diff --git a/arbitrary-users-patch/Dockerfile b/arbitrary-users-patch/Dockerfile index a7a6aff9d..c17f06e4e 100644 --- a/arbitrary-users-patch/Dockerfile +++ b/arbitrary-users-patch/Dockerfile @@ -1,12 +1,13 @@ ARG FROM_IMAGE FROM ${FROM_IMAGE} USER 0 -RUN chmod g=u /etc/passwd +# Set permissions on /etc/passwd and /home to allow arbitrary users to write +RUN chmod g=u /etc/passwd /home COPY [--chown=0:0] entrypoint.sh / -RUN chmod +x entrypoint.sh +RUN chmod +x /entrypoint.sh USER 10001 -ENV HOME /home/user +ENV HOME=/home/user WORKDIR /projects ENTRYPOINT [ "/entrypoint.sh" ] -CMD ["sleep", "infinity"] +CMD ["tail", "-f", "/dev/null"] diff --git a/arbitrary-users-patch/base_images b/arbitrary-users-patch/base_images index 9a209ec79..c67ecbd71 100644 --- a/arbitrary-users-patch/base_images +++ b/arbitrary-users-patch/base_images @@ -1 +1,10 @@ -java11-maven maven:3.6.0-jdk-11 +che-python-3.6 centos/python-36-centos7:1 +che-php-7 eclipse/php:7.1-che7 +che-golang-1.10 golang:1.10.7-stretch +che-java11-gradle gradle:5.2.1-jdk11 +che-java11-maven maven:3.6.0-jdk-11 +che-java8-maven maven:3.6.1-jdk-8 +che-dotnet-2.2 mcr.microsoft.com/dotnet/core/sdk:2.2-stretch +che-nodejs10-alpine node:10.16-alpine +che-nodejs10-ubi registry.access.redhat.com/ubi8/nodejs-10 +che-nodejs8-centos registry.centos.org/che-stacks/centos-nodejs diff --git a/arbitrary-users-patch/build_images.sh b/arbitrary-users-patch/build_images.sh index 050d023e2..5d5cb629b 100755 --- a/arbitrary-users-patch/build_images.sh +++ b/arbitrary-users-patch/build_images.sh @@ -1,12 +1,39 @@ #!/bin/bash +# +# Copyright (c) 2012-2018 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + set -e +SCRIPT_DIR=$(cd "$(dirname "$0")"; pwd) + DEFAULT_REGISTRY="quay.io" +DEFAULT_ORGANIZATION="eclipse" +DEFAULT_TAG="nightly" + REGISTRY=${REGISTRY:-${DEFAULT_REGISTRY}} +ORGANIZATION=${ORGANIZATION:-${DEFAULT_ORGANIZATION}} +TAG=${TAG:-${DEFAULT_TAG}} + +NAME_FORMAT="${REGISTRY}/${ORGANIZATION}" + +PUSH_IMAGES=false +if [ "$1" == "--push" ]; then + PUSH_IMAGES=true +fi while read -r line; do - base_image_name=$(echo $line | cut -f 1 -d ' ') - base_image=$(echo $line | cut -f 2 -d ' ') - echo "Building ${REGISTRY}/eclipse-che/che7-${base_image_name} based on $base_image ..." - docker build -t "${REGISTRY}/eclipse-che/che7-${base_image_name}" --build-arg FROM_IMAGE=$base_image . -done < base_images + base_image_name=$(echo "$line" | tr -s ' ' | cut -f 1 -d ' ') + base_image=$(echo "$line" | tr -s ' ' | cut -f 2 -d ' ') + echo "Building ${NAME_FORMAT}/${base_image_name}:${TAG} based on $base_image ..." + docker build -t "${NAME_FORMAT}/${base_image_name}:${TAG}" --build-arg FROM_IMAGE="$base_image" "${SCRIPT_DIR}"/ + if ${PUSH_IMAGES}; then + echo "Pushing ${NAME_FORMAT}/${base_image_name}:${TAG}" to remote registry + docker push "${NAME_FORMAT}/${base_image_name}:${TAG}" + fi +done < "${SCRIPT_DIR}"/base_images diff --git a/arbitrary-users-patch/entrypoint.sh b/arbitrary-users-patch/entrypoint.sh index d3d14d730..6af0b41f4 100644 --- a/arbitrary-users-patch/entrypoint.sh +++ b/arbitrary-users-patch/entrypoint.sh @@ -1,7 +1,20 @@ -#!/bin/sh +#!/bin/bash + +# Ensure $HOME exists when starting +if [ ! -d "${HOME}" ]; then + mkdir -p "${HOME}" +fi + +# Setup $PS1 for a consistent and reasonable prompt +if [ ! -f "${HOME}"/.bashrc ]; then + echo "PS1='\s-\v \w \$ '" > "${HOME}"/.bashrc +fi + +# Add current (arbitrary) user to /etc/passwd if ! whoami &> /dev/null; then if [ -w /etc/passwd ]; then echo "${USER_NAME:-user}:x:$(id -u):0:${USER_NAME:-user} user:${HOME}:/bin/bash" >> /etc/passwd fi fi + exec "$@" diff --git a/cico_build_nightly.sh b/cico_build_nightly.sh index ac3379557..90bd2fdf4 100755 --- a/cico_build_nightly.sh +++ b/cico_build_nightly.sh @@ -14,6 +14,8 @@ set -x # Exit on error set -e +SCRIPT_DIR=$(cd "$(dirname "$0")"; pwd) + # Source environment variables of the jenkins slave # that might interest this worker. function load_jenkins_vars() { @@ -60,6 +62,9 @@ function build_and_push() { IMAGE="che-devfile-registry" TAG="nightly" + "${SCRIPT_DIR}"/arbitrary-users-patch/build_images.sh --push + echo "CICO: pushed nightly arbitrary-user patched base images" + if [ -n "${QUAY_ECLIPSE_CHE_USERNAME}" ] && [ -n "${QUAY_ECLIPSE_CHE_PASSWORD}" ]; then docker login -u "${QUAY_ECLIPSE_CHE_USERNAME}" -p "${QUAY_ECLIPSE_CHE_PASSWORD}" "${REGISTRY}" else diff --git a/devfiles/apache-camel-springboot/devfile.yaml b/devfiles/apache-camel-springboot/devfile.yaml index 77afb5864..a618cbc75 100644 --- a/devfiles/apache-camel-springboot/devfile.yaml +++ b/devfiles/apache-camel-springboot/devfile.yaml @@ -22,9 +22,7 @@ components: - type: dockerimage alias: maven - image: maven:3.6.1-jdk-8 - command: ['sleep'] - args: ['infinity'] + image: quay.io/eclipse/che-java8-maven:nightly env: - name: MAVEN_CONFIG value: "/home/user/.m2" @@ -40,10 +38,6 @@ components: value: "-XX:MaxRAMPercentage=50.0 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom" - - name: PS1 - value: "$(echo ${0})\\$" - - name: HOME - value: "/home/user" volumes: - name: m2 containerPath: "/home/user/.m2" diff --git a/devfiles/dotnet/devfile.yaml b/devfiles/dotnet/devfile.yaml index 5be164f68..6b28d8c0c 100644 --- a/devfiles/dotnet/devfile.yaml +++ b/devfiles/dotnet/devfile.yaml @@ -20,14 +20,7 @@ components: - type: dockerimage alias: dotnet - image: mcr.microsoft.com/dotnet/core/sdk:2.2-stretch - command: ['sleep'] - args: ['infinity'] - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-dotnet-2.2:nightly memoryLimit: 512Mi endpoints: - name: '5000/tcp' diff --git a/devfiles/go/devfile.yaml b/devfiles/go/devfile.yaml index 8c09ff95d..ca84874f5 100644 --- a/devfiles/go/devfile.yaml +++ b/devfiles/go/devfile.yaml @@ -18,10 +18,8 @@ components: - type: dockerimage # this version is used in the plugin - image: golang:1.10.7-stretch + image: quay.io/eclipse/che-golang-1.10:nightly alias: go-cli - command: ['sleep'] - args: ['infinity'] env: - name: GOPATH # replicate the GOPATH from the plugin @@ -30,8 +28,6 @@ components: # replicate the GOCACHE from the plugin, even though the cache is not shared # between the two value: /tmp/.cache - - name: PS1 - value: $(echo ${0})\\$ memoryLimit: 512Mi mountSources: true commands: diff --git a/devfiles/java-gradle/devfile.yaml b/devfiles/java-gradle/devfile.yaml index 374124680..37ebe8fc4 100644 --- a/devfiles/java-gradle/devfile.yaml +++ b/devfiles/java-gradle/devfile.yaml @@ -15,9 +15,7 @@ components: - type: dockerimage alias: gradle - image: gradle:5.2.1-jdk11 - command: ['sleep'] - args: ['infinity'] + image: quay.io/eclipse/che-java11-gradle:nightly env: - name: GRADLE_USER_HOME value: /home/gradle/.gradle @@ -29,8 +27,6 @@ components: value: "-XX:MaxRAMPercentage=50 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom" - - name: PS1 - value: "$(echo ${0})\\$ " - name: HOME value: /home/gradle memoryLimit: 512Mi diff --git a/devfiles/java-maven/devfile.yaml b/devfiles/java-maven/devfile.yaml index 51c0488d0..6c8c5e40b 100644 --- a/devfiles/java-maven/devfile.yaml +++ b/devfiles/java-maven/devfile.yaml @@ -15,9 +15,7 @@ components: - type: dockerimage alias: maven - image: maven:3.6.0-jdk-11 - command: ['sleep'] - args: ['infinity'] + image: quay.io/eclipse/che-java11-maven:nightly env: - name: MAVEN_CONFIG value: /home/user/.m2 @@ -34,10 +32,6 @@ components: value: "-XX:MaxRAMPercentage=50 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom" - - name: PS1 - value: $(echo ${0})\\$ - - name: HOME - value: /home/user memoryLimit: 512Mi endpoints: - name: '8080/tcp' diff --git a/devfiles/nodejs-mongo/devfile.yaml b/devfiles/nodejs-mongo/devfile.yaml index 246c1f83a..22616b559 100644 --- a/devfiles/nodejs-mongo/devfile.yaml +++ b/devfiles/nodejs-mongo/devfile.yaml @@ -16,14 +16,8 @@ components: - type: dockerimage alias: nodejs - image: registry.access.redhat.com/ubi8/nodejs-10 - command: ['sleep'] - args: ['infinity'] + image: quay.io/eclipse/che-nodejs10-ubi:nightly env: - - name: HOME - value: /tmp/user - - name: PS1 - value: $(echo ${0})\\$ # The values below are used to set up the environment for running the application - name: SECRET value: 220fd770-c028-480d-8f95-f84353c7d55a diff --git a/devfiles/nodejs-react/devfile.yaml b/devfiles/nodejs-react/devfile.yaml index e89526e83..7b559d603 100644 --- a/devfiles/nodejs-react/devfile.yaml +++ b/devfiles/nodejs-react/devfile.yaml @@ -18,14 +18,7 @@ components: alias: nodejs # system limit for number of file watchers reached with # image: registry.access.redhat.com/ubi8/nodejs-10 - image: registry.centos.org/che-stacks/centos-nodejs - command: ['sleep'] - args: ['infinity'] - env: - - name: HOME - value: /tmp/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-nodejs8-centos:nightly memoryLimit: 512Mi endpoints: - name: 'nodejs' diff --git a/devfiles/nodejs/devfile.yaml b/devfiles/nodejs/devfile.yaml index d1d316e8f..80a9c8ec9 100644 --- a/devfiles/nodejs/devfile.yaml +++ b/devfiles/nodejs/devfile.yaml @@ -16,14 +16,7 @@ components: - type: dockerimage alias: nodejs - image: registry.access.redhat.com/ubi8/nodejs-10 - command: ['sleep'] - args: ['infinity'] - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-nodejs10-ubi:nightly memoryLimit: 512Mi endpoints: - name: 'nodejs' diff --git a/devfiles/php-laravel/devfile.yaml b/devfiles/php-laravel/devfile.yaml index 54219c9b3..e7c090c86 100644 --- a/devfiles/php-laravel/devfile.yaml +++ b/devfiles/php-laravel/devfile.yaml @@ -20,12 +20,7 @@ components: - type: dockerimage alias: php - image: eclipse/php:7.1-che7 - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-php-7:nightly memoryLimit: 512Mi endpoints: - name: '8080/tcp' diff --git a/devfiles/php-mysql/devfile.yaml b/devfiles/php-mysql/devfile.yaml index cd27b27ed..56a51d65e 100644 --- a/devfiles/php-mysql/devfile.yaml +++ b/devfiles/php-mysql/devfile.yaml @@ -20,12 +20,7 @@ components: - type: dockerimage alias: php - image: eclipse/php:7.1-che7 - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-php-7:nightly memoryLimit: 512Mi endpoints: - name: '8080/tcp' diff --git a/devfiles/php-symfony/devfile.yaml b/devfiles/php-symfony/devfile.yaml index 85a8891c4..01a0f80d8 100644 --- a/devfiles/php-symfony/devfile.yaml +++ b/devfiles/php-symfony/devfile.yaml @@ -20,12 +20,7 @@ components: - type: dockerimage alias: php - image: eclipse/php:7.1-che7 - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-php-7:nightly memoryLimit: 512Mi endpoints: - name: '8080/tcp' diff --git a/devfiles/php-web-simple/devfile.yaml b/devfiles/php-web-simple/devfile.yaml index 76989a9c1..167c1d592 100644 --- a/devfiles/php-web-simple/devfile.yaml +++ b/devfiles/php-web-simple/devfile.yaml @@ -20,12 +20,7 @@ components: - type: dockerimage alias: php - image: eclipse/php:7.1-che7 - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-php-7:nightly memoryLimit: 512Mi mountSources: true volumes: diff --git a/devfiles/python-django/devfile.yaml b/devfiles/python-django/devfile.yaml index c2ce05bc4..5aac5ae36 100644 --- a/devfiles/python-django/devfile.yaml +++ b/devfiles/python-django/devfile.yaml @@ -16,14 +16,7 @@ components: - type: dockerimage alias: python - image: centos/python-36-centos7:1 - command: ['sleep'] - args: ['infinity'] - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-python-3.6:nightly memoryLimit: 512Mi endpoints: - name: 'django' diff --git a/devfiles/python/devfile.yaml b/devfiles/python/devfile.yaml index 795da17c4..059d860ac 100644 --- a/devfiles/python/devfile.yaml +++ b/devfiles/python/devfile.yaml @@ -16,14 +16,7 @@ components: - type: dockerimage alias: python - image: centos/python-36-centos7:1 - command: ['sleep'] - args: ['infinity'] - env: - - name: HOME - value: /home/user - - name: PS1 - value: $(echo ${0})\\$ + image: quay.io/eclipse/che-python-3.6:nightly memoryLimit: 512Mi mountSources: true commands: