Integrate changes from various other images

I've created a few container images for Jenkins jobs over the past few weeks, and many of them have several steps in common. Moving those steps to the *jenkins-base* image will simplify the rest and make it easier to create new ones. * Use UID 1000 for the *jenkins* user, since this is the UID the Jenkins agent JNLP container uses * Configure the SSH client `KnownHostsCommand` setting to fetch the SSH host key database from the file server * Run as the unprivileged user * Add a "sleep forever" type entry point: Python's `signal.pause()` waits for a signal from the operating system, where as other solutions are either uninterruptable (`sleep infinity`) or wake frequently (`tail -f /dev/null`)
2022-12-03 09:29:12 -06:00 · 2022-12-03 09:29:12 -06:00 · a65ab04155
parent 9a98c7bbc0
commit a65ab04155
2 changed files with 9 additions and 1 deletions
--- a/9
+++ b/9
@ -1,3 +1,10 @@
 FROM registry.fedoraproject.org/fedora:36

-RUN useradd -l -u 3000018 jenkins
+RUN groupadd -g 1000 jenkins \
+    && useradd -c 'Jenkins user' -g 1000 -l -M -s /bin/sh -u 1000 jenkins
+
+COPY known-hosts-command.ssh.conf /etc/ssh/ssh_config.d/10-known-hosts-command.conf
+
+USER jenkins:jenkins
+
+CMD ["python3", "-c", "import signal;signal.pause()"]
--- a/known-hosts-command.ssh.conf
+++ b/known-hosts-command.ssh.conf
@ -0,0 +1 @@
+KnownHostsCommand /usr/bin/curl -sL https://files.pyrocufflink.blue/ssh_known_hosts
				`@ -0,0 +1 @@`
				`KnownHostsCommand /usr/bin/curl -sL https://files.pyrocufflink.blue/ssh_known_hosts`