From 79951b73aedfbd5c639d72194846fd3da95d9462 Mon Sep 17 00:00:00 2001 From: Romain Marcadier Date: Tue, 20 Sep 2022 13:33:36 +0200 Subject: [PATCH] chore(superchain): grant passwordless sudo to superchain user (#3758) Instead of granting only via `sudo` group, allow the `superchain` user to passwordless sudo, in hopes this fixes the currently broken behavior in GitHub Actions. Additionally, remove the `dockerd-entrypoint.sh` script that did not work propertly and was neither tested, nor used (to our knowledge). --- By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license]. [Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0 --- superchain/Dockerfile | 2 +- superchain/dockerd-entrypoint.sh | 23 ----------------------- 2 files changed, 1 insertion(+), 24 deletions(-) delete mode 100755 superchain/dockerd-entrypoint.sh diff --git a/superchain/Dockerfile b/superchain/Dockerfile index 775583b416..2fe949f737 100644 --- a/superchain/Dockerfile +++ b/superchain/Dockerfile @@ -221,12 +221,12 @@ RUN pip install aws-sam-cli # Install some configuration COPY superchain/ssh_config /root/.ssh/config RUN chmod 600 /root/.ssh/config -COPY superchain/dockerd-entrypoint.sh /usr/local/bin/ # Create the image's non-root user, and enable no-password sudo RUN groupadd --gid 1001 superchain \ && useradd --shell /bin/bash --comment "Docker User" --uid 1001 --gid 1001 --no-log-init --groups sudo superchain \ && echo "%sudo ALL = (ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/nopasswd \ + && echo "superchain ALL = (ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers.d/nopasswd \ && chmod 0440 /etc/sudoers.d/nopasswd COPY --chown=superchain:superchain superchain/m2-settings.xml /home/superchain/.m2/settings.xml COPY --chown=superchain:superchain superchain/ssh_config /home/superchain/.ssh/config diff --git a/superchain/dockerd-entrypoint.sh b/superchain/dockerd-entrypoint.sh deleted file mode 100755 index 41523f95f9..0000000000 --- a/superchain/dockerd-entrypoint.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -set -e - -/usr/bin/dockerd \ - --host=unix:///var/run/docker.sock \ - --host=tcp://127.0.0.1:2375 \ - --storage-driver=overlay2 &>/var/log/docker.log & - - -tries=0 -d_timeout=60 -until docker info >/dev/null 2>&1 -do - if [ "$tries" -gt "$d_timeout" ]; then - cat /var/log/docker.log - echo 'Timed out trying to connect to internal docker host.' >&2 - exit 1 - fi - tries=$(( $tries + 1 )) - sleep 1 -done - -eval "$@"