From 07444ace8ce756e29a1ed41204659b11291ad583 Mon Sep 17 00:00:00 2001 From: mason Date: Sat, 9 Nov 2019 09:41:49 -0800 Subject: [PATCH 1/3] FEAT: added user to build --- Dockerfile | 11 ++++++++--- group | 1 + passwd | 1 + 3 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 group create mode 100644 passwd diff --git a/Dockerfile b/Dockerfile index 11f4de8..0d35d08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,10 +2,15 @@ FROM golang:latest as builder WORKDIR /go/src/github.com/PierreZ/goStatic COPY . . -RUN CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -tags netgo -installsuffix netgo +RUN mkdir ./bin && \ + CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -tags netgo -installsuffix netgo -o ./bin/goStatic && \ + mkdir ./bin/etc && \ + cp ./passwd ./bin/etc && \ + cp ./group ./bin/etc # stage 1 FROM scratch WORKDIR / -COPY --from=builder /go/src/github.com/PierreZ/goStatic/goStatic . -ENTRYPOINT ["/goStatic"] \ No newline at end of file +COPY --from=builder /go/src/github.com/PierreZ/goStatic/bin/ . +USER appuser +ENTRYPOINT ["/goStatic"] diff --git a/group b/group new file mode 100644 index 0000000..14bf15f --- /dev/null +++ b/group @@ -0,0 +1 @@ +appgroup:x:1231:appuser diff --git a/passwd b/passwd new file mode 100644 index 0000000..403de03 --- /dev/null +++ b/passwd @@ -0,0 +1 @@ +appuser:x:1234:1231::/home/appuser:/bin/false From b3734e9ff9072ff5c11e614a0e92cd3563e0db46 Mon Sep 17 00:00:00 2001 From: mason Date: Mon, 11 Nov 2019 16:09:46 -0800 Subject: [PATCH 2/3] FIX: removed static 'passwd' & 'group' files. --- Dockerfile | 5 +++-- group | 1 - passwd | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) delete mode 100644 group delete mode 100644 passwd diff --git a/Dockerfile b/Dockerfile index 0d35d08..a0927cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,8 +5,9 @@ COPY . . RUN mkdir ./bin && \ CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -tags netgo -installsuffix netgo -o ./bin/goStatic && \ mkdir ./bin/etc && \ - cp ./passwd ./bin/etc && \ - cp ./group ./bin/etc + UI=$(( ( RANDOM % 9999 ) + 99 )) && \ + echo "appuser:x:$ID:$ID::/sbin/nologin:/bin/false" > ./bin/etc/passwd && \ + echo "appgroup:x:$ID:appuser" > ./bin/etc/group # stage 1 FROM scratch diff --git a/group b/group deleted file mode 100644 index 14bf15f..0000000 --- a/group +++ /dev/null @@ -1 +0,0 @@ -appgroup:x:1231:appuser diff --git a/passwd b/passwd deleted file mode 100644 index 403de03..0000000 --- a/passwd +++ /dev/null @@ -1 +0,0 @@ -appuser:x:1234:1231::/home/appuser:/bin/false From 607878c71a8511bd23dbb8b4d7e77735f1165fb1 Mon Sep 17 00:00:00 2001 From: mason Date: Mon, 11 Nov 2019 16:25:34 -0800 Subject: [PATCH 3/3] FIX: 'RANDOM' not available in golang image, using 'shuf' instead. --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a0927cc..c488369 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,8 @@ COPY . . RUN mkdir ./bin && \ CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -tags netgo -installsuffix netgo -o ./bin/goStatic && \ mkdir ./bin/etc && \ - UI=$(( ( RANDOM % 9999 ) + 99 )) && \ + ID=$(shuf -i 100-9999 -n 1) && \ + echo $ID && \ echo "appuser:x:$ID:$ID::/sbin/nologin:/bin/false" > ./bin/etc/passwd && \ echo "appgroup:x:$ID:appuser" > ./bin/etc/group @@ -15,3 +16,4 @@ WORKDIR / COPY --from=builder /go/src/github.com/PierreZ/goStatic/bin/ . USER appuser ENTRYPOINT ["/goStatic"] + \ No newline at end of file