Change the clair container to non root user

Signed-off-by: DQ <dengq@vmware.com>

make/photon/clair/Dockerfile

@@ -2,24 +2,25 @@ FROM photon:2.0
 
 RUN tdnf install -y git shadow sudo rpm xz python-xml >>/dev/null\
     && tdnf clean all \
-    && mkdir /clair/ \
-    && mkdir /harbor \
     && groupadd -r -g 10000 clair \
-    && useradd --no-log-init -m -r -g 10000 -u 10000 clair
-COPY ./make/photon/clair/binary/clair /clair/
-COPY ./make/photon/clair/docker-entrypoint.sh /docker-entrypoint.sh
-COPY ./make/photon/clair/dumb-init /dumb-init
-COPY ./make/photon/common/install_cert.sh /harbor 
+    && useradd --no-log-init -m -g 10000 -u 10000 clair
+COPY ./make/photon/clair/binary/clair /home/clair/
+COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/
+COPY ./make/photon/clair/dumb-init /home/clair/
+COPY ./make/photon/common/install_cert.sh /home/clair/
 
 VOLUME /config
 
 EXPOSE 6060 6061
 
-RUN chown -R 10000:10000 /clair \
-    && chmod u+x /clair/clair \
-    && chmod u+x /docker-entrypoint.sh \
-    && chmod +x /dumb-init
+RUN chmod -R 777 /etc/pki/tls/certs \
+    && chown -R clair:clair /home/clair \
+    && chmod u+x /home/clair/clair \
+    && chmod u+x /home/clair/docker-entrypoint.sh \
+    && chmod +x /home/clair/dumb-init
 
 HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+WORKDIR /home/clair
+USER clair
+ENTRYPOINT ["./docker-entrypoint.sh"]

make/photon/clair/docker-entrypoint.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 set -e
 
-/harbor/install_cert.sh
-sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair/clair -config /etc/clair/config.yaml $*"
+/home/clair/install_cert.sh
+/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $*
+
 set +e

tests/docker-compose.test.yml

@@ -6,6 +6,7 @@ services:
     volumes:
       - /data/registry:/storage
       - ./common/config/registry/:/etc/registry/
+      - /etc/core/ca/ca.crt:/etc/registry/root.crt
     ports:
       - 5000:5000
     command:

tests/pushimage.sh

@@ -7,6 +7,8 @@ docker login -u admin -p Harbor12345 $IP:5000
 
 docker tag hello-world $IP:5000/library/hello-world:latest
 docker push $IP:5000/library/hello-world:latest
+echo "$? pushed hello world"
 
 docker tag busybox $IP:5000/library/busybox:latest
 docker push $IP:5000/library/busybox:latest
+echo "$? pushed busybox"

tests/reg_config.yml

@@ -6,7 +6,7 @@ storage:
   cache:
     blobdescriptor: inmemory
   filesystem:
-    rootdirectory: /var/lib/registry
+    rootdirectory: /storage
 http:
   addr: :5000
   headers:
@@ -15,4 +15,4 @@ health:
   storagedriver:
     enabled: true
     interval: 10s
-    threshold: 3
+    threshold: 3

tests/travis/ut_install.sh

@@ -29,4 +29,5 @@ sudo ./tests/testprepare.sh
 cd tests && sudo ./ldapprepare.sh && sudo ./admiral.sh && cd ..
 sudo sed -i 's/__reg_version__/${REG_VERSION}-dev/g' ./make/docker-compose.test.yml
 sudo sed -i 's/__version__/dev/g' ./make/docker-compose.test.yml
-sudo mkdir -p ./make/common/config/registry/ && sudo mv ./tests/reg_config.yml ./make/common/config/registry/config.yml
+sudo mkdir -p ./make/common/config/registry/ && sudo mv ./tests/reg_config.yml ./make/common/config/registry/config.yml
+sudo mkdir /storage && sudo chown 10000:10000 -R /storage