Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Draft: Configure image to run as non-root by default #74

Draft
wants to merge 13 commits into
base: develop
Choose a base branch
from
Draft

Draft: Configure image to run as non-root by default #74

wants to merge 13 commits into from

Conversation

NiklasRosenstein
Copy link
Contributor

@NiklasRosenstein NiklasRosenstein commented Jan 17, 2024
edited
Loading

Updates the image to run as a non-root user (id=10000, name=main), with permission to install additional packages using sudo apt-get (configured in /etc/sudoers). All tools that would usually be installed into the user's home directory (/home/main) are installed into /opt instead (that is Pipx installed tools, Rustup and Cargo home).

Using this image in GitLab CI

  • From what I can tell so far it seems GitLab CI always checks out the repository as root, but uses broad permissions (rw-rw-rw and vice versa) on the $CI_PROJECT_DIR. In order to avoid Git complaining with fatal: detected dubious ownership in repository, we need to run

    git config --global --add safe.directory $CI_PROJECT_DIR

    at the beginning of the CI job (we can do this in pre_build_script).

  • The "Clear runner caches" button needs to be pressed to remove the cached build/ directory which is also owned by root from previous runs but does not have broader permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@NiklasRosenstein