From 2e82385053617fc80902c22d26ec1826b3e629cf Mon Sep 17 00:00:00 2001
From: Giap Tran <txgvnn@disroot.org>
Date: Sat, 9 Mar 2024 11:37:35 +0000
Subject: [PATCH] Dockerfile: migrate to new user, revert manifest

---
 Dockerfile.codespace        | 16 ++++++++--------
 Dockerfile.gitpod           | 21 ++++++++++-----------
 guix-install.d/manifest.scm |  2 +-
 3 files changed, 19 insertions(+), 20 deletions(-)

diff --git a/Dockerfile.codespace b/Dockerfile.codespace
index 97f0869..72aa82b 100644
--- a/Dockerfile.codespace
+++ b/Dockerfile.codespace
@@ -8,23 +8,23 @@ RUN apt-get update && \
     man screen iproute2 && \
     rm -rf /var/lib/apt/lists/* && \
     mkdir -p /src
+
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
 ENV LANG=en_US.UTF-8
 ENV LOCALE_ARCHIVE=/usr/lib/locale/locale-archive
 
-# Add non-root user.
-RUN groupadd --gid 1000 vscode && \
-    useradd --shell /bin/bash --uid 1000 --gid 1000 --create-home vscode && \
-    echo 'vscode ALL=(root) NOPASSWD:ALL' > /etc/sudoers.d/vscode && \
-    chmod 0440 /etc/sudoers.d/vscode
+RUN groupadd --gid 1000 robot && \
+    useradd --shell /bin/bash --uid 1000 --gid 1000 --create-home robot && \
+    echo 'robot ALL=(root) NOPASSWD:ALL' > /etc/sudoers.d/robot && \
+    chmod 0440 /etc/sudoers.d/robot
 
 COPY ./ /src/oops
 RUN find /src/oops/guix-install.d/gpg_signing_keys -type f -exec gpg --import {} \; && \
     bash /src/oops/guix-install.d/guix-install.sh && \
     start-stop-daemon --user root --pidfile /tmp/guix.sock --background --start --exec /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon -- --build-users-group=guixbuild --disable-chroot -c 2 -M 2 --substitute-urls="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://txgvnn.github.io/guxti" && \
     sleep 1 && \
-    chown -R vscode: /src/oops && \
-    sudo -H -u vscode bash -c 'mkdir -p ~/.config/guix && \
+    chown -R robot: /src/oops && \
+    sudo -H -u robot bash -c 'mkdir -p ~/.config/guix && \
     cp /src/oops/guix-install.d/channels.scm ~/.config/guix/channels.scm && \
     guix pull && \
     ~/.config/guix/current/bin/guix package -m /src/oops/guix-install.d/manifest.scm && \
@@ -45,6 +45,6 @@ LABEL org.opencontainers.image.source="https://github.com/TxGVNN/oops"
 LABEL org.opencontainers.image.documentation="https://github.com/TxGVNN/oops/blob/${REVISION}/README.md"
 LABEL org.opencontainers.image.description="Codespace IDE, Powerful by Guix!"
 LABEL devcontainer.metadata="{ \
-    \"remoteUser\": \"vscode\", \
+    \"remoteUser\": \"robot\", \
     \"overrideCommand\": false \
     }"
diff --git a/Dockerfile.gitpod b/Dockerfile.gitpod
index 6a1822d..a36d48e 100644
--- a/Dockerfile.gitpod
+++ b/Dockerfile.gitpod
@@ -8,35 +8,34 @@ RUN apt-get update && \
     man screen iproute2 && \
     rm -rf /var/lib/apt/lists/* && \
     mkdir -p /src
+
 RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
 ENV LANG=en_US.UTF-8
 ENV LOCALE_ARCHIVE=/usr/lib/locale/locale-archive
 
-### Gitpod user ###
-# '-l': see https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
-RUN useradd -l -u 33333 -G sudo -md /home/gitpod -s /bin/bash -p gitpod gitpod \
-    # Remove `use_pty` option and enable passwordless sudo for users in the 'sudo' group
-    && sed -i.bkp -e '/Defaults\tuse_pty/d' -e 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers \
-    # To emulate the workspace-session behavior within dazzle build env
-    && mkdir /workspaces && chown -hR gitpod:gitpod /workspaces
+RUN groupadd --gid 1000 robot && \
+    useradd --shell /bin/bash --uid 1000 --gid 1000 --create-home robot && \
+    echo 'robot ALL=(root) NOPASSWD:ALL' > /etc/sudoers.d/robot && \
+    chmod 0440 /etc/sudoers.d/robot
 
 COPY ./ /src/oops
 RUN find /src/oops/guix-install.d/gpg_signing_keys -type f -exec gpg --import {} \; && \
     bash /src/oops/guix-install.d/guix-install.sh && \
     start-stop-daemon --user root --pidfile /tmp/guix.sock --background --start --exec /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon -- --build-users-group=guixbuild --disable-chroot -c 2 -M 2 --substitute-urls="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://txgvnn.github.io/guxti" && \
     sleep 1 && \
-    chown -R gitpod: /src/oops && \
-    sudo -H -u gitpod bash -c 'mkdir -p ~/.config/guix && \
+    chown -R robot: /src/oops && \
+    sudo -H -u robot bash -c 'mkdir -p ~/.config/guix && \
     cp /src/oops/guix-install.d/channels.scm ~/.config/guix/channels.scm && \
     guix pull && \
     ~/.config/guix/current/bin/guix package -m /src/oops/guix-install.d/manifest.scm && \
     rm -rf ~/.cache/guix/inferiors/ && guix gc'
 
-USER gitpod
-WORKDIR /home/gitpod
 ENV WORKSPACE=/workspaces
 ENV PATH=/workspaces/.oops/profile/bin:/src/oops/profile/bin:$PATH
 
+USER robot
+WORKDIR /home/robot
+
 ARG REVISION
 LABEL org.opencontainers.image.source="https://github.com/TxGVNN/oops"
 LABEL org.opencontainers.image.documentation="https://github.com/TxGVNN/oops/blob/${REVISION}/README.md"
diff --git a/guix-install.d/manifest.scm b/guix-install.d/manifest.scm
index b833eef..300bb01 100644
--- a/guix-install.d/manifest.scm
+++ b/guix-install.d/manifest.scm
@@ -12,7 +12,7 @@
   (list (channel
          (name 'guix)
          (url "https://git.savannah.gnu.org/git/guix.git")
-         (commit "3621493e4cc9f83253d7f191b783fd11212c7045"))))
+         (commit "aae61f54ff6acf5cc0e0355dc85babf29f625660"))))
 
 (define inferior
   (inferior-for-channels channels))