Rework rebased Dockerfile for an attempt at userns

2024-08-30 18:23:09 +00:00 · 2022-02-27 18:38:30 +00:00 · 2022-02-27 18:38:30 +00:00 · 0de6948b4c
commit 0de6948b4c
parent a488802847
2 changed files with 33 additions and 8 deletions
--- a/39
+++ b/39
@ -7,18 +7,39 @@ LABEL maintainer="Dockerfile created by Zedifus <https://gitlab.com/zedifus>"
 # Security Patch for CVE-2021-44228
 ENV LOG4J_FORMAT_MSG_NO_LOOKUPS=true

-# Install Packages And Dependencies
-COPY requirements.txt /commander/requirements.txt
-RUN apt update \
-&& apt install -y gcc python3 python3-pip libmariadb-dev openjdk-8-jre-headless openjdk-11-jre-headless openjdk-16-jre-headless openjdk-17-jre-headless default-jre \
-&& pip3 install --no-cache-dir -r /commander/requirements.txt
+# Install Packages, Dependencies and Setup user
+COPY requirements.txt /commander-venv/requirements.txt
+RUN groupadd -g "${PGID:-0}" -o crafty \
+    && useradd -g "${PGID:-0}" -u "${PUID:-0}" -o crafty \
+    && apt-get update \
+    && apt-get -y --no-install-recommends install \
+        gcc \
+        python3 \
+        python3-dev \
+        python3-pip \
+        python3-venv \
+        libmariadb-dev \
+        default-jre \
+        openjdk-8-jre-headless \
+        openjdk-11-jre-headless \
+        openjdk-16-jre-headless \
+        openjdk-17-jre-headless \
+    && apt-get autoremove \
+    && apt-get clean \
+    && python3 -m venv /commander-venv/ \
+    && . /commander-venv/bin/activate \
+    && pip3 install --no-cache-dir --upgrade setuptools==50.3.2 pip==20.3.3 \
+    && pip3 install --no-cache-dir -r /commander-venv/requirements.txt \
+    && deactivate \
+    && chown -R crafty:crafty /commander-venv

 # Copy Source & copy default config from image
 COPY ./ /commander
 WORKDIR /commander
 RUN mv ./app/config ./app/config_original \
-&& mv ./app/config_original/default.json.example ./app/config_original/default.json \
-&& chmod +x ./docker_launcher.sh
+    && mv ./app/config_original/default.json.example ./app/config_original/default.json \
+    && chown -R crafty:crafty /commander \
+    && chmod +x ./docker_launcher.sh

 # Expose Web Interface port & Server port range
 EXPOSE 8000
@ -26,6 +47,8 @@ EXPOSE 8443
 EXPOSE 19132
 EXPOSE 25500-25600

-# Start Crafty Commander through wrapper
+# Start Crafty Commander through wrapper as crafty
+USER crafty
 ENTRYPOINT ["/commander/docker_launcher.sh"]
 CMD ["-v", "-d", "-i"]
+
--- a/docker_launcher.sh
+++ b/docker_launcher.sh
@ -6,4 +6,6 @@ if [ ! "$(ls -A ./app/config)" ]; then
    cp -r ./app/config_original/* ./app/config/
 fi

+# Activate our prepared venv and launch crafty with provided args
+. /commander-venv/bin/activate
 exec python3 main.py $@