Commit

Author:

Hash:

Timestamp:

+13 -7 +/-1 browse

Kevin Schoon [me@kevinschoon.com]

2283a6181ca3b3802dd76543f87c12b566615dd4

Fri, 19 Apr 2024 15:52:01 +0000 (1.1 years ago)

update container for root user
1diff --git a/containers/base/Containerfile b/containers/base/Containerfile
2index 6a394f6..6eb4826 100644
3--- a/containers/base/Containerfile
4+++ b/containers/base/Containerfile
5 @@ -42,20 +42,26 @@ COPY --from=build --chown=0:0 /home/builder/src/target/release/quipu /usr/bin/
6 COPY --from=build --chown=0:0 /home/builder/src/ayllu/themes /usr/lib/ayllu/themes
7 COPY --from=build --chown=0:0 /home/builder/src/ayllu/migrations /usr/lib/ayllu/migrations/ayllu
8
9+ # this container supports running Ayllu as root and non-root depending on the
10+ # desired runtime security and required UID/GID mapping.
11 RUN adduser -D -s /bin/sh -h /home/ayllu ayllu
12
13- # generate a default server config to fallback to
14- RUN mkdir -p /etc/ayllu && ayllu config generate > /etc/ayllu/config.yaml
15+ # NOTE: this explicitly ignores CVE 2022-24765 because this is not a multi-user
16+ # git environment.
17+ RUN \
18+ mkdir -p /etc/ayllu && \
19+ ayllu config generate > /etc/ayllu/config.yaml && \
20+ git config --global --add user.name 'ayllu' && \
21+ git config --global --add safe.directory '*' && \
22+ fc-cache -fv # update font cache which is required by plotters.rs
23
24+ # default to the non-root ayllu user
25 USER ayllu
26 WORKDIR /home/ayllu
27
28- # add a basic git configuration
29- # NOTE: this explicitly ignores CVE 2022-24765 because this is not a multi-user
30- # git environment.
31+ # same git config as above but as the Ayllu user
32 RUN \
33 git config --global --add user.name 'ayllu' && \
34- git config --global --add safe.directory '*' && \
35- fc-cache -fv # update font cache which is required due to plotters.rs
36+ git config --global --add safe.directory '*'
37
38 CMD ["/usr/bin/ayllu", "serve"]