From 051dbbb17c73835a407baa24296ef4085b5de30e Mon Sep 17 00:00:00 2001 From: Stefano Alberto Russo <stefano.russo@gmail.com> Date: Fri, 8 Apr 2022 01:55:08 +0200 Subject: [PATCH] Added the "rosetta" user to the registry and standalone computing services. --- services/dregistry/Dockerfile | 18 ++++++++++++++++++ services/standaloneworker/Dockerfile | 23 ++++++++++++++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/services/dregistry/Dockerfile b/services/dregistry/Dockerfile index 424e538..5588df7 100755 --- a/services/dregistry/Dockerfile +++ b/services/dregistry/Dockerfile @@ -1 +1,19 @@ FROM registry:2 + +RUN set -ex && apk --no-cache add sudo bash + +#------------------------ +# Rosetta user +#------------------------ + +# Add group. We chose GID 65527 to try avoiding conflicts. +RUN addgroup -g 65527 rosetta + +# Add user. We chose UID 65527 to try avoiding conflicts. +RUN adduser rosetta -D -h /rosetta -u 65527 -G rosetta -s /bin/bash + +# Add rosetta user to sudoers +RUN adduser rosetta wheel + +# Passwordless sudo +RUN sed -e 's;^# \(%wheel.*NOPASSWD.*\);\1;g' -i /etc/sudoers \ No newline at end of file diff --git a/services/standaloneworker/Dockerfile b/services/standaloneworker/Dockerfile index 11ceace..1c66d6d 100755 --- a/services/standaloneworker/Dockerfile +++ b/services/standaloneworker/Dockerfile @@ -24,11 +24,32 @@ RUN dnf install -y python wget # Install iputils (fpr ping) and openssh-clients (for scp) RUN dnf install -y iputils openssh-clients -# TODO: Add the rosettta user # Copy registries.conf to allow insecure access to dregistry COPY registries.conf /etc/containers/registries.conf + +#------------------------ +# Rosetta user +#------------------------ + +# Add group. We chose GID 65527 to try avoiding conflicts. +RUN groupadd -g 65527 rosetta + +# Add user. We chose UID 65527 to try avoiding conflicts. +RUN useradd rosetta -d /rosetta -u 65527 -g 65527 -m -s /bin/bash + +# Add rosetta user to sudoers +RUN usermod -aG wheel rosetta + +# Passwordless sudo +RUN sed -e 's;^# \(%wheel.*NOPASSWD.*\);\1;g' -i /etc/sudoers + +# Authorized keys +RUN mkdir /rosetta/.ssh +COPY keys/id_rsa.pub /rosetta/.ssh/authorized_keys + + #---------------------- # Entrypoint #---------------------- -- GitLab