From 15da5565b9c61996f79e25153af6a8aae7694ec3 Mon Sep 17 00:00:00 2001 From: Jakub Kadlcik Date: Oct 23 2017 21:20:18 +0000 Subject: [docker] remove unnecessary stuff --- diff --git a/docker/backend/Dockerfile b/docker/backend/Dockerfile index d8bb98e..50a7f1f 100644 --- a/docker/backend/Dockerfile +++ b/docker/backend/Dockerfile @@ -17,23 +17,6 @@ RUN dnf -y update && \ supervisor \ psmisc \ nginx \ -# builder packages - packagedb-cli \ - fedora-cert \ - mock \ - mock-lvm \ - createrepo \ - yum-utils \ - pyliblzma \ - rsync \ - openssh-clients \ - libselinux-python \ - libsemanage-python \ - rpm \ - glib2 \ - ca-certificates \ - scl-utils-build \ - ethtool \ # packages for copr-keygen uwsgi \ uwsgi-plugin-python \ @@ -99,13 +82,6 @@ RUN cd `mktemp -d` && \ # system setup for copr-backend RUN usermod -a -G mock copr -# # preinstall rpmbuild and its builddeps to utilize most of Docker cache -# RUN cd `mktemp -d` && \ -# dnf -y download --source copr-rpmbuild && \ -# dnf -y builddep *.src.rpm --allowerasing && \ -# dnf -y install copr-rpmbuild && \ -# dnf clean all - # copy your copr sources to the docker image COPY . /copr @@ -134,10 +110,6 @@ RUN dnf -y builddep /copr/backend/copr-backend.spec --allowerasing && \ dnf -y upgrade /tmp/tito/noarch/copr-keygen*.noarch.rpm || true && \ dnf clean all -# upgrade rpkg, otherwise an outdated 0.8 version is installed -#RUN dnf -y upgrade rpkg && \ - #dnf clean all - # copy filesystem setup and setup ownership and permissions COPY docker/backend/files/ / RUN chmod 700 /root && \ diff --git a/docker/backend/files/etc/rpkg.conf b/docker/backend/files/etc/rpkg.conf deleted file mode 100644 index 21bada3..0000000 --- a/docker/backend/files/etc/rpkg.conf +++ /dev/null @@ -1,6 +0,0 @@ -[rpkg] -lookaside = http://distgit/repo/pkgs -lookasidehash = md5 -lookaside_cgi = https://distgit/repo/pkgs/upload.cgi -gitbaseurl = ssh://%(user)s@localhost/%(module)s -anongiturl = git://localhost/%(module)s diff --git a/docker/backend/files/etc/ssh/ssh_config b/docker/backend/files/etc/ssh/ssh_config deleted file mode 100644 index 4a0fb82..0000000 --- a/docker/backend/files/etc/ssh/ssh_config +++ /dev/null @@ -1,66 +0,0 @@ -# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# -# Uncomment this if you want to use .local domain -# Host *.local -# CheckHostIP no - -Host * - GSSAPIAuthentication yes -# If this option is set to yes then remote X11 clients will have full access -# to the original X11 display. As virtually no X11 client supports the untrusted -# mode correctly we set this to yes. - ForwardX11Trusted yes -# Send locale-related environment variables - SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE - SendEnv XMODIFIERS diff --git a/docker/backend/files/etc/ssh/sshd_config b/docker/backend/files/etc/ssh/sshd_config deleted file mode 100644 index 26d7139..0000000 --- a/docker/backend/files/etc/ssh/sshd_config +++ /dev/null @@ -1,153 +0,0 @@ -# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# If you want to change the port on a SELinux system, you have to tell -# SELinux about this change. -# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER -# -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Ciphers and keying -#RekeyLimit default none - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -SyslogFacility AUTHPRIV -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no -PasswordAuthentication yes - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no -#KerberosUseKuserok yes - -# GSSAPI options -GSSAPIAuthentication yes -GSSAPICleanupCredentials no -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no -#GSSAPIEnablek5users no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -# WARNING: 'UsePAM no' is not supported in Fedora and may cause several -# problems. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#ShowPatchLevel no -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Accept locale-related environment variables -AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -AcceptEnv XMODIFIERS - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/docker/builder/files/etc/rpkg.conf b/docker/builder/files/etc/rpkg.conf deleted file mode 100644 index 554526c..0000000 --- a/docker/builder/files/etc/rpkg.conf +++ /dev/null @@ -1,6 +0,0 @@ -[distgit] -lookaside = http://distgit/repo/pkgs -lookasidehash = md5 -lookaside_cgi = https://distgit/repo/pkgs/upload.cgi -gitbaseurl = ssh://%(user)s@localhost/%(module)s -anongiturl = git://localhost/%(module)s diff --git a/docker/builder/files/etc/ssh/ssh_config b/docker/builder/files/etc/ssh/ssh_config deleted file mode 100644 index 4a0fb82..0000000 --- a/docker/builder/files/etc/ssh/ssh_config +++ /dev/null @@ -1,66 +0,0 @@ -# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -# Host * -# ForwardAgent no -# ForwardX11 no -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# GSSAPIKeyExchange no -# GSSAPITrustDNS no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no -# ProxyCommand ssh -q -W %h:%p gateway.example.com -# RekeyLimit 1G 1h -# -# Uncomment this if you want to use .local domain -# Host *.local -# CheckHostIP no - -Host * - GSSAPIAuthentication yes -# If this option is set to yes then remote X11 clients will have full access -# to the original X11 display. As virtually no X11 client supports the untrusted -# mode correctly we set this to yes. - ForwardX11Trusted yes -# Send locale-related environment variables - SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE - SendEnv XMODIFIERS diff --git a/docker/builder/files/etc/ssh/sshd_config b/docker/builder/files/etc/ssh/sshd_config deleted file mode 100644 index 26d7139..0000000 --- a/docker/builder/files/etc/ssh/sshd_config +++ /dev/null @@ -1,153 +0,0 @@ -# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/local/bin:/usr/bin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -# If you want to change the port on a SELinux system, you have to tell -# SELinux about this change. -# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER -# -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Ciphers and keying -#RekeyLimit default none - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -SyslogFacility AUTHPRIV -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no -PasswordAuthentication yes - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no -#KerberosUseKuserok yes - -# GSSAPI options -GSSAPIAuthentication yes -GSSAPICleanupCredentials no -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no -#GSSAPIEnablek5users no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -# WARNING: 'UsePAM no' is not supported in Fedora and may cause several -# problems. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#ShowPatchLevel no -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Accept locale-related environment variables -AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -AcceptEnv XMODIFIERS - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/docker/builder/files/root/.ssh/builder_config b/docker/builder/files/root/.ssh/builder_config deleted file mode 100644 index 198ef5a..0000000 --- a/docker/builder/files/root/.ssh/builder_config +++ /dev/null @@ -1,19 +0,0 @@ -Host * -# For dynamically started VMs. -StrictHostKeyChecking no -UserKnownHostsFile /dev/null - -# For non-default paths to identity file. -IdentityFile ~/.ssh/id_rsa - -# Ensure remote command uses proper line buffering for live logs -# (so called live logs). -RequestTTY=force - -# Keep control sockets open, to speedup subsequent command runs. -ControlPath=/home/copr/ssh_socket_%h_%p_%r -ControlMaster=auto -ControlPersist=900 - -Port=22 -Hostname localhost