docker: allow setting UID and GID when running a container (#4776)

* Allow setting the UID and GID when running a docker container via shadow * Disable password login via usermod (fix leaving user in insecure state)
author: Robert Beal <robertbeal@users.noreply.github.com> 2017-10-13 21:26:39 +0100
committer: 无闻 <u@gogs.io> 2017-10-13 16:26:39 -0400
commit: ce7496aec97d00a055077301b83618f85cfb661d (patch)
tree: 05d3dc8c8b44314059ce747fe03c647621e254c6
parent: b16c12f67b6993e44820abb8222ad2b30b213898 (diff)
7 files changed, 87 insertions, 25 deletions
diff --git a/Dockerfile b/Dockerfile
index f424ef43..035b59a4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,20 +3,34 @@ FROM alpine:3.5
 # Install system utils & Gogs runtime dependencies
 ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-amd64 /usr/sbin/gosu
 RUN chmod +x /usr/sbin/gosu \
- && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
+  && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
+  && apk --no-cache --no-progress add \
+    bash \
+    ca-certificates \
+    curl \
+    git \
+    linux-pam \
+    openssh \
+    s6 \
+    shadow \
+    socat \
+    tzdata
 
 ENV GOGS_CUSTOM /data/gogs
 
-COPY . /app/gogs/build
+# Configure LibC Name Service
+COPY docker/nsswitch.conf /etc/nsswitch.conf
+COPY docker /app/gogs/docker
+COPY templates /app/gogs/templates
+COPY public /app/gogs/public
+
 WORKDIR /app/gogs/build
+COPY . .
 
 RUN    ./docker/build-go.sh \
     && ./docker/build.sh \
     && ./docker/finalize.sh
 
-# Configure LibC Name Service
-COPY docker/nsswitch.conf /etc/nsswitch.conf
-
 # Configure Docker Container
 VOLUME ["/data"]
 EXPOSE 22 3000
diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64
index a6c9f149..1d6e44ab 100644
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -3,20 +3,34 @@ FROM aarch64/alpine:3.5
 # Install system utils & Gogs runtime dependencies
 ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-arm64 /usr/sbin/gosu
 RUN chmod +x /usr/sbin/gosu \
- && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
+  && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
+  && apk --no-cache --no-progress add \
+    bash \
+    ca-certificates \
+    curl \
+    git \
+    linux-pam \
+    openssh \
+    s6 \
+    shadow \
+    socat \
+    tzdata
 
 ENV GOGS_CUSTOM /data/gogs
 
-COPY . /app/gogs/build
+# Configure LibC Name Service
+COPY docker/nsswitch.conf /etc/nsswitch.conf
+COPY docker /app/gogs/docker
+COPY templates /app/gogs/templates
+COPY public /app/gogs/public
+
 WORKDIR /app/gogs/build
+COPY . .
 
 RUN    ./docker/build-go.sh \
     && ./docker/build.sh \
     && ./docker/finalize.sh
 
-# Configure LibC Name Service
-COPY docker/nsswitch.conf /etc/nsswitch.conf
-
 # Configure Docker Container
 VOLUME ["/data"]
 EXPOSE 22 3000
diff --git a/Dockerfile.rpi b/Dockerfile.rpi
index 3a53b76f..51d5fbd7 100644
--- a/Dockerfile.rpi
+++ b/Dockerfile.rpi
@@ -3,20 +3,34 @@ FROM armhf/alpine:3.5
 # Install system utils & Gogs runtime dependencies
 ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu
 RUN chmod +x /usr/sbin/gosu \
- && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
+  && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
+  && apk --no-cache --no-progress add \
+    bash \
+    ca-certificates \
+    curl \
+    git \
+    linux-pam \
+    openssh \
+    s6 \
+    shadow \
+    socat \
+    tzdata
 
 ENV GOGS_CUSTOM /data/gogs
 
-COPY . /app/gogs/build
+# Configure LibC Name Service
+COPY docker/nsswitch.conf /etc/nsswitch.conf
+COPY docker /app/gogs/docker
+COPY templates /app/gogs/templates
+COPY public /app/gogs/public
+
 WORKDIR /app/gogs/build
+COPY . .
 
 RUN    ./docker/build-go.sh \
     && ./docker/build.sh \
     && ./docker/finalize.sh
 
-# Configure LibC Name Service
-COPY docker/nsswitch.conf /etc/nsswitch.conf
-
 # Configure Docker Container
 VOLUME ["/data"]
 EXPOSE 22 3000
diff --git a/Dockerfile.rpihub b/Dockerfile.rpihub
index d20b1e9a..0038b6c8 100644
--- a/Dockerfile.rpihub
+++ b/Dockerfile.rpihub
@@ -19,18 +19,32 @@ RUN [ "cross-build-start" ]
 # Install system utils & Gogs runtime dependencies
 ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu
 RUN chmod +x /usr/sbin/gosu \
- && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata
+  && echo http://dl-2.alpinelinux.org/alpine/edge/community/ >> /etc/apk/repositories \
+  && apk --no-cache --no-progress add \
+    bash \
+    ca-certificates \
+    curl \
+    git \
+    linux-pam \
+    openssh \
+    s6 \
+    shadow \
+    socat \
+    tzdata
+
+# Configure LibC Name Service
+COPY docker/nsswitch.conf /etc/nsswitch.conf
+COPY docker /app/gogs/docker
+COPY templates /app/gogs/templates
+COPY public /app/gogs/public
 
-COPY . /app/gogs/build
 WORKDIR /app/gogs/build
+COPY . .
 
 RUN    ./docker/build-go.sh \
     && ./docker/build.sh \
     && ./docker/finalize.sh
 
-# Configure LibC Name Service
-COPY docker/nsswitch.conf /etc/nsswitch.conf
-
 # For cross compile on dockerhub
 ################################
 
diff --git a/docker/build.sh b/docker/build.sh
index e970531a..bfe180b7 100755
--- a/docker/build.sh
+++ b/docker/build.sh
@@ -25,5 +25,6 @@ rm -r $GOPATH
 apk --no-progress del build-deps
 
 # Create git user for Gogs
-adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && passwd -u git
+addgroup -S git
+adduser -G git -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && usermod -p '*' git && passwd -u git
 echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" >> /etc/profile
diff --git a/docker/finalize.sh b/docker/finalize.sh
index afd18e73..9adc506a 100755
--- a/docker/finalize.sh
+++ b/docker/finalize.sh
@@ -6,9 +6,6 @@ set -e
 
 # Move to final place
 mv /app/gogs/build/gogs /app/gogs/
-mv /app/gogs/build/templates /app/gogs/
-mv /app/gogs/build/public /app/gogs/
-mv /app/gogs/build/docker /app/gogs/
 
 # Final cleaning
 rm -rf /app/gogs/build
@@ -19,4 +16,4 @@ rm /app/gogs/docker/nsswitch.conf
 rm /app/gogs/docker/README.md
 
 rm -rf /tmp/go
-rm -rf /usr/local/go
-\ No newline at end of file
+rm -rf /usr/local/go
diff --git a/docker/start.sh b/docker/start.sh
index a54c2a9b..9f9d40e9 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -38,6 +38,14 @@ create_volume_subfolder() {
     done
 }
 
+setids() {
+    PUID=${PUID:-1000}
+    PGID=${PGID:-1000}
+    groupmod -o -g "$PGID" git
+    usermod -o -u "$PUID" git
+}
+
+setids
 cleanup
 create_volume_subfolder
author	Robert Beal <robertbeal@users.noreply.github.com>	2017-10-13 21:26:39 +0100
committer	无闻 <u@gogs.io>	2017-10-13 16:26:39 -0400
commit	ce7496aec97d00a055077301b83618f85cfb661d (patch)
tree	05d3dc8c8b44314059ce747fe03c647621e254c6
parent	b16c12f67b6993e44820abb8222ad2b30b213898 (diff)