Skip to content

Commit

Permalink
Set proper user & group handling in scratch based images (#251)
Browse files Browse the repository at this point in the history 
Signed-off-by: Igor Shishkin <me@teran.ru>
  • Loading branch information
@teran
teran authored Nov 8, 2024
1 parent 87856b1 commit 640116f
Show file tree
Hide file tree
Showing 9 changed files with 26 additions and 30 deletions.
3 changes: 3 additions & 0 deletions dockerfiles/Dockerfile.cli
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ RUN apk add --update --no-cache \

FROM scratch

COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-cli_linux_amd64_v3/archived-cli /archived-cli

Expand Down
8 changes: 3 additions & 5 deletions dockerfiles/Dockerfile.exporter
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ FROM alpine:3.20.3 AS certificates
RUN apk add --update --no-cache \
ca-certificates=20240705-r0

FROM alpine:3.20.3 AS passwd

RUN echo 'nobody:x:65534:65534:nobody:/:/sbin/nologin' > /passwd.nobody

FROM scratch

COPY --from=passwd /passwd.nobody /etc/passwd
COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-exporter_linux_amd64_v3/archived-exporter /archived-exporter

Expand Down
8 changes: 3 additions & 5 deletions dockerfiles/Dockerfile.gc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ FROM alpine:3.20.3 AS certificates
RUN apk add --update --no-cache \
ca-certificates=20240705-r0

FROM alpine:3.20.3 AS passwd

RUN echo 'nobody:x:65534:65534:nobody:/:/sbin/nologin' > /passwd.nobody

FROM scratch

COPY --from=passwd /passwd.nobody /etc/passwd
COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-gc_linux_amd64_v3/archived-gc /archived-gc

Expand Down
8 changes: 3 additions & 5 deletions dockerfiles/Dockerfile.manager
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ FROM alpine:3.20.3 AS certificates
RUN apk add --update --no-cache \
ca-certificates=20240705-r0

FROM alpine:3.20.3 AS passwd

RUN echo 'nobody:x:65534:65534:nobody:/:/sbin/nologin' > /passwd.nobody

FROM scratch

COPY --from=passwd /passwd.nobody /etc/passwd
COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-manager_linux_amd64_v3/archived-manager /archived-manager

Expand Down
8 changes: 3 additions & 5 deletions dockerfiles/Dockerfile.migrator
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ FROM alpine:3.20.3 AS certificates
RUN apk add --update --no-cache \
ca-certificates=20240705-r0

FROM alpine:3.20.3 AS passwd

RUN echo 'nobody:x:65534:65534:nobody:/:/sbin/nologin' > /passwd.nobody

FROM scratch

COPY --from=passwd /passwd.nobody /etc/passwd
COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-migrator_linux_amd64_v3/archived-migrator /archived-migrator
COPY --chmod=0644 --chown=root:root repositories/metadata/postgresql/migrations/sql /migrations/sql
Expand Down
8 changes: 3 additions & 5 deletions dockerfiles/Dockerfile.publisher
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ FROM alpine:3.20.3 AS certificates
RUN apk add --update --no-cache \
ca-certificates=20240705-r0

FROM alpine:3.20.3 AS passwd

RUN echo 'nobody:x:65534:65534:nobody:/:/sbin/nologin' > /passwd.nobody

FROM scratch

COPY --from=passwd /passwd.nobody /etc/passwd
COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-publisher_linux_amd64_v3/archived-publisher /archived-publisher
COPY --chmod=0644 --chown=root:root publisher/presenter/html/templates /templates
Expand Down
8 changes: 3 additions & 5 deletions dockerfiles/Dockerfile.seeder
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ FROM alpine:3.20.3 AS certificates
RUN apk add --update --no-cache \
ca-certificates=20240705-r0

FROM alpine:3.20.3 AS passwd

RUN echo 'nobody:x:65534:65534:nobody:/:/sbin/nologin' > /passwd.nobody

FROM scratch

COPY --from=passwd /passwd.nobody /etc/passwd
COPY dockerfiles/rootfs/etc/passwd /etc/passwd
COPY dockerfiles/rootfs/etc/group /etc/group

COPY --from=certificates /etc/ssl/cert.pem /etc/ssl/cert.pem
COPY --chmod=0755 --chown=root:root dist/archived-seeder_linux_amd64_v3/archived-seeder /archived-seeder

Expand Down
3 changes: 3 additions & 0 deletions dockerfiles/rootfs/etc/group
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
root:x:0:root
nogroup:x:65533:
nobody:x:65534:
2 changes: 2 additions & 0 deletions dockerfiles/rootfs/etc/passwd
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
root:x:0:0:root:/root:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin

0 comments on commit 640116f

Please sign in to comment.