chore(imagebuilder): change uid gid to 1001

Author: duanhongyi

rootfs/Dockerfile

@@ -1,26 +1,27 @@
 FROM docker.io/drycc/base:bullseye
 
-RUN adduser --system \
-  --shell /bin/bash \
-  --disabled-password \
-  --home /workspace \
-  --group drycc
-
-ADD . /
-ENV PODMAN_VERSION="4.0.2" \
+ENV DRYCC_UID=1001 \
+  DRYCC_GID=1001 \
+  DRYCC_HOME_DIR=/home/drycc \
+  PODMAN_VERSION="4.0.2" \
   MC_VERSION="2022.02.26.03.58.31" \
   CADDY_VERSION="2.4.6" \
   PACK_VERSION="0.24.0" \
   GOSU_VERSION="1.14"
 
+RUN groupadd drycc --gid ${DRYCC_GID} \
+  && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR}
+
+ADD . /
+
 RUN install-packages procps psmisc \
   && install-stack podman $PODMAN_VERSION \
   && install-stack mc $MC_VERSION \
   && install-stack caddy $CADDY_VERSION \
   && install-stack pack $PACK_VERSION \
   && install-stack gosu $GOSU_VERSION \
   && usermod --add-subuids 200000-201000 --add-subgids 200000-201000 drycc \
-  && chown -R drycc:drycc /opt/drycc/podman \
+  && chown -R ${DRYCC_GID}:${DRYCC_UID} /opt/drycc \
   && rm -rf \
       /usr/share/doc \
       /usr/share/man \
@@ -37,9 +38,6 @@ RUN install-packages procps psmisc \
   && mkdir -p /usr/share/man/man{1..8}
 
 WORKDIR /workspace
-ENV HOME /tmp
-ENV XDG_DATA_HOME /tmp
-ENV XDG_CONFIG_HOME /tmp/.config
 
 ENTRYPOINT ["init-stack", "/imagebuilder/prebuild", "/imagebuilder/build"]
 

rootfs/imagebuilder/build

@@ -29,22 +29,20 @@ function waiting_process {
     done
 }
 
-# Start podman service
-export DOCKER_PORT=1234
-export DOCKER_HOST=tcp://127.0.0.1:${DOCKER_PORT}
-
 log_level="error"
 if [[ "${DRYCC_DEBUG}" ]]; then
     log_level="debug"
     unset DRYCC_DEBUG
 fi
 
+mkdir -p "${HOME}"/.config/containers
+cp -rf /opt/drycc/podman/etc/containers/* "${HOME}"/.config/containers
 registries="/etc/imagebuilder/registries.conf"
 if [ -f "${registries}" ]; then
-    cat "${registries}" > /opt/drycc/podman/etc/containers/registries.conf
+    cat "${registries}" > "${HOME}"/.config/containers/registries.conf
 fi
 
-podman system service --time 0 tcp:0.0.0.0:${DOCKER_PORT} &
+podman system service --time 0 &
 
 waiting_process podman
 if [[ -n "${TAR_PATH}" ]]; then
@@ -68,15 +66,14 @@ if [[ "${DRYCC_REGISTRY_LOCATION}" == "off-cluster" ]] ; then
 else
     # Start registry proxy
     registry="${DRYCC_REGISTRY_PROXY_HOST}:${DRYCC_REGISTRY_PROXY_PORT}"
-    if [[ ${log_level} == "debug" ]] ; then
-        output="/dev/stdout"
-    else
-        output="/dev/null"
-    fi
-    caddy reverse-proxy \
+
+    caddy_command="caddy reverse-proxy \
         --from ":${DRYCC_REGISTRY_PROXY_PORT}" \
-        --to "${DRYCC_REGISTRY_SERVICE_HOST}:${DRYCC_REGISTRY_SERVICE_PORT}" \
-        > "${output}" 2>&1 &
+        --to "${DRYCC_REGISTRY_SERVICE_HOST}:${DRYCC_REGISTRY_SERVICE_PORT}""
+    if [[ ${log_level} != "debug" ]] ; then
+        caddy_command="${caddy_command} > /dev/null"
+    fi
+    $caddy_command 2>&1 &
     waiting_process caddy
     podman login \
         --username drycc \
@@ -105,6 +102,9 @@ if [[ "${DRYCC_STACK}" == "container" ]] ; then
 else
     echo "---> Building pack"
     echo "---> Using builder ${pack_builder}"
+    # podman connection
+    readonly DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
+    export DOCKER_HOST
     pack_command="pack build ${image_repo} \
             --builder ${pack_builder} \
             --docker-host ${DOCKER_HOST} \
@@ -113,8 +113,7 @@ else
             --publish \
             --cache-image ${image_cache_repo} \
             --tag ${image_latest_repo} \
-            --network host \
-            --verbose"
+            --network host"
     if [[ $log_level == "debug" ]] ; then
         pack_command="$pack_command --verbose"
     fi

rootfs/imagebuilder/prebuild

@@ -3,4 +3,5 @@
 set -e
 
 mount --make-rshared /
-exec gosu drycc "$@"
+chown "${DRYCC_GID}":"${DRYCC_UID}" -R /workspace
+exec gosu "${DRYCC_UID}" "$@"