fix(useradd) make sure kong:kong exist and files ownership is correct (…

…#457)

* fix(useradd) make sure kong:kong exist and files ownership is correct

If the group kong exists before installation, "useradd -U" would not create the kong user.
The file ownership update would also fail.

Firstly create the kong group; then create the kong user on demand.

* fix(ownership) change the group to "root"

Protect Kong files/directories. See
Kong/kong-build-tools#457 (comment)

* fix(package) tests for kong:kong -> kong:root

* Revert "fix(ownership) change the group to "root""

This reverts commit b50c155b6bfea7a7e75f1fde4abc65af71ebbd07.

* Revert "fix(package) tests for kong:kong -> kong:root"

This reverts commit d66b848a68edd0e7f2a8f4b708bf5d0b1517375b.

Co-authored-by: Isa Farnik <[email protected]>

after-install.sh

@@ -1,5 +1,6 @@
 create_user() {
-  useradd -U -m -s /bin/sh kong
+  groupadd -f kong
+  useradd -g kong -ms /bin/sh kong
 
   FILES=""
   FILES="${FILES} /etc/kong/"
@@ -9,7 +10,9 @@ create_user() {
   FILES="${FILES} /usr/local/bin/lua2json"
   FILES="${FILES} /usr/local/bin/luarocks"
   FILES="${FILES} /usr/local/bin/luarocks-admin"
+  FILES="${FILES} /usr/local/bin/openapi2kong"
   FILES="${FILES} /usr/local/etc/luarocks/"
+  FILES="${FILES} /usr/local/etc/passwdqc/"
   FILES="${FILES} /usr/local/kong/"
   FILES="${FILES} /usr/local/lib/lua/"
   FILES="${FILES} /usr/local/lib/luarocks/"

fpm-entrypoint.sh

@@ -37,7 +37,7 @@ elif [ "$PACKAGE_TYPE" == "rpm" ]; then
   fi
   if [ "$RESTY_IMAGE_BASE" == "amazonlinux" ]; then
     OUTPUT_FILE_SUFFIX=".aws"
-    FPM_PARAMS="$FPM_PARAMS -d /usr/sbin/useradd"
+    FPM_PARAMS="$FPM_PARAMS -d /usr/sbin/useradd -d /usr/sbin/groupadd"
   fi
   if [ "$RESTY_IMAGE_BASE" == "centos" ]; then
     OUTPUT_FILE_SUFFIX=".el${RESTY_IMAGE_TAG}"