trying to add rootless docker

rusefi · Feb 7, 2023 · c3b214f · c3b214f
1 parent a4004b3
commit c3b214f
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -26,7 +26,7 @@ COPY --from=builder /tmp/rusefi-provide_gcc /tmp/rusefi-provide_gcc
 
 ENV JAVA_HOME /usr/lib/jvm/temurin-11-jdk-amd64/
 
-RUN useradd -m -g sudo docker &&\
+RUN useradd -m -g sudo -u 1001 docker &&\
     apt-get update -y &&\
     apt-get install -y wget gpg &&\
     wget -O key.gpg https://packages.adoptium.net/artifactory/api/gpg/key/public &&\
@@ -69,17 +69,37 @@ RUN useradd -m -g sudo docker &&\
     scour \
     librsvg2-bin \
     temurin-11-jdk \
+    uidmap \
+    supervisor \
     && apt-get autoremove -y && apt-get clean -y &&\
     echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers &&\
     echo 'APT::Get::Assume-Yes "true";' >/etc/apt/apt.conf.d/90forceyes &&\
     chown -R docker /opt &&\
     chown -R docker /tmp/rusefi-provide_gcc &&\
     update-alternatives --set java /usr/lib/jvm/temurin-11-jdk-amd64/bin/java
 
+# Install Docker CLI
+RUN curl -fsSL https://get.docker.com -o- | sh && \
+    rm -rf /var/lib/apt/lists/* && \
+    apt-get clean
+
+# Install Docker-Compose
+RUN curl -L -o /usr/local/bin/docker-compose \
+    "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" && \
+    chmod +x /usr/local/bin/docker-compose
+
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+RUN chmod 644 /etc/supervisor/conf.d/supervisord.conf &&\
+    chmod u-s /usr/bin/newuidmap &&\
+    chmod u-s /usr/bin/newgidmap
+
 WORKDIR /opt
 
 USER docker
 
+RUN dockerd-rootless-setuptool.sh install
+
 VOLUME /opt/actions-runner
 
 ENTRYPOINT ["./start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
diff --git a/start.sh b/start.sh
@@ -1,5 +1,14 @@
 #!/bin/bash
 
+if [[ "$@" == "bash" ]]; then
+    exec $@
+fi
+
+export XDG_RUNTIME_DIR=$HOME/.docker/xrd
+rm -rf $XDG_RUNTIME_DIR
+mkdir -p $XDG_RUNTIME_DIR
+PATH=/usr/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh
+
 cd /opt/actions-runner
 
 if [[ -z $RUNNER_NAME ]]; then
@@ -70,4 +79,4 @@ else
         --unattended
 fi
 
-./run.sh & wait $!
+exec "$@"
diff --git a/supervisord.conf b/supervisord.conf
@@ -0,0 +1,13 @@
+[supervisord]
+user=docker
+nodaemon=true
+logfile=/dev/fd/1
+logfile_maxbytes=0
+loglevel=error
+
+[program:runner]
+directory=/opt/actions-runner
+command=/opt/actions-runner/bin/runsvc.sh
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true