Add 1password support

Dockerfile

@@ -22,6 +22,7 @@ RUN set -ex; \
         make \
         openssh-server \
         sudo \
+        unzip \
         vim \
         wget; \
     \
@@ -99,16 +100,41 @@ RUN set -ex; \
     echo "alias ls='ls --color=auto'" >> /etc/bash.bashrc; \
     echo "alias grep='grep --color=auto'" >> /etc/bash.bashrc;
 
-# Create user named "docker" with no password
-RUN useradd --create-home --shell /bin/bash docker \
+ARG PUID
+ENV PUID ${PUID:-1000}
+ARG PGID
+ENV PGID ${PGID:-${PUID}}
+
+# Create docker user with empty password (will have uid and gid 1000)
+RUN groupadd -g ${PGID} docker \
+    && useradd --create-home --shell /bin/bash --uid ${PUID} --gid ${PGID} docker \
     && passwd docker -d \
     && adduser docker sudo
 
 # Don't require a password for sudo
 RUN sed -i 's/^\(%sudo.*\)ALL$/\1NOPASSWD:ALL/' /etc/sudoers
 
-# set an entrypoint script that allows us to
-# dynamically change the uid/gid of the container's user
+# install 1Password cli
+# this has to be after the docker user is added because the docker user must have groupid of 1000
+RUN apt-get update && \
+    apt-get install -y gpg;
+RUN set -ex; \
+    sudo -s \
+        curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
+        gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg; \
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \
+        tee /etc/apt/sources.list.d/1password.list; \
+    mkdir -p /etc/debsig/policies/AC2D62742012EA22/; \
+    curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
+        tee /etc/debsig/policies/AC2D62742012EA22/1password.pol; \
+    mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22; \
+    curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
+        gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg; \
+    apt update; \
+    apt install -y 1password-cli; \
+    rm -rf /var/lib/apt/lists/* /var/cache/apt/*;
+
+# set an entrypoint script
 COPY entry_point.sh /opt/bin/
 ENTRYPOINT ["/opt/bin/entry_point.sh"]
 CMD ["/opt/bin/entry_point.sh"]

Makefile

@@ -12,7 +12,7 @@ pyenv:
 
 
 build:
-	docker build -t ${ORG}/${PROJECT}:${TAG} .
+	docker build --build-arg PUID=${PUID:-1000} --build-arg PGID=${PGID:-1000} -t ${ORG}/${PROJECT}:${TAG} .
 
 run:
 	docker run --rm -it  ${ORG}/${PROJECT}:${TAG} bash

entry_point.sh

@@ -1,30 +1,5 @@
 #!/bin/sh
 
-# Override user ID lookup to cope with being randomly assigned IDs using
-# the -u option to 'docker run'.
-
-# reference:
-# http://blog.dscpl.com.au/2015/12/unknown-user-when-running-docker.html
-
-USER_ID=$(id -u)
-GROUP_ID=$(id -g)
-
-if [ x"$USER_ID" != x"0" -a x"$USER_ID" != x"1000" ]; then
-
-    # set the new passwd and group files
-    NSS_WRAPPER_PASSWD=/tmp/passwd.nss_wrapper
-    NSS_WRAPPER_GROUP=/tmp/group.nss_wrapper
-
-    # overwrite the old uid and gid for the user
-    cat /etc/passwd | sed -e "s/^docker:x:1000:1000:/docker:x:$USER_ID:$GROUP_ID:/" > $NSS_WRAPPER_PASSWD
-    cat /etc/group | sed -e "s/^docker:x:1000:/docker:x:$GROUP_ID:/" > $NSS_WRAPPER_GROUP
-
-    export NSS_WRAPPER_PASSWD
-    export NSS_WRAPPER_GROUP
-
-    LD_PRELOAD=/usr/lib/libnss_wrapper.so
-    export LD_PRELOAD
-fi
 
 # add mitmproxy certificate to the system trusted certs
 if [ x"$MITMPROXY_CERT" != x"" -a -r $MITMPROXY_CERT ]; then