levogevo/ffmpeg-builder
1
0
Fork 0
mirror of https://github.com/levogevo/ffmpeg-builder.git synced 2026-01-15 19:06:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

make nobody:nogroup usable

Browse Source
This commit is contained in:
Levon Gevorgyan
2025-11-01 16:50:52 -05:00
parent 000bdb24a0
commit 636c6a0ff8
1 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/docker.sh
View File

@@ -141,15 +141,33 @@ docker_build_image() {
echo "RUN ${pkg_mgr_upgrade}" echo "RUN ${pkg_mgr_upgrade}"
printf "RUN ${pkg_install} %s\n" "${req_pkgs[@]}" printf "RUN ${pkg_install} %s\n" "${req_pkgs[@]}"
fi fi
local openPerms='sudo -E -u nobody -g nogroup'
echo 'RUN chmod 777 -R /root/' # ENV for pipx/rust
# pipx echo 'ENV PIPX_HOME=/root/.local'
echo "RUN ${openPerms} pipx install virtualenv" echo 'ENV PIPX_BIN_DIR=/root/.local/bin'
echo "RUN ${openPerms} pipx ensurepath" echo 'ENV PATH="/root/.local/bin:$PATH"'
# rust
echo 'ENV CARGO_HOME="/root/.cargo"' echo 'ENV CARGO_HOME="/root/.cargo"'
echo 'ENV RUSTUP_HOME="/root/.rustup"' echo 'ENV RUSTUP_HOME="/root/.rustup"'
echo 'ENV PATH="/root/.cargo/bin:$PATH"' echo 'ENV PATH="/root/.cargo/bin:$PATH"'
# add to profile
echo 'RUN export PIPX_HOME=${PIPX_HOME} >> /etc/profile'
echo 'RUN export PIPX_BIN_DIR=${PIPX_BIN_DIR} >> /etc/profile'
echo 'RUN export CARGO_HOME=${CARGO_HOME} >> /etc/profile'
echo 'RUN export RUSTUP_HOME=${RUSTUP_HOME} >> /etc/profile'
echo 'RUN export PATH=${PATH} >> /etc/profile'
# make nobody:nogroup usable
echo 'RUN sed -i '/nobody/d' /etc/passwd || true'
echo 'RUN echo "nobody:x:65534:65534:nobody:/root:/bin/bash" >> /etc/passwd'
echo 'RUN sed -i '/nogroup/d' /etc/group || true'
echo 'RUN echo "nogroup:x:65534:" >> /etc/group'
# open up permissions before switching user
echo 'RUN chmod 777 -R /root/'
# run as nobody:nogroup for rest of install
echo 'USER 65534:65534'
# pipx
echo "RUN pipx install virtualenv"
# rust
local rustupVersion='1.28.2' local rustupVersion='1.28.2'
local rustcVersion='1.88.0' local rustcVersion='1.88.0'
local rustupTarball="rustup-${rustupVersion}.tar.gz" local rustupTarball="rustup-${rustupVersion}.tar.gz"
@@ -161,20 +179,13 @@ docker_build_image() {
echo "ADD ${rustupTarball} /tmp/" echo "ADD ${rustupTarball} /tmp/"
local cargoInst="\ local cargoInst="\
cd /tmp/rustup-${rustupVersion} \ cd /tmp/rustup-${rustupVersion} \
&& ${openPerms} bash rustup-init.sh -y --default-toolchain=${rustcVersion} \ && bash rustup-init.sh -y --default-toolchain=${rustcVersion}"
&& rm -rf /tmp/*"
echo "RUN ${cargoInst}" echo "RUN ${cargoInst}"
# add to profile
echo 'RUN export CARGO_HOME=${CARGO_HOME} >> /etc/profile'
echo 'RUN export RUSTUP_HOME=${RUSTUP_HOME} >> /etc/profile'
echo 'RUN export PATH=${PATH} >> /etc/profile'
# install cargo-binstall # install cargo-binstall
echo "RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | ${openPerms} bash -l" echo "RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash"
# install cargo-c # install cargo-c
echo "RUN ${openPerms} bash -l -c 'cargo-binstall -y cargo-c'" echo "RUN cargo-binstall -y cargo-c"
# since any user may run this image,
# open up root tools to everyone
echo 'ENV PATH="/root/.local/bin:$PATH"'
echo "WORKDIR ${DOCKER_WORKDIR}" echo "WORKDIR ${DOCKER_WORKDIR}"
} >"${dockerfile}" } >"${dockerfile}"