Geoip installation for UID 998 in 16.0 and 17.0 is broken

[ap-wtioit]

Describe the bug

Geoip installation for UID 998 in 16.0 and 17.0 is broken

 > [2/1] RUN groupadd -g 998 odoo -o     && useradd -l -md /home/odoo -s /bin/false -u 998 -g 998 odoo     && mkdir -p /var/lib/odoo     && chown -R odoo:odoo /var/lib/odoo /qa/artifacts     && chmod a=rwX /qa/artifacts     && chown -R :odoo /opt/munin-plugins-odoo     && chmod g+w /opt/munin-plugins-odoo     && sync:
0.200 useradd: UID 998 is not unique

To Reproduce

Affected versions:

Steps to reproduce the behavior:

1. export UID=998 GID=998
2. provide geoip credentials for build
3. run build

Expected behavior It should be possible to use UID 998 and GID 998 for container odoo user

Additional context Happens on gitlab-runner when testing images for geoip with gitlab-runner use having UID 998 and GID 998.

[ap-wtioit]

FYI: I'm working on this, but i cannot assign myself to this issue.

[ap-wtioit]

running docker run --rm --entrypoint="" tecnativa/doodba:16.0-onbuild cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
messagebus:x:100:101::/nonexistent:/usr/sbin/nologin

reveals the systemd-network user takes 998 as uid prior to setup of odoo user

edit: with docker run -i --rm --entrypoint="" python:3.10-slim-bookworm cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

we can see that the conflicting user systemd-network is not present in the original python image

edit2:

docker run -it --rm --entrypoint="" python:3.10-slim-bookworm bash -c 'apt-get update && apt-get install -y chromium && cat /etc/passwd'

installing chromium in bookworm creates the user with 998 while it is created in bullseye with 101

[yajo]

You should never use a UID lower than 1000, as those are reserved for the system.

[ap-wtioit]

You should never use a UID lower than 1000, as those are reserved for the system.

Well it is a system user (gitlab-runner), and technically the odoo user inside the docker container is also a system user.

[yajo]

I mean that the distro can do whatever they want with those UIDs and give you no explanation. So, although "technically" odoo is a system user, in practice we're creating it, so we should create it with a UID that we know is free and available, and those start with 1000 usually.

[ap-wtioit]

Well there is OSes out there that start uids with 500 so i hope, we still are allowed to make doodba work with those as well.