From 83a6aea2c3243d2506b8c1286449cc791a8fa37c Mon Sep 17 00:00:00 2001 From: Andrew Tayler Date: Mon, 13 May 2024 13:54:51 -0700 Subject: [PATCH] Add 1password support --- Dockerfile | 34 ++++++++++++++++++++++++++++++---- Makefile | 2 +- entry_point.sh | 25 ------------------------- 3 files changed, 31 insertions(+), 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index 13cb8fa..a1a1d30 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,7 @@ RUN set -ex; \ make \ openssh-server \ sudo \ + unzip \ vim \ wget; \ \ @@ -99,16 +100,41 @@ RUN set -ex; \ echo "alias ls='ls --color=auto'" >> /etc/bash.bashrc; \ echo "alias grep='grep --color=auto'" >> /etc/bash.bashrc; -# Create user named "docker" with no password -RUN useradd --create-home --shell /bin/bash docker \ +ARG PUID +ENV PUID ${PUID:-1000} +ARG PGID +ENV PGID ${PGID:-${PUID}} + +# Create docker user with empty password (will have uid and gid 1000) +RUN groupadd -g ${PGID} docker \ + && useradd --create-home --shell /bin/bash --uid ${PUID} --gid ${PGID} docker \ && passwd docker -d \ && adduser docker sudo # Don't require a password for sudo RUN sed -i 's/^\(%sudo.*\)ALL$/\1NOPASSWD:ALL/' /etc/sudoers -# set an entrypoint script that allows us to -# dynamically change the uid/gid of the container's user +# install 1Password cli +# this has to be after the docker user is added because the docker user must have groupid of 1000 +RUN apt-get update && \ + apt-get install -y gpg; +RUN set -ex; \ + sudo -s \ + curl -sS https://downloads.1password.com/linux/keys/1password.asc | \ + gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg; \ + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \ + tee /etc/apt/sources.list.d/1password.list; \ + mkdir -p /etc/debsig/policies/AC2D62742012EA22/; \ + curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \ + tee /etc/debsig/policies/AC2D62742012EA22/1password.pol; \ + mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22; \ + curl -sS https://downloads.1password.com/linux/keys/1password.asc | \ + gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg; \ + apt update; \ + apt install -y 1password-cli; \ + rm -rf /var/lib/apt/lists/* /var/cache/apt/*; + +# set an entrypoint script COPY entry_point.sh /opt/bin/ ENTRYPOINT ["/opt/bin/entry_point.sh"] CMD ["/opt/bin/entry_point.sh"] diff --git a/Makefile b/Makefile index e3f6658..cd15e41 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ pyenv: build: - docker build -t ${ORG}/${PROJECT}:${TAG} . + docker build --build-arg PUID=${PUID:-1000} --build-arg PGID=${PGID:-1000} -t ${ORG}/${PROJECT}:${TAG} . run: docker run --rm -it ${ORG}/${PROJECT}:${TAG} bash diff --git a/entry_point.sh b/entry_point.sh index 8e51f9e..a9b23e2 100755 --- a/entry_point.sh +++ b/entry_point.sh @@ -1,30 +1,5 @@ #!/bin/sh -# Override user ID lookup to cope with being randomly assigned IDs using -# the -u option to 'docker run'. - -# reference: -# http://blog.dscpl.com.au/2015/12/unknown-user-when-running-docker.html - -USER_ID=$(id -u) -GROUP_ID=$(id -g) - -if [ x"$USER_ID" != x"0" -a x"$USER_ID" != x"1000" ]; then - - # set the new passwd and group files - NSS_WRAPPER_PASSWD=/tmp/passwd.nss_wrapper - NSS_WRAPPER_GROUP=/tmp/group.nss_wrapper - - # overwrite the old uid and gid for the user - cat /etc/passwd | sed -e "s/^docker:x:1000:1000:/docker:x:$USER_ID:$GROUP_ID:/" > $NSS_WRAPPER_PASSWD - cat /etc/group | sed -e "s/^docker:x:1000:/docker:x:$GROUP_ID:/" > $NSS_WRAPPER_GROUP - - export NSS_WRAPPER_PASSWD - export NSS_WRAPPER_GROUP - - LD_PRELOAD=/usr/lib/libnss_wrapper.so - export LD_PRELOAD -fi # add mitmproxy certificate to the system trusted certs if [ x"$MITMPROXY_CERT" != x"" -a -r $MITMPROXY_CERT ]; then