From 9c40cf2f989bf2bd328a1342de6568deb312a923 Mon Sep 17 00:00:00 2001 From: Anton Khizunov Date: Tue, 30 Jan 2024 20:05:13 +0000 Subject: [PATCH] Fix user permissions and add support for Docker buildkit and credentials --- skipper/data/skipper-entrypoint.sh | 10 +++++++--- skipper/runner.py | 7 +++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/skipper/data/skipper-entrypoint.sh b/skipper/data/skipper-entrypoint.sh index 60cdb02..ee7e823 100755 --- a/skipper/data/skipper-entrypoint.sh +++ b/skipper/data/skipper-entrypoint.sh @@ -3,7 +3,6 @@ if ! [ -z "${SKIPPER_DOCKER_GID}" ];then HOME_DIR=${HOME} - SKIP_HOME_DIR_PARAM="" # if home directory already exists, useradd should not try to create it @@ -29,8 +28,13 @@ if ! [ -z "${SKIPPER_DOCKER_GID}" ];then usermod -G root ${SKIPPER_USERNAME} fi - - su -m ${SKIPPER_USERNAME} -c "$@" + if ! which sudo > /dev/null; then + su -m ${SKIPPER_USERNAME} -c "$@" + else + # for debian dsitros (maybe for others too) -m flag resets the PATH variable + # so we need to use sudo -E to preserve the PATH + sudo -sE -u ${SKIPPER_USERNAME} "$@" + fi else bash -c "$@" fi diff --git a/skipper/runner.py b/skipper/runner.py index ebde2c0..745ef1b 100644 --- a/skipper/runner.py +++ b/skipper/runner.py @@ -138,8 +138,11 @@ def handle_networking(cmd, publish, net): def handle_volumes_bind_mount(docker_cmd, homedir, volumes, workspace): volumes = volumes or [] volumes.extend([f'{homedir}/.netrc:{homedir}/.netrc:ro', - f'{homedir}/.gitconfig:{homedir}/.gitconfig:ro', - f'{homedir}/.docker/config.json:{homedir}/.docker/config.json:ro']) + f'{homedir}/.gitconfig:{homedir}/.gitconfig:ro']) + + # required for docker buildkit and credentials + if os.path.exists(f'{homedir}/.docker'): + volumes.append(f'{homedir}/.docker:{homedir}/.docker:rw') # required for docker login (certificates) if os.path.exists('/etc/docker'):