Skip to content

Commit

Permalink
Bug #1218: docker:publishLocal fails because of non-existent gid (#1219)
Browse files Browse the repository at this point in the history
* Bug #1218: docker:publishLocal fails because of non-existent gid

* Fixes #1218

* Fixes #1218 with 'USER <uid>[:<gid>]' if daemonGroupGid is given
  • Loading branch information
NicolasRouquette authored and muuki88 committed May 2, 2019
1 parent 6633630 commit 63000e0
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 16 deletions.
26 changes: 18 additions & 8 deletions src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ object DockerPlugin extends AutoPlugin {

val stage1: Seq[CmdLike] = generalCommands ++
(uidOpt match {
case Some(_) => Seq(makeUser("root"), makeUserAdd(user, uidOpt, gidOpt))
case Some(_) => Seq(makeUser("root"), makeUserAdd(user, group, uidOpt, gidOpt))
case _ => Seq()
}) ++
Seq(makeWorkdir(dockerBaseDirectory)) ++
Expand All @@ -167,7 +167,7 @@ object DockerPlugin extends AutoPlugin {
makeExposePorts(dockerExposedPorts.value, dockerExposedUdpPorts.value) ++
makeVolumes(dockerExposedVolumes.value, user, group) ++
Seq(uidOpt match {
case Some(uid) => makeUser(uid)
case Some(uid) => makeUser(uid, gidOpt)
case _ => makeUser(user)
}) ++
// Use this to debug permissions
Expand Down Expand Up @@ -350,25 +350,35 @@ object DockerPlugin extends AutoPlugin {

/**
* @param daemonUser
* @param daemonGroup
* @param uidOpt
* @param gidOpt
* @return useradd to create the daemon user with the given uidOpt and gidOpt
* @return useradd to create the daemon user with the given uidOpt and gidOpt after invoking groupadd to
* create the daemon group if the given gidOpt does not exists.
*/
private final def makeUserAdd(daemonUser: String, uidOpt: Option[String], gidOpt: Option[String]): CmdLike =
private final def makeUserAdd(daemonUser: String,
daemonGroup: String,
uidOpt: Option[String],
gidOpt: Option[String]): CmdLike =
Cmd(
"RUN",
(List("id", "-u", daemonUser, "2>", "/dev/null", "||", "useradd", "--system", "--create-home") :::
(List("id", "-u", daemonUser, "2>", "/dev/null", "||") :::
(gidOpt.fold[List[String]](Nil)(
gid => List("((", "getent", "group", gid, "||", "groupadd", "-g", gid, daemonGroup, ")", "&&")
)) :::
List("useradd", "--system", "--create-home") :::
(uidOpt.fold[List[String]](Nil)(List("--uid", _))) :::
(gidOpt.fold[List[String]](Nil)(List("--gid", _))) :::
List(daemonUser)): _*
List(daemonUser, ")")): _*
)

/**
* @param daemonUser
* @param daemonGroupOpt
* @return USER docker command
*/
private final def makeUser(daemonUser: String): CmdLike =
Cmd("USER", daemonUser)
private final def makeUser(daemonUser: String, daemonGroupOpt: Option[String] = None): CmdLike =
Cmd("USER", daemonGroupOpt.fold(daemonUser)(daemonUser + ":" + _))

/**
* @param entrypoint
Expand Down
31 changes: 23 additions & 8 deletions src/sbt-test/docker/file-permission/build.sbt
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
lazy val checkDockerfileDefaults = taskKey[Unit]("")
lazy val checkDockerfileWithStrategyNone = taskKey[Unit]("")
lazy val checkDockerfileWithStrategyNoneGid = taskKey[Unit]("")
lazy val checkDockerfileWithStrategyRun = taskKey[Unit]("")
lazy val checkDockerfileWithStrategyCopyChown = taskKey[Unit]("")
lazy val checkDockerfileWithWriteExecute = taskKey[Unit]("")
Expand All @@ -22,10 +23,10 @@ lazy val root = (project in file("."))
|
|FROM fabric8/java-centos-openjdk8-jdk
|USER root
|RUN id -u demiourgos728 2> /dev/null || useradd --system --create-home --uid 1001 --gid 0 demiourgos728
|RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 )
|WORKDIR /opt/docker
|COPY --from=stage0 --chown=demiourgos728:root /opt/docker /opt/docker
|USER 1001
|USER 1001:0
|ENTRYPOINT ["/opt/docker/bin/file-permission-test"]
|CMD []""".stripMargin.linesIterator.toList)
},
Expand All @@ -36,10 +37,24 @@ lazy val root = (project in file("."))
assertEquals(lines,
"""FROM fabric8/java-centos-openjdk8-jdk
|USER root
|RUN id -u demiourgos728 2> /dev/null || useradd --system --create-home --uid 1001 --gid 0 demiourgos728
|RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 )
|WORKDIR /opt/docker
|COPY opt /opt
|USER 1001
|USER 1001:0
|ENTRYPOINT ["/opt/docker/bin/file-permission-test"]
|CMD []""".stripMargin.linesIterator.toList)
},

checkDockerfileWithStrategyNoneGid := {
val dockerfile = IO.read((stagingDirectory in Docker).value / "Dockerfile")
val lines = dockerfile.linesIterator.toList
assertEquals(lines,
"""FROM fabric8/java-centos-openjdk8-jdk
|USER root
|RUN id -u demiourgos728 2> /dev/null || (( getent group 5000 || groupadd -g 5000 sbt ) && useradd --system --create-home --uid 1001 --gid 5000 demiourgos728 )
|WORKDIR /opt/docker
|COPY opt /opt
|USER 1001:5000
|ENTRYPOINT ["/opt/docker/bin/file-permission-test"]
|CMD []""".stripMargin.linesIterator.toList)
},
Expand All @@ -50,12 +65,12 @@ lazy val root = (project in file("."))
assertEquals(lines,
"""FROM openjdk:8
|USER root
|RUN id -u demiourgos728 2> /dev/null || useradd --system --create-home --uid 1001 --gid 0 demiourgos728
|RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 )
|WORKDIR /opt/docker
|COPY opt /opt
|RUN ["chmod", "-R", "u=rX,g=rX", "/opt/docker"]
|RUN ["chmod", "u+x,g+x", "/opt/docker/bin/file-permission-test"]
|USER 1001
|USER 1001:0
|ENTRYPOINT ["/opt/docker/bin/file-permission-test"]
|CMD []""".stripMargin.linesIterator.toList)
},
Expand Down Expand Up @@ -85,10 +100,10 @@ lazy val root = (project in file("."))
|
|FROM fabric8/java-centos-openjdk8-jdk
|USER root
|RUN id -u demiourgos728 2> /dev/null || useradd --system --create-home --uid 1001 --gid 0 demiourgos728
|RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 )
|WORKDIR /opt/docker
|COPY --from=stage0 --chown=demiourgos728:root /opt/docker /opt/docker
|USER 1001
|USER 1001:0
|ENTRYPOINT ["/opt/docker/bin/file-permission-test"]
|CMD []""".stripMargin.linesIterator.toList)
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
import com.typesafe.sbt.packager.docker._

dockerPermissionStrategy := DockerPermissionStrategy.None
dockerBaseImage := "fabric8/java-centos-openjdk8-jdk"

daemonGroupGid in Docker := Some("5000")
daemonGroup in Docker := "sbt"
5 changes: 5 additions & 0 deletions src/sbt-test/docker/file-permission/test
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ $ copy-file changes/strategy-none.sbt change.sbt
> docker:publishLocal
> checkDockerfileWithStrategyNone

$ copy-file changes/strategy-none-gid.sbt change.sbt
> reload
> docker:publishLocal
> checkDockerfileWithStrategyNoneGid

$ copy-file changes/strategy-run.sbt change.sbt
> reload
> docker:publishLocal
Expand Down

0 comments on commit 63000e0

Please sign in to comment.