Skip to content

Commit

Permalink
Update docker syntax version
Browse files Browse the repository at this point in the history
Use heredocs for multi-line script.
  • Loading branch information
rubensa committed Oct 8, 2024
1 parent c445037 commit c60cf9b
Showing 1 changed file with 76 additions and 59 deletions.
135 changes: 76 additions & 59 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# syntax=docker/dockerfile:1.4
FROM rubensa/ubuntu-tini
LABEL author="Ruben Suarez <[email protected]>"

Expand All @@ -18,91 +19,107 @@ ENV GROUP_NAME=${GROUP_NAME}

# Since ubuntu:23.04 a non-root "ubuntu" user is created by default with UID=1000
# Let's remove it to avoid conflicts
RUN echo "# Removing default 'ubuntu' user..." \
#
# avoid "userdel: ubuntu mail spool (/var/mail/ubuntu) not found" warning
&& touch /var/mail/ubuntu \
&& chown ubuntu /var/mail/ubuntu \
#
# remove user
&& userdel -r ubuntu
RUN <<EOT
echo "# Removing default 'ubuntu' user..."
#
# avoid "userdel: ubuntu mail spool (/var/mail/ubuntu) not found" warning
touch /var/mail/ubuntu
chown ubuntu /var/mail/ubuntu
#
# remove user
userdel -r ubuntu
EOT

# Create a non-root user with custom group
RUN echo "# Creating group '${GROUP_NAME}' (${GROUP_ID})..." \
&& groupadd --gid ${GROUP_ID} ${GROUP_NAME} \
&& echo "# Creating user '${USER_NAME}' (${USER_ID}) and adding it to '${GROUP_NAME}'..." \
&& useradd --uid ${USER_ID} --gid ${GROUP_NAME} --home /home/${USER_NAME} --create-home --shell /bin/bash ${USER_NAME} \
&& passwd -d ${USER_NAME} \
#
# Create some user directories
&& echo "# Creating directories '.config' and '.local/bin' under user HOME directory..." \
&& mkdir -p /home/${USER_NAME}/.config \
&& mkdir -p /home/${USER_NAME}/.local/bin \
&& chown -R ${USER_NAME}:${GROUP_NAME} /home/${USER_NAME} \
#
# Set default non-root user umask to 002 to give group all file permissions (interactive non-login shell)
# Allow override by setting UMASK_SET environment variable
&& echo "# Configuring defult user mask (${UMASK_SET:-002})..." \
&& printf "\nUMASK_SET=\${UMASK_SET:-002}\numask \"\${UMASK_SET}\"\n" >> /home/${USER_NAME}/.bashrc
RUN <<EOT
echo "# Creating group '${GROUP_NAME}' (${GROUP_ID})..."
groupadd --gid ${GROUP_ID} ${GROUP_NAME}
echo "# Creating user '${USER_NAME}' (${USER_ID}) and adding it to '${GROUP_NAME}'..."
useradd --uid ${USER_ID} --gid ${GROUP_NAME} --home /home/${USER_NAME} --create-home --shell /bin/bash ${USER_NAME}
passwd -d ${USER_NAME}
#
# Create some user directories
echo "# Creating directories '.config' and '.local/bin' under user HOME directory..."
mkdir -p /home/${USER_NAME}/.config
mkdir -p /home/${USER_NAME}/.local/bin
chown -R ${USER_NAME}:${GROUP_NAME} /home/${USER_NAME}
#
# Set default non-root user umask to 002 to give group all file permissions (interactive non-login shell)
# Allow override by setting UMASK_SET environment variable
echo "# Configuring defult user mask (${UMASK_SET:-002})..."
printf "\nUMASK_SET=\${UMASK_SET:-002}\numask \"\${UMASK_SET}\"\n" >> /home/${USER_NAME}/.bashrc
EOT

# fixuid version to install (https://github.com/boxboat/fixuid/releases)
ARG FIXUID_VERSION=0.6.0
# Add fixuid
ADD https://github.com/boxboat/fixuid/releases/download/v${FIXUID_VERSION}/fixuid-${FIXUID_VERSION}-linux-${TARGETARCH}.tar.gz /tmp/fixuid-linux.tar.gz
# Install fixuid
RUN echo "# Installing fixuid..." \
&& tar -C /sbin -xzf /tmp/fixuid-linux.tar.gz \
&& rm /tmp/fixuid-linux.tar.gz \
&& chown root:root /sbin/fixuid \
&& chmod 4755 /sbin/fixuid \
&& mkdir -p /etc/fixuid \
#
# Configure fixuid to fix user home folder
&& printf "user: ${USER_NAME}\ngroup: ${GROUP_NAME}\npaths:\n - /home/${USER_NAME}" > /etc/fixuid/config.yml
RUN <<EOT
echo "# Installing fixuid..."
tar -C /sbin -xzf /tmp/fixuid-linux.tar.gz
rm /tmp/fixuid-linux.tar.gz
chown root:root /sbin/fixuid
chmod 4755 /sbin/fixuid
mkdir -p /etc/fixuid
#
# Configure fixuid to fix user home folder
printf "user: ${USER_NAME}\ngroup: ${GROUP_NAME}\npaths:\n - /home/${USER_NAME}" > /etc/fixuid/config.yml
EOT

# Avoid warnings by switching to noninteractive
ENV DEBIAN_FRONTEND=noninteractive

# Configure apt and install basic packages
RUN echo "# Configuring apt..." \
&& apt-get update \
#
# Basic apt configuration
&& echo "# Installing apt-utils, dialog, ca-certificates, curl and tzdata..." \
&& apt-get install -y --no-install-recommends apt-utils dialog ca-certificates curl tzdata 2>&1
RUN <<EOT
echo "# Configuring apt..."
apt-get update
#
# Basic apt configuration
echo "# Installing apt-utils, dialog, ca-certificates, curl and tzdata..."
apt-get install -y --no-install-recommends apt-utils dialog ca-certificates curl tzdata 2>&1
EOT

# Install locales
RUN echo "# Installing locales..." \
&& apt-get install -y --no-install-recommends locales 2>&1 \
#
# Configure locale
&& echo "# Configuring 'en_US.UTF-8' locale..." \
&& locale-gen en_US.UTF-8 \
&& update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
RUN <<EOT
echo "# Installing locales..."
apt-get install -y --no-install-recommends locales 2>&1
#
# Configure locale
echo "# Configuring 'en_US.UTF-8' locale..."
locale-gen en_US.UTF-8
update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
EOT

# Set locale
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8

# Install sudo
RUN echo "# Installing sudo..." \
&& apt-get install -y --no-install-recommends sudo 2>&1 \
#
# Add sudo support for non-root user
&& echo "# Allow 'sudo' for '${USER_NAME}'" \
&& echo "${USER_NAME} ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER_NAME} \
&& chmod 0440 /etc/sudoers.d/${USER_NAME}
RUN <<EOT
echo "# Installing sudo..."
apt-get install -y --no-install-recommends sudo 2>&1
#
# Add sudo support for non-root user
echo "# Allow 'sudo' for '${USER_NAME}'"
echo "${USER_NAME} ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/${USER_NAME}
chmod 0440 /etc/sudoers.d/${USER_NAME}
EOT

# Install some user utillities
RUN echo "# Installing bash-completion and vim..." \
&& apt-get install -y --no-install-recommends bash-completion vim 2>&1
RUN <<EOT
echo "# Installing bash-completion and vim..."
apt-get install -y --no-install-recommends bash-completion vim 2>&1
EOT

# Clean up apt
RUN echo "# Cleaining up apt..." \
&& apt-get autoremove -y \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
RUN <<EOT
echo "# Cleaining up apt..."
apt-get autoremove -y
apt-get clean -y
rm -rf /var/lib/apt/lists/*
EOT

# Switch back to dialog for any ad-hoc use of apt-get
ENV DEBIAN_FRONTEND=
Expand Down

0 comments on commit c60cf9b

Please sign in to comment.