diff --git a/services/dregistry/Dockerfile b/services/dregistry/Dockerfile index 424e5383345954885c38eee4d9326de1d7045de3..5588df7d9eb7acd0d99d5c7c771fab3c51ac4e65 100755 --- a/services/dregistry/Dockerfile +++ b/services/dregistry/Dockerfile @@ -1 +1,19 @@ FROM registry:2 + +RUN set -ex && apk --no-cache add sudo bash + +#------------------------ +# Rosetta user +#------------------------ + +# Add group. We chose GID 65527 to try avoiding conflicts. +RUN addgroup -g 65527 rosetta + +# Add user. We chose UID 65527 to try avoiding conflicts. +RUN adduser rosetta -D -h /rosetta -u 65527 -G rosetta -s /bin/bash + +# Add rosetta user to sudoers +RUN adduser rosetta wheel + +# Passwordless sudo +RUN sed -e 's;^# \(%wheel.*NOPASSWD.*\);\1;g' -i /etc/sudoers \ No newline at end of file diff --git a/services/standaloneworker/Dockerfile b/services/standaloneworker/Dockerfile index 11ceaceaf1455b0baca49b4dc7c2c4c41558da3f..1c66d6d2b71bc3082ae45bef3200ef9a412ef03a 100755 --- a/services/standaloneworker/Dockerfile +++ b/services/standaloneworker/Dockerfile @@ -24,11 +24,32 @@ RUN dnf install -y python wget # Install iputils (fpr ping) and openssh-clients (for scp) RUN dnf install -y iputils openssh-clients -# TODO: Add the rosettta user # Copy registries.conf to allow insecure access to dregistry COPY registries.conf /etc/containers/registries.conf + +#------------------------ +# Rosetta user +#------------------------ + +# Add group. We chose GID 65527 to try avoiding conflicts. +RUN groupadd -g 65527 rosetta + +# Add user. We chose UID 65527 to try avoiding conflicts. +RUN useradd rosetta -d /rosetta -u 65527 -g 65527 -m -s /bin/bash + +# Add rosetta user to sudoers +RUN usermod -aG wheel rosetta + +# Passwordless sudo +RUN sed -e 's;^# \(%wheel.*NOPASSWD.*\);\1;g' -i /etc/sudoers + +# Authorized keys +RUN mkdir /rosetta/.ssh +COPY keys/id_rsa.pub /rosetta/.ssh/authorized_keys + + #---------------------- # Entrypoint #----------------------