Major changes.

- runas now uses gosu instead of sudo. - No more different versions for different userlands. - Run when not root.

Major changes.
0cb39d8b · nimrod · 9ab847ec · 0cb39d8b · 0cb39d8b
Commit 0cb39d8b authored 7 years ago by nimrod
--- a/Dockerfile
+++ b/Dockerfile
 ARG image
 FROM ${image}
-RUN if command -v apt-get; \
-    then \
-        apt-get update && apt-get install -y sudo; \
-    elif command -v yum; \
-    then \
-        yum install -y sudo; \
-    elif command -v apk; \
-    then \
-        apk add --update --no-cache sudo; \
-    elif command -v dnf; \
-    then \
-        dnf install -y sudo; \
-    fi
-ARG userland
-ADD [ "https://www.shore.co.il/blog/static/runas-${userland}", "/entrypoint" ]
-ENTRYPOINT [ "/bin/sh", "/entrypoint" ]
+RUN apk add --update --no-cache openssl || true && \
+    wget https://github.com/tianon/gosu/releases/download/1.10/gosu-amd64 || \
+    curl -fsSL https://github.com/tianon/gosu/releases/download/1.10/gosu-amd64 -o gosu-amd64 && \
+    install -o root -g root -m 755 gosu-amd64 /usr/local/bin/gosu && \
+    rm gosu-amd64 && \
+    wget https://www.shore.co.il/blog/static/runas || \
+    curl -fsSL https://www.shore.co.il/blog/static/runas -o runas && \
+    install -o root -g root -m 755 runas /entrypoint && \
+    rm runas
+ENTRYPOINT [ "/entrypoint" ]
 VOLUME /data
 WORKDIR /data
 ENV HOME /data
--- a/test.bats
+++ b/test.bats
 #!/usr/bin/env bats

-_test () {
+_test_root () {
    name="${1:-$BATS_TEST_DESCRIPTION}"
    tag="${2:-latest}"
-    userland="${3:-gnu}"
-    docker build -t "runas-$name" --build-arg "image=$name:$tag" --build-arg "userland=$userland" ./
-    docker run --rm -v "$BATS_TEST_DIRNAME:/data" "runas-$name" touch "$name.touch"
-    test "$(id -u)" = "$(stat -c '%u' $name.touch)"
-    test "$(id -g)" = "$(stat -c '%g' $name.touch)"
+    docker build -t "runas-$name" --build-arg "image=$name:$tag" ./
+    docker run --rm -v "$BATS_TEST_DIRNAME:/data" "runas-$name" touch "$name.root"
+    test "$(id -u)" = "$(stat -c '%u' $name.root)"
+    test "$(id -g)" = "$(stat -c '%g' $name.root)"
+}
+
+_test_user () {
+    name="${1:-$BATS_TEST_DESCRIPTION}"
+    tag="${2:-latest}"
+    user="$(id -u)"
+    group="$(id -g)"
+    docker build -t "runas-$name" --build-arg "image=$name:$tag" ./
+    docker run -u "$user:$group" --rm -v "$BATS_TEST_DIRNAME:/data" "runas-$name" touch "$name.user"
+    test "$user" = "$(stat -c '%u' $name.user)"
+    test "$user" = "$(stat -c '%g' $name.user)"
 }

 teardown () {
@@ -15,8 +25,13 @@ teardown () {
    rm -f *.touch
 }

-@test "ubuntu" { _test; }
-@test "debian" { _test debian stable-slim; }
-@test "centos" { _test; }
-@test "fedora" { _test; }
-@test "alpine" { _test alpine latest busybox; }
+@test "ubuntu" { _test_root buildpack-deps bionic; }
+@test "debian" { _test_root buildpack-deps stretch; }
+@test "centos" { _test_root; }
+@test "fedora" { _test_root; }
+@test "alpine" { _test_root; }
+@test "ubuntu" { _test_user buildpack-deps bionic; }
+@test "debian" { _test_user buildpack-deps stretch; }
+@test "centos" { _test_user; }
+@test "fedora" { _test_user; }
+@test "alpine" { _test_user; }