From 3eb47762547563f6fcc1c63940159c90792a3852 Mon Sep 17 00:00:00 2001 From: Boris Capitanu Date: Thu, 30 May 2019 12:14:09 -0500 Subject: [PATCH 1/2] Possible improvement for #1202 --- .../typesafe/sbt/packager/docker/DockerPlugin.scala | 12 ++++++++---- src/sbt-test/docker/file-permission/build.sbt | 10 +++++----- .../docker/test-busybox-create-user/build.sbt | 13 +++++++++++++ .../test-busybox-create-user/project/plugins.sbt | 1 + .../src/main/scala/Main.scala | 5 +++++ src/sbt-test/docker/test-busybox-create-user/test | 3 +++ 6 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 src/sbt-test/docker/test-busybox-create-user/build.sbt create mode 100644 src/sbt-test/docker/test-busybox-create-user/project/plugins.sbt create mode 100644 src/sbt-test/docker/test-busybox-create-user/src/main/scala/Main.scala create mode 100644 src/sbt-test/docker/test-busybox-create-user/test diff --git a/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala b/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala index e273c4c87..84f64b973 100644 --- a/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala +++ b/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala @@ -369,14 +369,18 @@ object DockerPlugin extends AutoPlugin { gidOpt: Option[String]): CmdLike = Cmd( "RUN", - (List("id", "-u", daemonUser, "2>", "/dev/null", "||") ::: + (List("id", "-u", daemonUser, "1>/dev/null", "2>&1", "||") ::: (gidOpt.fold[List[String]](Nil)( - gid => List("((", "getent", "group", gid, "||", "groupadd", "-g", gid, daemonGroup, ")", "&&") + gid => List("((", "getent", "group", gid, "1>/dev/null", "2>&1", "||", + "(", "type", "groupadd", "1>/dev/null", "2>&1", "&&", "groupadd", "-g", gid, daemonGroup, + "||", "addgroup", "-g", gid, "-S", daemonGroup, "))", "&&") )) ::: - List("useradd", "--system", "--create-home") ::: + List("(", "type", "useradd", "1>/dev/null", "2>&1", "&&", "useradd", "--system", "--create-home") ::: (uidOpt.fold[List[String]](Nil)(List("--uid", _))) ::: (gidOpt.fold[List[String]](Nil)(List("--gid", _))) ::: - List(daemonUser, ")")): _* + List(daemonUser, "||", "adduser", "-S") ::: + (uidOpt.fold[List[String]](Nil)(List("-u", _))) ::: + List("-G", daemonGroup, daemonUser, "))")): _* ) /** diff --git a/src/sbt-test/docker/file-permission/build.sbt b/src/sbt-test/docker/file-permission/build.sbt index 8709ec6fe..cbea0ac2a 100644 --- a/src/sbt-test/docker/file-permission/build.sbt +++ b/src/sbt-test/docker/file-permission/build.sbt @@ -23,7 +23,7 @@ lazy val root = (project in file(".")) | |FROM fabric8/java-centos-openjdk8-jdk |USER root - |RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 ) + |RUN id -u demiourgos728 1>/dev/null 2>&1 || (( getent group 0 1>/dev/null 2>&1 || ( type groupadd 1>/dev/null 2>&1 && groupadd -g 0 root || addgroup -g 0 -S root )) && ( type useradd 1>/dev/null 2>&1 && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 || adduser -S -u 1001 -G root demiourgos728 )) |WORKDIR /opt/docker |COPY --from=stage0 --chown=demiourgos728:root /opt/docker /opt/docker |USER 1001:0 @@ -37,7 +37,7 @@ lazy val root = (project in file(".")) assertEquals(lines, """FROM fabric8/java-centos-openjdk8-jdk |USER root - |RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 ) + |RUN id -u demiourgos728 1>/dev/null 2>&1 || (( getent group 0 1>/dev/null 2>&1 || ( type groupadd 1>/dev/null 2>&1 && groupadd -g 0 root || addgroup -g 0 -S root )) && ( type useradd 1>/dev/null 2>&1 && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 || adduser -S -u 1001 -G root demiourgos728 )) |WORKDIR /opt/docker |COPY opt /opt |USER 1001:0 @@ -51,7 +51,7 @@ lazy val root = (project in file(".")) assertEquals(lines, """FROM fabric8/java-centos-openjdk8-jdk |USER root - |RUN id -u demiourgos728 2> /dev/null || (( getent group 5000 || groupadd -g 5000 sbt ) && useradd --system --create-home --uid 1001 --gid 5000 demiourgos728 ) + |RUN id -u demiourgos728 1>/dev/null 2>&1 || (( getent group 5000 1>/dev/null 2>&1 || ( type groupadd 1>/dev/null 2>&1 && groupadd -g 5000 sbt || addgroup -g 5000 -S sbt )) && ( type useradd 1>/dev/null 2>&1 && useradd --system --create-home --uid 1001 --gid 5000 demiourgos728 || adduser -S -u 1001 -G sbt demiourgos728 )) |WORKDIR /opt/docker |COPY opt /opt |USER 1001:5000 @@ -65,7 +65,7 @@ lazy val root = (project in file(".")) assertEquals(lines, """FROM openjdk:8 |USER root - |RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 ) + |RUN id -u demiourgos728 1>/dev/null 2>&1 || (( getent group 0 1>/dev/null 2>&1 || ( type groupadd 1>/dev/null 2>&1 && groupadd -g 0 root || addgroup -g 0 -S root )) && ( type useradd 1>/dev/null 2>&1 && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 || adduser -S -u 1001 -G root demiourgos728 )) |WORKDIR /opt/docker |COPY opt /opt |RUN ["chmod", "-R", "u=rX,g=rX", "/opt/docker"] @@ -100,7 +100,7 @@ lazy val root = (project in file(".")) | |FROM fabric8/java-centos-openjdk8-jdk |USER root - |RUN id -u demiourgos728 2> /dev/null || (( getent group 0 || groupadd -g 0 root ) && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 ) + |RUN id -u demiourgos728 1>/dev/null 2>&1 || (( getent group 0 1>/dev/null 2>&1 || ( type groupadd 1>/dev/null 2>&1 && groupadd -g 0 root || addgroup -g 0 -S root )) && ( type useradd 1>/dev/null 2>&1 && useradd --system --create-home --uid 1001 --gid 0 demiourgos728 || adduser -S -u 1001 -G root demiourgos728 )) |WORKDIR /opt/docker |COPY --from=stage0 --chown=demiourgos728:root /opt/docker /opt/docker |USER 1001:0 diff --git a/src/sbt-test/docker/test-busybox-create-user/build.sbt b/src/sbt-test/docker/test-busybox-create-user/build.sbt new file mode 100644 index 000000000..56663fb4b --- /dev/null +++ b/src/sbt-test/docker/test-busybox-create-user/build.sbt @@ -0,0 +1,13 @@ + +enablePlugins(JavaAppPackaging) + +name := "test-busybox-create-user" + +version := "0.1.0" + +maintainer := "Boris Capitanu " +dockerBaseImage := "anapsix/alpine-java:8" +daemonUserUid in Docker := Some("2000") +daemonUser in Docker := "appuser" +daemonGroupGid in Docker := Some("3000") +daemonGroup in Docker := "appgroup" \ No newline at end of file diff --git a/src/sbt-test/docker/test-busybox-create-user/project/plugins.sbt b/src/sbt-test/docker/test-busybox-create-user/project/plugins.sbt new file mode 100644 index 000000000..b53de154c --- /dev/null +++ b/src/sbt-test/docker/test-busybox-create-user/project/plugins.sbt @@ -0,0 +1 @@ +addSbtPlugin("com.typesafe.sbt" % "sbt-native-packager" % sys.props("project.version")) diff --git a/src/sbt-test/docker/test-busybox-create-user/src/main/scala/Main.scala b/src/sbt-test/docker/test-busybox-create-user/src/main/scala/Main.scala new file mode 100644 index 000000000..b44445bf0 --- /dev/null +++ b/src/sbt-test/docker/test-busybox-create-user/src/main/scala/Main.scala @@ -0,0 +1,5 @@ +import com.sun.security.auth.module.UnixSystem + +object Main extends App { + println(System.getProperty("user.name")) +} diff --git a/src/sbt-test/docker/test-busybox-create-user/test b/src/sbt-test/docker/test-busybox-create-user/test new file mode 100644 index 000000000..42d578e52 --- /dev/null +++ b/src/sbt-test/docker/test-busybox-create-user/test @@ -0,0 +1,3 @@ +# Generate the Docker image locally +> docker:publishLocal +$ exec bash -c 'docker run test-busybox-create-user:0.1.0 | grep -q "appuser"' From 3d2bd940432b995bfc6151a547840bf824c1b95f Mon Sep 17 00:00:00 2001 From: Boris Capitanu Date: Thu, 30 May 2019 14:33:41 -0500 Subject: [PATCH 2/2] Fixed code formatting --- .../sbt/packager/docker/DockerPlugin.scala | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala b/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala index 84f64b973..4526fe97e 100644 --- a/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala +++ b/src/main/scala/com/typesafe/sbt/packager/docker/DockerPlugin.scala @@ -371,14 +371,18 @@ object DockerPlugin extends AutoPlugin { "RUN", (List("id", "-u", daemonUser, "1>/dev/null", "2>&1", "||") ::: (gidOpt.fold[List[String]](Nil)( - gid => List("((", "getent", "group", gid, "1>/dev/null", "2>&1", "||", - "(", "type", "groupadd", "1>/dev/null", "2>&1", "&&", "groupadd", "-g", gid, daemonGroup, - "||", "addgroup", "-g", gid, "-S", daemonGroup, "))", "&&") + gid => + List("((", "getent", "group", gid, "1>/dev/null", "2>&1", "||") ::: + List("(", "type", "groupadd", "1>/dev/null", "2>&1", "&&") ::: + List("groupadd", "-g", gid, daemonGroup, "||") ::: + List("addgroup", "-g", gid, "-S", daemonGroup, "))", "&&") )) ::: - List("(", "type", "useradd", "1>/dev/null", "2>&1", "&&", "useradd", "--system", "--create-home") ::: + List("(", "type", "useradd", "1>/dev/null", "2>&1", "&&") ::: + List("useradd", "--system", "--create-home") ::: (uidOpt.fold[List[String]](Nil)(List("--uid", _))) ::: (gidOpt.fold[List[String]](Nil)(List("--gid", _))) ::: - List(daemonUser, "||", "adduser", "-S") ::: + List(daemonUser, "||") ::: + List("adduser", "-S") ::: (uidOpt.fold[List[String]](Nil)(List("-u", _))) ::: List("-G", daemonGroup, daemonUser, "))")): _* )