Skip to content

Commit

Permalink
Add 1password support
Browse files Browse the repository at this point in the history
  • Loading branch information
astayleraz committed May 13, 2024
1 parent 4a406f0 commit 83a6aea
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 30 deletions.
34 changes: 30 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ RUN set -ex; \
make \
openssh-server \
sudo \
unzip \
vim \
wget; \
\
Expand Down Expand Up @@ -99,16 +100,41 @@ RUN set -ex; \
echo "alias ls='ls --color=auto'" >> /etc/bash.bashrc; \
echo "alias grep='grep --color=auto'" >> /etc/bash.bashrc;

# Create user named "docker" with no password
RUN useradd --create-home --shell /bin/bash docker \
ARG PUID
ENV PUID ${PUID:-1000}
ARG PGID
ENV PGID ${PGID:-${PUID}}

# Create docker user with empty password (will have uid and gid 1000)
RUN groupadd -g ${PGID} docker \
&& useradd --create-home --shell /bin/bash --uid ${PUID} --gid ${PGID} docker \
&& passwd docker -d \
&& adduser docker sudo

# Don't require a password for sudo
RUN sed -i 's/^\(%sudo.*\)ALL$/\1NOPASSWD:ALL/' /etc/sudoers

# set an entrypoint script that allows us to
# dynamically change the uid/gid of the container's user
# install 1Password cli
# this has to be after the docker user is added because the docker user must have groupid of 1000
RUN apt-get update && \
apt-get install -y gpg;
RUN set -ex; \
sudo -s \
curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg; \
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/$(dpkg --print-architecture) stable main" | \
tee /etc/apt/sources.list.d/1password.list; \
mkdir -p /etc/debsig/policies/AC2D62742012EA22/; \
curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | \
tee /etc/debsig/policies/AC2D62742012EA22/1password.pol; \
mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22; \
curl -sS https://downloads.1password.com/linux/keys/1password.asc | \
gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg; \
apt update; \
apt install -y 1password-cli; \
rm -rf /var/lib/apt/lists/* /var/cache/apt/*;

# set an entrypoint script
COPY entry_point.sh /opt/bin/
ENTRYPOINT ["/opt/bin/entry_point.sh"]
CMD ["/opt/bin/entry_point.sh"]
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ pyenv:


build:
docker build -t ${ORG}/${PROJECT}:${TAG} .
docker build --build-arg PUID=${PUID:-1000} --build-arg PGID=${PGID:-1000} -t ${ORG}/${PROJECT}:${TAG} .

run:
docker run --rm -it ${ORG}/${PROJECT}:${TAG} bash
25 changes: 0 additions & 25 deletions entry_point.sh
Original file line number Diff line number Diff line change
@@ -1,30 +1,5 @@
#!/bin/sh

# Override user ID lookup to cope with being randomly assigned IDs using
# the -u option to 'docker run'.

# reference:
# http://blog.dscpl.com.au/2015/12/unknown-user-when-running-docker.html

USER_ID=$(id -u)
GROUP_ID=$(id -g)

if [ x"$USER_ID" != x"0" -a x"$USER_ID" != x"1000" ]; then

# set the new passwd and group files
NSS_WRAPPER_PASSWD=/tmp/passwd.nss_wrapper
NSS_WRAPPER_GROUP=/tmp/group.nss_wrapper

# overwrite the old uid and gid for the user
cat /etc/passwd | sed -e "s/^docker:x:1000:1000:/docker:x:$USER_ID:$GROUP_ID:/" > $NSS_WRAPPER_PASSWD
cat /etc/group | sed -e "s/^docker:x:1000:/docker:x:$GROUP_ID:/" > $NSS_WRAPPER_GROUP

export NSS_WRAPPER_PASSWD
export NSS_WRAPPER_GROUP

LD_PRELOAD=/usr/lib/libnss_wrapper.so
export LD_PRELOAD
fi

# add mitmproxy certificate to the system trusted certs
if [ x"$MITMPROXY_CERT" != x"" -a -r $MITMPROXY_CERT ]; then
Expand Down

0 comments on commit 83a6aea

Please sign in to comment.