docker /app/gogs/docker
COPY templates /app/gogs/templates
COPY public /app/gogs/public
COPY . /app/gogs/build
WORKDIR /app/gogs/build
COPY . .
RUN ./docker/build-go.sh \
&& ./docker/build.sh \
&& ./docker/finalize.sh
# Configure LibC Name Service
COPY docker/nsswitch.conf /etc/nsswitch.conf
# For cross compile on dockerhub
################################

3
docker/build.sh

@ -25,5 +25,6 @@ rm -r $GOPATH
apk --no-progress del build-deps
# Create git user for Gogs
adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && passwd -u git
addgroup -S git
adduser -G git -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && usermod -p '*' git && passwd -u git
echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" >> /etc/profile

5
docker/finalize.sh

@ -6,9 +6,6 @@ set -e
# Move to final place
mv /app/gogs/build/gogs /app/gogs/
mv /app/gogs/build/templates /app/gogs/
mv /app/gogs/build/public /app/gogs/
mv /app/gogs/build/docker /app/gogs/
# Final cleaning
rm -rf /app/gogs/build
@ -19,4 +16,4 @@ rm /app/gogs/docker/nsswitch.conf
rm /app/gogs/docker/README.md
rm -rf /tmp/go
rm -rf /usr/local/go
rm -rf /usr/local/go

8
docker/start.sh

@ -38,6 +38,14 @@ create_volume_subfolder() {
done
}
setids() {
PUID=${PUID:-1000}
PGID=${PGID:-1000}
groupmod -o -g "$PGID" git
usermod -o -u "$PUID" git
}
setids
cleanup
create_volume_subfolder

Loading…
Cancel
Save