build-deb: docker user inside images shouldn't have uid of 0

2021-09-02 00:07:54 +12:00
parent edbc2e0505
commit a227924595
7 changed files with 46 additions and 14 deletions
--- a/builder/build-deb
+++ b/builder/build-deb
@@ -5,14 +5,16 @@ set -e
 cd "$(dirname "$0")/.."
 . builder/os_ver_cli.sh

+L_UID=$(id -u) #Ubuntu already has UID env var, but this should work on all Linix systems
+L_GID=$(id -g)
+
 builder_image=debbuilder_${os}:${os_codename}${build_tag_for_images}
 docker build --build-arg KASMVNC_PACKAGE_DIR="builder/build/${os_codename}" \
+  --build-arg L_UID="$L_UID" \
  -t "$builder_image" -f \
  builder/dockerfile.${os}_${os_codename}${build_tag}.deb.build .

 deb_output_dir=$(cd .. && echo $PWD)
-L_UID=$(id -u) #Ubuntu already has UID env var, but this should work on all Linix systems
-L_GID=$(id -g)
 docker run --rm -v "$deb_output_dir":/src -e BUILD_TAG="$build_tag" \
  --user "$L_UID:$L_GID" \
  "$builder_image" /bin/bash -c \
--- a/builder/dockerfile.debian_bullseye.deb.build
+++ b/builder/dockerfile.debian_bullseye.deb.build
@@ -9,6 +9,11 @@ RUN apt-get update && \
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control

-RUN useradd -m docker -u 1000
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi

-USER 1000
+USER docker
--- a/builder/dockerfile.debian_buster.deb.build
+++ b/builder/dockerfile.debian_buster.deb.build
@@ -9,6 +9,11 @@ RUN apt-get update && \
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control

-RUN useradd -m docker -u 1000
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi

-USER 1000
+USER docker
--- a/builder/dockerfile.kali_kali-rolling.deb.build
+++ b/builder/dockerfile.kali_kali-rolling.deb.build
@@ -9,6 +9,11 @@ RUN apt-get update && \
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control

-RUN useradd -m docker -u 1000
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi

-USER 1000
+USER docker
--- a/builder/dockerfile.ubuntu_bionic+libjpeg-turbo_latest.deb.build
+++ b/builder/dockerfile.ubuntu_bionic+libjpeg-turbo_latest.deb.build
@@ -13,6 +13,11 @@ RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control

 ENV LD_LIBRARY_PATH="/opt/libjpeg-turbo/lib64/:$LD_LIBRARY_PATH"

-RUN useradd -m docker -u 1000
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi

-USER 1000
+USER docker
--- a/builder/dockerfile.ubuntu_bionic.deb.build
+++ b/builder/dockerfile.ubuntu_bionic.deb.build
@@ -7,6 +7,11 @@ RUN apt-get update && \
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control

-RUN useradd -m docker -u 1000
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi

-USER 1000
+USER docker
--- a/builder/dockerfile.ubuntu_focal.deb.build
+++ b/builder/dockerfile.ubuntu_focal.deb.build
@@ -9,6 +9,11 @@ RUN apt-get update && \
 COPY ./debian/control /tmp
 RUN apt-get update && echo YYY | mk-build-deps --install --remove /tmp/control

-RUN useradd -m docker -u 1000
+ARG L_UID
+RUN if [ "$L_UID" -eq 0 ]; then \
+      useradd -m docker; \
+    else \
+      useradd -m docker -u $L_UID;\
+    fi

-USER 1000
+USER docker