crichardson/docker-xubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
649bc33cb7a16b85e6cf0b49d080aa17af49239b
docker-xubuntu/scripts/bin/container-init
Héctor Molinero Fernández 649bc33cb7 Update base image to Ubuntu 24.04
2024-05-28 19:36:22 +02:00

139 lines
4.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -eu
# Remove leftover files
find /tmp/ -mindepth 1 -delete ||:
# Add GPU devices groups to additional groups
for dev in /dev/dri/*; do
[ -c "${dev:?}" ] || continue
gid=$(stat -c '%g' "${dev:?}")
uug=${UNPRIVILEGED_USER_GROUPS?}
UNPRIVILEGED_USER_GROUPS="${uug:+${uug:?},}${gid:?}"
done
# Create additional groups
_IFS=${IFS}; IFS=,
for gid in ${UNPRIVILEGED_USER_GROUPS?}; do
if ! getent group "${gid:?}" >/dev/null 2>&1; then
groupadd --gid "${gid:?}" "g_${gid:?}"
fi
done
IFS=$_IFS
# Create unprivileged user and group
if ! getent group "${UNPRIVILEGED_USER_GID:?}" >/dev/null 2>&1; then
groupadd --gid "${UNPRIVILEGED_USER_GID:?}" "${UNPRIVILEGED_USER_NAME:?}"
fi
if ! getent passwd "${UNPRIVILEGED_USER_UID:?}" >/dev/null 2>&1; then
useradd \
--uid "${UNPRIVILEGED_USER_UID:?}" \
--gid "${UNPRIVILEGED_USER_GID:?}" \
--groups "${UNPRIVILEGED_USER_GROUPS?}" \
--shell "${UNPRIVILEGED_USER_SHELL:?}" \
--home-dir "${UNPRIVILEGED_USER_HOME:?}" \
--create-home \
"${UNPRIVILEGED_USER_NAME:?}"
fi
# Set unprivileged user password
if [ -n "${UNPRIVILEGED_USER_PASSWORD?}" ]; then
printf '%s' "${UNPRIVILEGED_USER_NAME:?}:${UNPRIVILEGED_USER_PASSWORD:?}" | chpasswd
else
passwd -d "${UNPRIVILEGED_USER_NAME:?}"
fi
if [ -w "${UNPRIVILEGED_USER_HOME:?}" ]; then
# Copy /etc/skel/ to unprivileged user home if certain files do not exist
if [ ! -e "${UNPRIVILEGED_USER_HOME:?}"/.profile ]; then
cp -aT /etc/skel/ "${UNPRIVILEGED_USER_HOME:?}" ||:
find /etc/skel/ -mindepth 1 -exec sh -c 'chown "$1:" "$2/${3#/etc/skel/}"' _ "${UNPRIVILEGED_USER_NAME:?}" "${UNPRIVILEGED_USER_HOME:?}" '{}' ';'
fi
# Set unprivileged user home permissions
if [ "$(stat -c '%u' "${UNPRIVILEGED_USER_HOME:?}")" != "${UNPRIVILEGED_USER_UID:?}" ]; then
chown "${UNPRIVILEGED_USER_NAME:?}:" "${UNPRIVILEGED_USER_HOME:?}"
fi
if [ "$(stat -c '%a' "${UNPRIVILEGED_USER_HOME:?}")" != '750' ]; then
chmod 750 "${UNPRIVILEGED_USER_HOME:?}"
fi
fi
# Create /run/dbus/ directory if it does not exist
if [ ! -d /run/dbus/ ]; then
mkdir -p /run/dbus/
chmod 755 /run/dbus/
chown messagebus: /run/dbus/
fi
# Create /run/sshd/ directory if it does not exist
if [ ! -d /run/sshd/ ]; then
mkdir -p /run/sshd/
chmod 755 /run/sshd/
fi
# Create /run/udev/ directory if it does not exist
if [ ! -d /run/udev/ ]; then
mkdir -p /run/udev/
chmod 755 /run/udev/
fi
# Create /run/user/${UNPRIVILEGED_USER_UID}/ directory if it does not exist
if [ ! -d /run/user/"${UNPRIVILEGED_USER_UID:?}"/ ]; then
mkdir -p /run/user/"${UNPRIVILEGED_USER_UID:?}"/
chmod 700 /run/user/"${UNPRIVILEGED_USER_UID:?}"/
chown "${UNPRIVILEGED_USER_NAME:?}:" /run/user/"${UNPRIVILEGED_USER_UID:?}"/
fi
# Enable xrdp bootstrap service
if [ "${SERVICE_XRDP_BOOTSTRAP_ENABLED:?}" = 'true' ]; then
ln -s /etc/sv/xrdp-bootstrap "${SVDIR:?}"
fi
# Enable headless X server service
if [ "${SERVICE_XORG_HEADLESS_ENABLED:?}" = 'true' ]; then
ln -s /etc/sv/xorg-headless "${SVDIR:?}"
fi
# Generate SSH keys if they do not exist
if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >/dev/null
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null
fi
# Generate xrdp RSA keys if they do not exist
if [ ! -f "${XRDP_RSAKEYS_PATH:?}" ]; then
mkdir -p "$(dirname "${XRDP_RSAKEYS_PATH:?}")"
(umask 077 \
&& xrdp-keygen xrdp "${XRDP_RSAKEYS_PATH:?}" \
) >/dev/null
fi
# Generate RDP certificate if it does not exist
if [ ! -f "${XRDP_TLS_KEY_PATH:?}" ] || [ ! -f "${XRDP_TLS_CRT_PATH:?}" ]; then
FQDN=$(hostname --fqdn)
mkdir -p "$(dirname "${XRDP_TLS_KEY_PATH:?}")"
(umask 077 \
&& openssl ecparam -genkey -name prime256v1 > "${XRDP_TLS_KEY_PATH:?}" \
) >/dev/null
mkdir -p "$(dirname "${XRDP_TLS_CRT_PATH:?}")"
(umask 022 \
&& openssl req -x509 -sha256 -days 3650 -subj "/CN=${FQDN:?}" -addext "subjectAltName=DNS:${FQDN:?}" -key "${XRDP_TLS_KEY_PATH:?}" > "${XRDP_TLS_CRT_PATH:?}" \
) >/dev/null
fi
# Print RDP certificate fingerprint
openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha1
openssl x509 -in "${XRDP_TLS_CRT_PATH:?}" -noout -fingerprint -sha256
# Dump environment variables
env | grep -Ev '^(PWD|OLDPWD|HOME|USER|SHELL|TERM|([^=]*(PASSWORD|SECRET)[^=]*))=' | sort > /etc/environment
# Start runit
exec runsvdir -P "${SVDIR:?}"
Reference in New Issue View Git Blame Copy Permalink