From a65ab041556109de81cfd8a401b137c0f1b1e9bd Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 3 Dec 2022 09:29:12 -0600 Subject: [PATCH] Integrate changes from various other images I've created a few container images for Jenkins jobs over the past few weeks, and many of them have several steps in common. Moving those steps to the *jenkins-base* image will simplify the rest and make it easier to create new ones. * Use UID 1000 for the *jenkins* user, since this is the UID the Jenkins agent JNLP container uses * Configure the SSH client `KnownHostsCommand` setting to fetch the SSH host key database from the file server * Run as the unprivileged user * Add a "sleep forever" type entry point: Python's `signal.pause()` waits for a signal from the operating system, where as other solutions are either uninterruptable (`sleep infinity`) or wake frequently (`tail -f /dev/null`) --- Containerfile | 9 ++++++++- known-hosts-command.ssh.conf | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 known-hosts-command.ssh.conf diff --git a/Containerfile b/Containerfile index 8ed5846..4f84831 100644 --- a/Containerfile +++ b/Containerfile @@ -1,3 +1,10 @@ FROM registry.fedoraproject.org/fedora:36 -RUN useradd -l -u 3000018 jenkins +RUN groupadd -g 1000 jenkins \ + && useradd -c 'Jenkins user' -g 1000 -l -M -s /bin/sh -u 1000 jenkins + +COPY known-hosts-command.ssh.conf /etc/ssh/ssh_config.d/10-known-hosts-command.conf + +USER jenkins:jenkins + +CMD ["python3", "-c", "import signal;signal.pause()"] diff --git a/known-hosts-command.ssh.conf b/known-hosts-command.ssh.conf new file mode 100644 index 0000000..efb2772 --- /dev/null +++ b/known-hosts-command.ssh.conf @@ -0,0 +1 @@ +KnownHostsCommand /usr/bin/curl -sL https://files.pyrocufflink.blue/ssh_known_hosts