From a0462f0baa535239894fe5f4da41e8ff50ce370f Mon Sep 17 00:00:00 2001
From: DQ <dengq@vmware.com>
Date: Mon, 14 Oct 2019 10:25:11 +0000
Subject: [PATCH] Change the clair container to non root user

Signed-off-by: DQ <dengq@vmware.com>
---
 make/photon/clair/Dockerfile           | 25 +++++++++++++------------
 make/photon/clair/docker-entrypoint.sh |  5 +++--
 tests/docker-compose.test.yml          |  1 +
 tests/pushimage.sh                     |  2 ++
 tests/reg_config.yml                   |  4 ++--
 tests/travis/ut_install.sh             |  3 ++-
 6 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/make/photon/clair/Dockerfile b/make/photon/clair/Dockerfile
index 8ec5c732e..81b9026e2 100644
--- a/make/photon/clair/Dockerfile
+++ b/make/photon/clair/Dockerfile
@@ -2,24 +2,25 @@ FROM photon:2.0
 
 RUN tdnf install -y git shadow sudo rpm xz python-xml >>/dev/null\
     && tdnf clean all \
-    && mkdir /clair/ \
-    && mkdir /harbor \
     && groupadd -r -g 10000 clair \
-    && useradd --no-log-init -m -r -g 10000 -u 10000 clair
-COPY ./make/photon/clair/binary/clair /clair/
-COPY ./make/photon/clair/docker-entrypoint.sh /docker-entrypoint.sh
-COPY ./make/photon/clair/dumb-init /dumb-init
-COPY ./make/photon/common/install_cert.sh /harbor 
+    && useradd --no-log-init -m -g 10000 -u 10000 clair
+COPY ./make/photon/clair/binary/clair /home/clair/
+COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/
+COPY ./make/photon/clair/dumb-init /home/clair/
+COPY ./make/photon/common/install_cert.sh /home/clair/
 
 VOLUME /config
 
 EXPOSE 6060 6061
 
-RUN chown -R 10000:10000 /clair \
-    && chmod u+x /clair/clair \
-    && chmod u+x /docker-entrypoint.sh \
-    && chmod +x /dumb-init
+RUN chmod -R 777 /etc/pki/tls/certs \
+    && chown -R clair:clair /home/clair \
+    && chmod u+x /home/clair/clair \
+    && chmod u+x /home/clair/docker-entrypoint.sh \
+    && chmod +x /home/clair/dumb-init
 
 HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1
 
-ENTRYPOINT ["/docker-entrypoint.sh"]
+WORKDIR /home/clair
+USER clair
+ENTRYPOINT ["./docker-entrypoint.sh"]
diff --git a/make/photon/clair/docker-entrypoint.sh b/make/photon/clair/docker-entrypoint.sh
index 021e2624c..d1630b7d5 100644
--- a/make/photon/clair/docker-entrypoint.sh
+++ b/make/photon/clair/docker-entrypoint.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 set -e
 
-/harbor/install_cert.sh
-sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair/clair -config /etc/clair/config.yaml $*"
+/home/clair/install_cert.sh
+/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $*
+
 set +e
diff --git a/tests/docker-compose.test.yml b/tests/docker-compose.test.yml
index a13c22b79..ad078afa1 100644
--- a/tests/docker-compose.test.yml
+++ b/tests/docker-compose.test.yml
@@ -6,6 +6,7 @@ services:
     volumes:
       - /data/registry:/storage
       - ./common/config/registry/:/etc/registry/
+      - /etc/core/ca/ca.crt:/etc/registry/root.crt
     ports:
       - 5000:5000
     command:
diff --git a/tests/pushimage.sh b/tests/pushimage.sh
index 7b91e673f..db409b275 100755
--- a/tests/pushimage.sh
+++ b/tests/pushimage.sh
@@ -7,6 +7,8 @@ docker login -u admin -p Harbor12345 $IP:5000
 
 docker tag hello-world $IP:5000/library/hello-world:latest
 docker push $IP:5000/library/hello-world:latest
+echo "$? pushed hello world"
 
 docker tag busybox $IP:5000/library/busybox:latest
 docker push $IP:5000/library/busybox:latest
+echo "$? pushed busybox"
diff --git a/tests/reg_config.yml b/tests/reg_config.yml
index 28c6874ce..db6d2bcf2 100644
--- a/tests/reg_config.yml
+++ b/tests/reg_config.yml
@@ -6,7 +6,7 @@ storage:
   cache:
     blobdescriptor: inmemory
   filesystem:
-    rootdirectory: /var/lib/registry
+    rootdirectory: /storage
 http:
   addr: :5000
   headers:
@@ -15,4 +15,4 @@ health:
   storagedriver:
     enabled: true
     interval: 10s
-    threshold: 3
\ No newline at end of file
+    threshold: 3
diff --git a/tests/travis/ut_install.sh b/tests/travis/ut_install.sh
index dfaddb49b..c971a0b23 100644
--- a/tests/travis/ut_install.sh
+++ b/tests/travis/ut_install.sh
@@ -29,4 +29,5 @@ sudo ./tests/testprepare.sh
 cd tests && sudo ./ldapprepare.sh && sudo ./admiral.sh && cd ..
 sudo sed -i 's/__reg_version__/${REG_VERSION}-dev/g' ./make/docker-compose.test.yml
 sudo sed -i 's/__version__/dev/g' ./make/docker-compose.test.yml
-sudo mkdir -p ./make/common/config/registry/ && sudo mv ./tests/reg_config.yml ./make/common/config/registry/config.yml
\ No newline at end of file
+sudo mkdir -p ./make/common/config/registry/ && sudo mv ./tests/reg_config.yml ./make/common/config/registry/config.yml
+sudo mkdir /storage && sudo chown 10000:10000 -R /storage