From bfb139c32b7e50b623970177862b862c0e912f18 Mon Sep 17 00:00:00 2001
From: Matyas Selmeci <matyas@cs.wisc.edu>
Date: Wed, 28 Feb 2024 04:45:20 -0600
Subject: [PATCH] Add knob to disable adding the expanse user and group
 (u532362:g12497)

This user has such a high UID that on some systems pulling or running with
podman fails.  Adding the user is still the default (because I can't add
arbitrary build args in the GHA).
---
 Dockerfile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index bac8b8b..8a509b5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -158,7 +158,14 @@ RUN mkdir -p /pilot && chmod 1777 /pilot
 # condor fails to start if this isn't a resolvable username.  For now, create the username
 # by hand.  If we hit this at more sites, we can do a for-loop for populating /etc/{passwd,groups}
 # instead of adding individual user accounts one-by-one.
-RUN groupadd --gid 12497 g12497 && useradd --gid 12497 --create-home --uid 532362 u532362
+#
+# The Expanse user has such a high UID that it causes problems with people
+# running this container using UID namespaces.
+# Set NO_EXPANSE_USER when building the image to not add that user.
+ARG NO_EXPANSE_USER=
+RUN if [[ -z "$NO_EXPANSE_USER" ]]; then \
+        groupadd --gid 12497 g12497 && useradd --gid 12497 --create-home --uid 532362 u532362; \
+    fi
 
 COPY --from=compile /launch_rsyslogd /usr/bin/launch_rsyslogd
 RUN chmod 04755 /usr/bin/launch_rsyslogd && \