From 7af7d7ec108d34c3d72bdd11ff92c057f4735c16 Mon Sep 17 00:00:00 2001
From: uazo <uazo@users.noreply.github.com>
Date: Tue, 29 Jun 2021 13:50:31 +0000
Subject: [PATCH] make runner secure

---
 images/buildboxcasd/Dockerfile   | 8 +++++---
 images/buildboxrunner/Dockerfile | 6 +++---
 images/chr-source/Dockerfile     | 2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/images/buildboxcasd/Dockerfile b/images/buildboxcasd/Dockerfile
index 09497ab..4941f83 100644
--- a/images/buildboxcasd/Dockerfile
+++ b/images/buildboxcasd/Dockerfile
@@ -1,5 +1,5 @@
 ARG VERSION
-FROM localhost:5000/uazo/build-deps:$VERSION
+FROM uazo/build-deps:$VERSION
 
 ARG REMOTEEXEC_ADDR
 
@@ -9,10 +9,12 @@ ENV DEBIAN_FRONTEND=noninteractive
 USER lg
 COPY buildbox-casd .
 
-RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
+RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
     sudo chmod +x buildbox-casd
 
-CMD ./buildbox-casd \
+CMD sudo rm -rf /wrk-cache/* &&\
+    bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\
+    ./buildbox-casd \
        --instance=default_instance \
        --cas-instance=default_instance \
        --cas-remote=http://$REMOTEEXEC_ADDR \
diff --git a/images/buildboxrunner/Dockerfile b/images/buildboxrunner/Dockerfile
index 9aab154..bf146a9 100644
--- a/images/buildboxrunner/Dockerfile
+++ b/images/buildboxrunner/Dockerfile
@@ -1,5 +1,5 @@
 ARG VERSION
-FROM localhost:5000/uazo/build-deps:$VERSION
+FROM uazo/build-deps:$VERSION
 
 ARG REMOTEEXEC_ADDR
 
@@ -17,8 +17,8 @@ RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
 CMD PATH=.:$PATH &&\
     ./buildbox-worker \
        --instance=default_instance \
-       --bots-remote=http://$REMOTEEXEC_ADDR \
-       --bots-retry-limit=10 \
+       --bots-remote=unix:/wrk-cache/bots.sock \
+       --bots-retry-limit=5 \
        --buildbox-run=buildbox-run-hosttools \
        --cas-remote=unix:/wrk-cache/casd.sock \
        --logstream-remote=unix:/wrk-cache/casd.sock \
diff --git a/images/chr-source/Dockerfile b/images/chr-source/Dockerfile
index a5f5759..5e0f179 100644
--- a/images/chr-source/Dockerfile
+++ b/images/chr-source/Dockerfile
@@ -1,6 +1,6 @@
 ARG VERSION
 
-FROM localhost:5000/uazo/build-deps:$VERSION
+FROM uazo/build-deps:$VERSION
 ARG VERSION
 ENV VERSION=$VERSION