-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathContainerfile
More file actions
44 lines (38 loc) · 1.75 KB
/
Containerfile
File metadata and controls
44 lines (38 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
FROM registry.access.redhat.com/ubi9-minimal
ENV HOME=/projects/home
ENV BUILDAH_ISOLATION=chroot
ARG INSTALL_PACKAGES="procps-ng openssl git git-lfs tar gzip zip xz unzip which shadow-utils bash zsh jq podman buildah skopeo podman-docker ca-certificates python3.11-devel python3.11 python3.11-pip fuse-overlayfs aardvark-dns util-linux vim-minimal vim-enhanced sudo"
USER 0
COPY --chown=0:0 entrypoint.sh /
COPY --chown=0:0 set-cgroups.sh /
RUN microdnf --disableplugin=subscription-manager install -y ${INSTALL_PACKAGES} ; \
microdnf update -y ; \
microdnf clean all ; \
chmod +x /entrypoint.sh ; \
chmod +x /set-cgroups.sh ; \
#
# Install YQ
#
TEMP_DIR="$(mktemp -d)" ; \
YQ_VER=$(basename $(curl -Ls -o /dev/null -w %{url_effective} https://github.com/mikefarah/yq/releases/latest)) ; \
curl -fsSL -o ${TEMP_DIR}/yq.tar.gz https://github.com/mikefarah/yq/releases/download/${YQ_VER}/yq_linux_amd64.tar.gz ; \
tar -xzf ${TEMP_DIR}/yq.tar.gz -C ${TEMP_DIR} ; \
cp ${TEMP_DIR}/yq_linux_amd64 /usr/local/bin/yq ; \
chmod +x /usr/local/bin/yq ; \
rm -rf "${TEMP_DIR}" ; \
#
# Setup for root-less podman
#
echo "user:x:1000:1000:devspaces user:${HOME}:/bin/bash" >> /etc/passwd ; \
echo "user:x:1000:" >> /etc/group ; \
chmod 600 /etc/shadow ; \
echo "user:*:0:0:99999:7:::" >> /etc/shadow ; \
echo "user:1001:64535" >> /etc/subuid ; \
echo "user:1001:64535" >> /etc/subgid ; \
setcap cap_setuid+ep /usr/bin/newuidmap ; \
setcap cap_setgid+ep /usr/bin/newgidmap ; \
ln -sf /usr/bin/python3.11 /usr/bin/python3 ; \
echo "user ALL=NOPASSWD: /set-cgroups.sh" >> /etc/sudoers
USER 1000
ENTRYPOINT ["/usr/libexec/podman/catatonit","--","/entrypoint.sh"]
CMD [ "tail", "-f", "/dev/null" ]