From 37ecd745a0bc5d25c95729e083aa2411aeda8384 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 1 May 2018 21:31:35 +0300
Subject: [PATCH] A single version of runas using gosu.

---
 content/docker_uid.rst       | 42 ++++++++++++++++++++----------------
 content/static/runas         | 10 ++++++++-
 content/static/runas-busybox |  8 -------
 content/static/runas-gnu     |  8 -------
 4 files changed, 32 insertions(+), 36 deletions(-)
 mode change 120000 => 100755 content/static/runas
 delete mode 100755 content/static/runas-busybox
 delete mode 100755 content/static/runas-gnu

diff --git a/content/docker_uid.rst b/content/docker_uid.rst
index 36dea6d..4c8c098 100644
--- a/content/docker_uid.rst
+++ b/content/docker_uid.rst
@@ -23,9 +23,9 @@ The trivial solution is to run the container with the correct user id, like so
     gid="$(id -g)"
     docker run -v "$PWD:/volume" --user "$uid:$gid" buildimage make
 
-I personally find it a tiresome after the 3rd time I had to rebuild the
+I personally find it a tiresome after the 3rd time I had to `sudo chown` the
 project because I forgot to specify the uid and gid and it's a (low) barrier
-to entry for new users.
+of entry for new users.
 
 A better solution
 -----------------
@@ -38,32 +38,36 @@ commands.
 
     #!/bin/sh
     set -eu
-    command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
-    uid="$(stat . --format '%u')"
-    gid="$(stat . --format '%g')"
-    groupadd --force --non-unique --gid "$gid" builder
-    useradd --non-unique --uid "$uid" --gid "$gid" --home-dir "$PWD" --no-create-home --shell /bin/bash builder
-    sudo -Eu "#$uid" -g "#$gid" -- "$@"
+    [ "$(id -u)" = "0" ] || { echo "Not running as root, continuing as the current user."; eval exec "$@"; }
+    command -v stat > /dev/null || { echo "Can't find stat, exiting."; exit 1; }
+    command -v gosu > /dev/null || { echo "Can't find gosu, exiting."; exit 1; }
+    uid="$(stat . -c '%u')"
+    gid="$(stat . -c '%g')"
+    eval exec gosu "$uid:$gid" "$@"
 
 The script is also available for `download
-<https://www.shore.co.il/blog/static/runas-gnu>`_. The only dependency is
-:code:`sudo`. There's also a `version
-<https://www.shore.co.il/blog/static/runas-busybox>`_ for images using BusyBox
-(like Alpine). You can download and check it to your VCS and incorporate it
-into your Dockerfile, or download it via the :code:`ADD` directive, like so:
+<https://www.shore.co.il/blog/static/runas>`_. The only dependency is
+`gosu <https://github.com/tianon/gosu>`_.  You can download and check it to
+your VCS and incorporate it into your Dockerfile, or download it via the
+:code:`ADD` directive, like so:
 
 .. code:: shell
 
-    FROM debian:stable
-    RUN apt-get update && \
-        DEBIAN_FRONTEND=noninteractive apt-get install -y sudo build-essential
-    ADD [ "https://www.shore.co.il/blog/static/runas-gnu", "/entrypoint" ]
-    ENTRYPOINT [ "/bin/sh", "/entrypoint" ]
+    FROM buildpack-deps
+    RUN curl -fsSL https://github.com/tianon/gosu/releases/download/1.10/gosu-amd64 -o gosu-amd64 && \
+        install -o root -g root -m 755 gosu-amd64 /usr/local/bin/gosu && \
+        rm gosu-amd64 && \
+        curl -fsSL https://www.shore.co.il/blog/static/runas -o runas && \
+        install -o root -g root -m 755 runas /entrypoint && \
+        rm runas
+    ENTRYPOINT [ "/entrypoint" ]
     VOLUME /volume
     WORKDIR /volume
     ENV HOME /volume
 
-And then finally, to build run
+Setting the home directory to the mounted volume will result in some files (like
+package managers cache) to be created there, which you may or may not want. And
+then finally, to build run
 
 .. code:: shell
 
diff --git a/content/static/runas b/content/static/runas
deleted file mode 120000
index 129d4a6..0000000
--- a/content/static/runas
+++ /dev/null
@@ -1 +0,0 @@
-runas-gnu
\ No newline at end of file
diff --git a/content/static/runas b/content/static/runas
new file mode 100755
index 0000000..bb0ea2c
--- /dev/null
+++ b/content/static/runas
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+[ "$(id -u)" = "0" ] || { echo "Not running as root, continuing as the current user."; eval exec "$@"; }
+command -v stat > /dev/null || { echo "Can't find stat, exiting."; exit 1; }
+command -v gosu > /dev/null || { echo "Can't find gosu, exiting."; exit 1; }
+uid="$(stat . -c '%u')"
+gid="$(stat . -c '%g')"
+eval exec gosu "$uid:$gid" "$@"
diff --git a/content/static/runas-busybox b/content/static/runas-busybox
deleted file mode 100755
index 74f92d3..0000000
--- a/content/static/runas-busybox
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-set -eu
-command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
-uid="$(stat . -c '%u')"
-gid="$(stat . -c '%g')"
-addgroup -g "$gid" builder
-adduser -h "$PWD" -s /bin/sh -G builder -u "$uid" -H -D builder
-sudo -Eu "#$uid" -g "#$gid" -- "$@"
diff --git a/content/static/runas-gnu b/content/static/runas-gnu
deleted file mode 100755
index d3dd2f7..0000000
--- a/content/static/runas-gnu
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-set -eu
-command -v sudo > /dev/null || { echo "Can't find sudo, exiting."; exit 1; }
-uid="$(stat . --format '%u')"
-gid="$(stat . --format '%g')"
-groupadd --force --non-unique --gid "$gid" builder
-useradd --non-unique --uid "$uid" --gid "$gid" --home-dir "$PWD" --no-create-home --shell /bin/bash builder
-sudo -Eu "#$uid" -g "#$gid" -- "$@"
-- 
GitLab