fix: don't use adduser and addgroup for docker images #3344
Conversation
scripts/build_docker.sh
Outdated
| docker cp "$temp_container_id":/etc/passwd ./passwd | ||
| docker rm "$temp_container_id" | ||
|
|
||
| echo "coder:x:1000:coder" >> ./group |
There was a problem hiding this comment.
Should we just run the proper commands in the container here instead then copy the files? Seems like it could be simpler.
There was a problem hiding this comment.
You can't run commands in the container because it's a different architecture. All of the binaries like sh, echo, useradd, groupadd etc. are for whatever architecture the image is.
There was a problem hiding this comment.
We could just check in the /etc/passwd and /etc/group files to the repo, but then they won't update if alpine changes anything, so I opted for this instead.
There was a problem hiding this comment.
Oh I mean you can run them in this container instead of doing the echo
There was a problem hiding this comment.
e.g. docker exec $temp_container_id adduser
There was a problem hiding this comment.
That won't work since the container is for a different architecture. Docker lets you create containers for different architectures but they won't start because of exec format errors. I'm taking advantage of that here to copy the files out of the image for the correct arch.
There was a problem hiding this comment.
I 🤦🤦🤦🤦🤦🤦🤦🤦 so hard when I realized how wrong I was.
Adds back armv7 and arm64 images. Changes the Dockerfile to avoid using
RUNand adds comments explaining thatRUNshould never be used.Uses a
docker cpto copy the/etc/passwdand/etc/groupfiles out of the base image (which works on multi-arch usingdocker create), adds thecoderuser/group lines and then copies them back in during the real image build.Fixes #3337