From cae465806abb5cc4bceff028279011bfe2526ce4 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 2 Jun 2022 12:28:11 +0200
Subject: [PATCH 1/8] Fix rpm container

---
 dockerfiles/rpm/Dockerfile | 8 ++++++--
 dockerfiles/rpm/start.sh   | 5 +++++
 2 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100755 dockerfiles/rpm/start.sh

diff --git a/dockerfiles/rpm/Dockerfile b/dockerfiles/rpm/Dockerfile
index bd2661cc..f5a62622 100644
--- a/dockerfiles/rpm/Dockerfile
+++ b/dockerfiles/rpm/Dockerfile
@@ -19,7 +19,11 @@ LABEL summary="RPM packaging/signing toolchain" \
 
 USER root
 RUN apt-get install -yq --no-install-recommends rpm
-
+RUN ln -s /usr/bin/gpg /usr/bin/gpg2
+COPY rpm/rpmmacros /home/nonroot/.rpmmacros
+COPY rpm/start.sh /home/nonroot/start.sh
+RUN chown nonroot .rpmmacros && \
+	chown nonroot start.sh
 USER nonroot:nonroot
 
-COPY rpm/rpmmacros /home/nonroot/.rpmmacros
+ENTRYPOINT [ "/home/nonroot/start.sh" ]
diff --git a/dockerfiles/rpm/start.sh b/dockerfiles/rpm/start.sh
new file mode 100755
index 00000000..ccbf7077
--- /dev/null
+++ b/dockerfiles/rpm/start.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+eval 'gpg-agent --daemon'
+gpg-agent
+/usr/bin/rpm $@

From cfcd8a0bfb2445bff1f5eac5bcaa9580c92c75f0 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 2 Jun 2022 18:50:11 +0200
Subject: [PATCH 2/8] WIP Solution working as long as not used rootless

---
 dockerfiles/gnupg/Dockerfile                | 14 +++---
 dockerfiles/gnupg/README.md                 | 17 +++++++-
 dockerfiles/gnupg/entrypoint.sh             | 12 ++++++
 dockerfiles/gnupg/run.sh                    |  7 +++
 dockerfiles/gnupg/tests/quick.yaml          | 29 +++++++++++++
 dockerfiles/rpm/Dockerfile                  | 20 ++++++---
 dockerfiles/rpm/{start.sh => entrypoint.sh} |  2 -
 dockerfiles/rpm/rpmmacros                   |  2 +-
 dockerfiles/rpm/tests/quick.yaml            | 48 +++++++++++++++++++++
 9 files changed, 132 insertions(+), 19 deletions(-)
 create mode 100755 dockerfiles/gnupg/entrypoint.sh
 create mode 100755 dockerfiles/gnupg/run.sh
 create mode 100644 dockerfiles/gnupg/tests/quick.yaml
 rename dockerfiles/rpm/{start.sh => entrypoint.sh} (50%)
 create mode 100644 dockerfiles/rpm/tests/quick.yaml

diff --git a/dockerfiles/gnupg/Dockerfile b/dockerfiles/gnupg/Dockerfile
index b115e8f5..4e381132 100644
--- a/dockerfiles/gnupg/Dockerfile
+++ b/dockerfiles/gnupg/Dockerfile
@@ -6,8 +6,6 @@ FROM docker.io/library/ubuntu:latest
 ARG GPG_KEYID=9D4B2B6EB8F97156D19669A9FF0812D491B96798
 ARG VCS_REF=master
 ARG BUILD_DATE=""
-ARG UID=1000
-ARG GID=1000
 
 # metadata
 LABEL summary="Base image for GnuPG operations" \
@@ -23,14 +21,12 @@ LABEL summary="Base image for GnuPG operations" \
 
 RUN apt-get update && apt-get install -yq --no-install-recommends bash ca-certificates curl gnupg
 
-RUN set -x \
-    && groupadd -g $GID nonroot \
-    && useradd -u $UID -g $GID -s /bin/bash -m nonroot
-
-USER nonroot:nonroot
+COPY gnupg/entrypoint.sh /usr/local/bin/entrypoint.sh
+COPY gnupg/run.sh /usr/local/bin/run.sh
+COPY gnupg/run.sh /usr/local/bin/run.sh
 
 RUN curl -LfSs "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${GPG_KEYID}&options=mr&exact=on" | gpg --import - \
   && gpg --list-keys
 
-WORKDIR /home/nonroot
-CMD ["/bin/bash"]
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh",  "/usr/local/bin/run.sh" ]
+CMD ["gpg --version | head -n1", "/bin/bash"]
diff --git a/dockerfiles/gnupg/README.md b/dockerfiles/gnupg/README.md
index d5bcb4ae..3fe6a4ec 100644
--- a/dockerfiles/gnupg/README.md
+++ b/dockerfiles/gnupg/README.md
@@ -1,8 +1,16 @@
 # gnupg
 
 Docker image based on [official Ubuntu image](https://hub.docker.com/_/ubuntu) ubuntu:latest.
+Used as base for tooling that requires gnupg. GPG usually requires working with the gpg-agent.
+Using the gpg-agent in a rootless context can be challenging as you will need to align the UID
+in the container with the UIDs of your local system.
 
-Used as base for tooling that requires gnupg.
+While we could make an image with UID that could be passed as ARG, this will likely always endup
+being the wrong UID. For this reason, this image is creating the users at runtime.
+By default, the UID is `9001` but you may customize it using the `LOCAL_USER_ID` environment variable.
+
+This will allow downstream images such as `paritytech/rpm` and `paritytech/deb` to be ran with the "right"
+UID and allows mapping the gpg-agent socket for the right UID.
 
 **Tools:**
 
@@ -16,3 +24,10 @@ Used as base for tooling that requires gnupg.
 ```Dockerfile
 FROM docker.io/paritytech/gnupg:latest
 ```
+
+## Tests
+
+You need to install [container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) then run:
+```
+container-structure-test test --image $REGISTRY_PATH/gnupg --config tests/quick.yaml
+```
diff --git a/dockerfiles/gnupg/entrypoint.sh b/dockerfiles/gnupg/entrypoint.sh
new file mode 100755
index 00000000..b00b734f
--- /dev/null
+++ b/dockerfiles/gnupg/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+USER_ID=${LOCAL_USER_ID:-9001}
+
+echo "Starting with UID : $USER_ID"
+useradd --shell /bin/bash -u $USER_ID -o -c "" -m user
+
+export HOME=/home/user
+mkdir -p $HOME/.gnupg
+chown user:user $HOME/.gnupg
+chmod 700 $HOME/.gnupg
+exec chroot --userspec=user / sh -c "cd ${HOME}; $@"
diff --git a/dockerfiles/gnupg/run.sh b/dockerfiles/gnupg/run.sh
new file mode 100755
index 00000000..37b5ebb9
--- /dev/null
+++ b/dockerfiles/gnupg/run.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+export HOME=/home/user
+mkdir -p $HOME/.gnupg
+chown user:user $HOME/.gnupg
+chmod 700 $HOME/.gnupg
+exec chroot --userspec=user / sh -c "cd ${HOME}; $@"
diff --git a/dockerfiles/gnupg/tests/quick.yaml b/dockerfiles/gnupg/tests/quick.yaml
new file mode 100644
index 00000000..5dc4c405
--- /dev/null
+++ b/dockerfiles/gnupg/tests/quick.yaml
@@ -0,0 +1,29 @@
+schemaVersion: '2.0.0'
+
+commandTests:
+  - name: "root"
+    setup: []
+    command: "whoami"
+    args: []
+    expectedOutput: ["root"]
+  - name: "uid"
+    setup: []
+    command: "id"
+    args: ["-u"]
+    expectedOutput: ["0"]
+  - name: "gid"
+    setup: []
+    command: "id"
+    args: ["-g"]
+    expectedOutput: ["0"]
+  - name:  "apt-get upgrade"
+    command: "apt-get"
+    args: ["-qqs", "upgrade"]
+    excludedOutput: [".*Inst.*Security.* | .*Security.*Inst.*"]
+    excludedError: [".*Inst.*Security.* | .*Security.*Inst.*"]
+metadataTest:
+  labels:
+    - key: maintainer
+      value: devops-team@parity.io
+  exposedPorts: []
+  volumes: []
diff --git a/dockerfiles/rpm/Dockerfile b/dockerfiles/rpm/Dockerfile
index f5a62622..b0347f61 100644
--- a/dockerfiles/rpm/Dockerfile
+++ b/dockerfiles/rpm/Dockerfile
@@ -17,13 +17,21 @@ LABEL summary="RPM packaging/signing toolchain" \
 	io.parity.image.revision="${VCS_REF}" \
 	io.parity.image.created="${BUILD_DATE}"
 
+
 USER root
 RUN apt-get install -yq --no-install-recommends rpm
 RUN ln -s /usr/bin/gpg /usr/bin/gpg2
-COPY rpm/rpmmacros /home/nonroot/.rpmmacros
-COPY rpm/start.sh /home/nonroot/start.sh
-RUN chown nonroot .rpmmacros && \
-	chown nonroot start.sh
-USER nonroot:nonroot
 
-ENTRYPOINT [ "/home/nonroot/start.sh" ]
+RUN /usr/local/bin/entrypoint.sh
+RUN /usr/local/bin/run.sh
+
+COPY rpm/rpmmacros /home/user/.rpmmacros
+COPY rpm/rpmmacros /root/.rpmmacros
+COPY rpm/entrypoint.sh /home/user/entrypoint.sh
+RUN chown user /home/user/.rpmmacros && \
+	chown user /home/user/entrypoint.sh
+USER user
+
+ENTRYPOINT [ "/home/user/entrypoint.sh" ]
+
+CMD ["rpm --version", "/bin/bash"]
diff --git a/dockerfiles/rpm/start.sh b/dockerfiles/rpm/entrypoint.sh
similarity index 50%
rename from dockerfiles/rpm/start.sh
rename to dockerfiles/rpm/entrypoint.sh
index ccbf7077..0c452d48 100755
--- a/dockerfiles/rpm/start.sh
+++ b/dockerfiles/rpm/entrypoint.sh
@@ -1,5 +1,3 @@
 #!/usr/bin/env bash
 
-eval 'gpg-agent --daemon'
-gpg-agent
 /usr/bin/rpm $@
diff --git a/dockerfiles/rpm/rpmmacros b/dockerfiles/rpm/rpmmacros
index cbce1d9c..16bc6fac 100644
--- a/dockerfiles/rpm/rpmmacros
+++ b/dockerfiles/rpm/rpmmacros
@@ -1,5 +1,5 @@
 %_signature gpg
-%_gpg_path /home/nonroot/.gnupg
+%_gpg_path /home/user/.gnupg
 %_gpg_name security@parity.io
 %_gpg /usr/bin/gpg
 %__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --batch --verbose --no-armor -u "%{_gpg_name}" -sbo %{__signature_filename} --digest-algo sha256 %{__plaintext_filename}
diff --git a/dockerfiles/rpm/tests/quick.yaml b/dockerfiles/rpm/tests/quick.yaml
new file mode 100644
index 00000000..4c3918a1
--- /dev/null
+++ b/dockerfiles/rpm/tests/quick.yaml
@@ -0,0 +1,48 @@
+schemaVersion: '2.0.0'
+globalEnvVars:
+  - key: "LOCAL_USER_ID"
+    value: "1234"
+
+# Quick set of tests
+fileExistenceTests:
+  - name: 'Check presence of .rpmmacros'
+    path: '/home/user/.rpmmacros'
+    shouldExist: true
+    uid: 9001
+    permissions: -rw-r--r--
+commandTests:
+  - name: "user"
+    setup: []
+    command: "whoami"
+    args: []
+    expectedOutput: ["user"]
+  - name: "uid"
+    setup: []
+    command: "id"
+    args: ["-u"]
+    expectedOutput: ["9001"]
+  - name: "gid"
+    setup: []
+    command: "id"
+    args: ["-g"]
+    expectedOutput: ["9001"]
+  - name:  "apt-get upgrade"
+    command: "apt-get"
+    args: ["-qqs", "upgrade"]
+    excludedOutput: [".*Inst.*Security.* | .*Security.*Inst.*"]
+    excludedError: [".*Inst.*Security.* | .*Security.*Inst.*"]
+  - name:  "rpm version"
+    command: "rpm"
+    args: ["--version"]
+    expectedOutput: ["RPM"]
+  - name:  "gpg2 version"
+    command: "gpg2"
+    args: ["--version"]
+    expectedOutput: ["gpg.*2.*"]
+metadataTest:
+  labels:
+    - key: maintainer
+      value: devops-team@parity.io
+  exposedPorts: []
+  volumes: []
+  user: "user"

From 4bfa18baa9e67c0a2a2e64bff7f054d87ba64bcd Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 2 Jun 2022 21:01:27 +0200
Subject: [PATCH 3/8] WIP That may be THE ONE :)

---
 dockerfiles/gnupg/Dockerfile    |  5 ++---
 dockerfiles/gnupg/entrypoint.sh | 13 +++++++++++--
 dockerfiles/gnupg/run.sh        |  7 -------
 dockerfiles/rpm/Dockerfile      | 15 ++++++---------
 dockerfiles/rpm/entrypoint.sh   |  3 ---
 5 files changed, 19 insertions(+), 24 deletions(-)
 delete mode 100755 dockerfiles/gnupg/run.sh
 delete mode 100755 dockerfiles/rpm/entrypoint.sh

diff --git a/dockerfiles/gnupg/Dockerfile b/dockerfiles/gnupg/Dockerfile
index 4e381132..b6255b80 100644
--- a/dockerfiles/gnupg/Dockerfile
+++ b/dockerfiles/gnupg/Dockerfile
@@ -22,11 +22,10 @@ LABEL summary="Base image for GnuPG operations" \
 RUN apt-get update && apt-get install -yq --no-install-recommends bash ca-certificates curl gnupg
 
 COPY gnupg/entrypoint.sh /usr/local/bin/entrypoint.sh
-COPY gnupg/run.sh /usr/local/bin/run.sh
-COPY gnupg/run.sh /usr/local/bin/run.sh
+# COPY gnupg/run.sh /usr/local/bin/run.sh
 
 RUN curl -LfSs "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${GPG_KEYID}&options=mr&exact=on" | gpg --import - \
   && gpg --list-keys
 
-ENTRYPOINT [ "/usr/local/bin/entrypoint.sh",  "/usr/local/bin/run.sh" ]
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
 CMD ["gpg --version | head -n1", "/bin/bash"]
diff --git a/dockerfiles/gnupg/entrypoint.sh b/dockerfiles/gnupg/entrypoint.sh
index b00b734f..fa71ed91 100755
--- a/dockerfiles/gnupg/entrypoint.sh
+++ b/dockerfiles/gnupg/entrypoint.sh
@@ -3,10 +3,19 @@
 USER_ID=${LOCAL_USER_ID:-9001}
 
 echo "Starting with UID : $USER_ID"
-useradd --shell /bin/bash -u $USER_ID -o -c "" -m user
+
+if [ -d "/home/user" ]; then
+    useradd --shell /bin/bash -u $USER_ID -o -c "" -M user
+  else
+    useradd --shell /bin/bash -u $USER_ID -o -c "" -m user
+fi
+echo "User 'user' created"
 
 export HOME=/home/user
 mkdir -p $HOME/.gnupg
-chown user:user $HOME/.gnupg
+chown -R user:user $HOME/.gnupg
 chmod 700 $HOME/.gnupg
+
+echo before chroot
+whoami
 exec chroot --userspec=user / sh -c "cd ${HOME}; $@"
diff --git a/dockerfiles/gnupg/run.sh b/dockerfiles/gnupg/run.sh
deleted file mode 100755
index 37b5ebb9..00000000
--- a/dockerfiles/gnupg/run.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-export HOME=/home/user
-mkdir -p $HOME/.gnupg
-chown user:user $HOME/.gnupg
-chmod 700 $HOME/.gnupg
-exec chroot --userspec=user / sh -c "cd ${HOME}; $@"
diff --git a/dockerfiles/rpm/Dockerfile b/dockerfiles/rpm/Dockerfile
index b0347f61..78ad9c48 100644
--- a/dockerfiles/rpm/Dockerfile
+++ b/dockerfiles/rpm/Dockerfile
@@ -17,21 +17,18 @@ LABEL summary="RPM packaging/signing toolchain" \
 	io.parity.image.revision="${VCS_REF}" \
 	io.parity.image.created="${BUILD_DATE}"
 
-
 USER root
 RUN apt-get install -yq --no-install-recommends rpm
 RUN ln -s /usr/bin/gpg /usr/bin/gpg2
 
-RUN /usr/local/bin/entrypoint.sh
-RUN /usr/local/bin/run.sh
-
 COPY rpm/rpmmacros /home/user/.rpmmacros
 COPY rpm/rpmmacros /root/.rpmmacros
-COPY rpm/entrypoint.sh /home/user/entrypoint.sh
-RUN chown user /home/user/.rpmmacros && \
-	chown user /home/user/entrypoint.sh
-USER user
+# COPY rpm/entrypoint.sh /home/user/entrypoint.sh
+# RUN chown user /home/user/.rpmmacros && \
+# 	chown user /home/user/entrypoint.sh
+# USER user
 
-ENTRYPOINT [ "/home/user/entrypoint.sh" ]
+# ENTRYPOINT [ "/home/user/entrypoint.sh" ]
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
 
 CMD ["rpm --version", "/bin/bash"]
diff --git a/dockerfiles/rpm/entrypoint.sh b/dockerfiles/rpm/entrypoint.sh
deleted file mode 100755
index 0c452d48..00000000
--- a/dockerfiles/rpm/entrypoint.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-
-/usr/bin/rpm $@

From c18c6c2768daed70701ce8fba6f6578081525d10 Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 2 Jun 2022 21:16:00 +0200
Subject: [PATCH 4/8] Cleanup

---
 dockerfiles/gnupg/entrypoint.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/dockerfiles/gnupg/entrypoint.sh b/dockerfiles/gnupg/entrypoint.sh
index fa71ed91..3e3d5630 100755
--- a/dockerfiles/gnupg/entrypoint.sh
+++ b/dockerfiles/gnupg/entrypoint.sh
@@ -12,10 +12,9 @@ fi
 echo "User 'user' created"
 
 export HOME=/home/user
+chown -R user:user $HOME
 mkdir -p $HOME/.gnupg
-chown -R user:user $HOME/.gnupg
 chmod 700 $HOME/.gnupg
+chown -R user:user $HOME/.gnupg
 
-echo before chroot
-whoami
 exec chroot --userspec=user / sh -c "cd ${HOME}; $@"

From cd3d75f2bf8b9d91c654278916dc6138a27dfebf Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 2 Jun 2022 21:33:42 +0200
Subject: [PATCH 5/8] Fix tests

---
 dockerfiles/rpm/tests/quick.yaml | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/dockerfiles/rpm/tests/quick.yaml b/dockerfiles/rpm/tests/quick.yaml
index 4c3918a1..8ed80810 100644
--- a/dockerfiles/rpm/tests/quick.yaml
+++ b/dockerfiles/rpm/tests/quick.yaml
@@ -1,31 +1,15 @@
 schemaVersion: '2.0.0'
 globalEnvVars:
   - key: "LOCAL_USER_ID"
-    value: "1234"
+    value: "1005"
 
 # Quick set of tests
 fileExistenceTests:
   - name: 'Check presence of .rpmmacros'
     path: '/home/user/.rpmmacros'
     shouldExist: true
-    uid: 9001
     permissions: -rw-r--r--
 commandTests:
-  - name: "user"
-    setup: []
-    command: "whoami"
-    args: []
-    expectedOutput: ["user"]
-  - name: "uid"
-    setup: []
-    command: "id"
-    args: ["-u"]
-    expectedOutput: ["9001"]
-  - name: "gid"
-    setup: []
-    command: "id"
-    args: ["-g"]
-    expectedOutput: ["9001"]
   - name:  "apt-get upgrade"
     command: "apt-get"
     args: ["-qqs", "upgrade"]
@@ -45,4 +29,3 @@ metadataTest:
       value: devops-team@parity.io
   exposedPorts: []
   volumes: []
-  user: "user"

From 99a43e5178e2d8697406fa2b73d89347ff06e14b Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Thu, 2 Jun 2022 21:39:58 +0200
Subject: [PATCH 6/8] Cleanup

---
 dockerfiles/gnupg/Dockerfile | 1 -
 dockerfiles/rpm/Dockerfile   | 5 -----
 2 files changed, 6 deletions(-)

diff --git a/dockerfiles/gnupg/Dockerfile b/dockerfiles/gnupg/Dockerfile
index b6255b80..7d14fab2 100644
--- a/dockerfiles/gnupg/Dockerfile
+++ b/dockerfiles/gnupg/Dockerfile
@@ -22,7 +22,6 @@ LABEL summary="Base image for GnuPG operations" \
 RUN apt-get update && apt-get install -yq --no-install-recommends bash ca-certificates curl gnupg
 
 COPY gnupg/entrypoint.sh /usr/local/bin/entrypoint.sh
-# COPY gnupg/run.sh /usr/local/bin/run.sh
 
 RUN curl -LfSs "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${GPG_KEYID}&options=mr&exact=on" | gpg --import - \
   && gpg --list-keys
diff --git a/dockerfiles/rpm/Dockerfile b/dockerfiles/rpm/Dockerfile
index 78ad9c48..dd76693a 100644
--- a/dockerfiles/rpm/Dockerfile
+++ b/dockerfiles/rpm/Dockerfile
@@ -23,12 +23,7 @@ RUN ln -s /usr/bin/gpg /usr/bin/gpg2
 
 COPY rpm/rpmmacros /home/user/.rpmmacros
 COPY rpm/rpmmacros /root/.rpmmacros
-# COPY rpm/entrypoint.sh /home/user/entrypoint.sh
-# RUN chown user /home/user/.rpmmacros && \
-# 	chown user /home/user/entrypoint.sh
-# USER user
 
-# ENTRYPOINT [ "/home/user/entrypoint.sh" ]
 ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
 
 CMD ["rpm --version", "/bin/bash"]

From 6a5954c17e0976ce00c76e4385b71a943baf891a Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Fri, 3 Jun 2022 09:28:43 +0200
Subject: [PATCH 7/8] Fix default port and doc

---
 dockerfiles/gnupg/README.md     | 9 ++++++++-
 dockerfiles/gnupg/entrypoint.sh | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/dockerfiles/gnupg/README.md b/dockerfiles/gnupg/README.md
index 3fe6a4ec..0865f663 100644
--- a/dockerfiles/gnupg/README.md
+++ b/dockerfiles/gnupg/README.md
@@ -7,7 +7,7 @@ in the container with the UIDs of your local system.
 
 While we could make an image with UID that could be passed as ARG, this will likely always endup
 being the wrong UID. For this reason, this image is creating the users at runtime.
-By default, the UID is `9001` but you may customize it using the `LOCAL_USER_ID` environment variable.
+By default, the UID is `1000` but you may customize it using the `LOCAL_USER_ID` environment variable.
 
 This will allow downstream images such as `paritytech/rpm` and `paritytech/deb` to be ran with the "right"
 UID and allows mapping the gpg-agent socket for the right UID.
@@ -25,6 +25,13 @@ UID and allows mapping the gpg-agent socket for the right UID.
 FROM docker.io/paritytech/gnupg:latest
 ```
 
+In your downstream image, you will want to set the `ENTRYPOINT` as:
+```
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
+```
+
+You can check the `rpm` and `deb` images for sample use.
+
 ## Tests
 
 You need to install [container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) then run:
diff --git a/dockerfiles/gnupg/entrypoint.sh b/dockerfiles/gnupg/entrypoint.sh
index 3e3d5630..dc2d1479 100755
--- a/dockerfiles/gnupg/entrypoint.sh
+++ b/dockerfiles/gnupg/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-USER_ID=${LOCAL_USER_ID:-9001}
+USER_ID=${LOCAL_USER_ID:-1000}
 
 echo "Starting with UID : $USER_ID"
 

From 01b15ac490c1196afb45c5cbb0100c85b6c3a60d Mon Sep 17 00:00:00 2001
From: Wilfried Kopp <wilfried@parity.io>
Date: Fri, 3 Jun 2022 16:49:05 +0200
Subject: [PATCH 8/8] WIP

---
 dockerfiles/deb/Dockerfile      | 3 ++-
 dockerfiles/gnupg/entrypoint.sh | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/dockerfiles/deb/Dockerfile b/dockerfiles/deb/Dockerfile
index d8b6433e..f5d04491 100644
--- a/dockerfiles/deb/Dockerfile
+++ b/dockerfiles/deb/Dockerfile
@@ -20,4 +20,5 @@ LABEL summary="DEB packaging/signing toolchain" \
 USER root
 RUN apt-get install -yq --no-install-recommends reprepro
 
-USER nonroot:nonroot
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
+CMD ["reprepro --version", "/bin/bash"]
diff --git a/dockerfiles/gnupg/entrypoint.sh b/dockerfiles/gnupg/entrypoint.sh
index dc2d1479..28993845 100755
--- a/dockerfiles/gnupg/entrypoint.sh
+++ b/dockerfiles/gnupg/entrypoint.sh
@@ -12,9 +12,9 @@ fi
 echo "User 'user' created"
 
 export HOME=/home/user
-chown -R user:user $HOME
+chown -R user $HOME
 mkdir -p $HOME/.gnupg
 chmod 700 $HOME/.gnupg
-chown -R user:user $HOME/.gnupg
+chown -R user $HOME/.gnupg
 
 exec chroot --userspec=user / sh -c "cd ${HOME}; $@"