Add sudo to CBL-Mariner and AzureLinux distros

[liveans]

Adding sudo makes it easier to work on container.

[richlander]

Can you provide more detail as to why this is needed? We're trying to limit sudo if possible.

@sbomer

[liveans]

Can you provide more detail as to why this is needed? We're trying to limit sudo if possible.

In the container itself user is helixbot and without sudo, I couldn't easily install some stuff and do some system-wide changes. This is just needed to work on the container itself without needing to rebuild the image.
I'm totally fine to revert it, but it's intention is just make it easier to work with image.

[richlander]

I couldn't easily install some stuff and do some system-wide changes

Can you elaborate on why this is needed? If you need to install stuff, why not install those components in the actual image? Or if you are using the image locally, why not launch as root?

[liveans]

I couldn't easily install some stuff and do some system-wide changes

Can you elaborate on why this is needed? If you need to install stuff, why not install those components in the actual image? Or if you are using the image locally, why not launch as root?

microsoft/msquic#4466
We're basically adding our CI docker images into msquic pipeline to make sure that packaging works correctly and run simple .NET test on it, for that I'm not rebuilding image but using the publicly exposed one with script which does some changes on installed packages.
My first intention was to use images from this repo, but looks like it would make more sense to use https://hub.docker.com/r/microsoft/dotnet-runtime images.

So, I'm fine to revert this.

[richlander]

If you can get away with using one of our product images, that is much better. They are a ton smaller.

Thanks. It would be best if we didn't include sudo in these images.

[MichaelSimons]

It would be best if we didn't include sudo in these images.

I agree with this 100% - it would be good to have some checked in documentation with these types of guidelines.

[mthalman]

Be aware that all of the Helix Dockerfiles install sudo. That's why I saw no issue with merging this, because these were the only two Helix Dockerfiles that were not doing that yet.

[liveans]

Be aware that all of the Helix Dockerfiles install sudo. That's why I saw no issue with merging this, because these were the only two Helix Dockerfiles that were not doing that yet.

I had the same impression as yours, and that's why I thought adding sudo into these images should be fine.

In that case, will there be work to remove sudo from other helix images?

[richlander]

There is a slow path to tightening up our image create process (both content and the model for creating them). If sudo isn't needed, we shouldn't add it. Some of the more recent changes (driven by @jkoritzinsky) are really helping to limit the content in the images.

[MichaelSimons]

The other thing to keep in mind are the changes @richlander is proposing in #997 where we separate out native build, managed build, and test images as they each have different requirements.