From 86aa8e413acc1dbcc7760cb220a6ee2126e926b6 Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Mon, 28 Nov 2016 14:13:18 +0100 Subject: Restructured docker building I have restructured the docker build process entirely, the binary gets built outside of the docker build command, now we are managing all dependencies with real Alpine packages and I have dropped features like socat or the cron daemon. Signed-off-by: Thomas Boerger --- .dockerignore | 24 ++------- Dockerfile | 59 +++++++++++++++------ Dockerfile.rpi | 62 ++++++++++++++-------- docker/README.md | 111 ---------------------------------------- docker/build.sh | 36 ------------- docker/etc/nsswitch.conf | 15 ++++++ docker/etc/profile.d/gitea.sh | 2 + docker/etc/s6/.s6-svscan/finish | 2 + docker/etc/s6/gitea/finish | 2 + docker/etc/s6/gitea/run | 6 +++ docker/etc/s6/gitea/setup | 19 +++++++ docker/etc/s6/openssh/finish | 2 + docker/etc/s6/openssh/run | 6 +++ docker/etc/s6/openssh/setup | 29 +++++++++++ docker/etc/s6/syslogd/finish | 2 + docker/etc/s6/syslogd/run | 6 +++ docker/etc/s6/syslogd/setup | 1 + docker/etc/ssh/sshd_config | 33 ++++++++++++ docker/etc/templates/app.ini | 24 +++++++++ docker/nsswitch.conf | 16 ------ docker/s6/.s6-svscan/finish | 5 -- docker/s6/crond/down | 0 docker/s6/crond/run | 9 ---- docker/s6/gogs/run | 8 --- docker/s6/gogs/setup | 23 --------- docker/s6/openssh/run | 7 --- docker/s6/openssh/setup | 23 --------- docker/s6/syslogd/run | 7 --- docker/sshd_config | 16 ------ docker/start.sh | 65 ----------------------- docker/usr/bin/entrypoint | 11 ++++ 31 files changed, 249 insertions(+), 382 deletions(-) delete mode 100644 docker/README.md delete mode 100755 docker/build.sh create mode 100644 docker/etc/nsswitch.conf create mode 100755 docker/etc/profile.d/gitea.sh create mode 100755 docker/etc/s6/.s6-svscan/finish create mode 100755 docker/etc/s6/gitea/finish create mode 100755 docker/etc/s6/gitea/run create mode 100755 docker/etc/s6/gitea/setup create mode 100755 docker/etc/s6/openssh/finish create mode 100755 docker/etc/s6/openssh/run create mode 100755 docker/etc/s6/openssh/setup create mode 100755 docker/etc/s6/syslogd/finish create mode 100755 docker/etc/s6/syslogd/run create mode 100755 docker/etc/s6/syslogd/setup create mode 100644 docker/etc/ssh/sshd_config create mode 100644 docker/etc/templates/app.ini delete mode 100644 docker/nsswitch.conf delete mode 100755 docker/s6/.s6-svscan/finish delete mode 100644 docker/s6/crond/down delete mode 100755 docker/s6/crond/run delete mode 100755 docker/s6/gogs/run delete mode 100755 docker/s6/gogs/setup delete mode 100755 docker/s6/openssh/run delete mode 100755 docker/s6/openssh/setup delete mode 100755 docker/s6/syslogd/run delete mode 100644 docker/sshd_config delete mode 100755 docker/start.sh create mode 100755 docker/usr/bin/entrypoint diff --git a/.dockerignore b/.dockerignore index b33dbf58a8..e3e379e3f7 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,19 +1,5 @@ -.git -.git/** -packager -packager/** -scripts -scripts/** -.github/ -.github/** -config.codekit -.dockerignore -*.yml -*.md -.bra.toml -.editorconfig -.gitignore -Dockerfile* -vendor -vendor/** -gogs +* +!docker +!bin +!public +!templates diff --git a/Dockerfile b/Dockerfile index aa6c834e20..df363e07fb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,47 @@ -FROM alpine:3.3 -MAINTAINER jp@roemer.im +FROM alpine:edge +MAINTAINER Thomas Boerger -# Install system utils & Gogs runtime dependencies -ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-amd64 /usr/sbin/gosu -RUN chmod +x /usr/sbin/gosu \ - && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata - -ENV GITEA_CUSTOM /data/gogs +EXPOSE 22 3000 -COPY . /app/gogs/ -WORKDIR /app/gogs/ -RUN ./docker/build.sh +RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ + apk -U add \ + gosu@testing \ + shadow \ + ca-certificates \ + sqlite \ + bash \ + git \ + linux-pam \ + s6 \ + curl \ + openssh \ + tzdata && \ + rm -rf \ + /var/cache/apk/* && \ + groupadd \ + -r \ + -g 1000 \ + git && \ + useradd \ + -r -M \ + -p '*' \ + -d /data/git \ + -s /bin/bash \ + -u 1000 \ + -g git \ + git -# Configure LibC Name Service -COPY docker/nsswitch.conf /etc/nsswitch.conf +ENV USER git +ENV GITEA_CUSTOM /data/gitea +ENV GODEBUG=netdns=go -# Configure Docker Container VOLUME ["/data"] -EXPOSE 22 3000 -ENTRYPOINT ["docker/start.sh"] -CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"] + +ENTRYPOINT ["/usr/bin/entrypoint"] +CMD ["/bin/s6-svscan", "/etc/s6"] + +COPY docker / + +COPY public /app/gitea/public +COPY templates /app/gitea/templates +COPY bin/gitea /app/gitea/gitea diff --git a/Dockerfile.rpi b/Dockerfile.rpi index 8e034fe204..6a168c3a5b 100644 --- a/Dockerfile.rpi +++ b/Dockerfile.rpi @@ -1,25 +1,47 @@ -FROM hypriot/rpi-alpine-scratch:v3.2 -MAINTAINER jp@roemer.im, raxetul@gmail.com +FROM hypriot/rpi-alpine-scratch:edge +MAINTAINER Thomas Boerger -# Install system utils & Gogs runtime dependencies -ADD https://github.com/tianon/gosu/releases/download/1.9/gosu-armhf /usr/sbin/gosu -RUN chmod +x /usr/sbin/gosu \ - && echo "http://dl-4.alpinelinux.org/alpine/v3.3/main/" | tee /etc/apk/repositories \ - && echo "http://dl-4.alpinelinux.org/alpine/v3.3/community/" | tee -a /etc/apk/repositories \ - && apk -U --no-progress upgrade && rm -f /var/cache/apk/APKINDEX.* \ - && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat tzdata - -ENV GITEA_CUSTOM /data/gogs +EXPOSE 22 3000 -COPY . /app/gogs/ -WORKDIR /app/gogs/ -RUN ./docker/build.sh +RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ + apk -U add \ + gosu@testing \ + shadow \ + ca-certificates \ + sqlite \ + bash \ + git \ + linux-pam \ + s6 \ + curl \ + openssh \ + tzdata && \ + rm -rf \ + /var/cache/apk/* && \ + groupadd \ + -r \ + -g 1000 \ + git && \ + useradd \ + -r -M \ + -p '*' \ + -d /data/git \ + -s /bin/bash \ + -u 1000 \ + -g git \ + git -# Configure LibC Name Service -COPY docker/nsswitch.conf /etc/nsswitch.conf +ENV USER git +ENV GITEA_CUSTOM /data/gitea +ENV GODEBUG=netdns=go -# Configure Docker Container VOLUME ["/data"] -EXPOSE 22 3000 -ENTRYPOINT ["docker/start.sh"] -CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"] + +ENTRYPOINT ["/usr/bin/entrypoint"] +CMD ["/bin/s6-svscan", "/etc/s6"] + +COPY docker / + +COPY public /app/gitea/public +COPY templates /app/gitea/templates +COPY bin/gitea /app/gitea/gitea diff --git a/docker/README.md b/docker/README.md deleted file mode 100644 index e6fa15dda3..0000000000 --- a/docker/README.md +++ /dev/null @@ -1,111 +0,0 @@ -# Docker for Gogs - -Visit [Docker Hub](https://hub.docker.com/r/gogs/) see all available images and tags. - -## Usage - -To keep your data out of Docker container, we do a volume (`/var/gogs` -> `/data`) here, and you can change it based on your situation. - -``` -# Pull image from Docker Hub. -$ docker pull gogs/gogs - -# Create local directory for volume. -$ mkdir -p /var/gogs - -# Use `docker run` for the first time. -$ docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs - -# Use `docker start` if you have stopped it. -$ docker start gogs -``` - -Note: It is important to map the Gogs ssh service from the container to the host and set the appropriate SSH Port and URI settings when setting up Gogs for the first time. To access and clone Gogs Git repositories with the above configuration you would use: `git clone ssh://git@hostname:10022/username/myrepo.git` for example. - -Files will be store in local path `/var/gogs` in my case. - -Directory `/var/gogs` keeps Git repositories and Gogs data: - - /var/gogs - |-- git - | |-- gogs-repositories - |-- ssh - | |-- # ssh public/private keys for Gogs - |-- gogs - |-- conf - |-- data - |-- log - -### Volume with data container - -If you're more comfortable with mounting data to a data container, the commands you execute at the first time will look like as follows: - -``` -# Create data container -docker run --name=gogs-data --entrypoint /bin/true gogs/gogs - -# Use `docker run` for the first time. -docker run --name=gogs --volumes-from gogs-data -p 10022:22 -p 10080:3000 gogs/gogs -``` - -#### Using Docker 1.9 Volume command - -``` -# Create docker volume. -$ docker volume create --name gogs-data - -# Use `docker run` for the first time. -$ docker run --name=gogs -p 10022:22 -p 10080:3000 -v gogs-data:/data gogs/gogs -``` - -## Settings - -### Application - -Most of settings are obvious and easy to understand, but there are some settings can be confusing by running Gogs inside Docker: - -- **Repository Root Path**: keep it as default value `/home/git/gogs-repositories` because `start.sh` already made a symbolic link for you. -- **Run User**: keep it as default value `git` because `start.sh` already setup a user with name `git`. -- **Domain**: fill in with Docker container IP (e.g. `192.168.99.100`). But if you want to access your Gogs instance from a different physical machine, please fill in with the hostname or IP address of the Docker host machine. -- **SSH Port**: Use the exposed port from Docker container. For example, your SSH server listens on `22` inside Docker, but you expose it by `10022:22`, then use `10022` for this value. **Builtin SSH server is not recommended inside Docker Container** -- **HTTP Port**: Use port you want Gogs to listen on inside Docker container. For example, your Gogs listens on `3000` inside Docker, and you expose it by `10080:3000`, but you still use `3000` for this value. -- **Application URL**: Use combination of **Domain** and **exposed HTTP Port** values (e.g. `http://192.168.99.100:10080/`). - -Full documentation of application settings can be found [here](https://gogs.io/docs/advanced/configuration_cheat_sheet.html). - -### Container options - -This container have some options available via environment variables, these options are opt-in features that can help the administration of this container: - -- **SOCAT_LINK**: - - Possible value: - `true`, `false`, `1`, `0` - - Default: - `true` - - Action: - Bind linked docker container to localhost socket using socat. - Any exported port from a linked container will be binded to the matching port on localhost. - - Disclaimer: - As this option rely on the environment variable created by docker when a container is linked, this option should be deactivated in managed environment such as Rancher or Kubernetes (set to `0` or `false`) -- **RUN_CROND**: - - Possible value: - `true`, `false`, `1`, `0` - - Default: - `false` - - Action: - Request crond to be run inside the container. Its default configuration will periodically run all scripts from `/etc/periodic/${period}` but custom crontabs can be added to `/var/spool/cron/crontabs/`. - -## Upgrade - -:exclamation::exclamation::exclamation:**Make sure you have volumed data to somewhere outside Docker container**:exclamation::exclamation::exclamation: - -Steps to upgrade Gogs with Docker: - -- `docker pull gogs/gogs` -- `docker stop gogs` -- `docker rm gogs` -- Finally, create container as the first time and don't forget to do same volume and port mapping. - -## Known Issues - -- The docker container can not currently be build on Raspberry 1 (armv6l) as our base image `alpine` does not have a `go` package available for this platform. diff --git a/docker/build.sh b/docker/build.sh deleted file mode 100755 index 9965cef376..0000000000 --- a/docker/build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -set -x -set -e - -# Set temp environment vars -export GOPATH=/tmp/go -export PATH=${PATH}:${GOPATH}/bin -export GO15VENDOREXPERIMENT=1 - -# Install build deps -apk --no-cache --no-progress add --virtual build-deps build-base linux-pam-dev go - -# Install glide -git clone -b 0.10.2 https://github.com/Masterminds/glide ${GOPATH}/src/github.com/Masterminds/glide -cd ${GOPATH}/src/github.com/Masterminds/glide -make build -go install - - - -# Build Gogs -mkdir -p ${GOPATH}/src/github.com/gogits/ -ln -s /app/gogs/ ${GOPATH}/src/github.com/go-gitea/gitea -cd ${GOPATH}/src/github.com/go-gitea/gitea -glide install -make build TAGS="sqlite cert pam" - -# Cleanup GOPATH & vendoring dir -rm -r $GOPATH /app/gogs/vendor - -# Remove build deps -apk --no-progress del build-deps - -# Create git user for Gogs -adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && passwd -u git -echo "export GITEA_CUSTOM=${GITEA_CUSTOM}" >> /etc/profile diff --git a/docker/etc/nsswitch.conf b/docker/etc/nsswitch.conf new file mode 100644 index 0000000000..25fad995e6 --- /dev/null +++ b/docker/etc/nsswitch.conf @@ -0,0 +1,15 @@ +# /etc/nsswitch.conf + +passwd: compat +group: compat +shadow: compat + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis diff --git a/docker/etc/profile.d/gitea.sh b/docker/etc/profile.d/gitea.sh new file mode 100755 index 0000000000..41afd4cfb8 --- /dev/null +++ b/docker/etc/profile.d/gitea.sh @@ -0,0 +1,2 @@ +#!/bin/bash +export GITEA_CUSTOM=/data/gitea diff --git a/docker/etc/s6/.s6-svscan/finish b/docker/etc/s6/.s6-svscan/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/etc/s6/.s6-svscan/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/etc/s6/gitea/finish b/docker/etc/s6/gitea/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/etc/s6/gitea/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/etc/s6/gitea/run b/docker/etc/s6/gitea/run new file mode 100755 index 0000000000..246e74d27c --- /dev/null +++ b/docker/etc/s6/gitea/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /app/gitea > /dev/null + exec gosu git /app/gitea/gitea web +popd diff --git a/docker/etc/s6/gitea/setup b/docker/etc/s6/gitea/setup new file mode 100755 index 0000000000..27ca49db30 --- /dev/null +++ b/docker/etc/s6/gitea/setup @@ -0,0 +1,19 @@ +#!/bin/bash + +if [ ! -d /data/git/.ssh ]; then + mkdir -p /data/git/.ssh + chmod 700 /data/git/.ssh +fi + +if [ ! -f /data/git/.ssh/environment ]; then + echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment + chmod 600 /data/git/.ssh/environment +fi + +if [ ! -f /data/gitea/conf/app.ini ]; then + mkdir -p /data/gitea/conf + cp /etc/templates/app.ini /data/gitea/conf/app.ini +fi + +chown -R git:git /data/gitea /app/gitea /data/git +chmod 0755 /data/gitea /app/gitea /data/git diff --git a/docker/etc/s6/openssh/finish b/docker/etc/s6/openssh/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/etc/s6/openssh/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/etc/s6/openssh/run b/docker/etc/s6/openssh/run new file mode 100755 index 0000000000..b4c4cb4088 --- /dev/null +++ b/docker/etc/s6/openssh/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /root > /dev/null + exec gosu root /usr/sbin/sshd -E /var/log/sshd.log -D +popd diff --git a/docker/etc/s6/openssh/setup b/docker/etc/s6/openssh/setup new file mode 100755 index 0000000000..b529431a15 --- /dev/null +++ b/docker/etc/s6/openssh/setup @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ ! -d /data/ssh ]; then + mkdir -p /data/ssh +fi + +if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then + echo "Generating /data/ssh/ssh_host_ed25519_key..." + ssh-keygen -t ed25519 -b 4096 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_rsa_key ]; then + echo "Generating /data/ssh/ssh_host_rsa_key..." + ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_dsa_key ]; then + echo "Generating /data/ssh/ssh_host_dsa_key..." + ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null +fi + +if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then + echo "Generating /data/ssh/ssh_host_ecdsa_key..." + ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null +fi + +chown root:root /data/ssh/* +chmod 0700 /data/ssh +chmod 0600 /data/ssh/* diff --git a/docker/etc/s6/syslogd/finish b/docker/etc/s6/syslogd/finish new file mode 100755 index 0000000000..06bd986563 --- /dev/null +++ b/docker/etc/s6/syslogd/finish @@ -0,0 +1,2 @@ +#!/bin/bash +exit 0 diff --git a/docker/etc/s6/syslogd/run b/docker/etc/s6/syslogd/run new file mode 100755 index 0000000000..d876093047 --- /dev/null +++ b/docker/etc/s6/syslogd/run @@ -0,0 +1,6 @@ +#!/bin/bash +[[ -f ./setup ]] && source ./setup + +pushd /root > /dev/null + exec gosu root /sbin/syslogd -nS -O- +popd diff --git a/docker/etc/s6/syslogd/setup b/docker/etc/s6/syslogd/setup new file mode 100755 index 0000000000..a9bf588e2f --- /dev/null +++ b/docker/etc/s6/syslogd/setup @@ -0,0 +1 @@ +#!/bin/bash diff --git a/docker/etc/ssh/sshd_config b/docker/etc/ssh/sshd_config new file mode 100644 index 0000000000..991b5196a0 --- /dev/null +++ b/docker/etc/ssh/sshd_config @@ -0,0 +1,33 @@ +Port 22 +Protocol 2 + +AddressFamily any +ListenAddress 0.0.0.0 +ListenAddress :: + +LogLevel INFO + +HostKey /data/ssh/ssh_host_ed25519_key +HostKey /data/ssh/ssh_host_rsa_key +HostKey /data/ssh/ssh_host_dsa_key +HostKey /data/ssh/ssh_host_ecdsa_key + +AuthorizedKeysFile .ssh/authorized_keys + +UseDNS no +AllowAgentForwarding no +AllowTcpForwarding no +PrintMotd no +PrintLastLog no + +PermitUserEnvironment yes +PermitRootLogin no +ChallengeResponseAuthentication no +PasswordAuthentication no +PermitEmptyPasswords no + +AllowUsers git + +Banner none +Subsystem sftp /usr/lib/ssh/sftp-server +UsePrivilegeSeparation no diff --git a/docker/etc/templates/app.ini b/docker/etc/templates/app.ini new file mode 100644 index 0000000000..0c4b9d6595 --- /dev/null +++ b/docker/etc/templates/app.ini @@ -0,0 +1,24 @@ +[repository] +ROOT = /data/git/repositories + +[repository.upload] +TEMP_PATH = /data/gitea/uploads + +[server] +APP_DATA_PATH = /data/gitea + +[database] +HOST = mysql:3306 +PATH = /data/gitea/gitea.db + +[session] +PROVIDER_CONFIG = /data/gitea/sessions + +[picture] +AVATAR_UPLOAD_PATH = /data/gitea/avatars + +[attachment] +PATH = /data/gitea/attachments + +[log] +ROOT_PATH = /data/gitea/log diff --git a/docker/nsswitch.conf b/docker/nsswitch.conf deleted file mode 100644 index 70eb1733f4..0000000000 --- a/docker/nsswitch.conf +++ /dev/null @@ -1,16 +0,0 @@ -# /etc/nsswitch.conf - -passwd: compat -group: compat -shadow: compat - -hosts: files dns -networks: files - -protocols: db files -services: db files -ethers: db files -rpc: db files - -netgroup: nis - diff --git a/docker/s6/.s6-svscan/finish b/docker/s6/.s6-svscan/finish deleted file mode 100755 index 3fab7f42e5..0000000000 --- a/docker/s6/.s6-svscan/finish +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -# Cleanup SOCAT services and s6 event folder -rm -rf $(find /app/gogs/docker/s6/ -name 'event') -rm -rf /app/gogs/docker/s6/SOCAT_* diff --git a/docker/s6/crond/down b/docker/s6/crond/down deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/docker/s6/crond/run b/docker/s6/crond/run deleted file mode 100755 index 9aa9fb9f27..0000000000 --- a/docker/s6/crond/run +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# Crontabs are located by default in /var/spool/cron/crontabs/ -# The default configuration is also calling all the scripts in /etc/periodic/${period} - -if test -f ./setup; then - source ./setup -fi - -exec gosu root /usr/sbin/crond -fS diff --git a/docker/s6/gogs/run b/docker/s6/gogs/run deleted file mode 100755 index 1aa70eb41d..0000000000 --- a/docker/s6/gogs/run +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -if test -f ./setup; then - source ./setup -fi - -export USER=git -exec gosu $USER /app/gogs/gogs web diff --git a/docker/s6/gogs/setup b/docker/s6/gogs/setup deleted file mode 100755 index 8435e25b6b..0000000000 --- a/docker/s6/gogs/setup +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -if ! test -d ~git/.ssh; then - mkdir -p ~git/.ssh - chmod 700 ~git/.ssh -fi - -if ! test -f ~git/.ssh/environment; then - echo "GITEA_CUSTOM=${GITEA_CUSTOM}" > ~git/.ssh/environment - chmod 600 ~git/.ssh/environment -fi - -cd /app/gogs - -# Link volumed data with app data -ln -sf /data/gogs/log ./log -ln -sf /data/gogs/data ./data - -# Backward Compatibility with Gogs Container v0.6.15 -ln -sf /data/git /home/git - -chown -R git:git /data /app/gogs ~git/ -chmod 0755 /data /data/gogs ~git/ diff --git a/docker/s6/openssh/run b/docker/s6/openssh/run deleted file mode 100755 index 99172aab69..0000000000 --- a/docker/s6/openssh/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -if test -f ./setup; then - source ./setup -fi - -exec gosu root /usr/sbin/sshd -D -f /app/gogs/docker/sshd_config diff --git a/docker/s6/openssh/setup b/docker/s6/openssh/setup deleted file mode 100755 index 5333d3c06e..0000000000 --- a/docker/s6/openssh/setup +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -# Check if host keys are present, else create them -if ! test -f /data/ssh/ssh_host_rsa_key; then - ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa -fi - -if ! test -f /data/ssh/ssh_host_dsa_key; then - ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa -fi - -if ! test -f /data/ssh/ssh_host_ecdsa_key; then - ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -fi - -if ! test -f /data/ssh/ssh_host_ed25519_key; then - ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519 -fi - -# Set correct right to ssh keys -chown -R root:root /data/ssh/* -chmod 0700 /data/ssh -chmod 0600 /data/ssh/* diff --git a/docker/s6/syslogd/run b/docker/s6/syslogd/run deleted file mode 100755 index f7bdbe36d6..0000000000 --- a/docker/s6/syslogd/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -if test -f ./setup; then - source ./setup -fi - -exec gosu root /sbin/syslogd -nS -O- diff --git a/docker/sshd_config b/docker/sshd_config deleted file mode 100644 index 30c4e23c08..0000000000 --- a/docker/sshd_config +++ /dev/null @@ -1,16 +0,0 @@ -Port 22 -AddressFamily any -ListenAddress 0.0.0.0 -ListenAddress :: -Protocol 2 -LogLevel INFO -HostKey /data/ssh/ssh_host_rsa_key -HostKey /data/ssh/ssh_host_dsa_key -HostKey /data/ssh/ssh_host_ecdsa_key -HostKey /data/ssh/ssh_host_ed25519_key -PermitRootLogin no -AuthorizedKeysFile .ssh/authorized_keys -PasswordAuthentication no -UsePrivilegeSeparation no -PermitUserEnvironment yes -AllowUsers git diff --git a/docker/start.sh b/docker/start.sh deleted file mode 100755 index a54c2a9bfd..0000000000 --- a/docker/start.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -create_socat_links() { - # Bind linked docker container to localhost socket using socat - USED_PORT="3000:22" - while read NAME ADDR PORT; do - if test -z "$NAME$ADDR$PORT"; then - continue - elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then - echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2 - else - SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT} - mkdir -p ${SERV_FOLDER} - CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}" - echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run - chmod +x ${SERV_FOLDER}/run - USED_PORT="${USED_PORT}:${PORT}" - echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2 - fi - done << EOT - $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p') -EOT -} - -cleanup() { - # Cleanup SOCAT services and s6 event folder - # On start and on shutdown in case container has been killed - rm -rf $(find /app/gogs/docker/s6/ -name 'event') - rm -rf /app/gogs/docker/s6/SOCAT_* -} - -create_volume_subfolder() { - # Create VOLUME subfolder - for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do - if ! test -d $f; then - mkdir -p $f - fi - done -} - -cleanup -create_volume_subfolder - -LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]') -if [ "$LINK" = "false" -o "$LINK" = "0" ]; then - echo "init:socat | Will not try to create socat links as requested" 1>&2 -else - create_socat_links -fi - -CROND=$(echo "$RUN_CROND" | tr '[:upper:]' '[:lower:]') -if [ "$CROND" = "true" -o "$CROND" = "1" ]; then - echo "init:crond | Cron Daemon (crond) will be run as requested by s6" 1>&2 - rm -f /app/gogs/docker/s6/crond/down -else - # Tell s6 not to run the crond service - touch /app/gogs/docker/s6/crond/down -fi - -# Exec CMD or S6 by default if nothing present -if [ $# -gt 0 ];then - exec "$@" -else - exec /bin/s6-svscan /app/gogs/docker/s6/ -fi diff --git a/docker/usr/bin/entrypoint b/docker/usr/bin/entrypoint new file mode 100755 index 0000000000..a450d20607 --- /dev/null +++ b/docker/usr/bin/entrypoint @@ -0,0 +1,11 @@ +#!/bin/sh + +for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do + mkdir -p ${FOLDER} +done + +if [ $# -gt 0 ]; then + exec "$@" +else + exec /bin/s6-svscan /etc/s6 +fi -- cgit v1.2.3 From 575dc69e3b3384310e50fff6da227c15f50b3826 Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Mon, 28 Nov 2016 14:15:14 +0100 Subject: Updated drone docker definitions In order to automatically build docker images I have re-enabled the docker building parts within our drone runs on every push to master and on every tag. Signed-off-by: Thomas Boerger --- .drone.yml | 28 ++++++++++++++-------------- .drone.yml.sig | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.drone.yml b/.drone.yml index ad99c6ea21..9b858b0731 100644 --- a/.drone.yml +++ b/.drone.yml @@ -50,21 +50,21 @@ pipeline: event: [ push, tag ] branch: [ master, refs/tags/* ] - # docker: - # image: plugins/docker - # repo: gitea/gitea - # tags: [ '${TAG}' ] - # when: - # event: [ tag ] - # branch: [ refs/tags/* ] + docker: + image: plugins/docker + repo: gitea/gitea + tags: [ '${TAG}' ] + when: + event: [ tag ] + branch: [ refs/tags/* ] - # docker: - # image: plugins/docker - # repo: gitea/gitea - # tags: [ 'latest' ] - # when: - # event: [ push ] - # branch: [ master ] + docker: + image: plugins/docker + repo: gitea/gitea + tags: [ 'latest' ] + when: + event: [ push ] + branch: [ master ] release: image: plugins/s3 diff --git a/.drone.yml.sig b/.drone.yml.sig index 998c0e19f3..8e29273f1b 100644 --- a/.drone.yml.sig +++ b/.drone.yml.sig @@ -1 +1 @@ -eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2NvZGUuZ2l0ZWEuaW8vZ2l0ZWEKCnBpcGVsaW5lOgogIHRlc3Q6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogY2VydCBzcWxpdGUgcGFtIG1pbml3aW5zdmMKICAgIGNvbW1hbmRzOgogICAgICAtIGFwayAtVSBhZGQgbGludXgtcGFtLWRldiBvcGVuc3NoLWNsaWVudAogICAgICAtIG1ha2UgY2xlYW4KICAgICAgLSBtYWtlIHZldAogICAgICAjIC0gbWFrZSBsaW50CiAgICAgIC0gbWFrZSB0ZXN0CiAgICAgIC0gbWFrZSBidWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICB0ZXN0LW15c3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtbXlzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICB0ZXN0LXBnc3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtcGdzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICBjb3ZlcmFnZToKICAgIGltYWdlOiBwbHVnaW5zL2NvdmVyYWdlCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY292ZXJhZ2UuZ2l0ZWEuaW8KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0KCiAgdXBkYXRlcjoKICAgIGltYWdlOiBrYXJhbGFiZS94Z28tbGF0ZXN0OmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSBwdWJsaXNoCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWZzL3RhZ3MvKiBdCgogICMgZG9ja2VyOgogICMgICBpbWFnZTogcGx1Z2lucy9kb2NrZXIKICAjICAgcmVwbzogZ2l0ZWEvZ2l0ZWEKICAjICAgdGFnczogWyAnJHtUQUd9JyBdCiAgIyAgIHdoZW46CiAgIyAgICAgZXZlbnQ6IFsgdGFnIF0KICAjICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICAjIGRvY2tlcjoKICAjICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgIyAgIHJlcG86IGdpdGVhL2dpdGVhCiAgIyAgIHRhZ3M6IFsgJ2xhdGVzdCcgXQogICMgICB3aGVuOgogICMgICAgIGV2ZW50OiBbIHB1c2ggXQogICMgICAgIGJyYW5jaDogWyBtYXN0ZXIgXQoKICByZWxlYXNlOgogICAgaW1hZ2U6IHBsdWdpbnMvczMKICAgIHBhdGhfc3R5bGU6IHRydWUKICAgIHN0cmlwX3ByZWZpeDogZGlzdC9yZWxlYXNlLwogICAgc291cmNlOiBkaXN0L3JlbGVhc2UvKgogICAgdGFyZ2V0OiAvZ2l0ZWEvbWFzdGVyCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS8kJFRBRwogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZ2l0aHViOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0aHViLXJlbGVhc2UKICAgIGZpbGVzOgogICAgICAtIGRpc3QvcmVsZWFzZS8qCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBnaXR0ZXI6CiAgICBpbWFnZTogcGx1Z2lucy9naXR0ZXIKCnNlcnZpY2VzOgogIG15c3FsOgogICAgaW1hZ2U6IG15c3FsOjUuNwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gTVlTUUxfREFUQUJBU0U9dGVzdAogICAgICAtIE1ZU1FMX0FMTE9XX0VNUFRZX1BBU1NXT1JEPXllcwogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCBdCgogIHBnc3FsOgogICAgaW1hZ2U6IHBvc3RncmVzOjkuNQogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gUE9TVEdSRVNfREI9dGVzdAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCBdCg.CJAqrylL68UPxR-wlKhIL9waJKRhw6isiol_f9Lx5ao \ No newline at end of file +eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2NvZGUuZ2l0ZWEuaW8vZ2l0ZWEKCnBpcGVsaW5lOgogIHRlc3Q6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogY2VydCBzcWxpdGUgcGFtIG1pbml3aW5zdmMKICAgIGNvbW1hbmRzOgogICAgICAtIGFwayAtVSBhZGQgbGludXgtcGFtLWRldiBvcGVuc3NoLWNsaWVudAogICAgICAtIG1ha2UgY2xlYW4KICAgICAgLSBtYWtlIHZldAogICAgICAjIC0gbWFrZSBsaW50CiAgICAgIC0gbWFrZSB0ZXN0CiAgICAgIC0gbWFrZSBidWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICB0ZXN0LW15c3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtbXlzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICB0ZXN0LXBnc3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgLSBtYWtlIHRlc3QtcGdzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICBjb3ZlcmFnZToKICAgIGltYWdlOiBwbHVnaW5zL2NvdmVyYWdlCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY292ZXJhZ2UuZ2l0ZWEuaW8KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0KCiAgdXBkYXRlcjoKICAgIGltYWdlOiBrYXJhbGFiZS94Z28tbGF0ZXN0OmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSBwdWJsaXNoCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWZzL3RhZ3MvKiBdCgogIGRvY2tlcjoKICAgIGltYWdlOiBwbHVnaW5zL2RvY2tlcgogICAgcmVwbzogZ2l0ZWEvZ2l0ZWEKICAgIHRhZ3M6IFsgJyR7VEFHfScgXQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiBnaXRlYS9naXRlYQogICAgdGFnczogWyAnbGF0ZXN0JyBdCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS9tYXN0ZXIKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgbWFzdGVyIF0KCiAgcmVsZWFzZToKICAgIGltYWdlOiBwbHVnaW5zL3MzCiAgICBwYXRoX3N0eWxlOiB0cnVlCiAgICBzdHJpcF9wcmVmaXg6IGRpc3QvcmVsZWFzZS8KICAgIHNvdXJjZTogZGlzdC9yZWxlYXNlLyoKICAgIHRhcmdldDogL2dpdGVhLyQkVEFHCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBnaXRodWI6CiAgICBpbWFnZTogcGx1Z2lucy9naXRodWItcmVsZWFzZQogICAgZmlsZXM6CiAgICAgIC0gZGlzdC9yZWxlYXNlLyoKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHRhZyBdCiAgICAgIGJyYW5jaDogWyByZWZzL3RhZ3MvKiBdCgogIGdpdHRlcjoKICAgIGltYWdlOiBwbHVnaW5zL2dpdHRlcgoKc2VydmljZXM6CiAgbXlzcWw6CiAgICBpbWFnZTogbXlzcWw6NS43CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBNWVNRTF9EQVRBQkFTRT10ZXN0CiAgICAgIC0gTVlTUUxfQUxMT1dfRU1QVFlfUEFTU1dPUkQ9eWVzCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KCiAgcGdzcWw6CiAgICBpbWFnZTogcG9zdGdyZXM6OS41CiAgICBlbnZpcm9ubWVudDoKICAgICAgLSBQT1NUR1JFU19EQj10ZXN0CiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0K.W-dU1J1yWsWKPzQp5YvXtNAxoTa-vP_OkmBenzqR00c \ No newline at end of file -- cgit v1.2.3 From 65d0426b915472bd680788158d0c66bbbec9716e Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Mon, 28 Nov 2016 17:16:13 +0100 Subject: Use su-exec instead of gosu, much smaller --- Dockerfile | 6 +++--- Dockerfile.rpi | 6 +++--- docker/etc/s6/gitea/run | 2 +- docker/etc/s6/openssh/run | 2 +- docker/etc/s6/syslogd/run | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index df363e07fb..fd25c88346 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,9 @@ MAINTAINER Thomas Boerger EXPOSE 22 3000 -RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ - apk -U add \ - gosu@testing \ +RUN apk update && \ + apk add \ + su-exec \ shadow \ ca-certificates \ sqlite \ diff --git a/Dockerfile.rpi b/Dockerfile.rpi index 6a168c3a5b..d237a63ba0 100644 --- a/Dockerfile.rpi +++ b/Dockerfile.rpi @@ -3,9 +3,9 @@ MAINTAINER Thomas Boerger EXPOSE 22 3000 -RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ - apk -U add \ - gosu@testing \ +RUN apk update && \ + apk add \ + su-exec \ shadow \ ca-certificates \ sqlite \ diff --git a/docker/etc/s6/gitea/run b/docker/etc/s6/gitea/run index 246e74d27c..1fddb93708 100755 --- a/docker/etc/s6/gitea/run +++ b/docker/etc/s6/gitea/run @@ -2,5 +2,5 @@ [[ -f ./setup ]] && source ./setup pushd /app/gitea > /dev/null - exec gosu git /app/gitea/gitea web + exec su-exec git /app/gitea/gitea web popd diff --git a/docker/etc/s6/openssh/run b/docker/etc/s6/openssh/run index b4c4cb4088..46f422cce6 100755 --- a/docker/etc/s6/openssh/run +++ b/docker/etc/s6/openssh/run @@ -2,5 +2,5 @@ [[ -f ./setup ]] && source ./setup pushd /root > /dev/null - exec gosu root /usr/sbin/sshd -E /var/log/sshd.log -D + exec su-exec root /usr/sbin/sshd -E /var/log/sshd.log -D popd diff --git a/docker/etc/s6/syslogd/run b/docker/etc/s6/syslogd/run index d876093047..2c8d2cf1f2 100755 --- a/docker/etc/s6/syslogd/run +++ b/docker/etc/s6/syslogd/run @@ -2,5 +2,5 @@ [[ -f ./setup ]] && source ./setup pushd /root > /dev/null - exec gosu root /sbin/syslogd -nS -O- + exec su-exec root /sbin/syslogd -nS -O- popd -- cgit v1.2.3 From 972ce6b791244ca99959a725aed693628ae895ef Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Mon, 28 Nov 2016 17:22:22 +0100 Subject: Replaced shadow with addgroup and adduser --- Dockerfile | 13 +++++-------- Dockerfile.rpi | 13 +++++-------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd25c88346..c5aba1cfe9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,6 @@ EXPOSE 22 3000 RUN apk update && \ apk add \ su-exec \ - shadow \ ca-certificates \ sqlite \ bash \ @@ -18,17 +17,15 @@ RUN apk update && \ tzdata && \ rm -rf \ /var/cache/apk/* && \ - groupadd \ - -r \ + addgroup \ -g 1000 \ git && \ - useradd \ - -r -M \ - -p '*' \ - -d /data/git \ + adduser \ + -S -H -D \ + -h /data/git \ -s /bin/bash \ -u 1000 \ - -g git \ + -G git \ git ENV USER git diff --git a/Dockerfile.rpi b/Dockerfile.rpi index d237a63ba0..c618c94f2a 100644 --- a/Dockerfile.rpi +++ b/Dockerfile.rpi @@ -6,7 +6,6 @@ EXPOSE 22 3000 RUN apk update && \ apk add \ su-exec \ - shadow \ ca-certificates \ sqlite \ bash \ @@ -18,17 +17,15 @@ RUN apk update && \ tzdata && \ rm -rf \ /var/cache/apk/* && \ - groupadd \ - -r \ + addgroup \ -g 1000 \ git && \ - useradd \ - -r -M \ - -p '*' \ - -d /data/git \ + adduser \ + -S -H -D \ + -h /data/git \ -s /bin/bash \ -u 1000 \ - -g git \ + -G git \ git ENV USER git -- cgit v1.2.3 From 4b0abdae9e989614066fa01297d08ca5a7565daa Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Mon, 28 Nov 2016 17:23:22 +0100 Subject: Replaced edge with 3.4 for the alpine base image --- Dockerfile | 2 +- Dockerfile.rpi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c5aba1cfe9..80dc194c1b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:edge +FROM alpine:3.4 MAINTAINER Thomas Boerger EXPOSE 22 3000 diff --git a/Dockerfile.rpi b/Dockerfile.rpi index c618c94f2a..e82428c1b5 100644 --- a/Dockerfile.rpi +++ b/Dockerfile.rpi @@ -1,4 +1,4 @@ -FROM hypriot/rpi-alpine-scratch:edge +FROM hypriot/rpi-alpine-scratch:v3.4 MAINTAINER Thomas Boerger EXPOSE 22 3000 -- cgit v1.2.3 From d7dea676fd3f370c327a747bf819832121c0dd98 Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Mon, 28 Nov 2016 17:37:31 +0100 Subject: Added -S flag to addgroup command within Dockerfiles --- Dockerfile | 2 +- Dockerfile.rpi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 80dc194c1b..bc6b72a208 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN apk update && \ rm -rf \ /var/cache/apk/* && \ addgroup \ - -g 1000 \ + -S -g 1000 \ git && \ adduser \ -S -H -D \ diff --git a/Dockerfile.rpi b/Dockerfile.rpi index e82428c1b5..91d8c3da85 100644 --- a/Dockerfile.rpi +++ b/Dockerfile.rpi @@ -18,7 +18,7 @@ RUN apk update && \ rm -rf \ /var/cache/apk/* && \ addgroup \ - -g 1000 \ + -S -g 1000 \ git && \ adduser \ -S -H -D \ -- cgit v1.2.3