Merge pull request #82 from shahidhk/docker-for-desktop

fix #78, handle permissions for docker.sock in a better way
hasura · Jul 27, 2018 · 87e6edb · 87e6edb
2 parents c1a0111 + 5e317e5
commit 87e6edb
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 15 deletions.
diff --git a/build/gitkubed/sshd_config b/build/gitkubed/sshd_config
@@ -9,16 +9,12 @@ Port 22
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
+# HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
-
 # Logging
 SyslogFacility AUTH
 LogLevel INFO
@@ -28,14 +24,11 @@ LoginGraceTime 120
 PermitRootLogin No
 StrictModes yes
 
-RSAAuthentication yes
 PubkeyAuthentication yes
 #AuthorizedKeysFile	%h/.ssh/authorized_keys
 
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
 # similar for protocol version 2
 HostbasedAuthentication no
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication

diff --git a/build/gitkubed/start_sshd.sh b/build/gitkubed/start_sshd.sh
@@ -1,12 +1,16 @@
 #!/usr/bin/env sh
 set -e
 
-export HOST_GROUP_ID=$(cat /hasura-data/group | grep '^docker' | cut -d: -f3)
-GROUP_WITH_HOST_GROUP_ID=$(getent group $HOST_GROUP_ID | cut -d: -f1)
-if [ -z "${GROUP_WITH_HOST_GROUP_ID}" ]; then
-    # Find the group id from the host and use it to create docker group
-    groupadd -g $HOST_GROUP_ID docker
-    GROUP_WITH_HOST_GROUP_ID="docker"
+# find the docker socket owner group id
+DOCKER_SOCK_OWNER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
+# check the container's groups to see if it has a group with the same id
+DOCKER_SOCK_OWNER_GROUP=$(getent group "$DOCKER_SOCK_OWNER_GROUP_ID" | cut -d: -f1)
+if [ -z "${DOCKER_SOCK_OWNER_GROUP}" ]; then
+    # there is no group in the container with the given group id
+    # set owner group as 'docker'
+    DOCKER_SOCK_OWNER_GROUP="docker"
+    # create a new group with the same group id
+    groupadd -g "$DOCKER_SOCK_OWNER_GROUP_ID" "$DOCKER_SOCK_OWNER_GROUP"
 fi
 
 if [ -f /sshd-conf/remotes.json ]; then
@@ -29,7 +33,7 @@ if [ "$GIT_REMOTES_CONF" != "null" ]; then
         chown -R $repo:$repo $HOME_DIR/git-shell-commands
         chmod +x $HOME_DIR/git-shell-commands/no-interactive-login
 
-        usermod -aG $GROUP_WITH_HOST_GROUP_ID $repo
+        usermod -aG "$DOCKER_SOCK_OWNER_GROUP" "$repo"
 
         # Create the .ssh directory if it does not exist
         mkdir -p $HOME_DIR/.ssh