From 5ce342f8fd908726b0a21848bba6b5b653023bad Mon Sep 17 00:00:00 2001
From: Jordan Petridis <jordan@centricular.com>
Date: Mon, 31 Mar 2025 14:03:48 +0300
Subject: [PATCH] ci: Move containeruser creation into the main image

Doesn't need to be done only for toolbox and we will
need this when we switch the user gitlab-ci runs as.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7816>
---
 ci/docker/debian/prepare.sh         |  2 ++
 ci/docker/fedora/prepare.sh         |  2 ++
 ci/scripts/build-toolbox-image.sh   | 12 +-----------
 ci/scripts/create-container-user.sh | 12 ++++++++++++
 4 files changed, 17 insertions(+), 11 deletions(-)
 create mode 100644 ci/scripts/create-container-user.sh

diff --git a/ci/docker/debian/prepare.sh b/ci/docker/debian/prepare.sh
index c364fb980f..6c31f20aad 100644
--- a/ci/docker/debian/prepare.sh
+++ b/ci/docker/debian/prepare.sh
@@ -10,4 +10,6 @@ bash ./ci/scripts/install-rust.sh
 git config --global user.email "gstreamer@gstreamer.net"
 git config --global user.name "Gstbuild Runner"
 
+bash ./ci/scripts/create-container-user.sh
+
 bash ./ci/scripts/create-subprojects-cache.sh
diff --git a/ci/docker/fedora/prepare.sh b/ci/docker/fedora/prepare.sh
index 66fd145776..9007fdfd7a 100644
--- a/ci/docker/fedora/prepare.sh
+++ b/ci/docker/fedora/prepare.sh
@@ -10,4 +10,6 @@ git config --global user.name "Gstbuild Runner"
 
 bash ./ci/scripts/install-rust.sh
 
+bash ./ci/scripts/create-container-user.sh
+
 bash ./ci/scripts/create-subprojects-cache.sh
diff --git a/ci/scripts/build-toolbox-image.sh b/ci/scripts/build-toolbox-image.sh
index 8af6831fe0..f5f0ee33aa 100644
--- a/ci/scripts/build-toolbox-image.sh
+++ b/ci/scripts/build-toolbox-image.sh
@@ -102,16 +102,6 @@ build_container() {
   buildah run $build_cntr dnf clean all
   buildah run $build_cntr rm -rf /var/lib/cache/dnf
 
-  # random uid
-  uid="10043"
-  name="containeruser"
-  buildah run $build_cntr -- groupadd $name -g $uid
-  buildah run $build_cntr -- useradd -u $uid -g $uid -ms /bin/bash $name
-
-  buildah run $build_cntr -- usermod -aG wheel $name
-  buildah run $build_cntr -- bash -c "echo $name ALL=\(ALL\) NOPASSWD:ALL > /etc/sudoers.d/$name"
-  buildah run $build_cntr -- chmod 0440 /etc/sudoers.d/$name
-
   buildah config \
     --env RUSTUP_HOME="/usr/local/rustup" \
     --env CARGO_HOME="/usr/local/cargo/" \
@@ -126,7 +116,7 @@ build_container() {
   # Also add the OCI labels that toolbox expects, to advertize that image is compatible
   # Additionally add a non-root default user
   buildah config --env HOME- \
-    --user $name \
+    --user containeruser \
     --label com.github.containers.toolbox=true \
     --label org.opencontainers.image.base.name=$BASE_CI_IMAGE \
     $build_cntr
diff --git a/ci/scripts/create-container-user.sh b/ci/scripts/create-container-user.sh
new file mode 100644
index 0000000000..508f6a3b60
--- /dev/null
+++ b/ci/scripts/create-container-user.sh
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+set -eux
+
+uid="10043"
+name="containeruser"
+groupadd $name -g $uid
+useradd -u $uid -g $uid -ms /bin/bash $name
+
+usermod -aG wheel $name || usermod -aG sudo $name
+bash -c "echo $name ALL=\(ALL\) NOPASSWD:ALL > /etc/sudoers.d/$name"
+chmod 0440 /etc/sudoers.d/$name