From 228297a8133f34b38313ef23780ca7692a7a284e Mon Sep 17 00:00:00 2001
From: uazo <uazo@users.noreply.github.com>
Date: Tue, 3 Aug 2021 15:26:16 +0000
Subject: [PATCH] Fix users permissions

---
 images/buildboxcasd/Dockerfile          | 13 ++++++------
 images/buildboxcasd/set-perms.sh        | 23 +++++++++++++++++++++
 images/buildboxrunner/Dockerfile        | 10 ++++++++-
 images/github-runner/start-runner.sh    | 27 +++++++++++++++++++++----
 images/goma-server/Dockerfile           |  2 +-
 images/goma-server/start-goma-server.sh |  5 ++++-
 images/privoxy/Dockerfile               | 13 ++++++++++--
 images/privoxy/start-proxy.sh           |  9 +++++----
 8 files changed, 83 insertions(+), 19 deletions(-)
 create mode 100644 images/buildboxcasd/set-perms.sh

diff --git a/images/buildboxcasd/Dockerfile b/images/buildboxcasd/Dockerfile
index fe553d2..51e92bb 100644
--- a/images/buildboxcasd/Dockerfile
+++ b/images/buildboxcasd/Dockerfile
@@ -1,16 +1,19 @@
 ARG VERSION
-FROM uazo/build-deps:$VERSION
+FROM ubuntu:latest
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-USER lg
 COPY buildbox-casd .
+COPY set-perms.sh .
 
-RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
-    sudo chmod +x buildbox-casd
+RUN apt-get update &&\
+    apt-get -f -y install sudo libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
+    sudo chmod +x buildbox-casd &&\
+    sudo chmod +x set-perms.sh
 
 CMD sudo rm -rf /wrk-cache/* &&\
     bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\
+    bash -c "$PWD/set-perms.sh &" &&\
     ./buildbox-casd \
        --instance=default_instance \
        --cas-instance=default_instance \
@@ -18,5 +21,3 @@ CMD sudo rm -rf /wrk-cache/* &&\
        --ra-remote=http://$REMOTEEXEC_ADDR \
        --verbose \
        /wrk-cache
-   
-
diff --git a/images/buildboxcasd/set-perms.sh b/images/buildboxcasd/set-perms.sh
new file mode 100644
index 0000000..4d8bda3
--- /dev/null
+++ b/images/buildboxcasd/set-perms.sh
@@ -0,0 +1,23 @@
+
+wait_file() {
+  local file="$1"; shift
+  local wait_seconds="${1:-10}"; shift # 10 seconds as default timeout
+
+  until test $((wait_seconds--)) -eq 0 -o -e "$file" ; do sleep 1; done
+
+  ((++wait_seconds))
+}
+
+echo "--Checking permissions bots.sock"
+wait_file "/wrk-cache/bots.sock" && {
+  echo "--Set bots.sock permissions"
+  sudo chmod 777 /wrk-cache/bots.sock
+}
+
+echo "--Checking permissions casd.sock"
+wait_file "/wrk-cache/casd.sock" && {
+  echo "--Set casd.sock permissions"
+  sudo chmod 777 /wrk-cache/casd.sock
+}
+
+echo "--Done"
diff --git a/images/buildboxrunner/Dockerfile b/images/buildboxrunner/Dockerfile
index afeec3a..a15e350 100644
--- a/images/buildboxrunner/Dockerfile
+++ b/images/buildboxrunner/Dockerfile
@@ -7,15 +7,23 @@ USER lg
 COPY buildbox-worker .
 COPY buildbox-run-hosttools .
 
+RUN HTTP_PROXY= &&\
+    HTTPS_PROXY= &&\
+    http_proxy= &&\
+    https_proxy= &&\
+    sudo rm /etc/apt/apt.conf.d/proxy.conf
+
 RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
     sudo chmod +x buildbox-worker &&\
     sudo chmod +x buildbox-run-hosttools
 
+USER root
+
 CMD PATH=.:$PATH &&\
     ./buildbox-worker \
        --instance=default_instance \
        --bots-remote=unix:/wrk-cache/bots.sock \
-       --stop-after=50 \
+       --stop-after=50 \ 
        --bots-retry-limit=5 \
        --buildbox-run=buildbox-run-hosttools \
        --cas-remote=unix:/wrk-cache/casd.sock \
diff --git a/images/github-runner/start-runner.sh b/images/github-runner/start-runner.sh
index 178234c..2ac4c9d 100755
--- a/images/github-runner/start-runner.sh
+++ b/images/github-runner/start-runner.sh
@@ -1,14 +1,33 @@
 #!/bin/bash
 
+#docker stop gh-proxy
+
+SYSBOX_UID=$(cat /etc/subuid | grep sysbox | cut -d : -f 2)
+mkdir -p /tmp/proxy
+mkdir -p /tmp/forward-proxy
+mkdir -p ~/redis
+
+sudo chown $SYSBOX_UID:$SYSBOX_UID /tmp/proxy
+sudo chown $SYSBOX_UID:$SYSBOX_UID /tmp/forward-proxy
+sudo chown $SYSBOX_UID:$SYSBOX_UID ~/redis
+
+docker run --rm -d --runtime=sysbox-runc \
+  --name=gh-proxy \
+  -e "REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR" \
+  -v /tmp/proxy:/tmp/proxy:rw \
+  -v /tmp/forward-proxy:/tmp/forward-proxy:rw \
+  uazo/privoxy
+
 while true
 do
 
   docker run --runtime=sysbox-runc --name=gh-runner -ti --rm \
     --env-file=.env \
-    -v ~/docker-inner/:/var/lib/docker/ \
-    -v /storage/images:/storage/images \
-    -v /tmp/forward-proxy:/tmp/forward-proxy \
-    -v /tmp/proxy:/tmp/proxy \
+    -v ~/docker-inner/:/var/lib/docker/:rw \
+    -v /storage/images:/storage/images:rw \
+    -v /tmp/proxy:/tmp/proxy:rw \
+    -v /tmp/forward-proxy:/tmp/forward-proxy:rw \
+    -v ~/redis:/redis:rw \
     --network none \
     uazo/github-runner
 
diff --git a/images/goma-server/Dockerfile b/images/goma-server/Dockerfile
index 75620f5..4d38ab0 100644
--- a/images/goma-server/Dockerfile
+++ b/images/goma-server/Dockerfile
@@ -6,7 +6,7 @@ COPY config-file .
 
 RUN apt-get update \
     && \
-    apt-get -y install sudo wget git socat \
+    apt-get -y install sudo wget git socat redis-server \
     && \
     sudo chmod +x ./install-goma-server.sh \
     && \
diff --git a/images/goma-server/start-goma-server.sh b/images/goma-server/start-goma-server.sh
index 544be35..e87b792 100755
--- a/images/goma-server/start-goma-server.sh
+++ b/images/goma-server/start-goma-server.sh
@@ -3,7 +3,10 @@
 RED='\033[0;31m'
 NC='\033[0m' # No Color
 
-#export REDISHOST=localhost
+echo -e ${RED} -------- start redis-server ${NC}
+
+export REDISHOST=localhost
+sudo redis-server /etc/redis/redis.conf
 
 echo -e ${RED} -------- start goma-server ${NC}
 
diff --git a/images/privoxy/Dockerfile b/images/privoxy/Dockerfile
index 129f3ba..a46ae5c 100644
--- a/images/privoxy/Dockerfile
+++ b/images/privoxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.14
+FROM ubuntu:latest
 
 ARG REMOTEEXEC_ADDR
 
@@ -6,7 +6,16 @@ COPY user.action .
 COPY privoxy.conf .
 COPY start-proxy.sh .
 
-RUN apk update && apk add privoxy bash sudo socat
+RUN apt-get update && apt-get install -y privoxy bash sudo socat
+
+#RUN useradd -u 2000 -m ghproxy \
+#    && usermod -aG sudo ghproxy \
+#    && echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
+
+#RUN useradd -m runner1 \
+#    && usermod -aG sudo runner1
+#
+#USER ghproxy
 
 CMD sudo chmod +x ./start-proxy.sh &&\
     REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
diff --git a/images/privoxy/start-proxy.sh b/images/privoxy/start-proxy.sh
index 86a9c5f..90a3029 100644
--- a/images/privoxy/start-proxy.sh
+++ b/images/privoxy/start-proxy.sh
@@ -1,12 +1,13 @@
 #!/bin/bash
 
+echo Connect /tmp/forward-proxy/proxy.sock to 127.0.0.1:8118
 test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
-test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
-
 socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
-socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
-
 sudo chmod 777 /tmp/forward-proxy/proxy.sock
+
+echo Connect /tmp/proxy/bots.sock to $REMOTEEXEC_ADDR
+test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
+socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
 sudo chmod 777 /tmp/proxy/bots.sock
 
 privoxy --no-daemon privoxy.conf