kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Set HOME in Dockerfile 

Clean up other comments, too.
This commit is contained in:
Tim Hockin 2021-01-06 15:11:25 -08:00
parent e52396c9fd
commit 02d291c495
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Dockerfile.in
View File

@ -24,14 +24,20 @@ RUN apt-get update \
openssh-client \ openssh-client \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# By default we will run as this user... # Run as non-root by default. There's simply no reason to run as root.
USER 65533:65533
# Add the default UID to /etc/passwd so SSH is satisfied.
RUN echo "git-sync:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd RUN echo "git-sync:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd
# ...but the user might choose a different UID and pass --add-user # A user might choose a different UID and set the --add-user flag, which needs
# which needs to be able to write to /etc/passwd. # to be able to write to /etc/passwd.
RUN chmod 0666 /etc/passwd RUN chmod 0666 /etc/passwd
ADD bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN} # Setting HOME ensures that whatever UID this ultimately runs as can write to
# files like ~/.gitconfig.
ENV HOME=/tmp
WORKDIR /tmp WORKDIR /tmp
USER 65533:65533
# Just dump the binary in the root.
ADD bin/{ARG_OS}_{ARG_ARCH}/{ARG_BIN} /{ARG_BIN}
ENTRYPOINT ["/{ARG_BIN}"] ENTRYPOINT ["/{ARG_BIN}"]