Skip to content

Commit 1892311

Browse files
lfranckelfrancke
authored
Add findutils & STACKABLE_USER_NAME (#535)
1 parent c546343 commit 1892311

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

template/docker/Dockerfile.j2

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ ARG RELEASE="1"
2626
# These are chosen at random and are this high on purpose to have very little chance to clash with an existing user or group on the host system
2727
ARG STACKABLE_USER_GID="574654813"
2828
ARG STACKABLE_USER_UID="782252253"
29+
ARG STACKABLE_USER_NAME="stackable"
2930

3031
# Sets the default shell to Bash with strict error handling and robust pipeline processing.
3132
# "-e": Exits immediately if a command exits with a non-zero status
@@ -95,6 +96,12 @@ RUN <<EOF
9596
# Update image and install kerberos client libraries as well as some other utilities
9697
microdnf update
9798

99+
# **findutils**
100+
# Needed to find all patch files, used in `apply_patches.sh`, and helpful for debugging
101+
# Added 2024-10: Last vulnerability in 2007, only two vulnerabilities in total, a risk we accept
102+
# https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe%3A%2F%3Agnu&cpe_product=cpe%3A%2F%3Agnu%3Afindutils
103+
# cpe:2.3:a:gnu:findutils:*:*:*:*:*:*:*:*
104+
#
98105
# **iputils**
99106
# To make debugging easier, includes things like ping
100107
# Added 2024-03: We cannot find any vulnerabilities in the past years
@@ -120,6 +127,7 @@ microdnf update
120127
# NOTE (@NickLarsenNZ): Maybe we should consider pinning package versions?
121128
# hadolint ignore=DL3041
122129
microdnf install \
130+
findutils \
123131
iputils \
124132
krb5-libs \
125133
less \
@@ -128,7 +136,7 @@ microdnf install \
128136
shadow-utils \
129137
tar
130138

131-
groupadd --gid ${STACKABLE_USER_GID} --system stackable
139+
groupadd --gid ${STACKABLE_USER_GID} --system ${STACKABLE_USER_NAME}
132140
# The --no-log-init is required to work around a bug/problem in Go/Docker when very large UIDs are used
133141
# See https://github.com/moby/moby/issues/5419#issuecomment-41478290 for more context
134142
# Making this a system user prevents a mail dir from being created, expiry of passwords etc. but it will warn:
@@ -142,7 +150,7 @@ useradd \
142150
--system \
143151
--create-home \
144152
--home-dir /stackable \
145-
stackable
153+
${STACKABLE_USER_NAME}
146154
microdnf remove shadow-utils
147155
microdnf clean all
148156
rm -rf /var/cache/yum

0 commit comments

Comments
 (0)