docker: multiple updates

MattKobayashi · web-flow · commit 48fc42915366 · 2024-05-10T20:15:36.000+02:00
* Update Debian base image to 12
* Add --break-system-packages option to pip3 install command
* Remove chmod a+s from Dockerfile (newer versions of gosu in particular don't support this)
* Add sudo to relevant commands in entrypoint.sh
* Add UID_MIN key to adduser command (allows the container to run on MacOS)
* Formatting and spelling fixes
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,7 +1,7 @@
 # Must be run with --privileged flag
 # Recommended to run the container with a volume mapped
 # in order to easy exprort images built to "external" world
-FROM debian:11
+FROM debian:12
 LABEL authors="VyOS Maintainers <maintainers@vyos.io>"
 
 ENV DEBIAN_FRONTEND noninteractive
@@ -27,30 +27,26 @@ RUN apt-get update && apt-get install -y \
     curl \
     dos2unix
 
-
-
-RUN pip3 install Sphinx
-RUN pip3 install sphinx-rtd-theme
-RUN pip3 install sphinx-autobuild
-RUN pip3 install sphinx-notfound-page
-RUN pip3 install lxml
-RUN pip3 install myst-parser
-RUN pip3 install sphinx_design
-
+RUN pip3 install --break-system-packages \
+    Sphinx \
+    sphinx-rtd-theme \
+    sphinx-autobuild \
+    sphinx-notfound-page \
+    lxml \
+    myst-parser \
+    sphinx_design
 
 # Cleanup
 RUN rm -rf /var/lib/apt/lists/*
 
 EXPOSE 8000
 
 # Allow password-less 'sudo' for all users in group 'sudo'
-RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
-    chmod a+s /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/gosu /usr/sbin/usermod
-
+RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers
 
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 
-# we need to convert the entrypoint with appropriate line endings, else
+# We need to convert the entrypoint with appropriate line endings, else
 # there will be an error:
 #     standard_init_linux.go:175: exec user process caused
 #     "no such file or directory"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -23,10 +23,10 @@ if ! grep -q $NEW_GID /etc/group; then
     groupadd --gid $NEW_GID $USER_NAME
 fi
 
-useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME
+useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME --key UID_MIN=500
 usermod --append --groups sudo $USER_NAME
-sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME
+chown $NEW_UID:$NEW_GID /home/$USER_NAME
 export HOME=/home/$USER_NAME
 
 # Execute process
-exec /usr/sbin/gosu $USER_NAME "$@"
+/usr/sbin/gosu $USER_NAME "$@"
