From d49ade0b63c46c301479d6dd66346ca7b2a3e46b Mon Sep 17 00:00:00 2001
From: Markus Frosch <markus.frosch@icinga.com>
Date: Mon, 2 Sep 2019 11:11:54 +0200
Subject: [PATCH] Switch to build user and set USER

---
 6-i386/Dockerfile | 12 +++++++-----
 6/Dockerfile      | 12 +++++++-----
 7/Dockerfile      | 12 +++++++-----
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/6-i386/Dockerfile b/6-i386/Dockerfile
index 28ff75e..5169ebb 100644
--- a/6-i386/Dockerfile
+++ b/6-i386/Dockerfile
@@ -25,11 +25,6 @@ RUN yum install -y \
   gcc gcc-c++ \
  && yum clean all
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 # not available on EL6
 #RUN yum install -y centos-release-scl centos-release-scl-rh
 
@@ -39,6 +34,13 @@ RUN wget -O /etc/yum.repos.d/ICINGA-release.repo \
 RUN wget -O /etc/yum.repos.d/devtoolset-2.repo https://people.centos.org/tru/devtools-2/devtools-2.repo \
  && yum install -y devtoolset-2-gcc devtoolset-2-gcc-c++ devtoolset-2-binutils
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/6/Dockerfile b/6/Dockerfile
index 34d1183..e76661b 100644
--- a/6/Dockerfile
+++ b/6/Dockerfile
@@ -22,11 +22,6 @@ RUN yum install -y \
   gcc gcc-c++ \
  && yum clean all
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN yum install -y centos-release-scl centos-release-scl-rh
 
 RUN wget -O /etc/yum.repos.d/ICINGA-release.repo \
@@ -35,6 +30,13 @@ RUN wget -O /etc/yum.repos.d/ICINGA-release.repo \
 RUN wget -O /etc/yum.repos.d/devtoolset-2.repo https://people.centos.org/tru/devtools-2/devtools-2.repo \
  && yum install -y devtoolset-2-gcc devtoolset-2-gcc-c++ devtoolset-2-binutils
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/7/Dockerfile b/7/Dockerfile
index 5ac1049..2d6caa3 100644
--- a/7/Dockerfile
+++ b/7/Dockerfile
@@ -22,11 +22,6 @@ RUN yum install -y \
   gcc gcc-c++ \
  && yum clean all
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 # Note: we are disabling scl-rh source since it disappeared from vault
 RUN yum install -y centos-release-scl centos-release-scl-rh scl-utils-build \
  && sed -i -e '/centos-sclo-rh-source/,+5 s/^/#/' /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo
@@ -34,6 +29,13 @@ RUN yum install -y centos-release-scl centos-release-scl-rh scl-utils-build \
 RUN wget -O /etc/yum.repos.d/ICINGA-release.repo \
  https://packages.icinga.com/epel/ICINGA-release.repo
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
-- 
GitLab