From 924e8f409f0fe980dd0be8315746b11b3b3c1cae Mon Sep 17 00:00:00 2001
From: Markus Frosch <markus.frosch@icinga.com>
Date: Mon, 2 Sep 2019 13:56:06 +0200
Subject: [PATCH] Switch to build user and set USER

---
 buster/x86/Dockerfile     | 12 +++++++-----
 buster/x86_64/Dockerfile  | 12 +++++++-----
 jessie/x86/Dockerfile     | 12 +++++++-----
 jessie/x86_64/Dockerfile  | 12 +++++++-----
 stretch/x86/Dockerfile    | 12 +++++++-----
 stretch/x86_64/Dockerfile | 12 +++++++-----
 6 files changed, 42 insertions(+), 30 deletions(-)

diff --git a/buster/x86/Dockerfile b/buster/x86/Dockerfile
index d310b9a..88803e6 100644
--- a/buster/x86/Dockerfile
+++ b/buster/x86/Dockerfile
@@ -9,11 +9,6 @@ RUN apt-get install -y \
   sudo wget curl tar expect git \
   devscripts build-essential lintian ccache pbuilder aptitude apt-utils
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list
 
 RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
@@ -21,6 +16,13 @@ RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
  && DIST=buster \
  && echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/buster/x86_64/Dockerfile b/buster/x86_64/Dockerfile
index 45b91e4..49958f7 100644
--- a/buster/x86_64/Dockerfile
+++ b/buster/x86_64/Dockerfile
@@ -9,11 +9,6 @@ RUN apt-get install -y \
   sudo wget curl tar expect git \
   devscripts build-essential lintian ccache pbuilder aptitude apt-utils
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN echo "deb http://deb.debian.org/debian buster-backports main" >/etc/apt/sources.list.d/backports.list
 
 RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
@@ -21,6 +16,13 @@ RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
  && DIST=buster \
  && echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/jessie/x86/Dockerfile b/jessie/x86/Dockerfile
index fda7a81..0baa92d 100644
--- a/jessie/x86/Dockerfile
+++ b/jessie/x86/Dockerfile
@@ -9,11 +9,6 @@ RUN apt-get install -y \
   sudo wget curl tar expect git \
   devscripts build-essential lintian ccache pbuilder aptitude apt-utils
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN echo "deb http://archive.debian.org/debian jessie-backports main" >/etc/apt/sources.list.d/backports.list \
  && echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
 
@@ -21,6 +16,13 @@ RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
  && DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) \
  && echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/jessie/x86_64/Dockerfile b/jessie/x86_64/Dockerfile
index 36c76de..35ce933 100644
--- a/jessie/x86_64/Dockerfile
+++ b/jessie/x86_64/Dockerfile
@@ -9,11 +9,6 @@ RUN apt-get install -y \
   sudo wget curl tar expect git \
   devscripts build-essential lintian ccache pbuilder aptitude apt-utils
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN echo "deb http://archive.debian.org/debian jessie-backports main" >/etc/apt/sources.list.d/backports.list \
  && echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
 
@@ -21,6 +16,13 @@ RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
  && DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) \
  && echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/stretch/x86/Dockerfile b/stretch/x86/Dockerfile
index a773849..0f1c416 100644
--- a/stretch/x86/Dockerfile
+++ b/stretch/x86/Dockerfile
@@ -9,17 +9,19 @@ RUN apt-get install -y \
   sudo wget curl tar expect git \
   devscripts build-essential lintian ccache pbuilder aptitude apt-utils
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN echo "deb http://deb.debian.org/debian stretch-backports main" >/etc/apt/sources.list.d/backports.list
 
 RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
  && DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) \
  && echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
diff --git a/stretch/x86_64/Dockerfile b/stretch/x86_64/Dockerfile
index 041e661..c8820e4 100644
--- a/stretch/x86_64/Dockerfile
+++ b/stretch/x86_64/Dockerfile
@@ -9,17 +9,19 @@ RUN apt-get install -y \
   sudo wget curl tar expect git \
   devscripts build-essential lintian ccache pbuilder aptitude apt-utils
 
-RUN groupadd -g 1000 jenkins \
- && useradd -u 1000 -g 1000 -m jenkins \
- && echo 'Defaults:jenkins !requiretty' | tee -a /etc/sudoers \
- && echo 'jenkins ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers
-
 RUN echo "deb http://deb.debian.org/debian stretch-backports main" >/etc/apt/sources.list.d/backports.list
 
 RUN curl https://packages.icinga.com/icinga.key | apt-key add - \
  && DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) \
  && echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > /etc/apt/sources.list.d/${DIST}-icinga.list
 
+RUN groupadd -g 1000 build \
+ && useradd -u 1000 -g 1000 -m build \
+ && echo 'Defaults:build !requiretty' | tee -a /etc/sudoers \
+ && echo 'build ALL=(ALL:ALL) NOPASSWD: ALL' | tee -a /etc/sudoers \
+ && chown build.build /usr/local/bin
+
+USER build
 RUN git clone https://git.icinga.com/build-docker/scripts.git /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/icinga-build-entrypoint"]
 CMD ["icinga-build-package"]
-- 
GitLab