Skip to content

Commit

Permalink
Merge pull request #184 from gounthar/jenkins-user-can-t-write-to-age…
Browse files Browse the repository at this point in the history 
…nt-dir

fix(docker) Change the permissions on the newly declared volumes
  • Loading branch information
@dduportal
dduportal committed Nov 25, 2022
2 parents ea1b6f8 + 4434335 commit 2194185
Show file tree
Hide file tree
Showing 7 changed files with 80 additions and 45 deletions.
23 changes: 14 additions & 9 deletions 11/alpine/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,21 @@ ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}

RUN mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" \
&& addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}

RUN addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
&& adduser -h "${JENKINS_AGENT_HOME}" -u "${uid}" -G "${group}" -s /bin/bash -D "${user}" \
# Unblock user
&& passwd -u "${user}"
# Unblock user
&& passwd -u "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${JENKINS_AGENT_HOME}/.jenkins/" "${AGENT_WORKDIR}" \
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"


RUN apk add --no-cache \
bash \
Expand All @@ -54,9 +61,7 @@ RUN sed -i /etc/ssh/sshd_config \
-e 's/#PermitUserEnvironment.*/PermitUserEnvironment yes/' \
&& mkdir /var/run/sshd

ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

Expand Down
17 changes: 11 additions & 6 deletions 11/bullseye/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,17 @@ ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}

RUN groupadd -g ${gid} ${group} \
&& useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}"
&& useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}/.jenkins" \
# Make sure that user 'jenkins' own these directories and their content
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"

RUN apt-get update \
&& apt-get install --no-install-recommends -y \
Expand All @@ -62,16 +69,14 @@ RUN sed -i /etc/ssh/sshd_config \
-e 's/#LogLevel.*/LogLevel INFO/' && \
mkdir /var/run/sshd

ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

ENV LANG='C.UTF-8' LC_ALL='C.UTF-8'

ENV JAVA_HOME=/opt/java/openjdk
ENV PATH "${JAVA_HOME}/bin:${PATH}"
ENV PATH="${JAVA_HOME}/bin:${PATH}"
COPY --from=jre-build /javaruntime $JAVA_HOME

RUN echo "PATH=${PATH}" >> /etc/environment
Expand Down
23 changes: 14 additions & 9 deletions 17/alpine/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,21 @@ ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}

RUN mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" \
&& addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}

RUN addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
&& adduser -h "${JENKINS_AGENT_HOME}" -u "${uid}" -G "${group}" -s /bin/bash -D "${user}" \
# Unblock user
&& passwd -u "${user}"
# Unblock user
&& passwd -u "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${JENKINS_AGENT_HOME}/.jenkins/" "${AGENT_WORKDIR}" \
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"


RUN apk add --no-cache \
bash \
Expand All @@ -54,9 +61,7 @@ RUN sed -i /etc/ssh/sshd_config \
-e 's/#PermitUserEnvironment.*/PermitUserEnvironment yes/' \
&& mkdir /var/run/sshd

ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

Expand Down
17 changes: 11 additions & 6 deletions 17/bullseye/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,17 @@ ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}

RUN groupadd -g ${gid} ${group} \
&& useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}"
&& useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}/.jenkins" \
# Make sure that user 'jenkins' own these directories and their content
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"

RUN apt-get update \
&& apt-get install --no-install-recommends -y \
Expand All @@ -40,16 +47,14 @@ RUN sed -i /etc/ssh/sshd_config \
-e 's/#LogLevel.*/LogLevel INFO/' && \
mkdir /var/run/sshd

ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

ENV LANG='C.UTF-8' LC_ALL='C.UTF-8'

ENV JAVA_HOME=/opt/java/openjdk
ENV PATH "${JAVA_HOME}/bin:${PATH}"
ENV PATH="${JAVA_HOME}/bin:${PATH}"
COPY --from=jre-build /javaruntime $JAVA_HOME

RUN echo "PATH=${PATH}" >> /etc/environment
Expand Down
23 changes: 14 additions & 9 deletions 8/alpine/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,21 @@ ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}

RUN mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" \
&& addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}

RUN addgroup -g "${gid}" "${group}" \
# Set the home directory (h), set user and group id (u, G), set the shell, don't ask for password (D)
&& adduser -h "${JENKINS_AGENT_HOME}" -u "${uid}" -G "${group}" -s /bin/bash -D "${user}" \
# Unblock user
&& passwd -u "${user}"
# Unblock user
&& passwd -u "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${JENKINS_AGENT_HOME}/.jenkins/" "${AGENT_WORKDIR}" \
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"


RUN apk add --no-cache \
bash \
Expand All @@ -54,9 +61,7 @@ RUN sed -i /etc/ssh/sshd_config \
-e 's/#PermitUserEnvironment.*/PermitUserEnvironment yes/' \
&& mkdir /var/run/sshd

ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

Expand Down
18 changes: 12 additions & 6 deletions 8/bullseye/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,17 @@ ARG uid=1000
ARG gid=1000
ARG JENKINS_AGENT_HOME=/home/${user}

ENV JENKINS_AGENT_HOME ${JENKINS_AGENT_HOME}
ENV JENKINS_AGENT_HOME=${JENKINS_AGENT_HOME}
ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}

RUN groupadd -g ${gid} ${group} \
&& useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}"
&& useradd -d "${JENKINS_AGENT_HOME}" -u "${uid}" -g "${gid}" -m -s /bin/bash "${user}" \
# Prepare subdirectories
&& mkdir -p "${JENKINS_AGENT_HOME}/.ssh/" "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}/.jenkins" \
# Make sure that user 'jenkins' own these directories and their content
&& chown -R "${uid}":"${gid}" "${JENKINS_AGENT_HOME}" "${AGENT_WORKDIR}"

RUN apt-get update \
&& apt-get install --no-install-recommends -y \
Expand All @@ -53,19 +60,18 @@ RUN sed -i /etc/ssh/sshd_config \
-e 's/#LogLevel.*/LogLevel INFO/' && \
mkdir /var/run/sshd

ARG AGENT_WORKDIR="${JENKINS_AGENT_HOME}"/agent
# Persist agent workdir path through an environment variable for people extending the image
ENV AGENT_WORKDIR=${AGENT_WORKDIR}
# VOLUME directive must happen after setting up permissions and content
VOLUME "${AGENT_WORKDIR}" "${JENKINS_AGENT_HOME}"/.jenkins "/tmp" "/run" "/var/run"
WORKDIR "${JENKINS_AGENT_HOME}"

ENV LANG='C.UTF-8' LC_ALL='C.UTF-8'

ENV JAVA_HOME=/opt/java/openjdk
ENV PATH "${JAVA_HOME}/bin:${PATH}"
ENV PATH="${JAVA_HOME}/bin:${PATH}"
COPY --from=jre-build /opt/java/openjdk $JAVA_HOME

RUN echo "PATH=${PATH}" >> /etc/environment

COPY setup-sshd /usr/local/bin/setup-sshd

EXPOSE 22
Expand Down
4 changes: 4 additions & 0 deletions tests/tests.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,10 @@ DOCKER_PLUGIN_DEFAULT_ARG="/usr/sbin/sshd -D -p 22"
assert_equal "${output}" "UTF-8"
}

@test "[${SUT_IMAGE}] the default 'jenkins' user is allowed to write in the default agent directory" {
run docker run --user=jenkins --entrypoint='' --rm "${SUT_IMAGE}" touch /home/jenkins/agent/test.txt
assert_success
}

@test "[${SUT_IMAGE}] image has required tools installed and present in the PATH" {
local test_container_name=${AGENT_CONTAINER}-bash-java
Expand Down

0 comments on commit 2194185

Please sign in to comment.