Mercurial > hg
annotate contrib/packaging/docker/ubuntu.template @ 38457:11eda1f1b6e7
packaging: consistently create build user in Dockerfiles
Previously, dockerlib.sh appended some commands to create a
"build" user in each Docker image. The resulting Docker images
could be inconsistent depending on the execution environment
and base image.
With this change, we explicitly create our custom user and
group as the first action in each Dockerfile. The user always
has user:group 1000:1000 and all built images are consistent.
We also create a home directory for the user under /build.
This directory is currently ignored.
As part of this, we stop setting the DBUILDUSER variable in
dockerlib.sh and instead set it in the respective scripts that
call it. This is in preparation for further refactoring of
dockerlib.sh.
Differential Revision: https://phab.mercurial-scm.org/D3758
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sat, 12 May 2018 15:51:37 -0700 |
| parents | 1335bbfb066f |
| children | c8ef9d897e14 |
| rev | line source |
|---|---|
|
29031
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
1 FROM ubuntu:__CODENAME__ |
|
38457
11eda1f1b6e7
packaging: consistently create build user in Dockerfiles
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38003
diff
changeset
|
2 |
|
11eda1f1b6e7
packaging: consistently create build user in Dockerfiles
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38003
diff
changeset
|
3 RUN groupadd -g 1000 build && \ |
|
11eda1f1b6e7
packaging: consistently create build user in Dockerfiles
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38003
diff
changeset
|
4 useradd -u 1000 -g 1000 -s /bin/bash -d /build -m build |
|
11eda1f1b6e7
packaging: consistently create build user in Dockerfiles
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38003
diff
changeset
|
5 |
|
29031
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
6 RUN apt-get update && apt-get install -y \ |
|
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
7 build-essential \ |
|
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
8 debhelper \ |
|
34423
1baa077214ae
docker: try to follow the best practices for writing Dockerfiles
muxator <a.mux@inwind.it>
parents:
33023
diff
changeset
|
9 devscripts \ |
|
29031
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
10 dh-python \ |
|
33023
e02bae37af30
docker: install less as a build-time dependency in deb-based distros
Anton Shestakov <av6@dwimlabs.net>
parents:
29031
diff
changeset
|
11 less \ |
|
29031
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
12 python \ |
|
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
13 python-all-dev \ |
|
e63dfbbdbd07
make: turn ubuntu docker into template
Sean Farley <sean@farley.io>
parents:
diff
changeset
|
14 python-docutils \ |
|
34423
1baa077214ae
docker: try to follow the best practices for writing Dockerfiles
muxator <a.mux@inwind.it>
parents:
33023
diff
changeset
|
15 unzip \ |
|
1baa077214ae
docker: try to follow the best practices for writing Dockerfiles
muxator <a.mux@inwind.it>
parents:
33023
diff
changeset
|
16 zip |